DBUG_PRINT in THD::decide_logging_format prints incorrectly, access out-of-bound
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
MySQL Server |
Unknown
|
Unknown
|
||||
Percona Server moved to https://jira.percona.com/projects/PS | Status tracked in 5.7 | |||||
5.5 |
Fix Released
|
Low
|
Laurynas Biveinis | |||
5.6 |
Fix Released
|
Low
|
Laurynas Biveinis | |||
5.7 |
Fix Released
|
Low
|
Laurynas Biveinis |
Bug Description
Copy of http://
[31 May 11:46] Laurynas Biveinis
Description:
THD::decide_
#ifndef DBUG_OFF
{
static const char *prelocked_
};
DBUG_
}
#endif
but the type of locked_tables_mode is
enum enum_locked_
{
LTM_NONE= 0,
LTM_LOCK_TABLES,
LTM_PRELOCKED,
LTM_PRELOCKED
};
resulting in incorrect printout and out-of-bound read if it is LTM_PRELOCKED_
How to repeat:
This shows up as an ASan error on 5.5:
cmake ... -DWITH_DEBUG=ON -DWITH_ASAN=ON
...
./mtr --debug-server rpl_unsafe_
...
rpl.rpl_
...
mysqltest: At line 54: query 'INSERT INTO t1(i) VALUES(3)' failed: 2013: Lost connection to MySQL server during query
...
=======
==32732==ERROR: AddressSanitizer: global-
READ of size 8 at 0x000001a7fff8 thread T19
#0 0x5fc567 in THD::decide_
#1 0x5a5b94 in lock_tables(THD*, TABLE_LIST*, unsigned int, unsigned int) /home/laurynas/
#2 0x5bee36 in open_and_
#3 0x6324a5 in open_and_
#4 0x6324a5 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /home/laurynas/
#5 0x67025f in mysql_execute_
#6 0x67be42 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/laurynas/
#7 0x67f74a in dispatch_
#8 0x683df9 in do_command(THD*) /home/laurynas/
#9 0x86c6b6 in do_handle_
#10 0x86c8db in handle_
#11 0xd53f20 in pfs_spawn_thread /home/laurynas/
#12 0x7f12092b06f9 in start_thread (/lib/x86_
#13 0x7f120895bb5c in clone (/lib/x86_
0x000001a7fff8 is located 40 bytes to the left of global variable 'DEFAULT_WHERE' defined in '/home/
0x000001a7fff8 is located 0 bytes to the right of global variable 'prelocked_
SUMMARY: AddressSanitizer: global-
Shadow bytes around the buggy address:
0x000080347fa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080347fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080347fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080347fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080347fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x000080347ff0: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00[f9]
0x000080348000: f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
0x000080348010: 00 00 00 00 f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9
0x000080348020: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x000080348030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080348040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Thread T19 created by T0 here:
#0 0x7f1209b3a253 in pthread_create (/usr/lib/
#1 0xd574dd in spawn_thread_v1 /home/laurynas/
#2 0x511e52 in inline_
#3 0x511e52 in create_
#4 0x51331c in create_new_thread /home/laurynas/
#5 0x51331c in handle_
#6 0x51686c in mysqld_main(int, char**) /home/laurynas/
#7 0x4ff8ae in main /home/laurynas/
#8 0x7f120887582f in __libc_start_main (/lib/x86_
==32732==ABORTING
Suggested fix:
Sync THD::decide_
tags: | added: asan ci upstream |
https:/ /github. com/percona/ percona- server/ pull/556, https:/ /github. com/percona/ percona- server/ pull/557, https:/ /github. com/percona/ percona- server/ pull/558