Uploaded image for project: 'Percona Server for MySQL'
  1. Percona Server for MySQL
  2. PS-2253

LP #1677130: field-t deletes Fake_TABLE objects through base TABLE pointer w/o virtual dtor

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Low
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None

      Description

      **Reported in Launchpad by Laurynas Biveinis last update 31-03-2017 08:05:16

      Copy of https://bugs.mysql.com/bug.php?id=85678:

      [29 Mar 6:50] Laurynas Biveinis
      Description:
      On Yakkety, running field-t unit test with ASan gives

      ./merge_large_tests

      1. Run 21 FieldTest.CopyFieldSet
        =================================================================
        ==358==ERROR: AddressSanitizer: new-delete-type-mismatch on 0x61f00000ee80 in thread T0:
        object passed to delete has wrong type:
        size of the allocated type: 3400 bytes;
        size of the deallocated type: 2272 bytes.
        #0 0x7f5d7c171bf0 in operator delete(void*, unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc8bf0)
        #1 0x562bac66f6c4 in field_unittests::FieldTest_CopyFieldSet_Test::TestBody() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/unittest/gunit/field-t.cc:403
        #2 0x562bad87d41d in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::)(), char const) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2402
        #3 0x562bad87d41d in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::)(), char const) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2438
        #4 0x562bad85ffdd in testing::Test::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2475
        #5 0x562bad860367 in testing::TestInfo::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2656
        #6 0x562bad86069c in testing::TestCase::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2774
        #7 0x562bad8621f3 in testing::internal::UnitTestImpl::RunAllTests() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:4649
        #8 0x562bad862b71 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::)(), char const) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2402
        #9 0x562bad862b71 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::)(), char const) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2438
        #10 0x562bad862b71 in testing::UnitTest::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:4257
        #11 0x562bac5cda68 in RUN_ALL_TESTS() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/include/gtest/gtest.h:2233
        #12 0x562bac5cda68 in main /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/unittest/gunit/gunit_test_main_server.cc:72
        #13 0x7f5d79f243f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0)
        #14 0x562bac5d4c39 in _start (/mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/build/unittest/gunit/merge_large_tests-t+0x4d6c39)

      0x61f00000ee80 is located 0 bytes inside of 3400-byte region [0x61f00000ee80,0x61f00000fbc8)
      allocated by thread T0 here:
      #0 0x7f5d7c170ef0 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc7ef0)
      #1 0x562bac66aa3a in field_unittests::FieldTest::create_field_set(st_typelib*) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/unittest/gunit/field-t.cc:372
      #2 0x562bac66f2b0 in field_unittests::FieldTest_CopyFieldSet_Test::TestBody() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/unittest/gunit/field-t.cc:386
      #3 0x562bad87d41d in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::)(), char const) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2402
      #4 0x562bad87d41d in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::)(), char const) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2438
      #5 0x562bad85ffdd in testing::Test::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2475
      #6 0x562bad860367 in testing::TestInfo::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2656
      #7 0x562bad86069c in testing::TestCase::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2774
      #8 0x562bad8621f3 in testing::internal::UnitTestImpl::RunAllTests() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:4649
      #9 0x562bad862b71 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::)(), char const) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2402
      #10 0x562bad862b71 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::)(), char const) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2438
      #11 0x562bad862b71 in testing::UnitTest::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:4257
      #12 0x562bac5cda68 in RUN_ALL_TESTS() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/include/gtest/gtest.h:2233
      #13 0x562bac5cda68 in main /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/unittest/gunit/gunit_test_main_server.cc:72
      #14 0x7f5d79f243f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0)

      SUMMARY: AddressSanitizer: new-delete-type-mismatch (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc8bf0) in operator delete(void*, unsigned long)
      ==358==HINT: if you don't care about these errors you may set ASAN_OPTIONS=new_delete_type_mismatch=0
      ==358==ABORTING

      How to repeat:
      -DWITH_ASAN_ON, unittest/gunit/merge_large_tests-t

      Suggested fix:
      This is caused by Field::table, which is of type TABLE *, being initialized with "new Fake_TABLE", and then deleted. But struct TABLE does not have a virtual destructor, thus deleting Fake_TABLE object through a TABLE pointer is undefined.

      This could be fixed by either declaring a virtual destructor in struct TABLE (and losing its POD'ness, thus quite undesirable), either by casting delete arg to Fake_TABLE * in the unit test.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            lpjirasync lpjirasync (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Smart Checklist