Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-9568

mysqlcheck crashes with nonexistent table name

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 5.5.43, 5.5.48, 10.0.23, 10.1.9, 10.1.11
    • 5.5.49, 10.0.25, 10.1.13
    • Scripts & Clients
    • None
    • Debian 8 (amd64)
    • 10.1.13

    Description

      Running mysqlcheck (or mysqlanalyze / mysqloptimize / mysqlrepair) with a database name and the name of a nonexistent table leads to a crash:

      $ mysqlcheck test doesntexist
      		 
      Failed to SHOW CREATE TABLE `doesntexist`
      		 
      Error: Table 'test.doesntexist' doesn't exist
      		 
      *** Error in `mysqlcheck': free(): invalid pointer: 0x00007ffff23b0348 ***
      		 
      Aborted

      GDB session on current git HEAD:

      Reading symbols from client/mysqlcheck...done.
      		 
      (gdb) run
      		 
      Starting program: /tmp/server/build/client/mysqlcheck test doesntexist
      		 
      [Thread debugging using libthread_db enabled] 
      Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".Failed to SHOW CREATE TABLE `doesntexist`
      		 
      Error: Table 'test.doesntexist' doesn't exist
      		 
      *** Error in `/tmp/server/build/client/mysqlcheck': free(): invalid pointer: 0x00007fffffffdef8 ***
      		 
       
      		 
       
      		 
      Program received signal SIGABRT, Aborted.
      		 
      0x00007ffff6e23067 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
      		 
      56      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
      		 
      (gdb) bt 
      #0  0x00007ffff6e23067 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
      		 
      #1  0x00007ffff6e24448 in __GI_abort () at abort.c:89
      		 
      #2  0x00007ffff6e611b4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff6f56820 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
      		 
      #3  0x00007ffff6e6698e in malloc_printerr (action=1, str=0x7ffff6f528de "free(): invalid pointer", ptr=<optimized out>) at malloc.c:4996
      		 
      #4  0x00007ffff6e67696 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
      		 
      #5  0x00005555555760af in is_view (table=<optimized out>) at /tmp/server/client/mysqlcheck.c:526
      		 
      #6  0x00005555555758e7 in process_selected_tables (tables=<optimized out>, table_names=0x555555b08208, db=<optimized out>) at /tmp/server/client/mysqlcheck.c:589
      		 
      #7  main (argc=2, argv=0x555555b08200) at /tmp/server/client/mysqlcheck.c:1207
      		 
      (gdb) frame 5
      		 
      #5  0x00005555555760af in is_view (table=<optimized out>) at /tmp/lol/server/client/mysqlcheck.c:526
      		 
      (gdb) p query
      		 
      $1 = "SHOW CREATE TABLE `doesntexist`\000\227\371\260UUU\000\000\332\371\260UUU\000\000y\201\260UUU\000\000\313\025XUUU\000\000\000\000\000\000\000\000\000\000\b\203\260UUU\000\000-!`UUU\000\000\257\371\260UUU\000
      		 
      \000\352\f\000\000\034\000\000\000\020\346\257UUU\000\000\t\000\000\000\000\000\000\000 \000\000\000\025\000\000\000\020\377\273\367\377\177\000\000\250\025\274\367\377\177\000\000\300\340\377\377\377\177\000\000\
      		 
      036s#\003\000\000\000\000\260\340\377\377\377\177\000\000\260UUU", '\000' <repeats 18 times>, "\001\000/var/ru"...

      The my_free(query); call in server/client/mysqlcheck.c:526 fails since commit 6f17e233 when query was moved to the stack. With the attached patch, the crash does not occur anymore.

