Uploaded image for project: 'Percona Server for MySQL'
  1. Percona Server for MySQL
  2. PS-5985

heap-buffer-overflow in encryption.innodb-corrupt-row-compressed

    Details

    • Type: Bug
    • Status: Done
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 8.0.16-7
    • Fix Version/s: 8.0.17-8
    • Component/s: None
    • Labels:

      Description

      Build Percona Server with "-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON".
      Run

      ./mtr --debug-server --sanitize encryption.innodb-corrupt-row-compressed
      
      ==19008==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000000c74 at pc 0x55ec7fae785e bp 0x7ffccc5d68c0 sp 0x7ffccc5d68b0
      READ of size 1 at 0x604000000c74 thread T0
          #0 0x55ec7fae785d in strmake(char*, char const*, unsigned long) /mnt/hgfs/repos/percona-server/strings/strmake.cc:62
          #1 0x55ec7f9551f1 in main /mnt/hgfs/repos/percona-server/client/mysqltest.cc:10041
          #2 0x7f8424fc7b6a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26b6a)
          #3 0x55ec7f91fda9 in _start (/home/yura/addon/host/percona-build-8.0-asan_gcc9/runtime_output_directory/mysqltest+0x2acda9)
      
      0x604000000c74 is located 0 bytes to the right of 36-byte region [0x604000000c50,0x604000000c74)
      allocated by thread T0 here:
          #0 0x7f842587f448 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5.0.0+0x10c448)
          #1 0x55ec7fb0cbaa in my_raw_malloc /mnt/hgfs/repos/percona-server/mysys/my_malloc.cc:199
          #2 0x55ec7fb0ccfd in my_malloc(unsigned int, unsigned long, int) /mnt/hgfs/repos/percona-server/mysys/my_malloc.cc:81
          #3 0x55ec7fb107fc in init_dynamic_string(DYNAMIC_STRING*, char const*, unsigned long, unsigned long) /mnt/hgfs/repos/percona-server/mysys/my_string.cc:56
          #4 0x55ec7f955138 in main /mnt/hgfs/repos/percona-server/client/mysqltest.cc:10035
          #5 0x7f8424fc7b6a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26b6a)
      

        Smart Checklist

          Attachments

            Activity

              People

              • Assignee:
                robert.golebiowski Robert Golebiowski
                Reporter:
                yura.sorokin Yura Sorokin
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - Not Specified
                  Not Specified
                  Logged:
                  Time Spent - 1 hour, 30 minutes
                  1h 30m