Bug #93008 mysqldump crashes with segmentation fault on last 5.6 and 5.7 versions
Submitted: 30 Oct 2018 13:34 Modified: 31 Oct 2018 10:29
Reporter: Alexander Povalyaev Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: mysqldump Command-line Client Severity:S1 (Critical)
Version:5.6.41, 5.6.42, 5.7.23, 5.7.24 OS:Linux
Assigned to: CPU Architecture:x86
Tags: mysqldump crash segfault

[30 Oct 2018 13:34] Alexander Povalyaev
Running mysqldump with WHERE condition leads to segmentation fault.
When no WHERE condition is used, all the things seem to work fine.

coredump is attached

How to repeat:
1) Install one of the listed mysql community server versions (for example, 5.6.41)

yum install mysql-community-common-5.6.41-2.el6
yum install mysql-community-libs-5.6.41-2.el6
yum install mysql-community-client-5.6.41-2.el6
yum install mysql-community-server-5.6.41-2.el6

NOTE: use repo [mysql56-community]
name=MySQL 5.6 Community Server

2) Use mysqlg308.tar.gz archive to reproduce

2.1) Unpack it
2.2) Run prepare_db.sh script to prepare database
2.3) Run reproduce.sh script to reproduce the issue

Suggested fix:

It looks like the error is most probably in mysqldump.c. On mysql 5.6 it appeared after branch 5.5 had been merged to 5.6. And it looks like the same story with mysql 5.7 (the bug was brought by means of merging with 5.6).
[30 Oct 2018 13:36] Alexander Povalyaev
A scripts to reproduce the issue

Attachment: mysqlg308.tar.gz (application/gzip, text), 132.75 KiB.

[30 Oct 2018 13:42] Alexander Povalyaev
When running within gdb the following stack-trace appears

Program received signal SIGABRT, Aborted.
0x00007ffff6cb14f5 in raise () from /lib64/libc.so.6
Missing separate debuginfos, use: debuginfo-install mysql-community-client-5.6.42-2.el6.x86_64
(gdb) bt
#0  0x00007ffff6cb14f5 in raise () from /lib64/libc.so.6
#1  0x00007ffff6cb2cd5 in abort () from /lib64/libc.so.6
#2  0x00007ffff6cef417 in __libc_message () from /lib64/libc.so.6
#3  0x00007ffff6cf4e5e in malloc_printerr () from /lib64/libc.so.6
#4  0x000000000043d474 in dynstr_free (str=0x9b2a00)
    at /export/home/pb2/build/sb_0-30439872-1536575642.28/rpm/BUILD/mysql-5.6.42/mysql-5.6.42/mysys/string.c:180
#5  0x0000000000409fea in free_resources ()
    at /export/home/pb2/build/sb_0-30439872-1536575642.28/rpm/BUILD/mysql-5.6.42/mysql-5.6.42/client/mysqldump.c:1493
#6  0x0000000000416144 in main (argc=5, argv=0x9b81d0)
    at /export/home/pb2/build/sb_0-30439872-1536575642.28/rpm/BUILD/mysql-5.6.42/mysql-5.6.42/client/mysqldump.c:6095
[31 Oct 2018 10:29] MySQL Verification Team
Hello Alexander,

Thank you for the report and test case.

[1 Apr 2019 21:26] Ryan Brothers
We just ran into this issue today too.  Any update on it?  We had to downgrade to an earlier MySQL version for now.  Thanks.