Bug #69903 Stack corruption in vio_io_wait on Mac OS X
Submitted: 1 Aug 2013 20:44 Modified: 22 Apr 2015 13:21
Reporter: Sergei Glushchenko Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Locking Severity:S1 (Critical)
Version:5.6.12 OS:Mac OS X
Assigned to: CPU Architecture:Any
Tags: crash, stack corruption, vio_io_wait

[1 Aug 2013 20:44] Sergei Glushchenko
Description:
vio_io_wait implemented on OS X using "select" system call. This call has well known limitation that it cannot handle file descriptor values greater than FD_SETSIZE (which is 1024 on my system). Moreover FD_SET for such a descriptor cause stack corruption.

How to repeat:
Read vio_io_wait implementation.

Suggested fix:
Use poll, or kevent, or define _DARWIN_UNLIMITED_SELECT and manage fd_set values manually.
[2 Aug 2013 4:04] Davi Arnaut
Regression introduced by https://github.com/darnaut/mysql-server/commit/1c99912b98f200915f14797429de7fe99e94052b
[2 Aug 2013 6:02] MySQL Verification Team
Hello Sergei,

Thank you for the bug report.

Thanks,
Umesh
[2 Aug 2013 10:59] Vladislav Vaintroub
Also the analysis for tghe alleged fix is wrong. shutdown() breaks poll(), and it is not different on OSX
[22 Apr 2015 13:21] Paul DuBois
Noted in 5.7.8, 5.8.0 changelogs.

On OS X, the vio_io_wait() call could cause stack corruption for a
large number of file descriptors (more than FD_SETSIZE).