Percona Server moved to https://jira.percona.com/projects/PS

connect using mysql client gives a segmentation fault

Bug #1201123 reported by Paul Namuag on 2013-07-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Percona Server moved to https://jira.percona.com/projects/PS	Expired	Undecided	Unassigned
	5.6	Expired	Undecided	Unassigned

Bug Description

OS: CentOS release 6.4 (Final)
Kernel: 2.6.32-358.11.1.el6.x86_64
PS version: Percona-Server-5.6.12-rc60.4

I tried to build the source Percona-Server-5.6.12-rc60.4.tar.gz from http://www.percona.com/downloads/Percona-Server-5.6/Percona-Server-5.6.12-rc60.4/source/ and all went well.

However, when I try to run mysql client with,

# mysql -u root

it gives a segmentation fault.

# mysql -u root
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.6.12 Source distribution

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Segmentation fault

Trying to use gdb,

# gdb mysql
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/mysql/bin/mysql...done.
(gdb) run -uroot
Starting program: /usr/local/mysql/bin/mysql -uroot
[Thread debugging using libthread_db enabled]
[New Thread 0x7ffff6839700 (LWP 24788)]
[Thread 0x7ffff6839700 (LWP 24788) exited]
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 5.6.12 Source distribution

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Program received signal SIGSEGV, Segmentation fault.
0x00000000004c18f3 in terminal_alloc (el=0xa0fa00, t=<value optimized out>, cap=0xffffffffffffd750 <Address 0xffffffffffffd750 out of bounds>)
at /home/toytoy/mysqlsandbox/Percona-Server-5.6.12-rc60.4/cmd-line-utils/libedit/terminal.c:334
334 if (cap == NULL || *cap == '\0') {
Missing separate debuginfos, use: debuginfo-install glibc-2.12-1.107.el6.x86_64 libgcc-4.4.7-3.el6.x86_64 libstdc++-4.4.7-3.el6.x86_64 ncurses-libs-5.7-3.20090208.el6.x86_64
(gdb) quit
A debugging session is active.

Inferior 1 [process 24785] will be killed.

However, I manage to arrive and give it a fix it as somehow relevant to what other bugs I have found with MySQL server (http://bugs.mysql.com/bug.php?id=45562).

In file, cmd-line-utils/libedit/terminal.c, it seems that function private void terminal_alloc(EditLine *el, const struct termcapstr *t, const char *cap) is called 3 times in the file with either NULL or '\0' value and a string (char *).

So commenting char buf[TC_BUFSIZE]; at line 877, and changing

area = NULL;

in line 887 works fine. Still same approach on the bug link I have pasted above and not sure if this can be a right way to fix it. Running make and make install afterwards makes it running after running gdb. See below,

# gdb mysql
GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1)
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/local/mysql/bin/mysql...done.
(gdb) run -uroot
Starting program: /usr/local/mysql/bin/mysql -uroot
[Thread debugging using libthread_db enabled]
[New Thread 0x7ffff6839700 (LWP 18001)]
[Thread 0x7ffff6839700 (LWP 18001) exited]
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.12 Source distribution

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> quit
Bye

Tags:

Revision history for this message

Valerii Kravchuk (valerii-kravchuk) wrote on 2013-07-14:

Please, send the output of:

gcc --version

from your system and describe how exactly you've built from sources.

Official binaries works on just upgraded CentOS 6.4:

[root@centos openxs]# uname -a
Linux centos 2.6.32-358.6.2.el6.x86_64 #1 SMP Thu May 16 20:59:36 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
[root@centos openxs]# cat /etc/issue
CentOS release 6.4 (Final)
Kernel \r on an \m

[root@centos openxs]# gcc --version
gcc (GCC) 4.4.7 20120313 (Red Hat 4.4.7-3)
Copyright (C) 2010 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

[root@centos openxs]# mysql -uroot test
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
[root@centos openxs]# ps aux | grep mysqld
root 18065 0.0 0.0 103236 856 pts/0 S+ 19:57 0:00 grep mysqld
[root@centos openxs]# service mysql start
Starting MySQL (Percona Server)... SUCCESS!
[root@centos openxs]# mysql -uroot test
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.12-56 Percona Server (GPL), Release rc60.4, Revision 393

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> select 2 * 2;
+-------+
| 2 * 2 |
+-------+
| 4 |
+-------+
1 row in set (0.00 sec)

So, it should be something with your build environment or procedure.

Changed in percona-server:
status:	New → Incomplete

Revision history for this message

Paul Namuag (paul-namuag) wrote on 2013-07-15:

Download full text (4.2 KiB)

Hey Valerii, it's Paul :D

Anyhow, I would really like to affirm that the fix I have above is the fix.

Base in the code in terminal.c.

Hey Valerii, it's Paul :D

Anyhow, I would really like to affirm that the fix I have above is the fix.

Base in the code in terminal.c.

