LP #1587527: stack-buffer-overflow in mysql_client_test

**Reported in Launchpad by Laurynas Biveinis last update 02-06-2016 06:55:29

main.mysql_client_test [ fail ]
Test ended at 2016-05-31 17:59:08

CURRENT_TEST: main.mysql_client_test
mysqltest: At line 17: command "$MYSQL_CLIENT_TEST --getopt-ll-test=25600M $PLUGIN_AUTH_CLIENT_OPT >> $MYSQLTEST_VARDIR/log/mysql_client_test.out.log 2>&1" failed

Output from before failure:
exec of '/home/laurynas/obj-5.5-asan-debug/tests/mysql_client_test --defaults-file=/home/laurynas/obj-5.5-asan-debug/mysql-test/var/my.cnf --testcase --vardir=/home/laurynas/obj-5.5-asan-debug/mysql-test/var --getopt-ll-test=25600M --plugin-dir=/home/laurynas/obj-5.5-asan-debug/plugin/auth >> /home/laurynas/obj-5.5-asan-debug/mysql-test/var/log/mysql_client_test.out.log 2>&1' failed, error: 256, status: 1, errno: 0
...
==6897==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc6c7c6dd0 at pc 0x7f3a662da935 bp 0x7ffc6c7c6be0 sp 0x7ffc6c7c6388
READ of size 224 at 0x7ffc6c7c6dd0 thread T0
#0 0x7f3a662da934 in __asan_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c934)
#1 0x491e89 in memcpy /usr/include/x86_64-linux-gnu/bits/string3.h:53
#2 0x491e89 in mysql_stmt_bind_result /home/laurynas/mysql-server/libmysql/libmysql.c:4063
#3 0x430314 in test_pure_coverage /home/laurynas/mysql-server/tests/mysql_client_test.c:6233
#4 0x46a455 in main /home/laurynas/mysql-server/tests/mysql_client_fw.c:1379
#5 0x7f3a6577b82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#6 0x403eb8 in _start (/home/laurynas/obj-5.5-asan-debug/tests/mysql_client_test+0x403eb8)

Address 0x7ffc6c7c6dd0 is located in stack of thread T0 at offset 208 in frame
#0 0x42fd6a in test_pure_coverage /home/laurynas/mysql-server/tests/mysql_client_test.c:6168

This frame has 2 object(s):
[32, 40) 'length'
[96, 208) 'my_bind' <== Memory access at offset 208 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions are supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 __asan_memcpy
Shadow bytes around the buggy address:
0x10000d8f0d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000d8f0d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000d8f0d80: 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 f3 f3
0x10000d8f0d90: f3 f3 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
0x10000d8f0da0: f1 f1 f1 f1 00 f4 f4 f4 f2 f2 f2 f2 00 00 00 00
=>0x10000d8f0db0: 00 00 00 00 00 00 00 00 00 00[f4]f4 f3 f3 f3 f3
0x10000d8f0dc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000d8f0dd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000d8f0de0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000d8f0df0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10000d8f0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
==6897==ABORTING