Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Fixed
-
10.11, 11.1(EOL), 11.2(EOL), 11.4, 11.5(EOL), 11.6(EOL)
Description
Starting the server with --extra-port=4294967295 Leads to:
|
11.2.5 a21e49cbcc5f4adb1a1b4970ceead6a85e968063 (Debug) |
Core was generated by `/test/MD190624-mariadb-11.2.5-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 vio_get_normalized_ip (src=0x140, src_length=3423726880, dst=dst@entry=0x7fff8b39dc10) at /test/11.2_dbg/vio/viosocket.c:675
|
[Current thread is 1 (LWP 2921621)]
|
(gdb) bt
|
#0 vio_get_normalized_ip (src=0x140, src_length=3423726880, dst=dst@entry=0x7fff8b39dc10) at /test/11.2_dbg/vio/viosocket.c:675
|
#1 0x0000564bc857a073 in vio_get_normalized_ip_string (addr=<optimized out>, addr_length=<optimized out>, ip_string=0x7fff8b39ddd0 "::", ip_string_size=46) at /test/11.2_dbg/vio/viosocket.c:749
|
#2 0x0000564bc7f5c2b3 in activate_tcp_port (port=4294967295, sockets=sockets@entry=0x564bc988fd80 <listen_sockets>, is_extra_port=is_extra_port@entry=true)at /test/11.2_dbg/sql/mysqld.cc:2389
|
#3 0x0000564bc7f632bd in network_init () at /test/11.2_dbg/sql/mysqld.cc:2704
|
#4 mysqld_main (argc=<optimized out>, argv=<optimized out>)at /test/11.2_dbg/sql/mysqld.cc:5949
|
#5 0x0000564bc7f54d16 in main (argc=<optimized out>, argv=<optimized out>)at /test/11.2_dbg/sql/main.cc:34
|
Bug confirmed present in:
MariaDB: 10.11.9 (dbg), 10.11.9 (opt), 11.1.6 (dbg), 11.1.6 (opt), 11.2.5 (dbg), 11.2.5 (opt), 11.4.3 (dbg), 11.4.3 (opt), 11.5.2 (dbg), 11.5.2 (opt), 11.6.0 (dbg), 11.6.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.5.26 (dbg), 10.5.26 (opt), 10.6.19 (dbg), 10.6.19 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.44 (dbg), 5.7.44 (opt), 8.0.36 (dbg), 8.0.36 (opt)
Attachments
Activity
Added https://github.com/MariaDB/server/pull/3352 to correct the handling of errors in 10.11.
https://github.com/MariaDB/server/pull/3350 is the 10.5 fix to restrict port number to valid values.
Both should be merged.
1) there is merge commit additionally to the main (we do not need empty merges)
2) there is no any tests (which is really inaceptable) there is possible to create test even only for debug version with imitation for the error.
i.e. the cmmit should be reworked.
Test case added to PR 3352 (against 10.11).
PR 3350 (against 10.5), restricting the port/extra-port values to valid numbers also requires review.
GitHub merge process eliminates empty merge commits.
The 10.11+ fault is:
Thread 1 "mariadbd" hit Breakpoint 1, activate_tcp_port (port=4294967295, sockets=<optimized out>, is_extra_port=true) at /home/dan/repos/mariadb-server-11.2/sql/mysqld.cc:23232323 MYSQL_SOCKET ip_sock= MYSQL_INVALID_SOCKET;(gdb) n2327 bzero(&hints, sizeof (hints));(gdb)2328 hints.ai_flags= AI_PASSIVE;(gdb)2329 hints.ai_socktype= SOCK_STREAM;(gdb)2332 if (my_bind_addr_str && strcmp(my_bind_addr_str, "*") == 0)(gdb)2337 my_snprintf(port_buf, NI_MAXSERV, "%d", port);(gdb)2379 error= getaddrinfo(real_bind_addr_str, port_buf, &hints, &ai);(gdb)2380 head= ai;Missing separate debuginfos, use: dnf debuginfo-install sssd-client-2.9.5-1.fc39.x86_64(gdb) p error$4 = -8(gdb) p *ai$5 = {ai_flags = 42888960, ai_family = 0, ai_socktype = 3, ai_protocol = 0, ai_addrlen = 40693584, ai_addr = 0x140, ai_canonname = 0x28ec960 "\001", ai_next = 0x140}When getaddrinfo returns and error, the ai structure (particularly ai->ai_addr is a pointer to outside our valid space), however we continue to process the data and not handle the the error. I'll add also an error handing PR to 10.11.