LP #1628417: 3-byte read function uint3korr reads 4 bytes on x86
General
Escalation
General
Escalation
Description
Environment
None
Smart Checklist
Activity
Show:
lpjirasync January 24, 2018 at 10:28 AM
**Comment from Launchpad by: Laurynas Biveinis on: 28-09-2016 15:43:56
https://github.com/percona/percona-server/pull/1084
https://github.com/percona/percona-server/pull/1085
https://github.com/percona/percona-server/pull/1088
Done
Details
Details
Assignee
Unassigned
UnassignedReporter
lpjirasync
lpjirasync(Deactivated)Priority
LowSmart Checklist
Open Smart Checklist
Smart Checklist
Open Smart Checklist
Created January 24, 2018 at 10:27 AM
Updated January 24, 2018 at 10:28 AM
Resolved January 24, 2018 at 10:28 AM
**Reported in Launchpad by Laurynas Biveinis last update 01-08-2017 14:01:53
This shows up as an ASan error on 5.5 trunk, 32-bit build:
binlog.binlog_mysqlbinlog_row 'row' w4 [ fail ]
Test ended at 2016-09-22 15:17:56
CURRENT_TEST: binlog.binlog_mysqlbinlog_row
=================================================================
==27814==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb3e05d51 at pc 0x08057f8e bp 0xbfee4b98 sp 0xbfee4b88
READ of size 4 at 0xb3e05d51 thread T0
#0 0x8057f8d in log_event_print_value /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/sql/log_event.cc:1689
#1 0x8072e53 in Rows_log_event::print_verbose_one_row(st_io_cache*, table_def*, st_print_event_info*, st_bitmap*, unsigned char const*, unsigned char const*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/sql/log_event.cc:1969
#2 0x8074790 in Rows_log_event::print_verbose(st_io_cache*, st_print_event_info*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/sql/log_event.cc:2048
#3 0x80753ca in Log_event::print_base64(st_io_cache*, st_print_event_info*, bool) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/sql/log_event.cc:2137
#4 0x8075da3 in Rows_log_event::print_helper(_IO_FILE*, st_print_event_info*, char const*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/sql/log_event.cc:8478
#5 0x8075ed8 in Write_rows_log_event::print(_IO_FILE*, st_print_event_info*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/sql/log_event.cc:9677
#6 0x80787e4 in process_event(st_print_event_info*, Log_event*, unsigned long long, char const*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/client/mysqlbinlog.cc:1129
#7 0x807b262 in dump_local_log_entries /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/client/mysqlbinlog.cc:2271
#8 0x807b262 in dump_log_entries /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/client/mysqlbinlog.cc:1706
#9 0x807bb9f in main /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/client/mysqlbinlog.cc:2377
#10 0xb6bd9636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)
#11 0x804bcf0 (/mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/client/mysqlbinlog+0x804bcf0)
0xb3e05d54 is located 0 bytes to the right of 4-byte region [0xb3e05d50,0xb3e05d54)
allocated by thread T0 here:
#0 0xb7286dee in malloc (/usr/lib/i386-linux-gnu/libasan.so.2+0x96dee)
#1 0x81209a9 in my_malloc /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/mysys/my_malloc.c:38
#2 0x806d764 in Rows_log_event::Rows_log_event(char const*, unsigned int, Log_event_type, Format_description_log_event const*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/sql/log_event.cc:7743
#3 0x806f4a4 in Write_rows_log_event::Write_rows_log_event(char const*, unsigned int, Format_description_log_event const*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/sql/log_event.cc:9225
#4 0x807531a in Log_event::print_base64(st_io_cache*, st_print_event_info*, bool) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/sql/log_event.cc:2122
#5 0x8075da3 in Rows_log_event::print_helper(_IO_FILE*, st_print_event_info*, char const*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/sql/log_event.cc:8478
#6 0x8075ed8 in Write_rows_log_event::print(_IO_FILE*, st_print_event_info*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/sql/log_event.cc:9677
#7 0x80787e4 in process_event(st_print_event_info*, Log_event*, unsigned long long, char const*) /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/client/mysqlbinlog.cc:1129
#8 0x807b262 in dump_local_log_entries /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/client/mysqlbinlog.cc:2271
#9 0x807b262 in dump_log_entries /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/client/mysqlbinlog.cc:1706
#10 0x807bb9f in main /mnt/workspace/percona-server-5.5-asan-param/BUILD_TYPE/debug-asan/Host/ubuntu-xenial-32bit/client/mysqlbinlog.cc:2377
#11 0xb6bd9636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636)