[MDEV-18633] ASAN heap-buffer-overflow in test_concurrently / unittests Created: 2019-02-18  Updated: 2019-03-20  Resolved: 2019-03-20

Status: Closed
Project: MariaDB Server
Component/s: Tests
Affects Version/s: 10.3, 10.4
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Robert Bindar
Resolution: Duplicate Votes: 0
Labels: None

Issue Links:
Duplicate
duplicates MDEV-18269 Off-by-one bug in Closed

 Description    

perl ./mtr unit.lf

or

perl ./mtr unit.my_atomic

10.4 ASAN a4cd91c5

 
==4351==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000009ff0 at pc 0x55f58b75c604 bp 0x7ffdae33e240 sp 0x7ffdae33e238
 
READ of size 8 at 0x611000009ff0 thread T0
 
    #0 0x55f58b75c603 in test_concurrently /data/src/10.3-bug/unittest/mysys/thr_template.c:47
 
    #1 0x55f58b75d22a in do_tests /data/src/10.3-bug/unittest/mysys/lf-t.c:187
 
    #2 0x55f58b75c80f in main /data/src/10.3-bug/unittest/mysys/thr_template.c:68
 
    #3 0x7efe4c9412b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
 
    #4 0x55f58b75c3d9 in _start (/data/src/10.3-bug/unittest/mysys/lf-t+0x523d9)
 
 
 
0x611000009ff0 is located 0 bytes to the right of 240-byte region [0x611000009f00,0x611000009ff0)
 
allocated by thread T0 here:
 
    #0 0x7efe4e24873f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
 
    #1 0x55f58b75c506 in test_concurrently /data/src/10.3-bug/unittest/mysys/thr_template.c:29
 
    #2 0x55f58b75d22a in do_tests /data/src/10.3-bug/unittest/mysys/lf-t.c:187
 
    #3 0x55f58b75c80f in main /data/src/10.3-bug/unittest/mysys/thr_template.c:68
 
    #4 0x7efe4c9412b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
 
 
 
SUMMARY: AddressSanitizer: heap-buffer-overflow /data/src/10.3-bug/unittest/mysys/thr_template.c:47 test_concurrently
 
Shadow bytes around the buggy address:
 
  0x0c227fff93a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c227fff93b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c227fff93c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c227fff93d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c227fff93e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
=>0x0c227fff93f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[fa]fa
 
  0x0c227fff9400: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c227fff9410: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c227fff9420: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c227fff9430: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c227fff9440: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
Shadow byte legend (one shadow byte represents 8 application bytes):
 
  Addressable:           00
 
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
 
  Heap right redzone:      fb
 
  Freed heap region:       fd
 
  Stack left redzone:      f1
 
  Stack mid redzone:       f2
 
  Stack right redzone:     f3
 
  Stack partial redzone:   f4
 
  Stack after return:      f5
 
  Stack use after scope:   f8
 
  Global redzone:          f9
 
  Global init order:       f6
 
  Poisoned by user:        f7
 
  Contiguous container OOB:fc
 
  ASan internal:           fe
 
==4351==ABORTING



 Comments   
Comment by Robert Bindar [ 2019-03-20 ]

Hi elenst,
This issue seems to be fixed by commit 459d6da86955c89e96f6e9a8d3bc2a9b1756629b , I can't reproduce it anymore.

Comment by Elena Stepanova [ 2019-03-20 ]

If you can reproduce it before the commit and cannot reproduce after, and the commit appears to be relevant, then you can just close it as fixed by that commit.

Generated at Thu Feb 08 08:45:35 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.