[MDEV-24106] mariabackup crashes when called without parameters on Windows Created: 2020-11-03  Updated: 2021-05-23  Resolved: 2021-05-23

Status: Closed
Project: MariaDB Server
Component/s: mariabackup
Affects Version/s: 10.5.6, 10.5
Fix Version/s: 10.4.19, 10.5.10, 10.6.1

Type: Bug Priority: Minor
Reporter: Daniel Kessel Assignee: Vladislav Vaintroub
Resolution: Fixed Votes: 0
Labels: None
Environment:

Windows Server 2019

Attachments: File mariadb-backup.dmp    
Issue Links:
Relates
relates to MDEV-23649 An invalid XML character in mysql_te... Closed

 Description   

Steps to reproduce:
Execute mariadb-backup.exe from a command line

Result: The tool crashes with a crash report, Stack Trace with debug symbols and crash dump are attached.
Other than that, basic operations (backup/prepare/restore) work without problems.

201103 10:01:41 [ERROR] mysqld got exception 0xc0000005 ;
 
This could be because you hit a bug. It is also possible that this binary
 
or one of the libraries it was linked against is corrupt, improperly built,
 
or misconfigured. This error can also be caused by malfunctioning hardware.
 
 
 
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
 
 
 
We will try our best to scrape up some info that will hopefully help
 
diagnose the problem, but since we have already crashed,
 
something is definitely wrong and this may fail.
 
 
 
Server version: 10.5.6-MariaDB
 
key_buffer_size=0
 
read_buffer_size=131072
 
max_used_connections=0
 
max_threads=1
 
thread_count=0
 
It is possible that mysqld could use up to
 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 5337 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x0
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
ucrtbase.dll!strcmp()
 
mariadb-backup.exe!get_defaults_options()[my_default.c:293]
 
mariadb-backup.exe!my_load_defaults()[my_default.c:419]
 
mariadb-backup.exe!load_defaults()[my_default.c:363]
 
mariadb-backup.exe!handle_options()[xtrabackup.cc:5907]
 
mariadb-backup.exe!main()[xtrabackup.cc:6122]
 
mariadb-backup.exe!__scrt_common_main_seh()[exe_common.inl:288]
 
KERNEL32.DLL!BaseThreadInitThunk()
 
ntdll.dll!RtlUserThreadStart()
 
The manual page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mysqld/ contains
 
information that should help you find out what is causing the crash.
 
Writing a core file at D:\JiveX\mariaDB\bin\
 
Minidump written to D:\JiveX\mariaDB\bin\mariadb-backup.dmp



 Comments   
Comment by Alice Sherepa [ 2020-11-03 ]

10.5 504d4c1ff6e0cecde9

 
extra/mariabackup/mariabackup
 
 
 
=================================================================
 
==2646==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000d8 at pc 0x55f8a3ca8ef0 bp 0x7ffece1ce0d0 sp 0x7ffece1ce0c8
 
READ of size 8 at 0x6020000000d8 thread T0
 
    #0 0x55f8a3ca8eef in get_defaults_options /git/10.5/mysys/my_default.c:293
 
    #1 0x55f8a3ca9445 in my_load_defaults /git/10.5/mysys/my_default.c:417
 
    #2 0x55f8a3ca926a in load_defaults /git/10.5/mysys/my_default.c:362
 
    #3 0x55f8a1c9c3c3 in handle_options(int, char**, char***, char***, char***) /git/10.5/extra/mariabackup/xtrabackup.cc:5958
 
    #4 0x55f8a1c9d918 in main /git/10.5/extra/mariabackup/xtrabackup.cc:6163
 
    #5 0x7f4f4f8a709a in __libc_start_main ../csu/libc-start.c:308
 
    #6 0x55f8a1c7c7a9 in _start (/git/10.5/extra/mariabackup/mariadb-backup+0x18467a9)
 
 
 
0x6020000000d8 is located 0 bytes to the right of 8-byte region [0x6020000000d0,0x6020000000d8)
 
allocated by thread T0 here:
 
    #0 0x7f4f50479d30 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xead30)
 
    #1 0x55f8a1cb9e0c in __gnu_cxx::new_allocator<char*>::allocate(unsigned long, void const*) (/git/10.5/extra/mariabackup/mariadb-backup+0x1883e0c)
 
    #2 0x55f8a1cb8dbd in std::allocator_traits<std::allocator<char*> >::allocate(std::allocator<char*>&, unsigned long) (/git/10.5/extra/mariabackup/mariadb-backup+0x1882dbd)
 
    #3 0x55f8a1cb4e61 in std::_Vector_base<char*, std::allocator<char*> >::_M_allocate(unsigned long) (/git/10.5/extra/mariabackup/mariadb-backup+0x187ee61)
 
    #4 0x55f8a1cacff6 in void std::vector<char*, std::allocator<char*> >::_M_realloc_insert<char* const&>(__gnu_cxx::__normal_iterator<char**, std::vector<char*, std::allocator<char*> > >, char* const&) (/git/10.5/extra/mariabackup/mariadb-backup+0x1876ff6)
 
    #5 0x55f8a1ca6a1a in std::vector<char*, std::allocator<char*> >::push_back(char* const&) (/git/10.5/extra/mariabackup/mariadb-backup+0x1870a1a)
 
    #6 0x55f8a1c9b982 in handle_options(int, char**, char***, char***, char***) /git/10.5/extra/mariabackup/xtrabackup.cc:5890
 
    #7 0x55f8a1c9d918 in main /git/10.5/extra/mariabackup/xtrabackup.cc:6163
 
    #8 0x7f4f4f8a709a in __libc_start_main ../csu/libc-start.c:308
 
 
 
SUMMARY: AddressSanitizer: heap-buffer-overflow /git/10.5/mysys/my_default.c:293 in get_defaults_options
 
Shadow bytes around the buggy address:
 
  0x0c047fff7fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c047fff7fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c047fff7fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c047fff7ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 
  0x0c047fff8000: fa fa 00 00 fa fa 00 00 fa fa 00 00 fa fa fd fa
 
=>0x0c047fff8010: fa fa fd fd fa fa 00 fa fa fa 00[fa]fa fa fa fa
 
  0x0c047fff8020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c047fff8030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c047fff8040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c047fff8050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
  0x0c047fff8060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
 
Shadow byte legend (one shadow byte represents 8 application bytes):
 
  Addressable:           00
 
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
 
  Freed heap region:       fd
 
  Stack left redzone:      f1
 
  Stack mid redzone:       f2
 
  Stack right redzone:     f3
 
  Stack after return:      f5
 
  Stack use after scope:   f8
 
  Global redzone:          f9
 
  Global init order:       f6
 
  Poisoned by user:        f7
 
  Container overflow:      fc
 
  Array cookie:            ac
 
  Intra object redzone:    bb
 
  ASan internal:           fe
 
  Left alloca redzone:     ca
 
  Right alloca redzone:    cb
 
==2646==ABORTING

Comment by Vladislav Vaintroub [ 2021-05-23 ]

Was fixed in https://github.com/MariaDB/server/commit/1dff411e84d5c2ef672619a5b211210454798449

Generated at Thu Feb 08 09:27:29 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.