diff options
author | Sujatha <sujatha.sivakumar@mariadb.com> | 2021-01-18 14:00:13 +0530 |
---|---|---|
committer | Sujatha <sujatha.sivakumar@mariadb.com> | 2021-02-03 12:18:29 +0530 |
commit | eef4c5d378c3a4bd838d57e2ea35e9e970113204 (patch) | |
tree | 501a2123a00233d99ad41be6e2b364b26b64c8ce | |
parent | 6ede84f477c1d0dc00381a201bbc32359e876c66 (diff) | |
download | mariadb-git-eef4c5d378c3a4bd838d57e2ea35e9e970113204.tar.gz |
MDEV-22741: *SAN: ERROR: AddressSanitizer: use-after-poison on address in instrings/strmake.c:36 from change_master (on optimized builds)
Problem:
========
CHANGE MASTER TO MASTER_USER='root', MASTER_SSL=0, MASTER_SSL_CA='',
MASTER_SSL_CERT='', MASTER_SSL_KEY='', MASTER_SSL_CRL='',
MASTER_SSL_CRLPATH='';
CHANGE MASTER TO MASTER_USER='root', MASTER_PASSWORD='', MASTER_SSL=0;
use-after-poison is reported for lex_mi->ssl_crl
File: sql_repl.cc
if (lex_mi->ssl_crl)
strmake_buf(mi->ssl_crl, lex_mi->ssl_crl);
Analysis:
========
At the end of CHANGE MASTER statement execution, the LEX_MASTER_INFO
parameters are reset so that the next query will have a clean state. But
'ssl_crl' and 'ssl_crl_path' members of LEX_MASTER_INFO object are not
cleared during 'LEX_MASTER_INFO::reset'. Hence when a new CHANGE MASTER
statement is executed, the stale value of lex_mi->ssl_crl is used, so ASAN
reports use-after-poison.
Fix:
===
Clear 'ssl_crl' and 'ssl_crl_path' as part of 'reset'.
-rw-r--r-- | mysql-test/suite/rpl/r/rpl_change_master.result | 4 | ||||
-rw-r--r-- | mysql-test/suite/rpl/t/rpl_change_master.test | 7 | ||||
-rw-r--r-- | sql/sql_lex.h | 2 |
3 files changed, 12 insertions, 1 deletions
diff --git a/mysql-test/suite/rpl/r/rpl_change_master.result b/mysql-test/suite/rpl/r/rpl_change_master.result index 5439bdef72c..48cec72d917 100644 --- a/mysql-test/suite/rpl/r/rpl_change_master.result +++ b/mysql-test/suite/rpl/r/rpl_change_master.result @@ -22,4 +22,8 @@ n connection master; drop table t1; connection slave; +connection master; +CHANGE MASTER TO MASTER_USER='root', MASTER_SSL=0, MASTER_SSL_CA='', MASTER_SSL_CERT='', +MASTER_SSL_KEY='', MASTER_SSL_CRL='', MASTER_SSL_CRLPATH=''; +CHANGE MASTER TO MASTER_USER='root', MASTER_PASSWORD='', MASTER_SSL=0; include/rpl_end.inc diff --git a/mysql-test/suite/rpl/t/rpl_change_master.test b/mysql-test/suite/rpl/t/rpl_change_master.test index 5e170d5acce..9ab49a585e6 100644 --- a/mysql-test/suite/rpl/t/rpl_change_master.test +++ b/mysql-test/suite/rpl/t/rpl_change_master.test @@ -101,4 +101,11 @@ connection master; drop table t1; } +--connection master +# MDEV-22741: *SAN: ERROR: AddressSanitizer: use-after-poison on address in +# instrings/strmake.c:36 from change_master (on optimized builds) +CHANGE MASTER TO MASTER_USER='root', MASTER_SSL=0, MASTER_SSL_CA='', MASTER_SSL_CERT='', + MASTER_SSL_KEY='', MASTER_SSL_CRL='', MASTER_SSL_CRLPATH=''; +CHANGE MASTER TO MASTER_USER='root', MASTER_PASSWORD='', MASTER_SSL=0; + --source include/rpl_end.inc diff --git a/sql/sql_lex.h b/sql/sql_lex.h index 965c3f29834..f733f783d0e 100644 --- a/sql/sql_lex.h +++ b/sql/sql_lex.h @@ -280,7 +280,7 @@ struct LEX_MASTER_INFO } host= user= password= log_file_name= ssl_key= ssl_cert= ssl_ca= - ssl_capath= ssl_cipher= relay_log_name= 0; + ssl_capath= ssl_cipher= ssl_crl= ssl_crlpath= relay_log_name= NULL; pos= relay_log_pos= server_id= port= connect_retry= 0; heartbeat_period= 0; ssl= ssl_verify_server_cert= heartbeat_opt= |