Bug #59623 mysqlbackup double free
Submitted: 20 Jan 2011 6:17 Modified: 17 Jun 2011 15:43
Reporter: Andrew Dalgleish Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Enterprise Backup Severity:S1 (Critical)
Version:3.5 OS:Any
Assigned to: Ingo Strüwing CPU Architecture:Any

[20 Jan 2011 6:17] Andrew Dalgleish 
Description:
mysqlbackup has a double-free error

mysqlbackup: Checking for deleted databases and non-InnoDB files in them
mysqlbackup: Error: Cannot delete directory '/mysql/full_backups/2011-01-19_14-47-09/swen3': Success: (Errcode: 0)
*** glibc detected *** mysqlbackup: double free or corruption (top): 0x0000000009e8cd10 ***
======= Backtrace: =========
/lib64/libc.so.6[0x2b4f7183b30f]
/lib64/libc.so.6(cfree+0x4b)[0x2b4f7183b76b]
mysqlbackup(my_no_flags_free+0x1c)[0x41deb4]
mysqlbackup(my_dirend+0x3b)[0x4287c3]
mysqlbackup(rmdir_recursively+0x17d)[0x4131fe]
mysqlbackup[0x40df96]
mysqlbackup[0x40ebcd]
mysqlbackup(main+0x2f1)[0x41161b]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x2b4f717e6994]
mysqlbackup[0x40cbca]

How to repeat:
* take a full backup
* drop a database
* take an incremental backup
* apply logs to full backup
* apply logs to incremental backup

Suggested fix:
If the rmdir fails, my_dirend is called twice
[21 Jan 2011 0:10] MySQL Verification Team 
shell script to reproduce the issue

Attachment: bug59623.sh (application/octet-stream, text), 1.60 KiB.
[17 Jun 2011 15:43] Ingo Strüwing 
Fixed in 3.6.
[17 Aug 2011 0:28] John Russell 
Added to 3.6.0 changelog:

The mysqlbackup command could crash during the apply-log stage when a
database was dropped between a full backup and a subsequent
incremental backup.