================================================================= ==3196728==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xfff2463b1cf8 at pc 0xffff8743aad4 bp 0xfff2498d5190 sp 0xfff2498d5218 READ of size 17 at 0xfff2463b1cf8 thread T501 #0 0xffff8743aad3 (/usr/lib64/libasan.so.5.0.0+0x9aad3) #1 0xaaaadc9f844b in fill_schema_processlist(THD*, TABLE_LIST*, Item*) (/usr/sbin/mariadbd+0x82844b) #2 0xaaaadca03e7f in get_schema_tables_result(JOIN*, enum_schema_table_state) (/usr/sbin/mariadbd+0x833e7f) #3 0xaaaadc9e9607 in JOIN::exec_inner() (/usr/sbin/mariadbd+0x819607) #4 0xaaaadc9e9c23 in JOIN::exec() (/usr/sbin/mariadbd+0x819c23) #5 0xaaaadc9e8377 in mysql_select(THD*, TABLE_LIST*, List&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (/usr/sbin/mariadbd+0x818377) #6 0xaaaadc9e898b in handle_select(THD*, LEX*, select_result*, unsigned long) (/usr/sbin/mariadbd+0x81898b) #7 0xaaaadc971b77 (/usr/sbin/mariadbd+0x7a1b77) #8 0xaaaadc97bbbb in mysql_execute_command(THD*, bool) (/usr/sbin/mariadbd+0x7abbbb) #9 0xaaaadc9800b3 in mysql_parse(THD*, char*, unsigned int, Parser_state*) (/usr/sbin/mariadbd+0x7b00b3) #10 0xaaaadc981e83 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) (/usr/sbin/mariadbd+0x7b1e83) #11 0xaaaadc983d2f in do_command(THD*, bool) (/usr/sbin/mariadbd+0x7b3d2f) #12 0xaaaadca835bf in do_handle_one_connection(CONNECT*, bool) (/usr/sbin/mariadbd+0x8b35bf) #13 0xaaaadca839bf in handle_one_connection (/usr/sbin/mariadbd+0x8b39bf) #14 0xaaaadcdce7bf (/usr/sbin/mariadbd+0xbfe7bf) #15 0xffff86c078b7 in start_thread (/lib64/libpthread.so.0+0x78b7) #16 0xffff867f3afb in thread_start (/lib64/libc.so.6+0x23afb) 0xfff2463b1cf8 is located 0 bytes to the right of 40-byte region [0xfff2463b1cd0,0xfff2463b1cf8) allocated by thread T4300 here: #0 0xffff874756eb in malloc (/usr/lib64/libasan.so.5.0.0+0xd56eb) #1 0xaaaadd0a230b in my_malloc (/usr/sbin/mariadbd+0xed230b) #2 0xaaaadd0a26b3 in my_strndup (/usr/sbin/mariadbd+0xed26b3) #3 0xaaaadc90a9c3 (/usr/sbin/mariadbd+0x73a9c3) #4 0xaaaadc90b077 (/usr/sbin/mariadbd+0x73b077) #5 0xaaaadc8eb637 (/usr/sbin/mariadbd+0x71b637) #6 0xaaaadc8ed00b (/usr/sbin/mariadbd+0x71d00b) #7 0xaaaadc90bd8b in acl_authenticate(THD*, unsigned int) (/usr/sbin/mariadbd+0x73bd8b) #8 0xaaaadca8234b (/usr/sbin/mariadbd+0x8b234b) #9 0xaaaadca824f7 in login_connection(THD*) (/usr/sbin/mariadbd+0x8b24f7) #10 0xaaaadca82dbb in thd_prepare_connection(THD*) (/usr/sbin/mariadbd+0x8b2dbb) #11 0xaaaadca83587 in do_handle_one_connection(CONNECT*, bool) (/usr/sbin/mariadbd+0x8b3587) #12 0xaaaadca839bf in handle_one_connection (/usr/sbin/mariadbd+0x8b39bf) #13 0xaaaadcdce7bf (/usr/sbin/mariadbd+0xbfe7bf) #14 0xffff86c078b7 in start_thread (/lib64/libpthread.so.0+0x78b7) #15 0xffff867f3afb in thread_start (/lib64/libc.so.6+0x23afb) Thread T501 created by T0 here: #0 0xffff873ee273 in __interceptor_pthread_create (/usr/lib64/libasan.so.5.0.0+0x4e273) #1 0xaaaadcdce89b (/usr/sbin/mariadbd+0xbfe89b) #2 0xaaaadc8af78f in create_thread_to_handle_connection(CONNECT*) (/usr/sbin/mariadbd+0x6df78f) #3 0xaaaadc8b5d5b in handle_connections_sockets() (/usr/sbin/mariadbd+0x6e5d5b) #4 0xaaaadc8b6f9b in mysqld_main(int, char**) (/usr/sbin/mariadbd+0x6e6f9b) #5 0xffff867f4383 in __libc_start_main (/lib64/libc.so.6+0x24383) #6 0xaaaadc8ab4e7 (/usr/sbin/mariadbd+0x6db4e7) Thread T4300 created by T0 here: #0 0xffff873ee273 in __interceptor_pthread_create (/usr/lib64/libasan.so.5.0.0+0x4e273) #1 0xaaaadcdce89b (/usr/sbin/mariadbd+0xbfe89b) #2 0xaaaadc8af78f in create_thread_to_handle_connection(CONNECT*) (/usr/sbin/mariadbd+0x6df78f) #3 0xaaaadc8b5d5b in handle_connections_sockets() (/usr/sbin/mariadbd+0x6e5d5b) #4 0xaaaadc8b6f9b in mysqld_main(int, char**) (/usr/sbin/mariadbd+0x6e6f9b) #5 0xffff867f4383 in __libc_start_main (/lib64/libc.so.6+0x24383) #6 0xaaaadc8ab4e7 (/usr/sbin/mariadbd+0x6db4e7) SUMMARY: AddressSanitizer: heap-buffer-overflow (/usr/lib64/libasan.so.5.0.0+0x9aad3) Shadow bytes around the buggy address: 0x200e48c76340: fa fa fa fa fa fa fa fa fa fa 00 00 00 00 00 06 0x200e48c76350: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x200e48c76360: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x200e48c76370: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x200e48c76380: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fd =>0x200e48c76390: fa fa fd fd fd fd fd fa fa fa 00 00 00 00 00[fa] 0x200e48c763a0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fd 0x200e48c763b0: fa fa fd fd fd fd fd fd fa fa fd fd fd fd fd fa 0x200e48c763c0: fa fa fd fd fd fd fd fd fa fa fa fa fa fa fa fa 0x200e48c763d0: fa fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd 0x200e48c763e0: fa fa fd fd fd fd fd fa fa fa fd fd fd fd fd fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==3196728==ABORTING