Bug 1209354 - mariadb contains many UBSAN/ASAN issues
Summary: mariadb contains many UBSAN/ASAN issues
Status: NEW
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Basesystem (show other bugs)
Version: Current
Hardware: Other Other
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Danilo Spinella
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-03-16 07:44 UTC by Martin Liška
Modified: 2023-05-18 02:19 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Liška 2023-03-16 07:44:16 UTC 
I noticed that during my build of the package on i586 with the latest gcc13 compiler.

./mysql-test-run.pl --parallel=1 --force --retry=0 --ssl --suite-timeout=900 --testcase-timeout=30 --mysqld=--binlog-format=mixed --force-restart --shutdown-timeout=60 --max-test-fail=0 --skip-test=spider --skip-test-list=unstable-tests main.myisampack

failed with:
-myisampack: Can't create/write to file (Errcode: 17 "File exists")
+myisampack: Can't create/write to file (Errcode: 17 "File exists)


If I enable UBSAN:
+       -DWITH_UBSAN=ON                                              \
and append -fsanitize-recover=all to optflags I get:

CURRENT_TEST: main.myisampack
--- /home/abuild/rpmbuild/BUILD/mariadb-10.11.2/mysql-test/main/myisampack.result	2023-02-06 19:55:27.000000000 +0000
+++ /home/abuild/rpmbuild/BUILD/mariadb-10.11.2/mysql-test/main/myisampack.reject	2023-03-16 07:40:47.456666101 +0000
@@ -113,7 +113,18 @@
 # ===== myisampack.4 =====
 #Tests the myisampack join operation with an existing destination .frm,.MYI,.MDI 
 #the command should fail with exit status 2
-myisampack: Can't create/write to file (Errcode: 17 "File exists")
+/home/abuild/rpmbuild/BUILD/mariadb-10.11.2/strings/my_vsnprintf.c:780:29: runtime error: pointer index expression with base 0xffff909f overflowed to 0x0000909e
+    #0 0x56801ba8 in my_vsnprintf_ex /home/abuild/rpmbuild/BUILD/mariadb-10.11.2/strings/my_vsnprintf.c:780
+    #1 0x56724fd1 in my_error /home/abuild/rpmbuild/BUILD/mariadb-10.11.2/mysys/my_error.c:120
+    #2 0x56738f8f in my_register_filename /home/abuild/rpmbuild/BUILD/mariadb-10.11.2/mysys/my_open.c:153
+    #3 0x567247b7 in my_create /home/abuild/rpmbuild/BUILD/mariadb-10.11.2/mysys/my_create.c:57
+    #4 0x565f58fc in compress /home/abuild/rpmbuild/BUILD/mariadb-10.11.2/storage/myisam/myisampack.c:518
+    #5 0x565f3ba6 in main /home/abuild/rpmbuild/BUILD/mariadb-10.11.2/storage/myisam/myisampack.c:224
+    #6 0xf7629814 in __libc_start_call_main (/lib/libc.so.6+0x23814) (BuildId: 4f7b4f0f883970bb61096b1e8dd91881eb7c73ce)
+    #7 0xf76298d7 in __libc_start_main_alias_1 (/lib/libc.so.6+0x238d7) (BuildId: 4f7b4f0f883970bb61096b1e8dd91881eb7c73ce)
+    #8 0x565f3986 in _start ../sysdeps/i386/start.S:110
Comment 1 Martin Liška 2023-03-16 07:45:06 UTC 
Link to various upstream UBSAN issues:
https://jira.mariadb.org/browse/MDEV-25454?jql=text%20~%20ubsan
Comment 2 Martin Liška 2023-03-16 07:46:18 UTC 
Similarly, the upstream has also many ASAN issues:
https://jira.mariadb.org/browse/MDEV-16136?jql=text%20~%20%22asan%22
Comment 3 Martin Liška 2023-03-16 08:02:51 UTC 
The affected line is:
real_end= MY_MIN(to + width, end);

where the following values cause the problem:
to=0xffff906f, width:65535, end=0xffff91eb

so it's really a pointer overflow issue@
Comment 4 Martin Liška 2023-03-23 09:02:44 UTC 
It's a general problem, unrelated to GCC 13.