[ODBC-389] alloc-dealloc-mismatch in MADB_DbcFree - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 3.2.0
Fix Version/s: 3.2.1
Component/s: General
Labels:
None

Description

Reported by ASAN when used by MaxScale. Here's the relevant parts of the ASAN report:

==232127==ERROR: AddressSanitizer: alloc-dealloc-mismatch (operator new vs free) on 0x618000060080

2023-04-26 16:34:03   info   : Accept authentication from 'admin', using password. Request: /v1/sql/d445c898-631d-436a-b565-f6982359e47f/queries/d445c898-631d-436a-b565-f6982359e47f.1/

    #0 0x7fb9009937e0 in __interceptor_free (/lib64/libasan.so.5+0xef7e0)

    #1 0x7fb8eddba633 in MADB_DbcFree(MADB_Dbc*) /home/buildbot/src/driver/ma_connection.cpp:563

    #2 0x7fb8eddb4609 in MA_SQLFreeHandle(short, void*) /home/buildbot/src/driver/ma_api_internal.cpp:963

    #3 0x7fb8fec3db03  (/lib64/libodbc.so.2+0xfb03)

    #4 0x7fb8fec4174c in SQLDisconnect (/lib64/libodbc.so.2+0x1374c)

0x618000060080 is located 0 bytes inside of 856-byte region [0x618000060080,0x6180000603d8)

allocated by thread T9 here:

    #0 0x7fb9009957b0 in operator new(unsigned long) (/lib64/libasan.so.5+0xf17b0)

    #1 0x7fb8eddbc638 in MADB_DbcInit(st_ma_odbc_environment*) /home/buildbot/src/driver/ma_connection.cpp:2381

