Bug #88460 clang/asan: stack-use-after-scope Table_upgrade_guard::~Table_upgrade_guard
Submitted: 13 Nov 2017 12:02 Modified: 14 Nov 2017 15:11
Reporter: Tor Didriksen Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Data Dictionary Severity:S3 (Non-critical)
Version:8.0.4 OS:Any
Assigned to: CPU Architecture:Any

[13 Nov 2017 12:02] Tor Didriksen
Description:
==26861==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7000063bf5e8 at pc 0x00010d4dbe8b bp 0x7000063bda40 sp 0x7000063bda38
READ of size 8 at 0x7000063bf5e8 thread T2
    #0 0x10d4dbe8a in Prealloced_array<st_plugin_int**, 16ul>::empty() const prealloced_array.h:186
    #1 0x10d406a8b in lex_end(LEX*) sql_lex.cc:560
    #2 0x10dae4b6d in dd::upgrade::Table_upgrade_guard::~Table_upgrade_guard() (mysqld:x86_64+0x100f87b6d)
    #3 0x10dadc557 in dd::upgrade::migrate_table_to_dd(THD*, std::__1::basic_string<char, std::__1::char_traits<char>, Stateless_allocator<char, dd::String_type_alloc, My_free_functor> > const&, std::__1::basic_string<char, std::__1::char_traits<char>, Stateless_allocator<char, dd::String_type_alloc, My_free_functor> > const&, bool) (mysqld:x86_64+0x100f7f557)
    #4 0x10dad7e85 in dd::upgrade::migrate_plugin_table_to_dd(THD*) (mysqld:x86_64+0x100f7ae85)
    #5 0x10daec6a1 in dd::upgrade::do_pre_checks_and_initialize_dd(THD*) upgrade.cc:1216
    #6 0x10cd0a5c0 in bootstrap::handle_bootstrap(void*) bootstrap.cc:336
    #7 0x10faad1da in pfs_spawn_thread(void*) pfs.cc:2987
    #8 0x7fffaeac593a in _pthread_body (libsystem_pthread.dylib:x86_64+0x393a)
    #9 0x7fffaeac5886 in _pthread_start (libsystem_pthread.dylib:x86_64+0x3886)
    #10 0x7fffaeac508c in thread_start (libsystem_pthread.dylib:x86_64+0x308c)

How to repeat:
cmake -DWITH_ASAN=1 -DWITH_ASAN_SCOPE=1

./mtr --mem --sanitize main.dd_upgrade_error
./mtr --mem --sanitize main.dd_upgrade_partition sanitize_report
./mtr --mem --sanitize main.dd_upgrade_test
./mtr --mem --sanitize main.dictionary_tablespace

Suggested fix:
increase lifetime of 'LEX lex;' which is used by 'table_guard'
[14 Nov 2017 15:11] Daniel Price
Posted by developer:
 
Fixed as of the upcoming 8.0.4, 9.0.0 release, and here's the changelog entry:

 A stack-use-after-scope memory error occurred when compiling with
-DWITH_ASAN=1 and -DWITH_ASAN_SCOPE=1.
[15 Nov 2017 12:35] Daniel Price
Posted by developer:
 
Revise entry:

Compiling with -DWITH_ASAN=1 and -DWITH_ASAN_SCOPE=1 detected a
stack-use-after-scope memory error.