Version: '10.6.5-MariaDB' socket: '/tmp/mysql_mar.sock' port: 3309 Source distribution
|
=================================================================
|
==283607==ERROR: AddressSanitizer: use-after-poison on address 0x62b000077306 at pc 0x56165517504e bp 0x7f3e39319c80 sp 0x7f3e39319c70
|
READ of size 1 at 0x62b000077306 thread T48
|
#0 0x56165517504d in my_strcasecmp_8bit /home/supersix/fuzz/security/MariaDB/server/strings/ctype-simple.c:265
|
#1 0x561653282063 in fix_dl_name /home/supersix/fuzz/security/MariaDB/server/sql/sql_plugin.cc:376
|
#2 0x561653282063 in plugin_add /home/supersix/fuzz/security/MariaDB/server/sql/sql_plugin.cc:1125
|
#3 0x561653293f30 in mysql_install_plugin(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /home/supersix/fuzz/security/MariaDB/server/sql/sql_plugin.cc:2270
|
#4 0x56165326a1df in mysql_execute_command(THD*, bool) /home/supersix/fuzz/security/MariaDB/server/sql/sql_parse.cc:5899
|
#5 0x561653225684 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/supersix/fuzz/security/MariaDB/server/sql/sql_parse.cc:8030
|
#6 0x56165325b0b3 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/supersix/fuzz/security/MariaDB/server/sql/sql_parse.cc:1896
|
#7 0x561653260513 in do_command(THD*, bool) /home/supersix/fuzz/security/MariaDB/server/sql/sql_parse.cc:1404
|
#8 0x5616537226fc in do_handle_one_connection(CONNECT*, bool) /home/supersix/fuzz/security/MariaDB/server/sql/sql_connect.cc:1418
|
#9 0x561653723e56 in handle_one_connection /home/supersix/fuzz/security/MariaDB/server/sql/sql_connect.cc:1312
|
#10 0x56165456fd2f in pfs_spawn_thread /home/supersix/fuzz/security/MariaDB/server/storage/perfschema/pfs.cc:2201
|
#11 0x7f3e5895a608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
|
#12 0x7f3e5852e292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
|
|
0x62b000077306 is located 262 bytes inside of 24624-byte region [0x62b000077200,0x62b00007d230)
|
allocated by thread T48 here:
|
#0 0x7f3e58ee5bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
|
#1 0x5616550fbc1c in my_malloc /home/supersix/fuzz/security/MariaDB/server/mysys/my_malloc.c:90
|
#2 0x5616550e28c8 in reset_root_defaults /home/supersix/fuzz/security/MariaDB/server/mysys/my_alloc.c:148
|
#3 0x5616530d2773 in THD::init_for_queries() /home/supersix/fuzz/security/MariaDB/server/sql/sql_class.cc:1406
|
#4 0x5616537201ea in prepare_new_connection_state(THD*) /home/supersix/fuzz/security/MariaDB/server/sql/sql_connect.cc:1240
|
#5 0x561653720efa in thd_prepare_connection(THD*) /home/supersix/fuzz/security/MariaDB/server/sql/sql_connect.cc:1333
|
#6 0x561653720efa in thd_prepare_connection(THD*) /home/supersix/fuzz/security/MariaDB/server/sql/sql_connect.cc:1322
|
#7 0x561653722663 in do_handle_one_connection(CONNECT*, bool) /home/supersix/fuzz/security/MariaDB/server/sql/sql_connect.cc:1408
|
#8 0x561653723e56 in handle_one_connection /home/supersix/fuzz/security/MariaDB/server/sql/sql_connect.cc:1312
|
#9 0x56165456fd2f in pfs_spawn_thread /home/supersix/fuzz/security/MariaDB/server/storage/perfschema/pfs.cc:2201
|
#10 0x7f3e5895a608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
|
|
Thread T48 created by T0 here:
|
#0 0x7f3e58e12805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
|
#1 0x56165456ffe2 in my_thread_create /home/supersix/fuzz/security/MariaDB/server/storage/perfschema/my_thread.h:48
|
#2 0x56165456ffe2 in pfs_spawn_thread_v1 /home/supersix/fuzz/security/MariaDB/server/storage/perfschema/pfs.cc:2252
|
#3 0x561652ef4b48 in inline_mysql_thread_create /home/supersix/fuzz/security/MariaDB/server/include/mysql/psi/mysql_thread.h:1139
|
#4 0x561652ef4b48 in create_thread_to_handle_connection(CONNECT*) /home/supersix/fuzz/security/MariaDB/server/sql/mysqld.cc:5922
|
#5 0x561652f04235 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /home/supersix/fuzz/security/MariaDB/server/sql/mysqld.cc:6043
|
#6 0x561652f0500e in handle_connections_sockets() /home/supersix/fuzz/security/MariaDB/server/sql/mysqld.cc:6167
|
#7 0x561652f0719b in mysqld_main(int, char**) /home/supersix/fuzz/security/MariaDB/server/sql/mysqld.cc:5817
|
#8 0x7f3e584330b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
|
|
SUMMARY: AddressSanitizer: use-after-poison /home/supersix/fuzz/security/MariaDB/server/strings/ctype-simple.c:265 in my_strcasecmp_8bit
|
Shadow bytes around the buggy address:
|
0x0c5680006e10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5680006e20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5680006e30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c5680006e40: 00 00 00 00 00 00 f7 00 00 00 00 00 00 00 00 00
|
0x0c5680006e50: 00 00 00 00 00 00 03 f7 00 00 00 00 05 f7 00 03
|
=>0x0c5680006e60:[f7]02 f7 00 00 00 00 00 00 00 f7 f7 f7 f7 f7 f7
|
0x0c5680006e70: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c5680006e80: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c5680006e90: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c5680006ea0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c5680006eb0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==283607==ABORTING
|