[Bug 1931709] [NEW] mysql-5.7.34 segfault in net_field_length_size

Fri, 11 Jun 2021 06:40:56 -0700 

Public bug reported:

Steps to reproduce this bug (see files attached):

```
$ cat /etc/os-release | grep VERSION=
VERSION="18.04.5 LTS (Bionic Beaver)"
$ mysql --version
mysql  Ver 14.14 Distrib 5.7.34, for Linux (x86_64) using  EditLine wrapper
$ python server_output.py | nc -vvvlp 3306 &
$ mysql --ssl-mode=DISABLED -h 127.0.0.1 -u root --password=root < stdin.txt
[...]
Segmentation fault (core dumped)
```

ASAN log of crash:
```
ASAN:DEADLYSIGNAL
=================================================================
==141==ERROR: AddressSanitizer: SEGV on unknown address 0x2bf27fffa12e (pc 
0x0000004eac0d bp 0x7fffbf34db50 sp 0x7fffbf34d7e8 T0)
==141==The signal is caused by a READ memory access.
    #0 0x4eac0c in net_field_length_size 
/tmp/deb-src/mysql-5.7-5.7.34/sql-common/pack.c:198
    #1 0x4a8b40 in net_field_length_ll_safe 
/tmp/deb-src/mysql-5.7-5.7.34/sql-common/client.c:725
    #2 0x4a8b40 in read_ok_ex 
/tmp/deb-src/mysql-5.7-5.7.34/sql-common/client.c:823
    #3 0x4adfd2 in cli_read_query_result 
/tmp/deb-src/mysql-5.7-5.7.34/sql-common/client.c:4989
    #4 0x4b2b77 in mysql_real_query 
/tmp/deb-src/mysql-5.7-5.7.34/sql-common/client.c:5068
    #5 0x40d11d in server_version_string 
/tmp/deb-src/mysql-5.7-5.7.34/client/mysql.cc:5340
    #6 0x4075c8 in main /tmp/deb-src/mysql-5.7-5.7.34/client/mysql.cc:1357
    #7 0x7f42ceed0bf6 in __libc_start_main 
(/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
    #8 0x4093a9 in _start (/mnt/mysql-asan+0x4093a9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV 
/tmp/deb-src/mysql-5.7-5.7.34/sql-common/pack.c:198 in net_field_length_size
==141==ABORTING
```

** Affects: mysql-5.7 (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "mysql-SEGV-net_field_length_size.zip"
   
https://bugs.launchpad.net/bugs/1931709/+attachment/5504089/+files/mysql-SEGV-net_field_length_size.zip

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1931709

Title:
  mysql-5.7.34 segfault in net_field_length_size

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1931709/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to