MDEV-22741: *SAN: ERROR: AddressSanitizer: use-after-poison on address in...

MDEV-22741: *SAN: ERROR: AddressSanitizer: use-after-poison on address in instrings/strmake.c:36 from change_master (on optimized builds) Problem: ======== CHANGE MASTER TO MASTER_USER='root', MASTER_SSL=0, MASTER_SSL_CA='', MASTER_SSL_CERT='', MASTER_SSL_KEY='', MASTER_SSL_CRL='', MASTER_SSL_CRLPATH=''; CHANGE MASTER TO MASTER_USER='root', MASTER_PASSWORD='', MASTER_SSL=0; use-after-poison is reported for lex_mi->ssl_crl File: sql_repl.cc if (lex_mi->ssl_crl) strmake_buf(mi->ssl_crl, lex_mi->ssl_crl); Analysis: ======== At the end of CHANGE MASTER statement execution, the LEX_MASTER_INFO parameters are reset so that the next query will have a clean state. But 'ssl_crl' and 'ssl_crl_path' members of LEX_MASTER_INFO object are not cleared during 'LEX_MASTER_INFO::reset'. Hence when a new CHANGE MASTER statement is executed, the stale value of lex_mi->ssl_crl is used, so ASAN reports use-after-poison. Fix: === Clear 'ssl_crl' and 'ssl_crl_path' as part of 'reset'.

MDEV-22741: *SAN: ERROR: AddressSanitizer: use-after-poison on address in...
MDEV-22741: *SAN: ERROR: AddressSanitizer: use-after-poison on address in instrings/strmake.c:36 from change_master (on optimized builds) Problem: ======== CHANGE MASTER TO MASTER_USER='root', MASTER_SSL=0, MASTER_SSL_CA='', MASTER_SSL_CERT='', MASTER_SSL_KEY='', MASTER_SSL_CRL='', MASTER_SSL_CRLPATH=''; CHANGE MASTER TO MASTER_USER='root', MASTER_PASSWORD='', MASTER_SSL=0; use-after-poison is reported for lex_mi->ssl_crl File: sql_repl.cc if (lex_mi->ssl_crl) strmake_buf(mi->ssl_crl, lex_mi->ssl_crl); Analysis: ======== At the end of CHANGE MASTER statement execution, the LEX_MASTER_INFO parameters are reset so that the next query will have a clean state. But 'ssl_crl' and 'ssl_crl_path' members of LEX_MASTER_INFO object are not cleared during 'LEX_MASTER_INFO::reset'. Hence when a new CHANGE MASTER statement is executed, the stale value of lex_mi->ssl_crl is used, so ASAN reports use-after-poison. Fix: === Clear 'ssl_crl' and 'ssl_crl_path' as part of 'reset'.
eef4c5d3 · Sujatha · 6ede84f4 · eef4c5d3 · eef4c5d3 · eef4c5d3
Commit eef4c5d3 authored Jan 18, 2021 by Sujatha
3 changed files
--- a/mysql-test/suite/rpl/r/rpl_change_master.result
+++ b/mysql-test/suite/rpl/r/rpl_change_master.result
@@ -22,4 +22,8 @@ n
 connection master;
 drop table t1;
 connection slave;
+connection master;
+CHANGE MASTER TO MASTER_USER='root', MASTER_SSL=0, MASTER_SSL_CA='', MASTER_SSL_CERT='',
+MASTER_SSL_KEY='', MASTER_SSL_CRL='', MASTER_SSL_CRLPATH='';
+CHANGE MASTER TO MASTER_USER='root', MASTER_PASSWORD='', MASTER_SSL=0;
 include/rpl_end.inc
--- a/mysql-test/suite/rpl/t/rpl_change_master.test
+++ b/mysql-test/suite/rpl/t/rpl_change_master.test
@@ -101,4 +101,11 @@ connection master;
 drop table t1;
 }

+--connection master
+# MDEV-22741: *SAN: ERROR: AddressSanitizer: use-after-poison on address in
+# instrings/strmake.c:36 from change_master (on optimized builds)
+CHANGE MASTER TO MASTER_USER='root', MASTER_SSL=0, MASTER_SSL_CA='', MASTER_SSL_CERT='',
+  MASTER_SSL_KEY='', MASTER_SSL_CRL='', MASTER_SSL_CRLPATH='';
+CHANGE MASTER TO MASTER_USER='root', MASTER_PASSWORD='', MASTER_SSL=0;
+
 --source include/rpl_end.inc
--- a/sql/sql_lex.h
+++ b/sql/sql_lex.h
@@ -280,7 +280,7 @@ struct LEX_MASTER_INFO
    }

    host= user= password= log_file_name= ssl_key= ssl_cert= ssl_ca=
-      ssl_capath= ssl_cipher= relay_log_name= 0;
+      ssl_capath= ssl_cipher= ssl_crl= ssl_crlpath= relay_log_name= NULL;
    pos= relay_log_pos= server_id= port= connect_retry= 0;
    heartbeat_period= 0;
    ssl= ssl_verify_server_cert= heartbeat_opt=