Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-3766

LP:956079 - Potential NULL pointer dereference in pagecache_fwrite

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • None
    • None

    Description

      Inside pagecache_fwrite() , in ma_pagecache.c, if my_pwrite() fails, the error handling callback function is called via function pointer.

      the code in question is

      if (my_pwrite(filedesc->file, buffer, pagecache->block_size,
      ((my_off_t) pageno << pagecache->shift), flags))

      { (*filedesc->write_fail)(filedesc->callback_data); DBUG_RETURN(1); }

      the problem is that *filedesc->write_fail can be NULL, which means failing my_pwrite() will cause a crash by dereferencing NULL pointer.

      To reproduce,

      1. add line
      DBUG_ASSERT(*filedesc->write_fail);
      prior to code in question.

      2. Compile with DBUG, run
      perl mysql-test-run.pl --suite=maria

      3. Observe a crash . Here is for example what I get in 5.1

      0028B9C3 mysqld.exe!my_sigabrt_handler()[mysqld.cc:2188]
      00258DA9 mysqld.exe!raise()[winsig.c:586]
      0025D4D6 mysqld.exe!abort()[abort.c:74]
      008586A7 mysqld.exe!_wassert()[assert.c:336]
      006351E1 mysqld.exe!pagecache_fwrite()[ma_pagecache.c:666]
      0063B93D mysqld.exe!flush_cached_blocks()[ma_pagecache.c:4370]
      0063B1E1 mysqld.exe!flush_pagecache_blocks_int()[ma_pagecache.c:4660]
      0063AAC7 mysqld.exe!flush_pagecache_blocks_with_filter()[ma_pagecache.c:4780]

      0063CC23 mysqld.exe!_ma_once_end_block_record()[ma_blockrec.c:451]
      005F9133 mysqld.exe!maria_close()[ma_close.c:81]
      005D1A89 mysqld.exe!ha_maria::close()[ha_maria.cc:1018]
      0040847A mysqld.exe!closefrm()[table.cc:2013]
      00369C11 mysqld.exe!intern_close_table()[sql_base.cc:793]

      Attachments

        Activity

          People

            sanja Oleksandr Byelkin
            wlad Vladislav Vaintroub
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.