Skip to content

Commit

Permalink
PS-269 (Initial Percona Server 8.0.12 tree)
Browse files Browse the repository at this point in the history
Avoid undefined behavior in audit_log_update_thd_local by avoiding
passing NULL as source pointer to memcpy, even with zero length.

The UBSan report fixed is

/usr/include/x86_64-linux-gnu/bits/string3.h:53:71: runtime error: null pointer passed as argument 2, which is declared to never be null
    #0 0x7fe5aad56fb1 in memcpy /usr/include/x86_64-linux-gnu/bits/string3.h:53
    #1 0x7fe5aad56fb1 in audit_log_update_thd_local plugin/audit_log/audit_log.cc:987
    #2 0x7fe5aad56fb1 in audit_log_notify plugin/audit_log/audit_log.cc:1105
    #3 0x1ecac37 in plugins_dispatch sql/sql_audit.cc:1284
    #4 0x1ecac37 in event_class_dispatch sql/sql_audit.cc:1322
    #5 0x1ecb311 in event_class_dispatch_error sql/sql_audit.cc:1340
    #6 0x1ed21b1 in mysql_audit_notify(THD*, mysql_event_connection_subclass_t, char const*, int) sql/sql_audit.cc:438
    #7 0x1350071 in check_connection sql/sql_connect.cc:868
    #8 0x1350071 in login_connection sql/sql_connect.cc:929
    #9 0x1357881 in thd_prepare_connection(THD*, bool) sql/sql_connect.cc:1084
    #10 0x1e66347 in handle_connection sql/conn_handler/connection_handler_per_thread.cc:313
    #11 0xb1913a3 in pfs_spawn_thread storage/perfschema/pfs.cc:2836
    #12 0x7fe5d352f6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
    percona#13 0x7fe5d0bd741c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
  • Loading branch information
laurynas-biveinis authored and inikep committed Jun 7, 2022
1 parent 7775bba commit d1c220c
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions plugin/audit_log/audit_log.cc
Original file line number Diff line number Diff line change
Expand Up @@ -983,8 +983,9 @@ static bool audit_log_update_thd_local(MYSQL_THD thd,
if (event_connection->status == 0) {
/* track default DB change */
DBUG_ASSERT(event_connection->database.length <= sizeof(local->db));
memcpy(local->db, event_connection->database.str,
event_connection->database.length);
if (event_connection->database.str != nullptr)
memcpy(local->db, event_connection->database.str,
event_connection->database.length);
local->db[event_connection->database.length] = 0;
}
} else if (event_class == MYSQL_AUDIT_GENERAL_CLASS) {
Expand Down

0 comments on commit d1c220c

Please sign in to comment.