Hi,
On 23/10/17 19:48, Bas Couwenberg wrote:
> Source: mariadb-10.1
> Version: 10.1.28-1
> Severity: serious
> Justification: makes the package in question unusable or mostly so
> Control: affects -1 src:gdal
>
> Dear Maintainer,
>
> mariadb-10.1 (10.1.28-1) FTBFS on mips64el, and the missing binaries are
> blocking testing migration of mariadb-10.1 and its reverse dependencies.
The failing builds are all related to mariabackup and fail like this:
> CURRENT_TEST: mariabackup.xb_fulltext_encrypted
> mysqltest: At line 17: exec of
> '/<<PKGBUILDDIR>>/builddir/extra/mariabackup/mariabackup --innobackupex
> --defaults-file=/<<PKGBUILDDIR>>/builddir/mysql-test/var/4/my.cnf
> --no-timestamp /<<PKGBUILDDIR>>/builddir/m
> ysql-test/var/4/tmp/backup 2>&1' failed, error: 34304, status: 134, errno: 0
> Output from before failure:
> *** Error in `/<<PKGBUILDDIR>>/builddir/extra/mariabackup/mariabackup':
> malloc(): memory corruption: 0x000000aab1fe43a0 ***
After running that through valgrind, it was pretty easy to find the cause.
The failures are caused by a buffer overflow in a Debian patch
"fix-FTBFS-on-GNU-Hurd.patch" which was applied as a result of #861166.
Relevant extract:
> --- a/extra/mariabackup/backup_copy.cc
> +++ b/extra/mariabackup/backup_copy.cc
> @@ -623,11 +623,13 @@ static
> int
> mkdirp(const char *pathname, int Flags, myf MyFlags)
> {
> - char parent[PATH_MAX], *p;
> + char *parent, *p;
> + int len = strlen(pathname) + 1;
>
> /* make a parent directory path */
> - strncpy(parent, pathname, sizeof(parent));
> - parent[sizeof(parent) - 1] = 0;
> + parent = (char *)malloc(len);
> + strncpy(parent, pathname, len);
> + parent[len] = 0;
>
> for (p = parent + strlen(parent);
> !is_path_separator(*p) && p != parent; p--);
"parent[len] = 0" writes past the end of the memory allocated two lines
above. I expect it should be "parent[len - 1] = 0". I've attached a
debdiff which fixes this part.
Unfortunately, after applying this patch the testsuite gets further but
some tests still fail. I am now getting the
"encryption.innodb-checksum-algorithm" test failing with a "Data
structure corruption" error which sounds bad.
Thanks,
James
diff -Nru mariadb-10.1-10.1.28/debian/patches/fix-FTBFS-on-GNU-Hurd.patch
mariadb-10.1-10.1.28/debian/patches/fix-FTBFS-on-GNU-Hurd.patch
--- mariadb-10.1-10.1.28/debian/patches/fix-FTBFS-on-GNU-Hurd.patch
2017-10-09 23:07:43.000000000 +0100
+++ mariadb-10.1-10.1.28/debian/patches/fix-FTBFS-on-GNU-Hurd.patch
2017-10-27 16:35:29.000000000 +0100
@@ -59,7 +59,7 @@
- parent[sizeof(parent) - 1] = 0;
+ parent = (char *)malloc(len);
+ strncpy(parent, pathname, len);
-+ parent[len] = 0;
++ parent[len - 1] = 0;
for (p = parent + strlen(parent);
!is_path_separator(*p) && p != parent; p--);
