[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lenz@mysql.com: OpenBSD compile options (was: Stack Overflow in check_connection())]
- To: tech@openbsd.org
- Subject: [lenz@mysql.com: OpenBSD compile options (was: Stack Overflow in check_connection())]
- From: Jedi/Sector One <j@pureftpd.org>
- Date: Tue, 11 Nov 2003 14:19:05 +0100
- Content-Disposition: inline
- User-Agent: Mutt/1.5.4i
May help anyone help to track down that issue?
--
__ /*- Frank DENIS (Jedi/Sector One) <j@42-Networks.Com> -*\ __
\ '/ <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a> \' /
\/ <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a> \/
Return-Path: <lenz@mysql.com>
Delivered-To: j-pureftpd-j@pureftpd.org
Received: (qmail 2605 invoked
for bounce); 11 Nov 2003 14:13:40 +0100
Received: from qmail
by qscan (mail filter); 11 Nov 2003 13:14:02 +0000
Received: from mailgate2.mysql.com (HELO mailgate.mysql.com) (213.136.52.47)
by pureftpd.org (local) with SMTP; Tue, 11 Nov 2003 14:13:10 +0100
Received: from localhost (localhost.localdomain [127.0.0.1])
by mailgate.mysql.com (8.12.10/8.12.8) with ESMTP id hABD9lhG002726; Tue, 11 Nov 2003 14:09:47 +0100
Received: from mail.mysql.com ([10.222.1.99])
by localhost (mailgate.mysql.com [10.222.1.98]) (amavisd-new, port 10026) with LMTP id 02677-04-8; Tue, 11 Nov 2003 14:09:47 +0100 (CET)
Received: from kallisto.local (mail.mysql.com [10.100.1.21])
by mail.mysql.com (8.12.10/8.12.10) with ESMTP id hABD0hIN011949; Tue, 11 Nov 2003 14:00:43 +0100
Received: from localhost (localhost [127.0.0.1])
by kallisto.local (Postfix) with ESMTP id C4C702F976; Tue, 11 Nov 2003 12:58:36 +0100 (CET)
Received: from kallisto.local ([127.0.0.1])
by localhost (kallisto [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 18475-03; Tue, 11 Nov 2003 12:58:33 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
by kallisto.local (Postfix) with ESMTP id 1C2CA2F94D; Tue, 11 Nov 2003 12:58:32 +0100 (CET)
Date: Tue, 11 Nov 2003 12:58:31 +0100 (CET)
From: Lenz Grimmer <lenz@mysql.com>
X-X-Sender: lenz@kallisto.local
To: Jedi/Sector One <j@pureftpd.org>
Cc: Victor Vagin <vva@mysql.com>
Subject: OpenBSD compile options (was: Stack Overflow in check_connection())
Message-ID: <Pine.LNX.4.58.0311111254390.16467@kallisto.local>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by amavisd-new at local
X-Virus-Scanned: by amavisd-new at mailgate.mysql.com
X-Spam-Check-By: pureftpd.org
Spam: No ; -8.4 / 5.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Frank,
Victor was assigned to work on the stack overflow you reported on OpenBSD
in MySQL 4.1 and he has the observed the following below. We currently use
the following compile options there:
CFLAGS="-Wbounded" ./configure --prefix=/usr/local/mysql \
- --localstatedir=/usr/local/mysql/data --libexecdir=/usr/local/mysql/bin \
- --with-extra-charsets=complex --enable-thread-safe-client \
- --enable-local-infile --enable-assembler --disable-shared \
- --with-readline --with-embedded-server --with-innodb
Do you have an idea what might cause this? Thanks in advance!
Bye,
LenZ
- --
Lenz Grimmer <lenz@mysql.com>
Senior Production Engineer
MySQL GmbH, http://www.mysql.de/
Hamburg, Germany
For technical support contracts, visit https://order.mysql.com/?ref=mlgr
- ---------- Forwarded message ----------
Date: Mon, 27 Oct 2003 17:34:08 +0400
From: Victor Vagin <vva@mysql.com>
To: dev-private@mysql.com
Subject: problem with Bug #1442 Stack Overflow in check_connection()
Dear dev-private,
I made some tests with mysql on the openbsd and discovered that gcc
allocate local array of char so as it covers stack frame..
Really, after such changes:
////////////////////////////////////////////////////////////////////////////
*** sql/sql_parse.cc Mon Oct 27 14:01:27 2003
- --- sql/sql_parse.cc.orig Thu Oct 16 15:46:37 2003
***************
*** 573,579 ****
*/
#ifndef EMBEDDED_LIBRARY
! static int check_connection(THD *thd, char *previous_local)
{
uint connect_errors= 0;
NET *net= &thd->net;
- --- 573,579 ----
*/
#ifndef EMBEDDED_LIBRARY
! static int check_connection(THD *thd)
{
uint connect_errors= 0;
NET *net= &thd->net;
***************
*** 580,586 ****
DBUG_PRINT("info",
("New connection received on %s", vio_description(net->vio)));
! #if 0
if (!thd->host) // If TCP/IP connection
{
char ip[30];
- --- 580,586 ----
DBUG_PRINT("info",
("New connection received on %s", vio_description(net->vio)));
!