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          hsc Horst Schirmeier created issue -
          hsc Horst Schirmeier made changes -
          Field Original Value New Value
          Description Running mysqlcheck (or mysqlanalyze / mysqloptimize / mysqlrepair) with a database name and the name of a nonexistent table leads to a crash:
          {noformat}
          $ mysqlcheck test doesntexist
          Failed to SHOW CREATE TABLE `doesntexist`
          Error: Table 'test.doesntexist' doesn't exist
          *** Error in `mysqlcheck': free(): invalid pointer: 0x00007ffff23b0348 ***
          Aborted
          {noformat}

          GDB session on current git HEAD
          {noformat}
          Reading symbols from client/mysqlcheck...done.
          (gdb) run
          Starting program: /tmp/server/build/client/mysqlcheck test doesntexist
          [Thread debugging using libthread_db enabled]
          Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".Failed to SHOW CREATE TABLE `doesntexist`
          Error: Table 'test.doesntexist' doesn't exist
          *** Error in `/tmp/server/build/client/mysqlcheck': free(): invalid pointer: 0x00007fffffffdef8 ***


          Program received signal SIGABRT, Aborted.
          0x00007ffff6e23067 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
          56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
          (gdb) bt
          #0 0x00007ffff6e23067 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
          #1 0x00007ffff6e24448 in __GI_abort () at abort.c:89
          #2 0x00007ffff6e611b4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff6f56820 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
          #3 0x00007ffff6e6698e in malloc_printerr (action=1, str=0x7ffff6f528de "free(): invalid pointer", ptr=<optimized out>) at malloc.c:4996
          #4 0x00007ffff6e67696 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
          #5 0x00005555555760af in is_view (table=<optimized out>) at /tmp/server/client/mysqlcheck.c:526
          #6 0x00005555555758e7 in process_selected_tables (tables=<optimized out>, table_names=0x555555b08208, db=<optimized out>) at /tmp/server/client/mysqlcheck.c:589
          #7 main (argc=2, argv=0x555555b08200) at /tmp/server/client/mysqlcheck.c:1207
          (gdb) frame 5
          #5 0x00005555555760af in is_view (table=<optimized out>) at /tmp/lol/server/client/mysqlcheck.c:526
          (gdb) p query
          $1 = "SHOW CREATE TABLE `doesntexist`\000\227\371\260UUU\000\000\332\371\260UUU\000\000y\201\260UUU\000\000\313\025XUUU\000\000\000\000\000\000\000\000\000\000\b\203\260UUU\000\000-!`UUU\000\000\257\371\260UUU\000
          \000\352\f\000\000\034\000\000\000\020\346\257UUU\000\000\t\000\000\000\000\000\000\000 \000\000\000\025\000\000\000\020\377\273\367\377\177\000\000\250\025\274\367\377\177\000\000\300\340\377\377\377\177\000\000\
          036s#\003\000\000\000\000\260\340\377\377\377\177\000\000\260UUU", '\000' <repeats 18 times>, "\001\000/var/ru"...
          {noformat}

          The {{my_free(query);}} call in server/client/mysqlcheck.c:526 fails since commit 6f17e233 when {{query}} was moved to the stack. With the attached patch, the crash does not occur anymore.           		Running mysqlcheck (or mysqlanalyze / mysqloptimize / mysqlrepair) with a database name and the name of a nonexistent table leads to a crash:
          {noformat}
          $ mysqlcheck test doesntexist
          Failed to SHOW CREATE TABLE `doesntexist`
          Error: Table 'test.doesntexist' doesn't exist
          *** Error in `mysqlcheck': free(): invalid pointer: 0x00007ffff23b0348 ***
          Aborted
          {noformat}

          GDB session on current git HEAD:
          {noformat}
          Reading symbols from client/mysqlcheck...done.
          (gdb) run
          Starting program: /tmp/server/build/client/mysqlcheck test doesntexist
          [Thread debugging using libthread_db enabled]
          Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".Failed to SHOW CREATE TABLE `doesntexist`
          Error: Table 'test.doesntexist' doesn't exist
          *** Error in `/tmp/server/build/client/mysqlcheck': free(): invalid pointer: 0x00007fffffffdef8 ***


