Percona Server moved to https://jira.percona.com/projects/PS

relay_log_basename and relay_log_index not properly validated leading to segfault

Bug #1647700 reported by Petr Medonos
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona Server moved to https://jira.percona.com/projects/PS
New
Undecided
Unassigned

Bug Description

We run into an issue when Percona Server 5.7.16-10 segfault when relay_log_basename and relay_log_index are not set properly. Stacktrace follows

(gdb) bt
#0 0x0000003d65e0c97c in pthread_kill () from /lib64/libpthread.so.0
#1 0x000000000079e1a5 in handle_fatal_signal (sig=11) at /mnt/workspace/percona-server-5.7-binaries-release/label_exp/centos6-64/percona-server-5.7.16-10/sql/signal_handler.cc:223
#2 <signal handler called>
#3 0x0000003d65a81301 in __strlen_sse2 () from /lib64/libc.so.6
#4 0x0000000000e930bb in Relay_log_info::add_channel_to_relay_log_name (this=0x7fe21f277000, buff=0x7fe21617b560 "h\005", buff_size=513, base_name=0x0)
    at /mnt/workspace/percona-server-5.7-binaries-release/label_exp/centos6-64/percona-server-5.7.16-10/sql/rpl_rli.cc:1372
#5 0x0000000000e952ce in Relay_log_info::relay_log_number_to_name (this=Unhandled dwarf expression opcode 0xf3
) at /mnt/workspace/percona-server-5.7-binaries-release/label_exp/centos6-64/percona-server-5.7.16-10/sql/rpl_rli.cc:2918
#6 0x0000000000e9d2db in Slave_worker::read_and_apply_events (this=0x7fe21f277000, start_relay_number=34, start_relay_pos=7042520, end_relay_number=34, end_relay_pos=7042889)
    at /mnt/workspace/percona-server-5.7-binaries-release/label_exp/centos6-64/percona-server-5.7.16-10/sql/rpl_rli_pdb.cc:2079
#7 0x0000000000e9d7d1 in Slave_worker::retry_transaction (this=0x7fe21f277000, start_relay_number=34, start_relay_pos=7042520, end_relay_number=34, end_relay_pos=7042889)
    at /mnt/workspace/percona-server-5.7-binaries-release/label_exp/centos6-64/percona-server-5.7.16-10/sql/rpl_rli_pdb.cc:2014
#8 0x0000000000e9ea5d in slave_worker_exec_job_group (worker=0x7fe21f277000, rli=0x7fe22c3bc000)
    at /mnt/workspace/percona-server-5.7-binaries-release/label_exp/centos6-64/percona-server-5.7.16-10/sql/rpl_rli_pdb.cc:2657
#9 0x0000000000e8185b in handle_slave_worker (arg=0x7fe21f277000) at /mnt/workspace/percona-server-5.7-binaries-release/label_exp/centos6-64/percona-server-5.7.16-10/sql/rpl_slave.cc:6167
#10 0x0000000000ef78d4 in pfs_spawn_thread (arg=0x7fe21f00e720) at /mnt/workspace/percona-server-5.7-binaries-release/label_exp/centos6-64/percona-server-5.7.16-10/storage/perfschema/pfs.cc:2188
#11 0x0000003d65e07aa1 in start_thread () from /lib64/libpthread.so.0
#12 0x0000003d65ae8aad in clone () from /lib64/libc.so.6

(gdb) p &relay_log_basename
$1 = (const char **) 0x1e1c4d0
(gdb) p 0x1e1c4d0
$2 = 31573200
(gdb) x/s 0x1e1c4d0
0x1e1c4d0 <relay_log_basename>: ""

This lead to segfault because of base_name_len= strlen(base_name); // strlen(NULL). When relay-log option is set everything works as expected. I think that there is a mistake in validation in mysql.cc (https://github.com/percona/percona-server/blob/aba7e4390a3fe1c76a6af57ead9b3efd7a6216f2/sql/mysqld.cc) line 4213 beacause of the char *opt_relay_logname = 0 on line 724. There should be probably:

#ifndef EMBEDDED_LIBRARY
  DBUG_PRINT("debug",
             ("opt_bin_logname: %s, opt_relay_logname: %s, pidfile_name: %s",
              opt_bin_logname, opt_relay_logname, pidfile_name));
- if (opt_relay_logname)
+ if (!opt_relay_logname)
  {

Please verify that my sugestion is correct thanks!

Revision history for this message
Shahriyar Rzayev (rzayev-sehriyar) wrote :

Percona now uses JIRA for bug reports so this bug report is migrated to: https://jira.percona.com/browse/PS-3614

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.