[MDEV-19349] mysql_install_db: segfault at tmp_file_prefix check Created: 2019-04-27  Updated: 2019-05-08  Resolved: 2019-05-01

Status: Closed
Project: MariaDB Server
Component/s: Admin statements
Affects Version/s: 5.5, 10.1, 10.2, 10.3, 10.4, 10.5
Fix Version/s: 10.2.24, 5.5.65, 10.1.41, 10.3.15, 10.4.5

Type: Bug Priority: Critical
Reporter: Aleksey Midenkov Assignee: Aleksey Midenkov
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Duplicate
is duplicated by MDEV-19199 main.bootstrap fails with ASAN unknow... Closed

 Description   

Reproduce

touch /tmp/1
 
mysql_install_db --basedir=$opt --datadir=./data --defaults-file=$defaults

Result

#0  0x00000000015b0aea in handle_fatal_signal (sig=0) at /home/midenok/src/mariadb/trunk/src/sql/signal_handler.cc:62
 
#1  <signal handler called>
 
#2  0x00000000015b0aea in handle_fatal_signal (sig=0) at /home/midenok/src/mariadb/trunk/src/sql/signal_handler.cc:62
 
#3  <signal handler called>
 
#4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#5  0x00007f93f9035535 in __GI_abort () at abort.c:79
 
#6  0x00000000007a232b in __sanitizer::Abort() ()
 
#7  0x00000000007a09b8 in __sanitizer::Die() ()
 
#8  0x000000000078789f in __asan::ReportGenericError(unsigned long, unsigned long, unsigned long, unsigned long, bool, unsigned long, unsigned int, bool) ()
 
#9  0x0000000000751c72 in __interceptor_memcmp.part.319 ()
 
#10 0x00000000009e17d0 in mysql_rm_tmp_tables () at /home/midenok/src/mariadb/trunk/src/sql/sql_base.cc:8819
 
#11 0x00000000007c5bbf in mysqld_main (argc=12, argv=0x615000000150) at /home/midenok/src/mariadb/trunk/src/sql/mysqld.cc:5742
 
#12 0x00000000007b9b92 in main (argc=12, argv=0x7ffe4db84e68) at /home/midenok/src/mariadb/trunk/src/sql/main.cc:25

frame 10

8819          if (!memcmp(file->name, tmp_file_prefix,
 
8820                      tmp_file_prefix_length))
 
8821          {


(gdb) p file->name
 
$1 = 0x62d00005a420 "1"

Cause

file->name is shorter than tmp_file_prefix_length.

 Comments   
Comment by Eugene Kosov (Inactive) [ 2019-04-28 ]

Looks like a duplicate for https://jira.mariadb.org/browse/MDEV-19199
It's great you have a simplified test!

Comment by Marko Mäkelä [ 2019-04-30 ]

Looking at the 5.5 code, I think that 5.5 should be affected as well. In 5.5, there is just an additional check for '.' and '..' before comparing to tmp_file_prefix. That check seems redundant to me.

Generated at Thu Feb 08 08:51:00 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.