[MDEV-32376] SHOW CREATE DATABASE statement crashes the server when db name contains some unicode characters, ASAN stack-buffer-overflow - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
Fix Version/s: 10.5.26, 10.6.19, 10.11.9, 11.1.6, 11.2.5, 11.4.3, 11.5.2, 11.6.0
Component/s: Character Sets
Labels:

Description

SHOW CREATE DATABASE `#testone#￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭￭`;

Leads to:

11.2.2 9ad7c899ac51ee7959f312a84402bb2082fa5e56 (Optimized)
Core was generated by `/test/MD080923-mariadb-11.2.2-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
[Current thread is 1 (Thread 0x1524e1055700 (LWP 218825))]
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x00001524f9da1859 in __GI_abort () at abort.c:79
#2 0x00001524f9e0c26e in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x1524f9f3608f "* %s *: terminated\n") at ../sysdeps/posix/libc_fatal.c:155
#3 0x00001524f9eaeaba in __GI___fortify_fail (msg=msg@entry=0x1524f9f36077 "stack smashing detected") at fortify_fail.c:26
#4 0x00001524f9eaea86 in __stack_chk_fail () at stack_chk_fail.c:24
#5 0x00005565292908e1 in show_create_db (thd=thd@entry=0x1524a4000c58, lex=lex@entry=0x1524a4004cd0) at /test/11.2_opt/sql/sql_parse.cc:6292
#6 0x000055652929d657 in mysql_execute_command (thd=0x1524a4000c58, is_called_from_prepared_stmt=<optimized out>) at /test/11.2_opt/sql/sql_parse.cc:5017
#7 0x000055652928bf95 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x1524a4000c58) at /test/11.2_opt/sql/sql_parse.cc:7811
#8 mysql_parse (thd=0x1524a4000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.2_opt/sql/sql_parse.cc:7733
#9 0x0000556529297ec2 in dispatch_command (command=COM_QUERY, thd=0x1524a4000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.2_opt/sql/sql_class.h:1386
#10 0x0000556529299dae in do_command (thd=0x1524a4000c58, blocking=blocking@entry=true) at /test/11.2_opt/sql/sql_parse.cc:1406
#11 0x00005565293bb90f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55652b2ebdd8, put_in_cache=put_in_cache@entry=true) at /test/11.2_opt/sql/sql_connect.cc:1445
#12 0x00005565293bbbfd in handle_one_connection (arg=0x55652b2ebdd8) at /test/11.2_opt/sql/sql_connect.cc:1347
#13 0x00001524fa2b2609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#14 0x00001524f9e9e133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.23 (dbg), 10.5.23 (opt), 10.6.16 (dbg), 10.6.16 (opt), 10.9.8 (dbg), 10.9.8 (opt), 10.10.7 (dbg), 10.10.7 (opt), 10.11.6 (dbg), 10.11.6 (opt), 11.0.4 (dbg), 11.0.4 (opt), 11.1.3 (dbg), 11.1.3 (opt), 11.2.2 (dbg), 11.2.2 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.32 (dbg), 10.4.32 (opt), 11.3.0 (dbg), 11.3.0 (opt)

Attachments

Activity

People

Assignee:: Alexander Barkov

Reporter:: Ramesh Sivaraman

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2023-10-09 06:14

Updated:: 2024-06-29 05:19

Resolved:: 2024-06-10 08:12

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.