[MDEV-33216] ASAN reports "stack use after return" in Wsrep_schema_impl::open_table Created: 2024-01-10  Updated: 2024-01-12

Status: In Review
Project: MariaDB Server
Component/s: Galera
Affects Version/s: 10.4
Fix Version/s: 10.4

Type: Bug Priority: Major
Reporter: Daniele Sciascia Assignee: Julius Goryavsky
Resolution: Unresolved Votes: 0
Labels: None


 Description   

Wsrep_schema_impl::open_table() has a TABLE_LIST object on the stack and returns TABLE_LIST::table to the caller.

ASAN report:

Address 0x7f173ecfb498 is located in stack of thread T39 at offset 1176 in frame
 
    #0 0x5627fe37f1df in Wsrep_schema_impl::open_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, thr_lock_type, TABLE**) /mariadb/10.4/sql/wsrep_schema.cc:252
 
 
 
  This frame has 2 object(s):
 
    [32, 40) 'prelocking_strategy.i'
 
    [64, 1840) 'tables' (line 258) <== Memory access at offset 1176 is inside this variable
 
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
 
      (longjmp and C++ exceptions *are* supported)
 
Thread T39 created by T0 here:
 
    #0 0x5627fc21666e in pthread_create (/dev/shm/10.4/sql/mysqld+0x301666e) (BuildId: afe830840ad49150)
 
    #1 0x5627fe1c8b64 in spawn_thread_v1(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /mariadb/10.4/storage/perfschema/pfs.cc:1919:15



 Comments   
Comment by Daniele Sciascia [ 2024-01-12 ]

A pull request has been submitted here https://github.com/MariaDB/server/pull/3001
and is ready for review

Generated at Thu Feb 08 10:37:15 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.