Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-33659

Server crashed at Create_func_aes_decrypt::create_native

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Fixed
    • 11.2, 11.4, 11.3.2, 11.4.1, 11.3(EOL)
    • 11.2.4, 11.4.2
    • Encryption
    • None
    • Ubuntu 20.04 x86-64, docker image mariadb:11.4-rc

    Description

      PoC:

      SELECT AES_DECRYPT ( );
      

      Docker container log:

      Server version: 11.4.1-MariaDB-1:11.4.1+maria~ubu2204 source revision: fa69b085b10f19a3a8b6e7adab27c104924333ae
      key_buffer_size=134217728
      read_buffer_size=131072
      max_used_connections=1
      max_threads=153
      thread_count=1
      It is possible that mysqld could use up to 
      key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468064 K  bytes of memory
      Hope that's ok; if not, decrease some variables in the equation.
       
      Thread pointer: 0x7fd978000c68
      Attempting backtrace. You can use the following information to find out
      where mysqld died. If you see no messages after this, something went
      terribly wrong...
      stack_bottom = 0x7fd9a81bec38 thread_stack 0x49000
      Printing to addr2line failed
      mariadbd(my_print_stacktrace+0x32)[0x55d4b723e4f2]
      mariadbd(handle_fatal_signal+0x478)[0x55d4b6d0e1e8]
      /lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7fd9bd610520]
      mariadbd(_ZN23Create_func_aes_decrypt13create_nativeEP3THDPK25st_mysql_const_lex_stringP4ListI4ItemE+0x22)[0x55d4b6d742d2]
      mariadbd(_Z10MYSQLparseP3THD+0x8130)[0x55d4b6c9d7d0]
      mariadbd(_Z9parse_sqlP3THDP12Parser_stateP19Object_creation_ctxb+0xdd)[0x55d4b6a86e7d]
      mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0xe7)[0x55d4b6a8c917]
      mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x14cd)[0x55d4b6a8f20d]
      mariadbd(_Z10do_commandP3THDb+0x138)[0x55d4b6a91118]
      mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x3bf)[0x55d4b6bbdf6f]
      mariadbd(handle_one_connection+0x5d)[0x55d4b6bbe2bd]
      mariadbd(+0xd10af6)[0x55d4b6f40af6]
      /lib/x86_64-linux-gnu/libc.so.6(+0x94ac3)[0x7fd9bd662ac3]
      /lib/x86_64-linux-gnu/libc.so.6(clone+0x44)[0x7fd9bd6f3a04]
       
      Trying to get some variables.
      Some pointers may be invalid and cause the dump to abort.
      Query (0x7fd978012fa0): SELECT AES_DECRYPT ( )
       
      Connection ID (thread ID): 3
      Status: NOT_KILLED
       
      Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=off,sargable_casefold=on
      

      Attachments

        Issue Links

          Activity

            People

              TheLinuxJedi Andrew Hutchings
              fuboat Jingzhou Fu
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.