Bug #116371 global-buffer-overflow AddressSanitizer error on clone.remote_basic_replace
Submitted: 16 Oct 11:24 Modified: 16 Oct 15:21
Reporter: Laurynas Biveinis (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Clone Plugin Severity:S3 (Non-critical)
Version:8.0 OS:MacOS (15.0.1)
Assigned to: CPU Architecture:ARM

[16 Oct 11:24] Laurynas Biveinis 
Description:
(Category is probably incorrect. I'd have chosen "MySQL Server: Plugin Support" if it existed)

./mtr clone.remote_basic_replace
...
mysqltest: At line 86: Query 'INSTALL PLUGIN clone SONAME '$CLONE_PLUGIN'' failed.
ERROR 2013 (HY000): Lost connection to MySQL server during query
...

var/log/mysqld.1.err:
...
2024-10-16T11:19:36.307709Z 9 [Note] [MY-010733] [Server] Shutting down plugin 'clone'
=================================================================
==90628==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000143f62580 at pc 0x000102956efc bp 0x000170f44490 sp 0x000170f44488
READ of size 8 at 0x000143f62580 thread T48
    #0 0x102956ef8 in plugin_dl_add(MYSQL_LEX_STRING const*, int, bool) sql_plugin.cc:744
    #1 0x1029540b0 in plugin_add(MEM_ROOT*, MYSQL_LEX_CSTRING, MYSQL_LEX_STRING const*, int*, char**, int, bool) sql_plugin.cc:1047
    #2 0x1029416dc in mysql_install_plugin(THD*, MYSQL_LEX_CSTRING, MYSQL_LEX_STRING const*) sql_plugin.cc:2358
    #3 0x1029409f8 in Sql_cmd_install_plugin::execute(THD*) sql_plugin.cc:3689
    #4 0x10286973c in mysql_execute_command(THD*, bool) sql_parse.cc:4722
    #5 0x10285d4cc in dispatch_sql_command(THD*, Parser_state*) sql_parse.cc:5371
    #6 0x1028481d4 in dispatch_command(THD*, COM_DATA const*, enum_server_command) sql_parse.cc:2055
    #7 0x10285555c in do_command(THD*) sql_parse.cc:1440
    #8 0x103166408 in handle_connection(void*) connection_handler_per_thread.cc:303
    #9 0x107987bcc in pfs_spawn_thread(void*) pfs.cc:3050
    #10 0x11cba1858 in asan_thread_start(void*)+0x40 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x51858)
    #11 0x18f8132e0 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x72e0)
    #12 0x18f80e0f8 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x20f8)

0x000143f62580 is located 32 bytes before global variable 'mysql_malloc_service' defined in '/Users/laurynas/vilniusdb/mysql-8.0.40/libservices/mysql_malloc_service.c' (0x143f625a0) of size 8
0x000143f62580 is located 0 bytes inside of global variable 'thd_alloc_service' defined in '/Users/laurynas/vilniusdb/mysql-8.0.40/libservices/thd_alloc_service.c' (0x143f62580) of size 8
AddressSanitizer:DEADLYSIGNAL

How to repeat:
XCode 16
-DFORCE_UNSUPPORTED_COMPILER=ON -DCMAKE_BUILD_TYPE=Debug -DWITH_DEBUG=ON
-DMYSQL_MAINTAINER_MODE=ON -DWITH_SYSTEM_LIBS=ON
-DWITH_NDBCLUSTER_STORAGE_ENGINE=OFF -DDOWNLOAD_BOOST=ON
-DWITH_BOOST=<path> -DFORCE_COLORED_OUTPUT=ON -DCMAKE_CXX_FLAGS=-g
-DCMAKE_CXX_FLAGS_DEBUG=-g -DCMAKE_CXX_FLAGS_RELEASE=-O2 -DNDEBUG -g
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON
[16 Oct 13:58] MySQL Verification Team 
Hi Mr. Laurynas,

Thank you very much for your bug report.

We managed to repeat it, but with totally different error.

This is because we are still on Sonoma 14.6.1. We can not run it on 15.1 , since it is not supported yet on our systems.

We got a Sanitiser error in the reserving VM space and the overflow in the nano zone.

This is now a verified bug for 8.0 and higher versions.
[16 Oct 15:21] Laurynas Biveinis 
It's dependent on the XCode, not macOS version (but I don't know whether it's possible to run XCode 16 on macOS 14.6.1 - maybe you can try?)

Unfortunately that's important because "reserving VM space and the overflow in the nano zone" messages are benign and don't show the bug I reported.