From 8ed9ef54f921a2fe8791b1c8fb8d1d0da4f9bf90 Mon Sep 17 00:00:00 2001 From: Eugene Kosov Date: Tue, 20 Feb 2018 13:50:23 +0300 Subject: [PATCH 1/2] ASAN unpoison system versioning related buffer Fixes this report: ==3165==ERROR: AddressSanitizer: use-after-poison on address 0x61e0000270a0 at pc 0x00000114b78c bp 0x7f15d65fe120 sp 0x7f15d65fd8d0 WRITE of size 1366 at 0x61e0000270a0 thread T28 #0 0x114b78b in __asan_memcpy fun/cpp_projects/llvm_toolchain/llvm/projects/compiler-rt/lib/asan/asan_interceptors_memintrinsics.cc:23 #1 0x208208d in TABLE::init(THD*, TABLE_LIST*) work/mariadb/sql/table.cc:4662:3 #2 0x19df85b in open_table(THD*, TABLE_LIST*, Open_table_context*) work/mariadb/sql/sql_base.cc:1993:10 #3 0x19eb968 in open_and_process_table(THD*, LEX*, TABLE_LIST*, unsigned int*, unsigned int, Prelocking_strategy*, bool, Open_table_context*) work/mariadb/sql/sql_base.cc:3483:14 #4 0x19e7c05 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) work/mariadb/sql/sql_base.cc:4001:14 #5 0x19f4dac in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) work/mariadb/sql/sql_base.cc:4879:7 #6 0x1627263 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) work/mariadb/sql/sql_base.h:487:10 #7 0x1c3839c in mysql_execute_command(THD*) work/mariadb/sql/sql_parse.cc:5113:13 #8 0x1c1b72c in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) work/mariadb/sql/sql_parse.cc:7980:18 #9 0x1c13464 in handle_bootstrap_impl(THD*) work/mariadb/sql/sql_parse.cc:1044:5 #10 0x1c11ff7 in do_handle_bootstrap(THD*) work/mariadb/sql/sql_parse.cc:1096:3 #11 0x1c11d14 in handle_bootstrap work/mariadb/sql/sql_parse.cc:1079:3 #12 0x115a6ae in __asan::AsanThread::ThreadStart(unsigned long, __sanitizer::atomic_uintptr_t*) fun/cpp_projects/llvm_toolchain/llvm/projects/compiler-rt/lib/asan/asan_thread.cc:259 #13 0x7f15fe1407fb in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x77fb) #14 0x7f15fbb64b5e in clone /build/glibc-itYbWN/glibc-2.26/misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95 --- sql/table.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sql/table.cc b/sql/table.cc index a1129d48b52..27a8c87a07a 100644 --- a/sql/table.cc +++ b/sql/table.cc @@ -3221,8 +3221,8 @@ enum open_frm_error open_table_from_share(THD *thd, TABLE_SHARE *share, if (++i < records) record+= share->rec_buff_length; } - MEM_UNDEFINED(outparam->record[0], share->reclength); - MEM_UNDEFINED(outparam->record[1], share->reclength); + for (uint i= 0; i < records; i++) + MEM_UNDEFINED(outparam->record[i], share->reclength); if (!(field_ptr = (Field **) alloc_root(&outparam->mem_root, (uint) ((share->fields+1)* From d4822bef047b708392d9b8134d81311795cb73a1 Mon Sep 17 00:00:00 2001 From: Eugene Kosov Date: Tue, 20 Feb 2018 15:09:31 +0300 Subject: [PATCH 2/2] remove uint --- sql/table.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sql/table.cc b/sql/table.cc index 27a8c87a07a..549814a57bc 100644 --- a/sql/table.cc +++ b/sql/table.cc @@ -3221,7 +3221,7 @@ enum open_frm_error open_table_from_share(THD *thd, TABLE_SHARE *share, if (++i < records) record+= share->rec_buff_length; } - for (uint i= 0; i < records; i++) + for (i= 0; i < records; i++) MEM_UNDEFINED(outparam->record[i], share->reclength); if (!(field_ptr = (Field **) alloc_root(&outparam->mem_root,