Bug #73311 AddressSanitizer bug in ~Ndb_move_data
Submitted: 17 Jul 2014 12:56 Modified: 7 Aug 2014 11:52
Reporter: Mauritz Sundell Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Cluster: Cluster (NDB) storage engine Severity:S3 (Non-critical)
Version:7.1 OS:Any
Assigned to: CPU Architecture:Any

[17 Jul 2014 12:56] Mauritz Sundell
Description:
delete is used instead of delete [] in ~Ndb_move_data.

==677== ERROR: AddressSanitizer: alloc-dealloc-mismatch (operator new [] vs operator delete) on 0x602c0001dc40
    #0 0x7f10f4ca13aa in ?? ??:0
    #1 0x459075 in Ndb_move_data::~Ndb_move_data() /home/msundell/lab/repo/mysql-7.4/storage/ndb/tools/ndb_lib_move_data.cpp:52
    #2 0x4260ab in BackupRestore::finalize_staging(TableS const&) /home/msundell/lab/repo/mysql-7.4/storage/ndb/tools/restore/consumer_restore.cpp:1123
    #3 0x417e6a in main /home/msundell/lab/repo/mysql-7.4/storage/ndb/tools/restore/restore_main.cpp:1598 (discriminator 1)
    #4 0x7f10f3ed5c04 in ?? ??:0
0x602c0001dc40 is located 0 bytes inside of 384-byte region [0x602c0001dc40,0x602c0001ddc0)
allocated by thread T0 here:
    #0 0x7f10f4ca125a in ?? ??:0
    #1 0x45a6f2 in Ndb_move_data::check_tables() /home/msundell/lab/repo/mysql-7.4/storage/ndb/tools/ndb_lib_move_data.cpp:238 (discriminator 3)
    #2 0x45dbf9 in Ndb_move_data::move_data(Ndb*) /home/msundell/lab/repo/mysql-7.4/storage/ndb/tools/ndb_lib_move_data.cpp:867
    #3 0x4259fa in BackupRestore::finalize_staging(TableS const&) /home/msundell/lab/repo/mysql-7.4/storage/ndb/tools/restore/consumer_restore.cpp:1150
    #4 0x417e6a in main /home/msundell/lab/repo/mysql-7.4/storage/ndb/tools/restore/restore_main.cpp:1598 (discriminator 1)
    #5 0x7f10f3ed5c04 in ?? ??:0
==677== HINT: if you don't care about these warnings you may set ASAN_OPTIONS=alloc_dealloc_mismatch=0
==677== ABORTING

How to repeat:
Compile with ASAN, and run for example ./mtr ndb.ndb_restore_conv_more

Suggested fix:
--- storage/ndb/tools/ndb_lib_move_data.cpp
+++ storage/ndb/tools/ndb_lib_move_data.cpp
@@ -49,8 +49,8 @@ Ndb_move_data::Ndb_move_data()
 
 Ndb_move_data::~Ndb_move_data()
 {
-  delete m_sourceattr;
-  delete m_targetattr;
+  delete [] m_sourceattr;
+  delete [] m_targetattr;
   m_sourceattr = 0;
   m_targetattr = 0;
   release_data();
[7 Aug 2014 11:52] Jon Stephens
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release.

Fixed in 7.3.7. No user-facing changes to document. Closed.

If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at

    http://dev.mysql.com/doc/en/installing-source.html