Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32464

ASAN heap-use-after-free when starting server after assigning high number to extra port.

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 11.2, 11.3
    • 11.2
    • None
    • None

    Description

      # mysqld options required for replay:  --extra-port=2200000000

      Leads to

      11.3.0 5fc19e71375fb39eb85354321bf852d998aecf81 (Optimized)

      		 
      ==166383==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000001d0c at pc 0x5594bf0993ef bp 0x7ffc761f5370 sp 0x7ffc761f5360
      		 
      READ of size 4 at 0x606000001d0c thread T0
      		 
          #0 0x5594bf0993ee in activate_tcp_port /test/11.3_opt_san/sql/mysqld.cc:2376
      		 
          #1 0x5594bf0aa8a3 in network_init /test/11.3_opt_san/sql/mysqld.cc:2695
      		 
          #2 0x5594bf0aa8a3 in mysqld_main(int, char**) /test/11.3_opt_san/sql/mysqld.cc:5882
      		 
          #3 0x146b62e87082 in __libc_start_main ../csu/libc-start.c:308
      		 
          #4 0x5594bef5793d in _start (/test/UBASAN_MD101023-mariadb-11.3.0-linux-x86_64-opt/bin/mariadbd+0x7b8493d)
      		 
       
      		 
      0x606000001d0c is located 12 bytes inside of 64-byte region [0x606000001d00,0x606000001d40)
      		 
      freed by thread T0 here:
      		 
          #0 0x5594bf0421cf in free (/test/UBASAN_MD101023-mariadb-11.3.0-linux-x86_64-opt/bin/mariadbd+0x7c6f1cf)
      		 
          #1 0x146b62f69b2f in __GI_freeaddrinfo ../sysdeps/posix/getaddrinfo.c:2521
      		 
       
      		 
      previously allocated by thread T0 here:
      		 
          #0 0x5594bf0425c8 in malloc (/test/UBASAN_MD101023-mariadb-11.3.0-linux-x86_64-opt/bin/mariadbd+0x7c6f5c8)
      		 
          #1 0x146b62f66bf9 in gaih_inet ../sysdeps/posix/getaddrinfo.c:1058
      		 
          #2 0x146b62f68f58 in __GI_getaddrinfo ../sysdeps/posix/getaddrinfo.c:2256
      		 
          #3 0x5594befed5c2 in __interceptor_getaddrinfo.part.0 (/test/UBASAN_MD101023-mariadb-11.3.0-linux-x86_64-opt/bin/mariadbd+0x7c1a5c2)
      		 
          #4 0x5594bf09846b in activate_tcp_port /test/11.3_opt_san/sql/mysqld.cc:2370
      		 
          #5 0x5594bf0ab3d9 in network_init /test/11.3_opt_san/sql/mysqld.cc:2692
      		 
          #6 0x5594bf0ab3d9 in mysqld_main(int, char**) /test/11.3_opt_san/sql/mysqld.cc:5882
      		 
          #7 0x146b62e87082 in __libc_start_main ../csu/libc-start.c:308
      		 
       
      		 
      SUMMARY: AddressSanitizer: heap-use-after-free /test/11.3_opt_san/sql/mysqld.cc:2376 in activate_tcp_port

      When we assign extra-port value to greater than the maximum value, the server adjust the value to 4294967295 and crash the ASAN build.

      [Warning] option 'extra_port': unsigned value 1125899906842624 adjusted to 4294967295

      Attachments

        Activity

          People

            sanja Oleksandr Byelkin
            ramesh Ramesh Sivaraman
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.