Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
11.5(EOL)
-
None
Description
Possibly related to MDEV-33563
Reproducible, needs a test case etc.
randgen 855ae6407fdb562bed0a5e7c92df8febe81eaa6c |
perl ./run.pl --compatibility=110599 --variator=FullOrderBy --duration=180 --mysqld=--max-statement-time=20 --mysqld=--lock-wait-timeout=10 --mysqld=--innodb-lock-wait-timeout=5 --threads=1 --mysqld=--mysql56_temporal_format=OFF --mysqld=--system_versioning_insert_history=ON --mysqld=--query-cache-type=2 --mysqld=--loose-log_slow_always_query_time=4 --mysqld=--explicit-defaults-for-timestamp=on --queries=1000000 --reporters=Backtrace,Deadlock,MemoryUsage,FeatureUsage --mysqld=--plugin-maturity=experimental --grammar=conf/yy/collect_eits.yy --grammar=conf/yy/all_selects.yy:0.0001 --scenario=Standard --filter=conf/ff/replication.ff --reporters=BinlogConsistency --mysqld=--log-bin --mysqld=--character-set-server=utf8mb4 --mysqld=--collation-server=utf8mb4_polish_ci --engine=MyISAM --mysqld=--default-storage-engine=MyISAM --gendata=advanced --gendata=simple --base-port=14000 --basedir=/data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan --vardir=/dev/shm/var3 --seed=1715190633
|
11.5 1e889a6e6c544d4279ae781b7e33543ba2ab12e7 |
==660218==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x63000002eba8 at pc 0x564c4028204d bp 0x7fff52f600d0 sp 0x7fff52f600c8
|
READ of size 1 at 0x63000002eba8 thread T0
|
#0 0x564c4028204c in table_def::calc_field_size(unsigned int, unsigned char*) const /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/sql/rpl_utility.cc:155
|
#1 0x564c402708c0 in Rows_log_event::calc_row_event_length(table_def*, st_bitmap*, unsigned char const*, Rows_log_event::Field_info*) /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/sql/log_event_client.cc:1421
|
#2 0x564c40270c44 in Rows_log_event::count_row_events(st_print_event_info*) /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/sql/log_event_client.cc:1489
|
#3 0x564c402723e9 in Log_event::print_base64(st_io_cache*, st_print_event_info*, bool) /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/sql/log_event_client.cc:1852
|
#4 0x564c4027a1cb in Rows_log_event::print_helper(_IO_FILE*, st_print_event_info*, char const*) /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/sql/log_event_client.cc:2946
|
#5 0x564c4027eb2d in Write_rows_log_event::print(_IO_FILE*, st_print_event_info*) /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/sql/log_event_client.cc:3582
|
#6 0x564c4022796f in print_base64 /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/client/mysqlbinlog.cc:704
|
#7 0x564c40227c83 in print_row_event /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/client/mysqlbinlog.cc:792
|
#8 0x564c402297f9 in process_event(st_print_event_info*, Log_event*, unsigned long long, char const*) /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/client/mysqlbinlog.cc:1337
|
#9 0x564c402302f5 in dump_local_log_entries /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/client/mysqlbinlog.cc:3180
|
#10 0x564c4022cbea in dump_log_entries /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/client/mysqlbinlog.cc:2428
|
#11 0x564c40230c03 in main /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/client/mysqlbinlog.cc:3350
|
#12 0x7f6c480461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
#13 0x7f6c48046284 in __libc_start_main_impl ../csu/libc-start.c:360
|
#14 0x564c40225250 in _start (/mnt8t/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/client/mariadb-binlog+0xce250)
|
|
0x63000002eba8 is located 0 bytes to the right of 59304-byte region [0x630000020400,0x63000002eba8)
|
allocated by thread T0 here:
|
#0 0x7f6c488b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
|
#1 0x564c40390344 in my_malloc /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/mysys/my_malloc.c:93
|
#2 0x564c402647eb in Rows_log_event::Rows_log_event(unsigned char const*, unsigned int, Format_description_log_event const*) /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/sql/log_event.cc:3176
|
#3 0x564c40268e73 in Write_rows_log_event::Write_rows_log_event(unsigned char const*, unsigned int, Format_description_log_event const*) /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/sql/log_event.cc:3746
|
#4 0x564c40272209 in Log_event::print_base64(st_io_cache*, st_print_event_info*, bool) /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/sql/log_event_client.cc:1776
|
#5 0x564c4027a1cb in Rows_log_event::print_helper(_IO_FILE*, st_print_event_info*, char const*) /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/sql/log_event_client.cc:2946
|
#6 0x564c4027eb2d in Write_rows_log_event::print(_IO_FILE*, st_print_event_info*) /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/sql/log_event_client.cc:3582
|
#7 0x564c4022796f in print_base64 /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/client/mysqlbinlog.cc:704
|
#8 0x564c40227c83 in print_row_event /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/client/mysqlbinlog.cc:792
|
#9 0x564c402297f9 in process_event(st_print_event_info*, Log_event*, unsigned long long, char const*) /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/client/mysqlbinlog.cc:1337
|
#10 0x564c402302f5 in dump_local_log_entries /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/client/mysqlbinlog.cc:3180
|
#11 0x564c4022cbea in dump_log_entries /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/client/mysqlbinlog.cc:2428
|
#12 0x564c40230c03 in main /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/client/mysqlbinlog.cc:3350
|
#13 0x7f6c480461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
|
SUMMARY: AddressSanitizer: heap-buffer-overflow /data/bld/bb-11.5-MDEV-9101-max-tmp-space-used-baseline-asan/sql/rpl_utility.cc:155 in table_def::calc_field_size(unsigned int, unsigned char*) const
|
Shadow bytes around the buggy address:
|
0x0c607fffdd20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c607fffdd30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c607fffdd40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c607fffdd50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c607fffdd60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x0c607fffdd70: 00 00 00 00 00[fa]fa fa fa fa fa fa fa fa fa fa
|
0x0c607fffdd80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c607fffdd90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c607fffdda0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c607fffddb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c607fffddc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|