Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
11.2, 11.3
-
None
-
None
Description
# mysqld options required for replay: --extra-port=2200000000
|
Leads to
11.3.0 5fc19e71375fb39eb85354321bf852d998aecf81 (Optimized) |
==166383==ERROR: AddressSanitizer: heap-use-after-free on address 0x606000001d0c at pc 0x5594bf0993ef bp 0x7ffc761f5370 sp 0x7ffc761f5360
|
READ of size 4 at 0x606000001d0c thread T0
|
#0 0x5594bf0993ee in activate_tcp_port /test/11.3_opt_san/sql/mysqld.cc:2376
|
#1 0x5594bf0aa8a3 in network_init /test/11.3_opt_san/sql/mysqld.cc:2695
|
#2 0x5594bf0aa8a3 in mysqld_main(int, char**) /test/11.3_opt_san/sql/mysqld.cc:5882
|
#3 0x146b62e87082 in __libc_start_main ../csu/libc-start.c:308
|
#4 0x5594bef5793d in _start (/test/UBASAN_MD101023-mariadb-11.3.0-linux-x86_64-opt/bin/mariadbd+0x7b8493d)
|
|
0x606000001d0c is located 12 bytes inside of 64-byte region [0x606000001d00,0x606000001d40)
|
freed by thread T0 here:
|
#0 0x5594bf0421cf in free (/test/UBASAN_MD101023-mariadb-11.3.0-linux-x86_64-opt/bin/mariadbd+0x7c6f1cf)
|
#1 0x146b62f69b2f in __GI_freeaddrinfo ../sysdeps/posix/getaddrinfo.c:2521
|
|
previously allocated by thread T0 here:
|
#0 0x5594bf0425c8 in malloc (/test/UBASAN_MD101023-mariadb-11.3.0-linux-x86_64-opt/bin/mariadbd+0x7c6f5c8)
|
#1 0x146b62f66bf9 in gaih_inet ../sysdeps/posix/getaddrinfo.c:1058
|
#2 0x146b62f68f58 in __GI_getaddrinfo ../sysdeps/posix/getaddrinfo.c:2256
|
#3 0x5594befed5c2 in __interceptor_getaddrinfo.part.0 (/test/UBASAN_MD101023-mariadb-11.3.0-linux-x86_64-opt/bin/mariadbd+0x7c1a5c2)
|
#4 0x5594bf09846b in activate_tcp_port /test/11.3_opt_san/sql/mysqld.cc:2370
|
#5 0x5594bf0ab3d9 in network_init /test/11.3_opt_san/sql/mysqld.cc:2692
|
#6 0x5594bf0ab3d9 in mysqld_main(int, char**) /test/11.3_opt_san/sql/mysqld.cc:5882
|
#7 0x146b62e87082 in __libc_start_main ../csu/libc-start.c:308
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /test/11.3_opt_san/sql/mysqld.cc:2376 in activate_tcp_port
|
When we assign extra-port value to greater than the maximum value, the server adjust the value to 4294967295 and crash the ASAN build.
[Warning] option 'extra_port': unsigned value 1125899906842624 adjusted to 4294967295
|