1. 14 Jan, 2020 1 commit
    • Sergei Petrunia's avatar
      MDEV-21341: Fix UBSAN failures: Issue Six · 5e5ae51b
      Sergei Petrunia authored
      (Variant #2 of the patch, which keeps the sp_head object inside the
      MEM_ROOT that sp_head object owns)
      (10.3 requires extra work due to sp_package, will commit a separate
      patch for it)
      
      sp_head::operator new() and operator delete() were dereferencing sp_head*
      pointers to memory that didn't hold a valid sp_head object (it was
      not created/already destroyed).
      This caused UBSan to crash when looking up type information.
      
      Fixed by providing static sp_head::create() and sp_head::destroy() methods.
      5e5ae51b
  2. 07 Jan, 2020 10 commits
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · cb204e11
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following ASAN error.
      
      AddressSanitizer: heap-buffer-overflow on address
      READ of size 1 at 0x60e00009cf71 thread T28
      #0 0x55e37e034ae2 in net_field_length
      
      Fix:
      ===
      **Part10: Avoid reading out of buffer**
      cb204e11
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · d05c511d
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following assert when ASAN is enabled.
      
      Query_log_event::Query_log_event(const char*, uint,
          const Format_description_log_event*, Log_event_type):
        Assertion `(pos) + (6) <= (end)' failed
      
      Fix:
      ===
      **Part9: Removed additional DBUG_ASSERT**
      d05c511d
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · bac33533
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following ASAN error
      
      AddressSanitizer: SEGV on unknown address
      The signal is caused by a READ memory access.
      User_var_log_event::User_var_log_event(char const*, unsigned int,
          Format_description_log_event const*)
      
      Implemented part of upstream patch.
      commit: mysql/mysql-server@a3a497ccf7ecacc900551fb1e47ea4078b45c351
      
      Fix:
      ===
      **Part8: added checks to avoid reading out of buffer limits**
      bac33533
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · 2187f1c2
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following ASAN error
      "heap-buffer-overflow on address" and some times it asserts.
      
      Table_map_log_event::Table_map_log_event(const char*, uint,
          const Format_description_log_event*)
      Assertion `m_field_metadata_size <= (m_colcnt * 2)' failed.
      
      Fix:
      ===
      **Part7: Avoid reading out of buffer**
      
      
      Converted debug assert to error handler code.
      2187f1c2
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · d6fa69e4
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following ASAN error
      
      AddressSanitizer: heap-buffer-overflow on address 0x60400002acb8
      Load_log_event::copy_log_event(char const*, unsigned long, int,
          Format_description_log_event const*)
      
      Fix:
      ===
      **Part6: Moved the event_len validation to the begin of copy_log_event function**
      d6fa69e4
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · 15781283
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following ASAN error
      
      AddressSanitizer: heap-buffer-overflow on address
      String::append(char const*, unsigned int)
      Query_log_event::pack_info(Protocol*)
      
      Fix:
      ===
      **Part5: Added check to catch buffer overflow**
      15781283
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · a42ef108
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following ASAN error
      
      heap-buffer-overflow within "my_strndup" in Rotate_log_event
      
      my_strndup /mysys/my_malloc.c:254
      Rotate_log_event::Rotate_log_event(char const*, unsigned int,
          Format_description_log_event const*)
      
      Fix:
      ===
      **Part4: Improved the check for event_len validation**
      a42ef108
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · 5a54e84e
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following crash when ASAN is enabled.
      
      SEGV on unknown address
      in inline_mysql_mutex_destroy
      in my_bitmap_free
      in Update_rows_log_event::~Update_rows_log_event()
      
      Fix:
      ===
      **Part3: Initialize m_cols_ai.bitmap to NULL**
      5a54e84e
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · 913f405d
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> reports following assert when ASAN is enabled.
      
