[MDEV-4586] dbug library has races in implementation of DBUG_EXECUTE_IF - JIRA

Details

Type: Bug
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 10.0.2, 5.5.31, 5.1.67, 5.2.14, 5.3.12
Fix Version/s: 10.0
Component/s: None
Labels:
None

Description

AddressSanitizer has detected use-after-free error in the rpl.rpl_stop_slave test case on our build bots. Looking at the stack traces it can happen anywhere and the problem is that DBUG_EXECUTE_IF doesn't acquire any locks to check if keyword exists in the debug state. This happened on 10.0.1 code base with our patches merged in (so line numbers below can be a little bit off) but I don't see any changes in lp:maria head that could have fixed the issue. Tell me if you think there is fix already.

The end of the stack trace of the thread that freed memory:

    #1 0x1503577 in FreeList dbug/dbug.c:1776
    #2 0x14ff069 in FreeState dbug/dbug.c:1588
    #3 0x14fd5be in DbugParse dbug/dbug.c:471
    #4 0x14feea7 in _db_set_init_ dbug/dbug.c:871
    #5 0xe3258f in Sys_var_dbug::global_update(THD*, set_var*) sql/sys_vars.h:917

The end of the stack trace of the thread that reads the memory after that:

    #1 0x15031a4 in InList dbug/dbug.c:1512
    #2 0x15028f2 in _db_keyword_ dbug/dbug.c:1712
    #3 0x147cda2 in my_malloc mysys/my_malloc.c:120

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

dbug_fix.txt
5 kB
2013-11-12 01:41

Activity

Hide

Permalink

Pavel Ivanov added a comment - 2013-11-12 01:41

Here's our approach to fixing this bug.

Show

Pavel Ivanov added a comment - 2013-11-12 01:41 Here's our approach to fixing this bug.

People

Assignee:

Sergei Golubchik

Reporter:

Pavel Ivanov

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2013-05-26 19:04

Updated:

2014-06-16 13:27

Agile

View on Board