if (!thd->host) // If TCP/IP connection
{
char ip[30];
***************
*** 628,649 ****
bzero((char*) &thd->remote, sizeof(struct sockaddr));
}
vio_keepalive(net->vio, TRUE);
- - #endif
ulong pkt_len= 0;
char *end;
{
/* buff[] needs to big enough to hold the server_version variable */
char buff[SERVER_VERSION_LENGTH + SCRAMBLE_LENGTH + 64];
- - fprintf(stderr,"check_connection::buff=[%p,..,%p]\n",buff,buff+sizeof(buff));
- - fprintf(stderr,"previous_local=%p\n",previous_local);
- - fprintf(stderr,"(buff < previous_local && previous_local < buff+sizeof(buff))=%d\n",
- - (int)(buff < previous_local && previous_local < buff+sizeof(buff)));
- - if ((buff < previous_local && previous_local < buff+sizeof(buff)) ||
- - (buff > previous_local && previous_local > buff+sizeof(buff)))
- - {
- - fprintf(stderr,"******* this gcc put new stack frame so as it covers old one\n");
- - exit(1);
- - }
ulong client_flags = (CLIENT_LONG_FLAG | CLIENT_CONNECT_WITH_DB |
CLIENT_PROTOCOL_41 | CLIENT_SECURE_CONNECTION);
- --- 628,638 ----
***************
*** 831,837 ****
pthread_handler_decl(handle_one_connection,arg)
{
THD *thd=(THD*) arg;
- - fprintf(stderr,"handle_one_connection::thd=%p\n",&thd);
uint launch_time =
(uint) ((thd->thr_create_time = time(NULL)) - thd->connect_time);
if (launch_time >= slow_launch_time)
- --- 820,825 ----
***************
*** 882,888 ****
NET *net= &thd->net;
thd->thread_stack= (char*) &thd;
! if ((error=check_connection(thd,(char*)&thd)))
{ // Wrong permissions
if (error > 0)
net_printf(thd,error,thd->host_or_ip);
- --- 870,876 ----
NET *net= &thd->net;
thd->thread_stack= (char*) &thd;
! if ((error=check_connection(thd)))
{ // Wrong permissions
if (error > 0)
net_printf(thd,error,thd->host_or_ip);
////////////////////////////////////////////////////////////////////////////
and after running mysql-test-run, mysql-test/var/log/master.err
contains:
////////////////////////////////////////////////////////////////////////////
handle_one_connection::thd=0x3d8d7fb8
check_connection::buff=[0x3d8d7f34,..,0x3d8d7fc4]
previous_local=0x3d8d7fb8
(buff < previous_local && previous_local < buff+sizeof(buff))=1
******* this gcc put new stack frame so as it covers old one
////////////////////////////////////////////////////////////////////////////
So the reason of bug is wrong allocation of local array of char..
But this clear test on openbsd:
////////////////////////////////////////////////////////////////////////////
#include <stdio.h>
void foo(char *previous_local)
{
printf(" foo(int &previous_local)\n {\n");
char buff[200];
printf(" char buff[200]; // addrres start=%p, finish=%p\n",buff,buff+sizeof(buff));
if (buff < previous_local && previous_local < buff+sizeof(buff) ||
buff+sizeof(buff) < previous_local && previous_local < buff)
{
printf(" // this gcc put new stack frame so as it covers old one!");
}
{
printf(" {\n");
char buff1[200];
printf(" char buff1[200]; // addrres start=%p, finish=%p\n",buff1,buff1+sizeof(buff1));
if (buff1 < previous_local && previous_local < buff1+sizeof(buff1) ||
buff1+sizeof(buff1) < previous_local && previous_local < buff1)
{
printf(" // this gcc put new stack frame so as it covers old one!");
}
printf(" }\n");
}
printf(" }\n");
}
int main()
{
char a;
printf("main()\n{\n",&a);
printf(" int a; // address =%p\n",&a);
foo(&a);
printf("}\n");
return 0;
}
////////////////////////////////////////////////////////////////////////////
Produce correcrt output:
////////////////////////////////////////////////////////////////////////////
main()
{
int a; // address =0xcfbef2bb
foo(int &previous_local)
{
char buff[200]; // addrres start=0xcfbef1c0, finish=0xcfbef288
{
char buff1[200]; // addrres start=0xcfbef0f8, finish=0xcfbef1c0
}
}
}
////////////////////////////////////////////////////////////////////////////
So, it's seems to me the reason of the bug is wrong compile options of
mysql..
But what kind of options can it be? Any ideas?
Best regards,
vva
- --
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Victor Vagin <vva@mysql.com>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Full-Time Developer
/_/ /_/\_, /___/\___\_\___/ Izhevsk, Russia
<___/ www.mysql.com Office: +7 3412 786033
- ---------- Forwarded message ----------
Date: Mon, 27 Oct 2003 17:38:42 +0400
From: Victor Vagin <vva@mysql.com>
To: dev-private@mysql.com
Subject: correction of mistake in previous letter
Dear dev-private,
in the previous letter:
> I made some tests with mysql on the openbsd and discovered that gcc
> allocate local array of char so as it covers stack frame..
^ ^
s previous ..
I.e.
gcc allocates local array of char so as it covers previous stack frame..
Best regards,
vva
- --
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Victor Vagin <vva@mysql.com>
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, Full-Time Developer
/_/ /_/\_, /___/\___\_\___/ Izhevsk, Russia
<___/ www.mysql.com Office: +7 3412 786033
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE/sM7oSVDhKrJykfIRAqCaAJ9baY4skWhdp7fy5h8nIB5VLqGNEwCfYAVg
oeJGsxmbkLdf9Li02MzMcbg=
=TNq+
-----END PGP SIGNATURE-----