      Rows_log_event::Rows_log_event(const char*, uint,
          const Format_description_log_event*):
      Assertion `var_header_len >= 2'
      
      Implemented part of upstream patch.
      commit: mysql/mysql-server@a3a497ccf7ecacc900551fb1e47ea4078b45c351
      
      Fix:
      ===
      **Part2: Avoid reading out of buffer limits**
      913f405d
    • Sujatha's avatar
      MDEV-18046: Assortment of crashes, assertion failures and ASAN errors in mysql_show_binlog_events · a6dd827a
      Sujatha authored
      Problem:
      ========
      SHOW BINLOG EVENTS FROM <pos> causes a variety of failures, some of which are
      listed below. It is not a race condition issue, but there is some
      non-determinism in it.
      
      Analysis:
      ========
      "show binlog events from <pos>" code considers the user given position as a
      valid event start position. The code starts reading data from this event start
      position onwards and tries to map it to a set of known events. Each event has
      a specific event structure and asserts have been added to ensure that read
      event data satisfies the event specific requirements. When a random position
      is supplied to "show binlog events command" the event structure specific
      checks will fail and they result in assert.
      
      Fix:
      ====
      The fix is split into different parts. Each part addresses either an ASAN
      issue or an assert/crash.
      
      **Part1: Checksum based position validation when checksum is enabled**
      
      
      Using checksum validate the very first event read at the user specified
      position. If there is a checksum mismatch report an appropriate error for the
      invalid event.
      a6dd827a
  3. 03 Jan, 2020 3 commits
  4. 02 Jan, 2020 1 commit
  5. 26 Dec, 2019 1 commit
    • Varun Gupta's avatar
      MDEV-19680:: Assertion `!table || (!table->read_set ||... · 359d91aa
      Varun Gupta authored
      MDEV-19680:: Assertion `!table || (!table->read_set || bitmap_is_set(table->read_set, field_index) || (!(ptr >= table->record[0] && ptr < table->record[0] + table->s->reclength)))' or alike failed upon SELECT with mix of functions from simple view
      
      Set read_set bitmap for view from the JOIN::all_fields list instead of JOIN::fields_list
      as split_sum_func would have added items to the all_fields list.
      359d91aa
  6. 23 Dec, 2019 1 commit
  7. 20 Dec, 2019 1 commit
    • Sergei Golubchik's avatar
      fix a bad merge · aade6e53
      Sergei Golubchik authored
      in 10.1+ one should use
      
      MY_CHECK_AND_SET_COMPILER_FLAG("-Wno-address-of-packed-member")
      
      and it's already done in storage/tokudb/PerconaFT/CMakeLists.txt
      aade6e53
  8. 19 Dec, 2019 1 commit
  9. 18 Dec, 2019 5 commits
  10. 17 Dec, 2019 1 commit
  11. 16 Dec, 2019 2 commits
  12. 13 Dec, 2019 2 commits
  13. 11 Dec, 2019 2 commits
  14. 06 Dec, 2019 1 commit
    • Sujatha's avatar
      MDEV-20959: binlog.binlog_parallel_replication_marks_row fails in buildbot with wrong result · e949b2d4
      Sujatha authored
      Problem:
      =======
      Test "binlog.binlog_parallel_replication_marks_row" fails sporadically due to
      result length mismatch.
      
      Analysis:
      =========
      Test generates a binary log and it looks for certain words within the binary
      log file and prints them. For example word like "GTID,BEGIN,COMMIT ...".
      Binary log output contains base64 encoded characters. Occasionally the encoded
      characters match with the above words and results in test failure.
      
      +XwoFWxMBAAAALgAAAGEDAAAAAB8AAAAAAAEABHRlc3QAAnQxAAIDAwACFGTIDQ==
      +AAAAAAAAAAAEEwQADQgICAoKCgGTIDw9
      
      Fix:
      ===
      Improve the regular expression to match exact words.
      e949b2d4
  15. 05 Dec, 2019 4 commits
  16. 04 Dec, 2019 2 commits
  17. 03 Dec, 2019 2 commits