Bug #88496 clang-3.9/ASAN stack-use-after-scope in gis::parse_geometry/my_error
Submitted: 15 Nov 2017 9:30 Modified: 29 Nov 2017 19:47
Reporter: Tor Didriksen Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Compiling Severity:S3 (Non-critical)
Version:8.0.4 OS:Any
Assigned to: CPU Architecture:Any

[15 Nov 2017 9:30] Tor Didriksen
Description:
==59126==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7f2a0a9b3d80 at pc 0x000004880f09 bp 0x7f2a0a9b2fd0 sp 0x7f2a0a9b2fc8
WRITE of size 1 at 0x7f2a0a9b3d80 thread T32 
#0 0x4880f08 in my_vsnprintf_ex obj/strings/../../mysqlcom-pro-8.0.4-rc/strings/my_vsnprintf.cc:559:12 
#1 0x3bc8761 in my_error obj/mysys/../../mysqlcom-pro-8.0.4-rc/mysys/my_error.cc:223:12 
#2 0x215c0e5 in gis::parse_geometry(THD*, char const*, String const*, dd::Spatial_reference_system const**, std::unique_ptr<gis::Geometry, std::default_delete<gis::Geometry> >*) obj/sql/../../mysqlcom-pro-8.0.4-rc/sql/gis/wkb_parser.cc:444:5 
#3 0x249c9a2 in Item_func_spatial_relation::val_int() obj/sql/../../mysqlcom-pro-8.0.4-rc/sql/item_geofunc_relchecks.cc:1395:7 
#4 0x1beecc1 in Item_int_func::val_str(String*) obj/sql/../../mysqlcom-pro-8.0.4-rc/sql/item_func.cc:1037:15 

How to repeat:
tdidriks@viking37 
export CC=clang-3.9
export CXX=clang++-3.9
cmake  -DWITH_DEBUG=1 -DWITH_ASAN=1 -DWITH_ASAN_SCOPE=1 -DWITH_SSL=system -DWITH_RAPID=0 -DWITH_UNIT_TESTS=0
./mtr --mem --sanitize innodb_gis.precise --mtr-build-thread=400

Suggested fix:
diff --git a/mysys/my_error.cc b/mysys/my_error.cc
index 7fa0188..2f12711 100644
--- a/mysys/my_error.cc
+++ b/mysys/my_error.cc
@@ -210,7 +210,6 @@ const char *my_get_err_msg(int nr)
 void my_error(int nr, myf MyFlags, ...)
 {
   const char *format;
-  va_list args;
   char ebuff[ERRMSGSIZE];
   DBUG_ENTER("my_error");
   DBUG_PRINT("my", ("nr: %d  MyFlags: %d  errno: %d", nr, MyFlags, errno));
@@ -219,6 +218,7 @@ void my_error(int nr, myf MyFlags, ...)
     (void) my_snprintf(ebuff, sizeof(ebuff), "Unknown error %d", nr);
   else
   {
+    va_list args;
     va_start(args,MyFlags);
     (void) my_vsnprintf_ex(&my_charset_utf8_general_ci, ebuff,
[29 Nov 2017 19:47] Paul DuBois
Posted by developer:
 
Fixed in 8.0.4, 9.0.0.

Code cleanup. No changelog entry needed.