Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.11, 11.8
Description
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 |
rm -Rf data tmp |
mkdir tmp |
./scripts/mariadb-install-db --no-defaults --force --auth-root-authentication-method=normal --basedir=${PWD} --tmpdir=${PWD}/tmp --datadir=${PWD}/data |
Leads to:
CS 10.11.11 e81ed928ff57658d71be360813a87325fbda8e03 (Debug, UBASAN) |
/test/10.11_dbg_san/mysys/my_stack.c:60:30: runtime error: subtraction of unsigned offset from 0x154383601000 overflowed to 0x154383801000
|
#0 0x55debadf5c97 in my_get_stack_bounds /test/10.11_dbg_san/mysys/my_stack.c:60:30
|
#1 0x55deb4955b39 in THD::store_globals() /test/10.11_dbg_san/sql/sql_class.cc:2266:3
|
#2 0x55deb49b66a8 in thd_attach_thd(THD*) /test/10.11_dbg_san/sql/sql_class.cc:5129:8
|
#3 0x55deb9e243aa in acquire_thd(void**) /test/10.11_dbg_san/storage/innobase/srv/srv0srv.cc:1550:9
|
#4 0x55deb9e18fcc in purge_coordinator_callback(void*) /test/10.11_dbg_san/storage/innobase/srv/srv0srv.cc:1584:13
|
#5 0x55deba95d4e9 in tpool::task_group::execute(tpool::task*) /test/10.11_dbg_san/tpool/task_group.cc:70:9
|
#6 0x55deba95edd4 in tpool::task::execute() /test/10.11_dbg_san/tpool/task.cc:32:16
|
#7 0x55deba934c00 in tpool::thread_pool_generic::worker_main(tpool::worker_data*) /test/10.11_dbg_san/tpool/tpool_generic.cc:583:11
|
#8 0x55deba9501a6 in void std::__invoke_impl<void, void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*>(std::__invoke_memfun_deref, void (tpool::thread_pool_generic::*&&)(tpool::worker_data*), tpool::thread_pool_generic*&&, tpool::worker_data*&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/14/../../../../include/c++/14/bits/invoke.h:74:14
|
#9 0x55deba94fc25 in std::__invoke_result<void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*>::type std::__invoke<void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*>(void (tpool::thread_pool_generic::*&&)(tpool::worker_data*), tpool::thread_pool_generic*&&, tpool::worker_data*&&) /usr/bin/../lib/gcc/x86_64-linux-gnu/14/../../../../include/c++/14/bits/invoke.h:96:14
|
#10 0x55deba94faf4 in void std::thread::_Invoker<std::tuple<void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*>>::_M_invoke<0ul, 1ul, 2ul>(std::_Index_tuple<0ul, 1ul, 2ul>) /usr/bin/../lib/gcc/x86_64-linux-gnu/14/../../../../include/c++/14/bits/std_thread.h:292:13
|
#11 0x55deba94f8bf in std::thread::_Invoker<std::tuple<void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*>>::operator()() /usr/bin/../lib/gcc/x86_64-linux-gnu/14/../../../../include/c++/14/bits/std_thread.h:299:11
|
#12 0x55deba94ede7 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (tpool::thread_pool_generic::*)(tpool::worker_data*), tpool::thread_pool_generic*, tpool::worker_data*>>>::_M_run() /usr/bin/../lib/gcc/x86_64-linux-gnu/14/../../../../include/c++/14/bits/std_thread.h:244:13
|
#13 0x15439deeabb3 in execute_native_thread_routine /build/gcc-14-OQFzmN/gcc-14-14-20240412/build/x86_64-linux-gnu/libstdc++-v3/src/c++11/../../../../../src/libstdc++-v3/src/c++11/thread.cc:104:18
|
#14 0x55deb3fdd5ac in asan_thread_start(void*) asan_interceptors.cpp.o
|
#15 0x15439da9ca93 in start_thread nptl/pthread_create.c:447:8
|
#16 0x15439db29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
SUMMARY: UndefinedBehaviorSanitizer: pointer-overflow /test/10.11_dbg_san/mysys/my_stack.c:60:30
|
And:
CS 10.11.11 e81ed928ff57658d71be360813a87325fbda8e03 (Debug, UBASAN) |
/test/10.11_dbg_san/mysys/my_stack.c:79:28: runtime error: addition of unsigned offset to 0x7ffc4767b000 overflowed to 0x55dec10ca000
|
#0 0x55debadf5e71 in my_get_stack_bounds /test/10.11_dbg_san/mysys/my_stack.c:79:28
|
#1 0x55deb4955b39 in THD::store_globals() /test/10.11_dbg_san/sql/sql_class.cc:2266:3
|
#2 0x55deb4882740 in mysql_rm_tmp_tables() /test/10.11_dbg_san/sql/sql_base.cc:9423:8
|
#3 0x55deb4036153 in mysqld_main(int, char**) /test/10.11_dbg_san/sql/mysqld.cc:5948:7
|
#4 0x55deb40204a3 in main /test/10.11_dbg_san/sql/main.cc:34:10
|
#5 0x15439da2a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
|
#6 0x15439da2a28a in __libc_start_main csu/../csu/libc-start.c:360:3
|
#7 0x55deb3f44c74 in _start (/test/UBASAN_MD271124-mariadb-10.11.11-linux-x86_64-dbg/bin/mariadbd+0x4021c74) (BuildId: 5e8dece04fe64eae845a13648766a67a7887439d)
|
|
SUMMARY: UndefinedBehaviorSanitizer: pointer-overflow /test/10.11_dbg_san/mysys/my_stack.c:79:28
|
Observed using UBSAN with Clang and LLMV 18.1.3:
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev llvm-17-linker-tools # llvm-17-linker-tools installs /usr/lib/llvm-17/lib/LLVMgold.so, which is needed for compilation, and LLVMgold.so is no longer included in LLVM 18 |
sudo ln -s /usr/lib/llvm-17/lib/LLVMgold.so /usr/lib/llvm-18/lib/LLVMgold.so |
...
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 |
A global UBSAN supression filter for pointer-overflow:my_get_stack_bounds was added for this issue.