enterprise-support team mailing list archive
-
enterprise-support team
-
Mailing list archive
-
Message #06129
[Bug 1677130] [NEW] field-t deletes Fake_TABLE objects through base TABLE pointer w/o virtual dtor
Public bug reported:
Copy of https://bugs.mysql.com/bug.php?id=85678:
[29 Mar 6:50] Laurynas Biveinis
Description:
On Yakkety, running field-t unit test with ASan gives
./merge_large_tests
# Run 21 FieldTest.CopyFieldSet
=================================================================
==358==ERROR: AddressSanitizer: new-delete-type-mismatch on 0x61f00000ee80 in thread T0:
object passed to delete has wrong type:
size of the allocated type: 3400 bytes;
size of the deallocated type: 2272 bytes.
#0 0x7f5d7c171bf0 in operator delete(void*, unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc8bf0)
#1 0x562bac66f6c4 in field_unittests::FieldTest_CopyFieldSet_Test::TestBody() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/unittest/gunit/field-t.cc:403
#2 0x562bad87d41d in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2402
#3 0x562bad87d41d in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2438
#4 0x562bad85ffdd in testing::Test::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2475
#5 0x562bad860367 in testing::TestInfo::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2656
#6 0x562bad86069c in testing::TestCase::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2774
#7 0x562bad8621f3 in testing::internal::UnitTestImpl::RunAllTests() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:4649
#8 0x562bad862b71 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2402
#9 0x562bad862b71 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2438
#10 0x562bad862b71 in testing::UnitTest::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:4257
#11 0x562bac5cda68 in RUN_ALL_TESTS() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/include/gtest/gtest.h:2233
#12 0x562bac5cda68 in main /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/unittest/gunit/gunit_test_main_server.cc:72
#13 0x7f5d79f243f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0)
#14 0x562bac5d4c39 in _start (/mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/build/unittest/gunit/merge_large_tests-t+0x4d6c39)
0x61f00000ee80 is located 0 bytes inside of 3400-byte region [0x61f00000ee80,0x61f00000fbc8)
allocated by thread T0 here:
#0 0x7f5d7c170ef0 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc7ef0)
#1 0x562bac66aa3a in field_unittests::FieldTest::create_field_set(st_typelib*) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/unittest/gunit/field-t.cc:372
#2 0x562bac66f2b0 in field_unittests::FieldTest_CopyFieldSet_Test::TestBody() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/unittest/gunit/field-t.cc:386
#3 0x562bad87d41d in void testing::internal::HandleSehExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2402
#4 0x562bad87d41d in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2438
#5 0x562bad85ffdd in testing::Test::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2475
#6 0x562bad860367 in testing::TestInfo::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2656
#7 0x562bad86069c in testing::TestCase::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2774
#8 0x562bad8621f3 in testing::internal::UnitTestImpl::RunAllTests() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:4649
#9 0x562bad862b71 in bool testing::internal::HandleSehExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2402
#10 0x562bad862b71 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:2438
#11 0x562bad862b71 in testing::UnitTest::Run() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/src/gtest.cc:4257
#12 0x562bac5cda68 in RUN_ALL_TESTS() /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/source_downloads/googletest-release-1.8.0/googletest/include/gtest/gtest.h:2233
#13 0x562bac5cda68 in main /mnt/workspace/percona-server-5.6-asan-param/BUILD_TYPE/release-asan/Host/yakkety-64-bigram/unittest/gunit/gunit_test_main_server.cc:72
#14 0x7f5d79f243f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0)
SUMMARY: AddressSanitizer: new-delete-type-mismatch (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc8bf0) in operator delete(void*, unsigned long)
==358==HINT: if you don't care about these errors you may set ASAN_OPTIONS=new_delete_type_mismatch=0
==358==ABORTING
How to repeat:
-DWITH_ASAN_ON, unittest/gunit/merge_large_tests-t
Suggested fix:
This is caused by Field::table, which is of type TABLE *, being initialized with "new Fake_TABLE", and then deleted. But struct TABLE does not have a virtual destructor, thus deleting Fake_TABLE object through a TABLE pointer is undefined.
This could be fixed by either declaring a virtual destructor in struct
TABLE (and losing its POD'ness, thus quite undesirable), either by
casting delete arg to Fake_TABLE * in the unit test.
** Affects: mysql-server
Importance: Unknown
Status: Unknown
** Affects: percona-server
Importance: Low
Assignee: Laurynas Biveinis (laurynas-biveinis)
Status: New
** Affects: percona-server/5.5
Importance: Undecided
Status: Invalid
** Affects: percona-server/5.6
Importance: Low
Assignee: Laurynas Biveinis (laurynas-biveinis)
Status: In Progress
** Affects: percona-server/5.7
Importance: Low
Assignee: Laurynas Biveinis (laurynas-biveinis)
Status: New
** Tags: asan ci upstream
** Also affects: percona-server/5.6
Importance: Undecided
Status: New
** Also affects: percona-server/5.5
Importance: Undecided
Status: New
** Also affects: percona-server/5.7
Importance: Undecided
Status: New
** Changed in: percona-server/5.5
Status: New => Invalid
** Changed in: percona-server/5.6
Assignee: (unassigned) => Laurynas Biveinis (laurynas-biveinis)
** Changed in: percona-server/5.7
Assignee: (unassigned) => Laurynas Biveinis (laurynas-biveinis)
** Changed in: percona-server/5.6
Importance: Undecided => Low
** Changed in: percona-server/5.7
Importance: Undecided => Low
** Changed in: percona-server/5.6
Status: New => In Progress
** Tags added: asan ci upstream
** Bug watch added: MySQL Bug System #85678
http://bugs.mysql.com/bug.php?id=85678
** Also affects: mysql-server via
http://bugs.mysql.com/bug.php?id=85678
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Server/Client Support Team, which is subscribed to MySQL.
Matching subscriptions: Ubuntu Server/Client Support Team
https://bugs.launchpad.net/bugs/1677130
Title:
field-t deletes Fake_TABLE objects through base TABLE pointer w/o
virtual dtor
To manage notifications about this bug go to:
https://bugs.launchpad.net/mysql-server/+bug/1677130/+subscriptions
Follow ups
