482d4da0a7
Problem:-
If we try to run this query with -WITH_ASAN=ON compiled server
CREATE TABLE t1 (i INT);
SET debug_dbug="+d,test_completely_invisible,test_invisible_index";
CREATE TABLE t2 LIKE t1;
This will generate a stack buffer overflow error.
==8922==ERROR: AddressSanitizer: stack-buffer-overflow on address #ADDR
Analyze:-
Error is generated on this line
if (((*last)=new list_node(info, &end_of_list)))
So info is our Key*, &end_of_list is global variable and last == #ADDR
So last is suspicious variable. And last is the variable present in alter_info
->key_list. Now the question is how this key_list->last gets wrong/
different stack variable. In the backtrace, we can see that key_list is
generated in mysql_create_table_like_table by calling
mysql_preapre_alter_table_function and dummy key_list is created by
mysql_create_like_table. In the end on mysql_prepare_alter_table we call
alter_info->key_list.swap(new_key_list);
So there is two options either key_list is empty or not empty , IF it is not
empty then there is no issues last ptr is replaced by thd->mem_root (allocated ptr)
So problem arises when key_list is empty. It swaps the dummy last ptr by
mysql_prepare_alter_table declared ptr. which is wrong.
Solution:-
We wont swap variable if list does not have any element.
|
||
|---|---|---|
| BUILD | ||
| client | ||
| cmake | ||
| dbug | ||
| debian | ||
| Docs | ||
| extra | ||
| include | ||
| libmariadb@ebf5db6cd0 | ||
| libmysqld | ||
| libservices | ||
| man | ||
| mysql-test | ||
| mysys | ||
| mysys_ssl | ||
| pcre | ||
| plugin | ||
| randgen/conf | ||
| scripts | ||
| sql | ||
| sql-bench | ||
| sql-common | ||
| storage | ||
| strings | ||
| support-files | ||
| tests | ||
| unittest | ||
| vio | ||
| win | ||
| wsrep | ||
| zlib | ||
| .gitattributes | ||
| .gitignore | ||
| .gitmodules | ||
| .travis.compiler.sh | ||
| .travis.yml | ||
| appveyor.yml | ||
| BUILD-CMAKE | ||
| CMakeLists.txt | ||
| config.h.cmake | ||
| configure.cmake | ||
| COPYING | ||
| COPYING.thirdparty | ||
| CREDITS | ||
| EXCEPTIONS-CLIENT | ||
| INSTALL-SOURCE | ||
| INSTALL-WIN-SOURCE | ||
| KNOWN_BUGS.txt | ||
| README.md | ||
| VERSION | ||
Code status:
travis-ci.org (10.3 branch)
MariaDB: drop-in replacement for MySQL
MariaDB is designed as a drop-in replacement of MySQL(R) with more features, new storage engines, fewer bugs, and better performance.
MariaDB is brought to you by the MariaDB Foundation. Please read the CREDITS file for details about the MariaDB Foundation, and who is developing MariaDB.
MariaDB is developed by many of the original developers of MySQL who now work for the MariaDB Foundation and the MariaDB Corporation, and by many people in the community.
MySQL, which is the base of MariaDB, is a product and trademark of Oracle Corporation, Inc. For a list of developers and other contributors, see the Credits appendix. You can also run 'SHOW authors' to get a list of active contributors.
A description of the MariaDB project and a manual can be found at:
https://mariadb.com/kb/en/mariadb-vs-mysql-features/
https://mariadb.com/kb/en/mariadb-versus-mysql-features/
https://mariadb.com/kb/en/mariadb-versus-mysql-compatibility/
As MariaDB is a full replacement of MySQL, the MySQL manual at http://dev.mysql.com/doc is generally applicable.
Help:
More help is available from the Maria Discuss mailing list https://launchpad.net/~maria-discuss and the #maria IRC channel on Freenode.
License:
NOTE:
MariaDB is specifically available only under version 2 of the GNU General Public License (GPLv2). (I.e. Without the "any later version" clause.) This is inherited from MySQL. Please see the README file in the MySQL distribution for more information.
License information can be found in the COPYING, COPYING.LESSER, and COPYING.thirdparty files.
Bug Reports:
Bug and/or error reports regarding MariaDB should be submitted at https://mariadb.org/jira
Bugs in the MySQL code can also be submitted at https://bugs.mysql.com
The code for MariaDB, including all revision history, can be found at: https://github.com/MariaDB/server