Attachments

Activity

Ascending order - Click to sort in descending order

markus makela created issue - 2023-04-27 08:09

markus makela made changes - 2023-04-27 08:09

Field	Original Value	New Value
Description	Reported by ASAN when used by MaxScale: {code} ==232127==ERROR: AddressSanitizer: alloc-dealloc-mismatch (operator new vs free) on 0x618000060080 2023-04-26 16:34:03 info : Accept authentication from 'admin', using password. Request: /v1/sql/d445c898-631d-436a-b565-f6982359e47f/queries/d445c898-631d-436a-b565-f6982359e47f.1/ #0 0x7fb9009937e0 in __interceptor_free (/lib64/libasan.so.5+0xef7e0) #1 0x7fb8eddba633 in MADB_DbcFree(MADB_Dbc) /home/buildbot/src/driver/ma_connection.cpp:563 #2 0x7fb8eddb4609 in MA_SQLFreeHandle(short, void) /home/buildbot/src/driver/ma_api_internal.cpp:963 #3 0x7fb8fec3db03 (/lib64/libodbc.so.2+0xfb03) #4 0x7fb8fec4174c in SQLDisconnect (/lib64/libodbc.so.2+0x1374c) #5 0x7fb9000caf1f in maxsql::ODBCImp::~ODBCImp() /home/timofey_turenko_mariadb_com/MaxScale/maxutils/maxsql/src/odbc.cc:722 #6 0x7fb9000cb009 in maxsql::ODBCImp::~ODBCImp() /home/timofey_turenko_mariadb_com/MaxScale/maxutils/maxsql/src/odbc.cc:730 #7 0x7fb9000deab2 in std::default_delete<maxsql::ODBCImp>::operator()(maxsql::ODBCImp) const /usr/include/c++/8/bits/unique_ptr.h:81 #8 0x7fb9000d999c in std::unique_ptr<maxsql::ODBCImp, std::default_delete<maxsql::ODBCImp> >::~unique_ptr() /usr/include/c++/8/bits/unique_ptr.h:277 #9 0x7fb9000d336d in maxsql::ODBC::~ODBC() /home/timofey_turenko_mariadb_com/MaxScale/maxutils/maxsql/src/odbc.cc:1424 #10 0x7fb8ffea0c09 in std::pair<maxsql::ODBC, maxsql::ODBC>::~pair() /usr/include/c++/8/bits/stl_pair.h:208 #11 0x7fb8ffeb83c7 in void std::_Destroy<std::pair<maxsql::ODBC, maxsql::ODBC> >(std::pair<maxsql::ODBC, maxsql::ODBC>) /usr/include/c++/8/bits/stl_construct.h:98 #12 0x7fb8ffeb702e in void std::_Destroy_aux<false>::__destroy<std::pair<maxsql::ODBC, maxsql::ODBC>>(std::pair<maxsql::ODBC, maxsql::ODBC>, std::pair<maxsql::ODBC, maxsql::ODBC>) /usr/include/c++/8/bits/stl_construct.h:108 #13 0x7fb8ffeb5205 in void std::_Destroy<std::pair<maxsql::ODBC, maxsql::ODBC>>(std::pair<maxsql::ODBC, maxsql::ODBC>, std::pair<maxsql::ODBC, maxsql::ODBC>) /usr/include/c++/8/bits/stl_construct.h:137 #14 0x7fb8ffeb1a42 in void std::_Destroy<std::pair<maxsql::ODBC, maxsql::ODBC>, std::pair<maxsql::ODBC, maxsql::ODBC> >(std::pair<maxsql::ODBC, maxsql::ODBC>, std::pair<maxsql::ODBC, maxsql::ODBC>, std::allocator<std::pair<maxsql::ODBC, maxsql::ODBC> >&) /usr/include/c++/8/bits/stl_construct.h:206 #15 0x7fb8ffeae305 in std::vector<std::pair<maxsql::ODBC, maxsql::ODBC>, std::allocator<std::pair<maxsql::ODBC, maxsql::ODBC> > >::~vector() /usr/include/c++/8/bits/stl_vector.h:567 #16 0x7fb8ffeaae65 in maxbase::Json sql_etl::ETL::run_job<&sql_etl::ETL::connect_to_both, &sql_etl::ETL::run_start_job, &sql_etl::ETL::interrupt_both>() /home/timofey_turenko_mariadb_com/MaxScale/server/core/sql_etl.cc:1010 #17 0x7fb8ffe9ac22 in sql_etl::ETL::start() /home/timofey_turenko_mariadb_com/MaxScale/server/core/sql_etl.cc:1135 #18 0x7fb8ffb3d818 in maxbase::Json std::__invoke_impl<maxbase::Json, maxbase::Json (sql_etl::ETL::)(), sql_etl::ETL&>(std::__invoke_memfun_ref, maxbase::Json (sql_etl::ETL::&&)(), sql_etl::ETL&) (/usr/lib64/maxscale/libmaxscale-common.so.1.0.0+0x98a818) #19 0x7fb8ffb3b59f in std::__invoke_result<maxbase::Json (sql_etl::ETL::)(), sql_etl::ETL&>::type std::__invoke<maxbase::Json (sql_etl::ETL::)(), sql_etl::ETL&>(maxbase::Json (sql_etl::ETL::&&)(), sql_etl::ETL&) (/usr/lib64/maxscale/libmaxscale-common.so.1.0.0+0x98859f) #20 0x7fb8ffb392d2 in std::invoke_result<maxbase::Json (sql_etl::ETL::)(), sql_etl::ETL&>::type std::invoke<maxbase::Json (sql_etl::ETL::)(), sql_etl::ETL&>(maxbase::Json (sql_etl::ETL::&&)(), sql_etl::ETL&) (/usr/lib64/maxscale/libmaxscale-common.so.1.0.0+0x9862d2) #21 0x7fb8ffb357d7 in HttpSql::run_etl_task<&sql_etl::ETL::start>(HttpRequest const&)::{lambda()#1}::operator()() const::{lambda()#3}::operator()() const /home/timofey_turenko_mariadb_com/MaxScale/server/core/http_sql.cc:767 #22 0x7fb8ffb3c48d in std::_Function_handler<void (), HttpSql::run_etl_task<&sql_etl::ETL::start>(HttpRequest const&)::{lambda()#1}::operator()() const::{lambda()#3}>::_M_invoke(std::_Any_data const&) (/usr/lib64/maxscale/libmaxscale-common.so.1.0.0+0x98948d) #23 0x7fb8ffaf8e99 in std::function<void ()>::operator()() const /usr/include/c++/8/bits/std_function.h:687 #24 0x7fb90007b9c4 in operator() /home/timofey_turenko_mariadb_com/MaxScale/maxutils/maxbase/src/threadpool.cc:185 #25 0x7fb90007cf2b in _M_invoke /usr/include/c++/8/bits/std_function.h:297 #26 0x7fb8ffaf8e99 in std::function<void ()>::operator()() const /usr/include/c++/8/bits/std_function.h:687 #27 0x7fb90007b44f in maxbase::ThreadPool::Thread::main() /home/timofey_turenko_mariadb_com/MaxScale/maxutils/maxbase/src/threadpool.cc:129 #28 0x7fb90007e9e1 in void std::__invoke_impl<void, void (maxbase::ThreadPool::Thread::)(), maxbase::ThreadPool::Thread>(std::__invoke_memfun_deref, void (maxbase::ThreadPool::Thread::&&)(), maxbase::ThreadPool::Thread&&) /usr/include/c++/8/bits/invoke.h:73 #29 0x7fb90007d992 in std::__invoke_result<void (maxbase::ThreadPool::Thread::)(), maxbase::ThreadPool::Thread>::type std::__invoke<void (maxbase::ThreadPool::Thread::)(), maxbase::ThreadPool::Thread>(void (maxbase::ThreadPool::Thread::&&)(), maxbase::ThreadPool::Thread&&) /usr/include/c++/8/bits/invoke.h:95 #30 0x7fb9000861b0 in decltype (__invoke((_S_declval<0ul>)(), (_S_declval<1ul>)())) std::thread::_Invoker<std::tuple<void (maxbase::ThreadPool::Thread::)(), maxbase::ThreadPool::Thread> >::_M_invoke<0ul, 1ul>(std::_Index_tuple<0ul, 1ul>) /usr/include/c++/8/thread:244 #31 0x7fb90008616b in std::thread::_Invoker<std::tuple<void (maxbase::ThreadPool::Thread::)(), maxbase::ThreadPool::Thread> >::operator()() /usr/include/c++/8/thread:253 #32 0x7fb90008614f in std::thread::_State_impl<std::thread::_Invoker<std::tuple<void (maxbase::ThreadPool::Thread::)(), maxbase::ThreadPool::Thread> > >::_M_run() /usr/include/c++/8/thread:196 #33 0x7fb8fd18aba2 (/lib64/libstdc++.so.6+0xc2ba2) #34 0x7fb8fdf981ce in start_thread (/lib64/libpthread.so.0+0x81ce) #35 0x7fb8fbd9ce72 in clone (/lib64/libc.so.6+0x39e72) 0x618000060080 is located 0 bytes inside of 856-byte region [0x618000060080,0x6180000603d8) allocated by thread T9 here: #0 0x7fb9009957b0 in operator new(unsigned long) (/lib64/libasan.so.5+0xf17b0) #1 0x7fb8eddbc638 in MADB_DbcInit(st_ma_odbc_environment) /home/buildbot/src/driver/ma_connection.cpp:2381 {code}	Reported by ASAN when used by MaxScale. Here's the relevant parts of the ASAN report: {code} ==232127==ERROR: AddressSanitizer: alloc-dealloc-mismatch (operator new vs free) on 0x618000060080 2023-04-26 16:34:03 info : Accept authentication from 'admin', using password. Request: /v1/sql/d445c898-631d-436a-b565-f6982359e47f/queries/d445c898-631d-436a-b565-f6982359e47f.1/ #0 0x7fb9009937e0 in __interceptor_free (/lib64/libasan.so.5+0xef7e0) #1 0x7fb8eddba633 in MADB_DbcFree(MADB_Dbc) /home/buildbot/src/driver/ma_connection.cpp:563 #2 0x7fb8eddb4609 in MA_SQLFreeHandle(short, void) /home/buildbot/src/driver/ma_api_internal.cpp:963 #3 0x7fb8fec3db03 (/lib64/libodbc.so.2+0xfb03) #4 0x7fb8fec4174c in SQLDisconnect (/lib64/libodbc.so.2+0x1374c) 0x618000060080 is located 0 bytes inside of 856-byte region [0x618000060080,0x6180000603d8) allocated by thread T9 here: #0 0x7fb9009957b0 in operator new(unsigned long) (/lib64/libasan.so.5+0xf17b0) #1 0x7fb8eddbc638 in MADB_DbcInit(st_ma_odbc_environment*) /home/buildbot/src/driver/ma_connection.cpp:2381 {code}

Lawrin Novitsky added a comment - 2023-04-28 14:59

Connection handle has been changed to be allocated with new, but deallocation has been remaining old free, instead of delete

Lawrin Novitsky added a comment - 2023-04-28 14:59 Connection handle has been changed to be allocated with new, but deallocation has been remaining old free, instead of delete

Lawrin Novitsky made changes - 2023-04-28 14:59

Fix Version/s		3.2.1 [ 28908 ]
Resolution		Fixed [ 1 ]
Status	Open [ 1 ]	Closed [ 6 ]

MariaDB Connector/ODBC

alloc-dealloc-mismatch in MADB_DbcFree

Details

Description

Attachments

Activity

People

Dates

Git Integration