Bug #107323 GAS detected heap-buffer-overflow in MySQL ODBC Driver
Submitted: 18 May 9:38 Modified: 18 May 10:19
Reporter: Yuwei Yang Email Updates:
Status: Analyzing Impact on me:
None 
Category:Connector / ODBC Severity:S3 (Non-critical)
Version:8.0.26 & 5.3.10 OS:Any
Assigned to: MySQL Verification Team CPU Architecture:Any

[18 May 9:38] Yuwei Yang
Description:
I have to create this bug because I can never get a reply after 104882 is marked as a duplicate, although I comment several times that it's not duplicated. I can't find a way how I can reopen that bug.

==================

GAS detected heap-buffer-overflow in MySQL ODBC Driver 5.3.10 & 8.0.26 

Detailed info:

=================================================================
==800713==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x608000121280 at pc 0x7f5f99f2eeb0 bp 0x7f5f899ca450 sp 0x7f5f899c9c00
READ of size 69 at 0x608000121280 thread T2
#0 0x7f5f99f2eeaf in __interceptor_strlen ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:301
#1 0x7f5f86070401 (/usr/lib64/libmyodbc5w.so+0x87401)
#2 0x7f5f86072284 in my_SQLExtendedFetch (/usr/lib64/libmyodbc5w.so+0x89284)
#3 0x7f5f87b9ae1b (/iserver-install/BIN/Linux/lib/libodbc.so+0xf7e1b)
#4 0x7f5f87b562ce in SQLFetchScroll (/iserver-install/BIN/Linux/lib/libodbc.so+0xb32ce)
#5 0x7f5f87e25763 in MDb::Odbc35::Odbc::SQLFetchScroll(MDb::Error&, MDb::DATABASE_TYPE, MDb::ODBCDriverVendor, void*, void*, void*, unsigned short, int, unsigned long*, unsigned short*, wchar_t const*, wchar_t const*, wchar_t const*) /var/lib/jenkins/Projects/microstrategy/Tech/Server/Common/Database/Odbc35/PrivateSource/Odbc.cpp:631
#6 0x7f5f87e7494e in MDb::Odbc35::OdbcResult::FetchRowsetExtendedFetch(MDb::Rowset*) /var/lib/jenkins/Projects/microstrategy/Tech/Server/Common/Database/Odbc35/PrivateSource/OdbcResult.cpp:1334
#7 0x7f5f87e757e7 in MDb::Odbc35::OdbcResult::FetchRowset(MDb::TableImpl*, unsigned int) /var/lib/jenkins/Projects/microstrategy/Tech/Server/Common/Database/Odbc35/PrivateSource/OdbcResult.cpp:1206
#8 0x7f5f87e7601c in MDb::Odbc35::OdbcResult::InternalFetch(MDb::TableImpl*, unsigned int) /var/lib/jenkins/Projects/microstrategy/Tech/Server/Common/Database/Odbc35/PrivateSource/OdbcResult.cpp:1050
#9 0x7f5f87e7601c in MDb::Odbc35::OdbcResult::InternalFetch(MDb::TableImpl*, unsigned int) /var/lib/jenkins/Projects/microstrategy/Tech/Server/Common/Database/Odbc35/PrivateSource/OdbcResult.cpp:998
#10 0x7f5f87e76979 in MDb::Odbc35::OdbcResult::InternalFetch(unsigned int) /var/lib/jenkins/Projects/microstrategy/Tech/Server/Common/Database/Odbc35/PrivateSource/OdbcResult.cpp:815
#11 0x7f5f87e785ff in MDb::Odbc35::OdbcResult::Fetch(unsigned int) /var/lib/jenkins/Projects/microstrategy/Tech/Server/Common/Database/Odbc35/PrivateSource/OdbcResult.cpp:699
#12 0x7f5f9964eaaa in MMultiProcess::MultithreadedExecutor::Run() /var/lib/jenkins/Projects/microstrategy/Tech/Server/Common/MultiProcess/ProcessCommunicator/PrivateSource/MultithreadedExecutor.cpp:323
#13 0x7f5f99914287 in MSynch::ThreadImpl::ThreadFunction(void*) /var/lib/jenkins/Projects/microstrategy/Tech/Server/Common/Synch/Synch/PrivateSource/ThreadImpl.cpp:185
#14 0x7f5f9760d149 in start_thread (/lib64/libpthread.so.0+0x8149)
#15 0x7f5f9733ef22 in clone (/lib64/libc.so.6+0xfcf22)

0x608000121280 is located 0 bytes to the right of 96-byte region [0x608000121220,0x608000121280)
allocated by thread T2 here:
#0 0x7f5f99f6fc90 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:86
#1 0x7f5f860acc27 in my_malloc (/usr/lib64/libmyodbc5w.so+0xc3c27)
#2 0x7f5f86073441 in ssps_bind_result (/usr/lib64/libmyodbc5w.so+0x8a441)

How to repeat:
Use GAS to detect memory overflow