Ubuntu
mysql-5.7 package

mysql-5.7.34 segfault in net_field_length_size

Bug #1931709 reported by Bugs SysSec
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mysql-5.7 (Ubuntu)
Expired
Undecided
Unassigned

Bug Description

Steps to reproduce this bug (see files attached):

```
$ cat /etc/os-release | grep VERSION=
VERSION="18.04.5 LTS (Bionic Beaver)"
$ mysql --version
mysql Ver 14.14 Distrib 5.7.34, for Linux (x86_64) using EditLine wrapper
$ python server_output.py | nc -vvvlp 3306 &
$ mysql --ssl-mode=DISABLED -h 127.0.0.1 -u root --password=root < stdin.txt
[...]
Segmentation fault (core dumped)
```

ASAN log of crash:
```
ASAN:DEADLYSIGNAL
=================================================================
==141==ERROR: AddressSanitizer: SEGV on unknown address 0x2bf27fffa12e (pc 0x0000004eac0d bp 0x7fffbf34db50 sp 0x7fffbf34d7e8 T0)
==141==The signal is caused by a READ memory access.
    #0 0x4eac0c in net_field_length_size /tmp/deb-src/mysql-5.7-5.7.34/sql-common/pack.c:198
    #1 0x4a8b40 in net_field_length_ll_safe /tmp/deb-src/mysql-5.7-5.7.34/sql-common/client.c:725
    #2 0x4a8b40 in read_ok_ex /tmp/deb-src/mysql-5.7-5.7.34/sql-common/client.c:823
    #3 0x4adfd2 in cli_read_query_result /tmp/deb-src/mysql-5.7-5.7.34/sql-common/client.c:4989
    #4 0x4b2b77 in mysql_real_query /tmp/deb-src/mysql-5.7-5.7.34/sql-common/client.c:5068
    #5 0x40d11d in server_version_string /tmp/deb-src/mysql-5.7-5.7.34/client/mysql.cc:5340
    #6 0x4075c8 in main /tmp/deb-src/mysql-5.7-5.7.34/client/mysql.cc:1357
    #7 0x7f42ceed0bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #8 0x4093a9 in _start (/mnt/mysql-asan+0x4093a9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /tmp/deb-src/mysql-5.7-5.7.34/sql-common/pack.c:198 in net_field_length_size
==141==ABORTING
```

Revision history for this message
Bugs SysSec (bugs-syssec) wrote :
Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

I did reproduce what you mentioned and I got this segfault when running the mysql command:

root@mysql-triage:~# mysql --ssl-mode=DISABLED -h 127.0.0.1 -u root --password=root < stdin.txt
mysql: [Warning] Using a password on the command line interface can be insecure.
Connection from localhost 57006 received!
����!rootoR�~ˌ�N��5Ͻ�;�}mysql_native_passworde_osLinux
                                                      _client_namlibmysql_pid2890_client_version5.7.34 _platformx86_64
              program_namemysql!select @@version_comment limit 1mysql: Character set '' is not a compiled character set and is not specified in the '/usr/share/mysql/charsets/Index.xml' file
mysql: Character set '' is not a compiled character set and is not specified in the '/usr/share/mysql/charsets/Index.xml' file
mysql: Character set '' is not a compiled character set and is not specified in the '/usr/share/mysql/charsets/Index.xml' file
Segmentation fault (core dumped)

I did not go deep into debugging this but this does not seem related to a package issue. Have you tried to contact upstream about that? Explaining your goal, what was expected and what did you get. I am marking this bug as Incomplete for now until you provide more info explaining why do you think this is a bug in Ubuntu, when you do that please set the bug status back to New and we will revisit it.

Changed in mysql-5.7 (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for mysql-5.7 (Ubuntu) because there has been no activity for 60 days.]

Changed in mysql-5.7 (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.