Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.0.7, 10.0.8
-
None
-
None
-
Wheezy amd64
Description
If I run mysqld with the following command line
sql/mysqld --defaults-file=/scratch/db/maria-container/maria-test.my.cnf --datadir=/scratch/db/maria-container/maria-test/data --lc-messages-dir=/scratch/develop/maria/bzr/maria-oqgraph-maintenance/build/sql/share --plugin-dir=`pwd`/storage/oqgraph -#d,oq-debug,info
|
and I have a misconfigured entry for pid-file in my defaults file, such that the path is unwritable, I get a segfault when mysqld attempts to report the fact
Program received signal SIGSEGV, Segmentation fault.
|
[Switching to Thread 0x7ffff7fd3700 (LWP 7842)]
|
mysql_audit_general (error_code=error_code@entry=1,
|
msg=msg@entry=0x7ffff7fd28f0 "Can't create/write to file '/home/maria/test/mysqld.pid' (Errcode: 2 \"No such file or directory\")", event_subtype=1, thd=
|
0x0) at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/sql/sql_audit.h:150
|
150 thd->db, thd->db_length);
|
(gdb) bt
|
#0 mysql_audit_general (error_code=error_code@entry=1,
|
msg=msg@entry=0x7ffff7fd28f0 "Can't create/write to file '/home/maria/test/mysqld.pid' (Errcode: 2 \"No such file or directory\")", event_subtype=1,
|
thd=0x0) at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/sql/sql_audit.h:150
|
#1 0x000000000054ab83 in my_message_sql (error=1,
|
str=0x7ffff7fd28f0 "Can't create/write to file '/home/maria/test/mysqld.pid' (Errcode: 2 \"No such file or directory\")", MyFlags=36)
|
at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/sql/mysqld.cc:3418
|
#2 0x0000000000b17a6b in my_error (nr=nr@entry=1, MyFlags=MyFlags@entry=36) at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/mysys/my_error.c:125
|
#3 0x0000000000b1d50d in my_register_filename (fd=fd@entry=-1, FileName=FileName@entry=0x136a440 "/home/maria/test/mysqld.pid",
|
type_of_file=type_of_file@entry=FILE_BY_CREATE, error_message_number=error_message_number@entry=1, MyFlags=MyFlags@entry=16)
|
at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/mysys/my_open.c:159
|
#4 0x0000000000b1779f in my_create (FileName=0x136a440 "/home/maria/test/mysqld.pid", CreateFlags=<optimized out>, access_flags=<optimized out>, MyFlags=16)
|
at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/mysys/my_create.c:57
|
#5 0x000000000054a5ca in inline_mysql_file_create (key=<optimized out>, src_line=src_line@entry=9218,
|
filename=filename@entry=0x136a440 "/home/maria/test/mysqld.pid", create_flags=create_flags@entry=436, access_flags=access_flags@entry=513,
|
myFlags=myFlags@entry=16, src_file=0xbac1c8 "/scratch/develop/maria/bzr/maria-oqgraph-maintenance/sql/mysqld.cc")
|
at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/include/mysql/psi/mysql_file.h:1001
|
#6 0x000000000054af0e in create_pid_file () at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/sql/mysqld.cc:9217
|
#7 signal_hand (arg=arg@entry=0x0) at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/sql/mysqld.cc:3265
|
#8 0x00000000008e9740 in pfs_spawn_thread (arg=0x7fffe1fff2e8) at /scratch/develop/maria/bzr/maria-oqgraph-maintenance/storage/perfschema/pfs.cc:1853
|
#9 0x00007ffff7bc7b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
|
#10 0x00007ffff6918a7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
|
#11 0x0000000000000000 in ?? ()
|
Attachments
Activity
If I attempt to fix this by not dereferencing and instead passing NULL for thd->db and 0 for thd->length, this simply cascades the crash to inside of mysql_audit_notify. Additionally no dereferencing in there fixes the problem.
This patch fixes the problem:
=== modified file 'sql/sql_audit.cc'
|
--- sql/sql_audit.cc 2013-12-16 12:02:21 +0000
|
+++ sql/sql_audit.cc 2014-02-08 12:27:53 +0000
|
@@ -84,7 +84,7 @@
|
event.general_rows= (unsigned long long) va_arg(ap, ha_rows);
|
event.database= va_arg(ap, const char *);
|
event.database_length= va_arg(ap, unsigned int);
|
- event.query_id= (unsigned long long) thd->query_id;
|
+ event.query_id= (unsigned long long) thd ? thd->query_id : -1;
|
event_class_dispatch(thd, MYSQL_AUDIT_GENERAL_CLASS, &event);
|
}
|
|
|
|
=== modified file 'sql/sql_audit.h'
|
--- sql/sql_audit.h 2013-12-16 12:02:21 +0000
|
+++ sql/sql_audit.h 2014-02-08 12:24:55 +0000
|
@@ -147,7 +147,7 @@
|
mysql_audit_notify(thd, MYSQL_AUDIT_GENERAL_CLASS, event_subtype,
|
error_code, time, user, userlen, msg, msglen,
|
query.str(), query.length(), query.charset(), rows,
|
- thd->db, thd->db_length);
|
+ thd ? thd->db : NULL, thd ? thd->db_length : 0);
|
}
|
}
|
Expected output after patch:
140208 22:58:21 [ERROR] mysqld: Can't create/write to file '/home/maria/test/mysqld.pid' (Errcode: 2 "No such file or directory")
|
140208 22:58:21 [ERROR] Can't start server: can't create PID file: No such file or directory
|
I have pushed this to my branch https://code.launchpad.net/~andymc73/maria/oqgraph-maintenance as a single commit, revision 3969, I dont know how to propose a single commit for merging in launchpad though?
Yes, 5.5 is affected.
Fix:
http://lists.askmonty.org/pipermail/commits/2014-February/005952.html
pushed into 5.5
The segfault appears to be because thd is NULL. Looking at sql/sql_audit.h, I can see a check for thd being NULL, so this is accounted for, but then a derefence attempt is still made in the call to mysql_audit_notify, which causes the crash
if (thd){query= thd->query_string;user= user_buff;userlen= make_user_name(thd, user_buff);rows= thd->get_stmt_da()->current_row_for_warning();}else{user= 0;userlen= 0;rows= 0;}mysql_audit_notify(thd, MYSQL_AUDIT_GENERAL_CLASS, event_subtype,error_code, time, user, userlen, msg, msglen,query.str(), query.length(), query.charset(), rows,thd->db, thd->db_length);