...
 865 protected int
 866 terminal_set(EditLine *el, const char *term)
 867 {
 868         int i;
 869         char buf[TC_BUFSIZE];
 870         char *area;
 871         const struct termcapstr *t;
 872         sigset_t oset, nset;
 873         int lins, cols;
 874 
 875         (void) sigemptyset(&nset);
 876         (void) sigaddset(&nset, SIGWINCH);
 877         (void) sigprocmask(SIG_BLOCK, &nset, &oset);
 878 
 879         area = buf;
 880 
 881 
 882         if (term == NULL)
 883                 term = getenv("TERM");
 884 
 885         if (!term || !term[0])
 886                 term = "dumb";
 887 
 888         if (strcmp(term, "emacs") == 0)
 889                 el->el_flags |= EDIT_DISABLED;
 890 
 891         memset(el->el_terminal.t_cap, 0, TC_BUFSIZE);
 892 
 893         i = tgetent(el->el_terminal.t_cap, term);
 894 
 895         if (i <= 0) {
 896                 if (i == -1)
 897                         (void) fprintf(el->el_errfile,
 898                             "Cannot read termcap database;\n");
 899                 else if (i == 0)
 900                         (void) fprintf(el->el_errfile,
 901                             "No entry for terminal type \"%s\";\n", term);
 902                 (void) fprintf(el->el_errfile,
 903                     "using dumb terminal settings.\n");
 904                 Val(T_co) = 80; /* do a dumb terminal */
 905                 Val(T_pt) = Val(T_km) = Val(T_li) = 0;
 906                 Val(T_xt) = Val(T_MT);
 907                 for (t = tstr; t->name != NULL; t++)
 908                         terminal_alloc(el, t, NULL);
 909         } else {
 910                 /* auto/magic margins */
 911                 Val(T_am) = tgetflag("am");
 912                 Val(T_xn) = tgetflag("xn");
 913                 /* Can we tab */
 914                 Val(T_pt) = tgetflag("pt");
 915                 Val(T_xt) = tgetflag("xt");
 916                 /* do we have a meta? */
 917                 Val(T_km) = tgetflag("km");
 918                 Val(T_MT) = tgetflag("MT");
 919                 /* Get the size */
 920                 Val(T_co) = tgetnum("co");
 921                 Val(T_li) = tgetnum("li");
 922                 for (t = tstr; t->name != NULL; t++) {
 923                         /* XXX: some systems' tgetstr needs non const */
 924                         terminal_alloc(el, t, tgetstr(strchr(t->name, *t->name),
 925                             &area));
 926                 }
 927         }
 928 
 929         if (Val(T_co) < 2)
 930                 Val(T_co) = 80; /* just in case */
 931         if (Val(T_li) < 1)
 932                 Val(T_li) = 24;
 933 
 934         el->el_terminal.t_size.v = Val(T_co);
 935         el->el_terminal.t_size.h = Val(T_li);
 936 
 937         terminal_setflags(el);
 938 
 939                                 /* get the correct window size */
 940         (void) terminal_get_size(el, &lins, &cols);
 941         if (terminal_change_size(el, lins, cols) == -1)
 942                 return -1;
 943         (void) sigprocmask(SIG_SETMASK, &oset, NULL);
 944         terminal_bind_arrow(el);
 945         el->el_terminal.t_name = term;
 946         return i <= 0 ? -1 : 0;
 947 }
...

variable "area"  is assigned with an unassigned variable called "buf" which "buf" is declared in line 869. This is a local variable and is not referenced or assigned to a global variable or any local variable in the function. Variable area is only assigned once which found at line 879. Thus, this returns an error of "array out of bounds" (cap=0xffffffffffffd750 <Address 0xffffffffffffd750 out of bounds>) because variable "cap" is a pointer to the character type array where cap has undefined value, and is the third parameter to function "private void terminal_alloc(EditLine *el, const struct termcapstr *t, const char *cap) ".

With regards to my packages, additional info are seen below:
 - glibc-2.12-1.107.el6.x86_64
 - libgcc-4.4.7-3.el6.x86_64
 - libstdc++-4.4.7-3.el6.x86_64 
 - ncurses-libs-5.7-3.20090208.el6.x86_64

The process on how did I install it or build it is by,

#  tar xzvf Percona-Server-5.6.12-rc60.4.tar.gz 
# cmake .
# make
# make install

Valerii Kravchuk (valerii-kravchuk) on 2013-07-15

Changed in percona-server:
status:	Incomplete → New

Revision history for this message

Valerii Kravchuk (valerii-kravchuk) wrote on 2013-12-05:

Paul,

If this is still repeatable for you recent Percona Server 5.6.x version, please, add more evidence.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-02-04:

[Expired for Percona Server 5.6 because there has been no activity for 60 days.]

Revision history for this message

Shahriyar Rzayev (rzayev-sehriyar) wrote on 2018-01-25:

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-2988

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.