[MDEV-31566] Fix buffer overrun in dynstr_append_json_quote - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.4.30
Fix Version/s: 10.5.26, 10.6.19, 10.11.9, 11.1.6, 11.2.5, 11.4.3
Component/s: JSON
Labels:
- crash
Environment:
Windows Server 2008R2, Linux

Description

The server often crashes.
Each time the top error frame is RtlFreeHeap(), with different stack list.
The following are error stacks of version 10.4.30
Yet other softwares in the same server are stable.

1: exception 0xc0000005
ntdll.dll!RtlFreeHeap()
ucrtbase.DLL!_free_base()
mysqld.exe!dict_mem_table_free()[dict0mem.cc:248]
mysqld.exe!ibuf_rec_get_volume_func()[ibuf0ibuf.cc:1638]
mysqld.exe!ibuf_get_merge_page_nos_func()[ibuf0ibuf.cc:2306]
mysqld.exe!ibuf_merge_pages()[ibuf0ibuf.cc:2434]
mysqld.exe!ibuf_merge_in_background()[ibuf0ibuf.cc:2630]
mysqld.exe!srv_master_do_active_tasks()[srv0srv.cc:2115]
mysqld.exe!srv_master_thread()[srv0srv.cc:2349]
kernel32.dll!BaseThreadInitThunk()
ntdll.dll!RtlUserThreadStart()

2: exception 0xc0000005
ntdll.dll!RtlFreeHeap()
ucrtbase.DLL!_free_base()
mysqld.exe!Item_func_dyncol_json::val_str()[item_strfunc.cc:4802]
mysqld.exe!Item::save_str_in_field()[item.cc:6676]
mysqld.exe!Item::save_in_field()[item.cc:6724]
mysqld.exe!fill_record()[sql_base.cc:8932]
mysqld.exe!select_unit::send_data()[sql_union.cc:130]
mysqld.exe!end_send()[sql_select.cc:22057]
mysqld.exe!evaluate_join_record()[sql_select.cc:21090]
mysqld.exe!sub_select()[sql_select.cc:20901]
mysqld.exe!do_select()[sql_select.cc:20386]
mysqld.exe!JOIN::exec_inner()[sql_select.cc:4590]
mysqld.exe!JOIN::exec()[sql_select.cc:4373]
mysqld.exe!mysql_select()[sql_select.cc:4813]
mysqld.exe!mysql_derived_fill()[sql_derived.cc:1258]
mysqld.exe!mysql_handle_single_derived()[sql_derived.cc:200]
mysqld.exe!st_join_table::preread_init()[sql_select.cc:13838]
mysqld.exe!sub_select()[sql_select.cc:20826]
mysqld.exe!do_select()[sql_select.cc:20386]
mysqld.exe!JOIN::exec_inner()[sql_select.cc:4590]
mysqld.exe!JOIN::exec()[sql_select.cc:4373]
mysqld.exe!mysql_select()[sql_select.cc:4813]
mysqld.exe!handle_select()[sql_select.cc:442]
mysqld.exe!execute_sqlcom_select()[sql_parse.cc:6463]
mysqld.exe!mysql_execute_command()[sql_parse.cc:3966]
mysqld.exe!mysql_parse()[sql_parse.cc:8002]
mysqld.exe!dispatch_command()[sql_parse.cc:1860]
mysqld.exe!do_command()[sql_parse.cc:1378]
mysqld.exe!threadpool_process_request()[threadpool_common.cc:373]
mysqld.exe!tp_callback()[threadpool_common.cc:192]
ntdll.dll!RtlDllShutdownInProgress()
ntdll.dll!DbgUiRemoteBreakin()
kernel32.dll!BaseThreadInitThunk()
ntdll.dll!RtlUserThreadStart()

3: exception 0xc0000005
ntdll.dll!RtlFreeHeap()
ucrtbase.DLL!_free_base()
mysqld.exe!delete_dynamic()[array.c:305]
mysqld.exe!my_hash_free()[hash.c:159]
mysqld.exe!THD::cleanup()[sql_class.cc:1558]
mysqld.exe!THD::change_user()[sql_class.cc:1412]
mysqld.exe!dispatch_command()[sql_parse.cc:1709]
mysqld.exe!do_command()[sql_parse.cc:1378]
mysqld.exe!threadpool_process_request()[threadpool_common.cc:373]
mysqld.exe!tp_callback()[threadpool_common.cc:192]
ntdll.dll!RtlDllShutdownInProgress()
ntdll.dll!DbgUiRemoteBreakin()
kernel32.dll!BaseThreadInitThunk()
ntdll.dll!RtlUserThreadStart()

Attachments

Activity

People

Assignee:: Daniel Black

Reporter:: george he

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2023-06-28 01:10

Updated:: 2024-05-10 03:40

Resolved:: 2024-05-10 03:40

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.