          Program received signal SIGABRT, Aborted.
          0x00007ffff6e23067 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
          56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
          (gdb) bt
          #0 0x00007ffff6e23067 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
          #1 0x00007ffff6e24448 in __GI_abort () at abort.c:89
          #2 0x00007ffff6e611b4 in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff6f56820 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
          #3 0x00007ffff6e6698e in malloc_printerr (action=1, str=0x7ffff6f528de "free(): invalid pointer", ptr=<optimized out>) at malloc.c:4996
          #4 0x00007ffff6e67696 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
          #5 0x00005555555760af in is_view (table=<optimized out>) at /tmp/server/client/mysqlcheck.c:526
          #6 0x00005555555758e7 in process_selected_tables (tables=<optimized out>, table_names=0x555555b08208, db=<optimized out>) at /tmp/server/client/mysqlcheck.c:589
          #7 main (argc=2, argv=0x555555b08200) at /tmp/server/client/mysqlcheck.c:1207
          (gdb) frame 5
          #5 0x00005555555760af in is_view (table=<optimized out>) at /tmp/lol/server/client/mysqlcheck.c:526
          (gdb) p query
          $1 = "SHOW CREATE TABLE `doesntexist`\000\227\371\260UUU\000\000\332\371\260UUU\000\000y\201\260UUU\000\000\313\025XUUU\000\000\000\000\000\000\000\000\000\000\b\203\260UUU\000\000-!`UUU\000\000\257\371\260UUU\000
          \000\352\f\000\000\034\000\000\000\020\346\257UUU\000\000\t\000\000\000\000\000\000\000 \000\000\000\025\000\000\000\020\377\273\367\377\177\000\000\250\025\274\367\377\177\000\000\300\340\377\377\377\177\000\000\
          036s#\003\000\000\000\000\260\340\377\377\377\177\000\000\260UUU", '\000' <repeats 18 times>, "\001\000/var/ru"...
          {noformat}

          The {{my_free(query);}} call in server/client/mysqlcheck.c:526 fails since commit 6f17e233 when {{query}} was moved to the stack. With the attached patch, the crash does not occur anymore.
          hsc Horst Schirmeier made changes -
          Affects Version/s 10.0.23 [ 20401 ]
          Affects Version/s 5.5.48 [ 21000 ]
          Affects Version/s 5.5.43 [ 18601 ]
          elenst Elena Stepanova made changes -
          Status Open [ 1 ] Confirmed [ 10101 ]
          elenst Elena Stepanova added a comment -

          Thanks for the report.

          The problem appeared in 5.5 tree with this commit:

          commit 6f17e233bf7f4de20dda8fb31f63aa52452c4e0a
          		 
          Author: Sergei Golubchik <serg@mariadb.org>
          		 
          Date:   Tue Apr 28 21:24:32 2015 +0200
          		 
           
          		 
              post-merge fixes

          elenst Elena Stepanova added a comment - Thanks for the report. The problem appeared in 5.5 tree with this commit: commit 6f17e233bf7f4de20dda8fb31f63aa52452c4e0a Author: Sergei Golubchik <serg@mariadb.org> Date: Tue Apr 28 21:24:32 2015 +0200   post-merge fixes
          elenst Elena Stepanova made changes -
          Fix Version/s 5.5 [ 15800 ]
          Fix Version/s 10.0 [ 16000 ]
          Fix Version/s 10.1 [ 16100 ]
          Assignee Sergei Golubchik [ serg ]
          serg Sergei Golubchik made changes -
          Priority Minor [ 4 ] Major [ 3 ]
          serg Sergei Golubchik made changes -
          Sprint 10.1.13 [ 42 ]
          serg Sergei Golubchik made changes -
          Status Confirmed [ 10101 ] In Progress [ 3 ]
          serg Sergei Golubchik made changes -
          Status In Progress [ 3 ] Stalled [ 10000 ]
          serg Sergei Golubchik made changes -
          Fix Version/s 5.5.49 [ 21600 ]
          Fix Version/s 10.0.25 [ 21701 ]
          Fix Version/s 10.1.13 [ 21803 ]
          Fix Version/s 5.5 [ 15800 ]
          Fix Version/s 10.0 [ 16000 ]
          Fix Version/s 10.1 [ 16100 ]
          Resolution Fixed [ 1 ]
          Status Stalled [ 10000 ] Closed [ 6 ]
          serg Sergei Golubchik made changes -
          Workflow MariaDB v3 [ 73967 ] MariaDB v4 [ 150110 ]

          People

            serg Sergei Golubchik
            hsc Horst Schirmeier
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.