From eef4c5d378c3a4bd838d57e2ea35e9e970113204 Mon Sep 17 00:00:00 2001 From: Sujatha Date: Mon, 18 Jan 2021 14:00:13 +0530 Subject: MDEV-22741: *SAN: ERROR: AddressSanitizer: use-after-poison on address in instrings/strmake.c:36 from change_master (on optimized builds) Problem: ======== CHANGE MASTER TO MASTER_USER='root', MASTER_SSL=0, MASTER_SSL_CA='', MASTER_SSL_CERT='', MASTER_SSL_KEY='', MASTER_SSL_CRL='', MASTER_SSL_CRLPATH=''; CHANGE MASTER TO MASTER_USER='root', MASTER_PASSWORD='', MASTER_SSL=0; use-after-poison is reported for lex_mi->ssl_crl File: sql_repl.cc if (lex_mi->ssl_crl) strmake_buf(mi->ssl_crl, lex_mi->ssl_crl); Analysis: ======== At the end of CHANGE MASTER statement execution, the LEX_MASTER_INFO parameters are reset so that the next query will have a clean state. But 'ssl_crl' and 'ssl_crl_path' members of LEX_MASTER_INFO object are not cleared during 'LEX_MASTER_INFO::reset'. Hence when a new CHANGE MASTER statement is executed, the stale value of lex_mi->ssl_crl is used, so ASAN reports use-after-poison. Fix: === Clear 'ssl_crl' and 'ssl_crl_path' as part of 'reset'. --- sql/sql_lex.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'sql/sql_lex.h') diff --git a/sql/sql_lex.h b/sql/sql_lex.h index 965c3f29834..f733f783d0e 100644 --- a/sql/sql_lex.h +++ b/sql/sql_lex.h @@ -280,7 +280,7 @@ struct LEX_MASTER_INFO } host= user= password= log_file_name= ssl_key= ssl_cert= ssl_ca= - ssl_capath= ssl_cipher= relay_log_name= 0; + ssl_capath= ssl_cipher= ssl_crl= ssl_crlpath= relay_log_name= NULL; pos= relay_log_pos= server_id= port= connect_retry= 0; heartbeat_period= 0; ssl= ssl_verify_server_cert= heartbeat_opt= -- cgit v1.2.1