Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.5, 10.6, 10.11, 11.1(EOL), 11.2(EOL), 11.4, 11.6(EOL), 11.7(EOL)
-
gcc 13/gcc 14
Description
Reproduce
export UBSAN_OPTIONS=print_stacktrace=1 |
export ASAN_OPTIONS=quarantine_size_mb=512:atexit=0:detect_invalid_pointer_pairs=3:dump_instruction_bytes=1:abort_on_error=1:allocator_may_return_null=1 |
mariadbd --version
|
Result
|
11.1.7 3e3a326108ab0ec74a02fd1c63430b7373faf51f (Debug, UBASAN) |
/test/11.1_dbg_san/sql/sys_vars.inl:527:14: runtime error: load of address 0x55c73e66df80 with insufficient space for an object of type 'uchar'
|
0x55c73e66df80: note: pointer points here
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
^
|
#0 0x55c7313b4b42 in Sys_var_charptr_base::cleanup() /test/11.1_dbg_san/sql/sys_vars.inl:527
|
#1 0x55c7303b3830 in sys_var_end() /test/11.1_dbg_san/sql/set_var.cc:113
|
#2 0x55c7301961e5 in clean_up /test/11.1_dbg_san/sql/mysqld.cc:2072
|
#3 0x55c7301ba3a3 in mysqld_main(int, char**) /test/11.1_dbg_san/sql/mysqld.cc:6142
|
#4 0x55c73018fdcc in main /test/11.1_dbg_san/sql/main.cc:34
|
#5 0x14a17842a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
#6 0x14a17842a28a in __libc_start_main_impl ../csu/libc-start.c:360
|
#7 0x55c730083824 in _start (/test/UBASAN_MD190824-mariadb-11.1.7-linux-x86_64-dbg/bin/mariadbd+0x7a57824) (BuildId: 8e2791b295ca8f9bb9b533507d556457fb12c0d4)
|
|
|
/test/11.1_dbg_san/sql/sys_vars.inl:528:25: runtime error: store to address 0x55c73e66df80 with insufficient space for an object of type 'uchar'
|
0x55c73e66df80: note: pointer points here
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
^
|
#0 0x55c7313b4bd8 in Sys_var_charptr_base::cleanup() /test/11.1_dbg_san/sql/sys_vars.inl:528
|
#1 0x55c7303b3830 in sys_var_end() /test/11.1_dbg_san/sql/set_var.cc:113
|
#2 0x55c7301961e5 in clean_up /test/11.1_dbg_san/sql/mysqld.cc:2072
|
#3 0x55c7301ba3a3 in mysqld_main(int, char**) /test/11.1_dbg_san/sql/mysqld.cc:6142
|
#4 0x55c73018fdcc in main /test/11.1_dbg_san/sql/main.cc:34
|
#5 0x14a17842a1c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
#6 0x14a17842a28a in __libc_start_main_impl ../csu/libc-start.c:360
|
#7 0x55c730083824 in _start (/test/UBASAN_MD190824-mariadb-11.1.7-linux-x86_64-dbg/bin/mariadbd+0x7a57824) (BuildId: 8e2791b295ca8f9bb9b533507d556457fb12c0d4)
|
Currently present in 10.5-11.1
Attachments
Issue Links
- relates to
-
MDEV-25454 Make MariaDB server UBSAN safe
-
- Confirmed
-
-
-
- Closed
-
Activity
nikitamalyavin and midenok, to me it looks like the code around global_system_variables might breaking some strict-aliasing rules. I am concerned about any approach to suppress any -fsanitize=undefined checks, because there rarely (if ever) are any false positives, but many false negatives such as in this case.
I think that we had better start testing with the recently released clang -fsanitize=type (D32199) and fix MDEV-20277.
marko It's true, and MariaDB code counts on disabled strict aliasing widely. Also we couldn't find a better solution, than just disabling UBSAN for global_var_ptr()/session_var_ptr(). I tried to solve that with unions, but still been receiving UBSAN+ASAN failures. If you have something in mind, please share.
Thank you. I don’t have anything else in mind than considering MDEV-20277 once again. I do not know how extensive changes it would require and what kind of performance improvements we could expect from removing -fno-strict-aliasing.
Please review bb-10.5-midenok