maria-developers team mailing list archive

[Aleksey Midenkov <midenok@xxxxxxxxx>]

Yes, it doesn't reproduce from test case. Though it reproduces from mysql
console. Probably, some mysqld config also plays role. I included my config
file. Also it reproduces with clang-7 (7.0.0-3) and doesn't reproduce with
gcc (8.2.0)
.

On Mon, Mar 18, 2019 at 6:48 PM Marko Mäkelä <marko.makela@xxxxxxxxxxx>
wrote:

> The test case does not fail for me when building 10.3
> 397b6b13d062b28d12e9263710224bfb2269f19f with clang-7, using
> -DCMAKE_BUILD_TYPE=Debug -DWITH_ASAN=ON and -O2 level.
>
> When copying your SQL to a .test file I had to append the current
> delimiter to the "delimiter" lines. For some reason, mysql-test-run
> uses a different syntax for delimiters.
>

Yeah, this inconsistency is not very convenient...


>
> On a related note, ASAN builds with clang-8 always complain to me and
> refuse to run any tests:
>
> Could not execute 'check-testcase' before testcase '…' (res: 1):
> mysqltest: Logging to
> '/dev/shm/10.3/mysql-test/var/tmp/check-mysqld_1.log'.
> mysqltest: Results saved in
> '/dev/shm/10.3/mysql-test/var/tmp/check-mysqld_1.result'.
> =================================================================
> ==38044==ERROR: AddressSanitizer: global-buffer-overflow on address
> 0x561084541bb8 at pc 0x56108350463f bp 0x7ffe571f2390 sp
> 0x7ffe571f1b20
> WRITE of size 64 at 0x561084541bb8 thread T0
>     #0 0x56108350463e in __interceptor_regcomp
> (/dev/shm/10.3/client/mysqltest+0x1df63e)
>     #1 0x56108358c6c3 in init_re_comp(regex_t*, char const*)
> /mariadb/10.3/client/mysqltest.cc:8830:12
>     #2 0x56108358c6c3 in init_re() /mariadb/10.3/client/mysqltest.cc:8912
>     #3 0x56108358c6c3 in main /mariadb/10.3/client/mysqltest.cc:9301
>     #4 0x7f137d63a09a in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
>     #5 0x561083480c79 in _start (/dev/shm/10.3/client/mysqltest+0x15bc79)
>
> 0x561084541bb8 is located 40 bytes to the left of global variable
> 'epbuf' defined in '/mariadb/10.3/client/mysqltest.cc:8821:15'
> (0x561084541be0) of size 100
> 0x561084541bb8 is located 0 bytes to the right of global variable
> 'ps_re' defined in '/mariadb/10.3/client/mysqltest.cc:261:16'
> (0x561084541ba0) of size 24
>
> When I tried a simple test program that invokes regcomp(), clang-8’s
> ASAN did not complain about it. I cannot immediately recognize what
> might be wrong in mysqltest.cc. Maybe there is some macro obfuscation
> at play.
>
> Marko
>
> On Mon, Mar 18, 2019 at 4:59 PM Aleksey Midenkov <midenok@xxxxxxxxx>
> wrote:
> >
> > This case segfaults in ASAN code:
> >
> > delimiter ~~
> > create or replace procedure t1()
> > begin
> >     create or replace table t1 (
> >         b tinytext,
> >         v text as (b) virtual
> >     );
> > end~~
> > delimiter ;
> > call t1;
> >
> > Both in 10.3 and 10.4 in different places. Does someone know about such
> ASAN faults?
> >
> > --
> > All the best,
> >
> > Aleksey Midenkov
> > @midenok
> > _______________________________________________
> > Mailing list: https://launchpad.net/~maria-developers
> > Post to     : maria-developers@xxxxxxxxxxxxxxxxxxx
> > Unsubscribe : https://launchpad.net/~maria-developers
> > More help   : https://help.launchpad.net/ListHelp
>
>
>
> --
> Marko Mäkelä, Lead Developer InnoDB
> MariaDB Corporation
>


-- 
All the best,

Aleksey Midenkov
@midenok

Attachment: mysqld.cnf.gz
Description: application/gzip

Attachment: 10.3.txt.gz
Description: application/gzip

Attachment: 10.4.txt.gz
Description: application/gzip