-
Type:
Bug
-
Status: Done
-
Priority:
High
-
Resolution: Fixed
-
Affects Version/s: 5.7, 8.0, Not 5.6
-
Component/s: None
-
Labels:
Seen with sanitizers on 8.0 MTR innodb.log_encrypt_2_rk:
190102 14:37:39 [ 37%] innodb.log_encrypt_2_rk w2 [ fail ]
...
==15442==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffe91a9e3cf at pc 0x000007c7941e bp 0x7ffe91a9e2c0 sp 0x7ffe91a9e2b8
WRITE of size 1 at 0x7ffe91a9e3cf thread T0
#0 0x7c7941d in mach_write_to_4 storage/innobase/include/mach0data.ic:135
#1 0x7c80584 in Encryption::fill_encryption_info(unsigned int, unsigned char*, unsigned char*) storage/innobase/os/os0file.cc:8818
#2 0x7c537aa in log_file_header_fill_encryption storage/innobase/log/log0write.cc:2624
#3 0x7c58695 in log_write_encryption(unsigned char*, unsigned char*, bool) storage/innobase/log/log0write.cc:2662
#4 0x7c5aa8a in log_enable_encryption_if_set() storage/innobase/log/log0write.cc:2771
#5 0x79f99fb in innobase_fix_tablespaces_empty_uuid() storage/innobase/handler/ha_innodb.cc:4006
#6 0x2e806bc in mysqld_main(int, char**) sql/mysqld.cc:6470
#7 0x7f275f93cd1f in __libc_start_main (/lib64/libc.so.6+0x1ed1f)
#8 0x25d11c4 (/tmp/results/PS/bin/mysqld+0x25d11c4)
Address 0x7ffe91a9e3cf is located in stack of thread T0 at offset 143 in frame
#0 0x7c536bf in log_file_header_fill_encryption storage/innobase/log/log0write.cc:2622
This frame has 1 object(s):
[32, 143) 'encryption_info' <== Memory access at offset 143 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow storage/innobase/include/mach0data.ic:135 in mach_write_to_4
Shadow bytes around the buggy address:
0x10005234bc20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005234bc30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005234bc40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005234bc50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10005234bc60: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00
=>0x10005234bc70: 00 00 00 00 00 00 00 00 00[07]f2 f2 f3 f3 f3 f3
0x10005234bc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
0x10005234bc90: f1 f1 f8 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2
0x10005234bca0: f2 f2 00 f2 f2 f2 f2 f2 f2 f2 00 f2 f2 f2 f2 f2
0x10005234bcb0: f2 f2 00 00 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00
0x10005234bcc0: 00 00 00 00 00 00 00 f2 f2 f2 f3 f3 f3 f3 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==15442==ABORTING
Similar errors also on innodb.log_encrypt_1_rk, innodb.log_encrypt_3_rk, innodb.log_encrypt_5_rk
