MySQL Bugs: #58790: mysqlmanager option parsing crash

Bug #58790	mysqlmanager option parsing crash
Submitted:	7 Dec 2010 16:57	Modified:	14 Dec 2010 22:21
Reporter:	Lenz Grimmer	Email Updates:
Status:	Unsupported	Impact on me:	None
Category:	MySQL Server: Command-line Clients	Severity:	S3 (Non-critical)
Version:	1.0-beta	OS:	Linux
Assigned to:		CPU Architecture:	Any
Tags:	crash, Instance Manager, mysqlmanager

Description:
This bug was reported by Rafael Silva from rfdslabs via the MySQL security mailing list.

mysqlmanager does not properly parse--run-as-service and
--mysqld-safe-compatible parameters, which causes the applications to crash
when parsing a long string.
 
This problem was confirmed in the following versions of mysqlmanager
binaries, other versions may be also affected:

mysqlmanager Ver 1.0-beta for debian-linux-gnu on x86_64
Linux rfdslabs 2.6.32-26-generic #48-Ubuntu SMP Wed Nov 24 10:14:11 UTC
2010 x86_64 GNU/Linux

How to repeat:
/usr/sbin/mysqlmanager --mysqld-safe-compatible=`perl -e 'print "1" x
1000'`

/usr/sbin/mysqlmanager --run-as-service=`perl -e 'print "1" x 1000'`

DETAILS
 
Disassembly:
 
[New Thread 0x7ffff6852710 (LWP 5972)]
[Thread 0x7ffff6852710 (LWP 5972) exited]
[5969/140737352079136] [10/12/01 11:46:53] [INFO] IM: started.
[5969/140737352079136] [10/12/01 11:46:53] [INFO] Loading config file
'my.cnf'...
[5969/140737352079136] [10/12/01 11:46:53] [INFO] Manager: initializing...
[New Thread 0x7ffff7e26710 (LWP 5973)]
[Thread 0x7ffff7e26710 (LWP 5973) exited]
[5969/140737352079136] [10/12/01 11:46:53] [INFO] Manager: detected
threads model: POSIX threads.
[5969/140737352079136] [10/12/01 11:46:53] [INFO] Warning: password file
does not exist, nobody will be able to connect to Instance Manager.
[5969/140737352079136] [10/12/01 11:46:53] [ERROR] Can not create pid file
'/var/lib/mysql/mysqlmanager.pid': Permission denied (errno: 13)

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff689c35e in vfprintf () from /lib/libc.so.6
(gdb) bt
#0  0x00007ffff689c35e in vfprintf () from /lib/libc.so.6
#1  0x00007ffff6950760 in __vsnprintf_chk () from /lib/libc.so.6
#2  0x00007ffff7e8529d in ?? ()
#3  0x00007ffff7e8558a in log_error(char const*, ...) ()
#4  0x00007ffff7e93114 in create_pid_file(char const*, int) ()
#5  0x00007ffff7e84f12 in Manager::main() ()
#6  0x00007ffff7e848b5 in main ()
(gdb) i r
rax            0x0	0
rbx            0x7fffffffd6c0	140737488344768
rcx            0xffffffffffffffff	-1
rdx            0x30	48
rsi            0x7ffff7f0731b	140737353118491
rdi            0xff00000000000000	-72057594037927936
rbp            0x7fffffffd6b0	0x7fffffffd6b0
rsp            0x7fffffffd020	0x7fffffffd020
r8             0x3	3
r9             0xff00000000000000	-72057594037927936
r10            0x0	0
r11            0xfffffffa	4294967290
r12            0x22	34
r13            0x7fffffffdab0	140737488345776
r14            0x7ffff7f0731f	140737353118495
r15            0xffffffffffffff88	-120
rip            0x7ffff689c35e	0x7ffff689c35e <vfprintf+16318>
eflags         0x10286	[ PF SF IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0

mysqlmanager is unsupported in 5.1 and removed in 5.5.

Closed as "Unsupported". See Davi's comment for the reason.