[MXS-870] Assertion or Buffer Overflow Created: 2016-09-16  Updated: 2016-09-20  Resolved: 2016-09-20

Status: Closed
Project: MariaDB MaxScale
Component/s: mariadbbackend, readwritesplit
Affects Version/s: 2.0.0
Fix Version/s: 2.0.1

Type: Bug Priority: Critical
Reporter: Kurt Pastore (Inactive) Assignee: markus makela
Resolution: Fixed Votes: 0
Labels: None
Environment:

CentOS Linux release 7.2.1511 (Core)

  1. maxscale --version

MariaDB Corporation MaxScale beta-2.0.0 Fri Sep 16 16:37:48 2016
------------------------------------------------------
MaxScale beta-2.0.0


 Description   

Sample from the error log and experienced a high cpu load during the event.

2016-09-16 14:07:57 error : debug assert /home/vagrant/workspace/server/core/buffer.c:394
2016-09-16 14:07:57 error : Fatal: MaxScale beta-2.0.0 received fatal signal 6. Attempting backtrace.
2016-09-16 14:07:57 error : Commit ID: 029e6574da1ace10f367a7848cdfb607f7f7ba56 System name: Linux Release string: NAME="CentOS Linux"
2016-09-16 14:07:57 error : /usr/bin/maxscale() [0x403f33]
2016-09-16 14:07:57 error : /lib64/libpthread.so.0(+0xf100) [0x7f9e110b1100]
2016-09-16 14:07:57 error : /lib64/libc.so.6(gsignal+0x37) [0x7f9e0facb5f7]
2016-09-16 14:07:57 error : /lib64/libc.so.6(abort+0x148) [0x7f9e0faccce8]
2016-09-16 14:07:57 error : /lib64/libc.so.6(+0x2e566) [0x7f9e0fac4566]
2016-09-16 14:07:57 error : /lib64/libc.so.6(+0x2e612) [0x7f9e0fac4612]
2016-09-16 14:07:57 error : /usr/lib64/maxscale/libmaxscale-common.so.1.0.0(gwbuf_clone_portion+0x1a6) [0x7f9e119bb21e]
2016-09-16 14:07:57 error : /usr/lib64/maxscale/libMySQLBackend.so(+0x6fbe) [0x7f9e0859afbe]
2016-09-16 14:07:57 error : /usr/lib64/maxscale/libMySQLBackend.so(+0x47e6) [0x7f9e085987e6]
2016-09-16 14:07:57 error : /usr/lib64/maxscale/libMySQLBackend.so(+0x347c) [0x7f9e0859747c]
2016-09-16 14:07:57 error : /usr/lib64/maxscale/libmaxscale-common.so.1.0.0(+0x53382) [0x7f9e119e8382]
2016-09-16 14:07:57 error : /usr/lib64/maxscale/libmaxscale-common.so.1.0.0(poll_waitevents+0x69c) [0x7f9e119e78b6]
2016-09-16 14:07:57 error : /usr/bin/maxscale(worker_thread_main+0x2a) [0x4051d3]
2016-09-16 14:07:57 error : /lib64/libpthread.so.0(+0x7dc5) [0x7f9e110a9dc5]
2016-09-16 14:07:57 error : /lib64/libc.so.6(clone+0x6d) [0x7f9e0fb8c28d]

 Comments   
Comment by markus makela [ 2016-09-17 ]

File and line locations in the source code:

/home/vagrant/workspace/server/modules/protocol/mysql_backend.c:2036
 
/home/vagrant/workspace/server/modules/protocol/mysql_backend.c:1103
 
/home/vagrant/workspace/server/modules/protocol/mysql_backend.c:566
 
/home/vagrant/workspace/server/core/poll.c:1004

Comment by markus makela [ 2016-09-17 ]

The code in question uses an older method of splitting data buffers. The gwbuf_clone_portion function has the following debug assertion:

ss_dassert(start_offset + length <= GWBUF_LENGTH(buf));

This assumes that the cloned buffer is contiguous but it is perfectly possible that it isn't. Presumably this is more likely to happen under higher load. The gwbuf_split function can handle this situation and should be used in the code in question.

Generated at Thu Feb 08 04:02:32 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.