-
Type:
Bug
-
Status: Done
-
Priority:
High
-
Resolution: Fixed
-
Affects Version/s: 5.7.x, 8.0.x, Not 5.6.x
-
Component/s: None
-
Labels:
Seen with sanitizers on 8.0 MTR innodb.log_encrypt_2_rk:
190102 14:37:39 [ 37%] innodb.log_encrypt_2_rk w2 [ fail ] ... ==15442==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe91a9e3cf at pc 0x000007c7941e bp 0x7ffe91a9e2c0 sp 0x7ffe91a9e2b8 WRITE of size 1 at 0x7ffe91a9e3cf thread T0 #0 0x7c7941d in mach_write_to_4 storage/innobase/include/mach0data.ic:135 #1 0x7c80584 in Encryption::fill_encryption_info(unsigned int, unsigned char*, unsigned char*) storage/innobase/os/os0file.cc:8818 #2 0x7c537aa in log_file_header_fill_encryption storage/innobase/log/log0write.cc:2624 #3 0x7c58695 in log_write_encryption(unsigned char*, unsigned char*, bool) storage/innobase/log/log0write.cc:2662 #4 0x7c5aa8a in log_enable_encryption_if_set() storage/innobase/log/log0write.cc:2771 #5 0x79f99fb in innobase_fix_tablespaces_empty_uuid() storage/innobase/handler/ha_innodb.cc:4006 #6 0x2e806bc in mysqld_main(int, char**) sql/mysqld.cc:6470 #7 0x7f275f93cd1f in __libc_start_main (/lib64/libc.so.6+0x1ed1f) #8 0x25d11c4 (/tmp/results/PS/bin/mysqld+0x25d11c4) Address 0x7ffe91a9e3cf is located in stack of thread T0 at offset 143 in frame #0 0x7c536bf in log_file_header_fill_encryption storage/innobase/log/log0write.cc:2622 This frame has 1 object(s): [32, 143) 'encryption_info' <== Memory access at offset 143 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow storage/innobase/include/mach0data.ic:135 in mach_write_to_4 Shadow bytes around the buggy address: 0x10005234bc20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10005234bc30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10005234bc40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10005234bc50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10005234bc60: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 =>0x10005234bc70: 00 00 00 00 00 00 00 00 00[07]f2 f2 f3 f3 f3 f3 0x10005234bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 0x10005234bc90: f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 0x10005234bca0: f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2 0x10005234bcb0: f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 0x10005234bcc0: 00 00 00 00 00 00 00 f2 f2 f2 f3 f3 f3 f3 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==15442==ABORTING
Similar errors also on innodb.log_encrypt_1_rk, innodb.log_encrypt_3_rk, innodb.log_encrypt_5_rk