Bug#35982564 Heap buffer overflow on NDB_SHARE_KEY DBUG_DUMP

dtcpatricio · dtcpatricio · commit 90a3e367fe5d · 2023-11-10T17:13:35.000Z
Problem:

Running an ASAN build with DBUG_TRACE calls (--debug), a heap buffer
overflow is detected on NDB_SHARE::create_key().

Analysis:

On NDB_SHARE::create_key(), the DBUG_DUMP of the `m_buffer` field of
NDB_SHARE_KEY is given with the size `size` which amounts to
sizeof(NDB_SHARE_KEY) + buffer_size. Hence, DBUG_DUMP is called
with sizeof(NDB_SHARE_KEY) extra bytes, caught by ASAN build.

Solution:

Since DBUG_DUMP is not necessary, because a DBUG_PRINT of the buffer is
already present in the lines before, then it is removed.

Change-Id: I92c17fb16b39d19a896a500b8ab1956addc16015
diff --git a/sql/ndb_share.cc b/sql/ndb_share.cc
@@ -136,7 +136,6 @@ NDB_SHARE::create_key(const char *new_key)
                       db_name_buf, (unsigned long)db_name_len));
   DBUG_PRINT("info", ("table_name: '%s', %lu", table_name_buf,
                       (unsigned long)table_name_len));
-  DBUG_DUMP("NDB_SHARE_KEY: ", (const uchar*)allocated_key->m_buffer, size);
 
   return allocated_key;
 }

Original file line number	Diff line number	Diff line change
`@@ -136,7 +136,6 @@ NDB_SHARE::create_key(const char *new_key)`
`136`	`136`	`db_name_buf, (unsigned long)db_name_len));`
`137`	`137`	`DBUG_PRINT("info", ("table_name: '%s', %lu", table_name_buf,`
`138`	`138`	`(unsigned long)table_name_len));`
`139`		`- DBUG_DUMP("NDB_SHARE_KEY: ", (const uchar*)allocated_key->m_buffer, size);`
`140`	`139`
`141`	`140`	`return allocated_key;`
`142`	`141`	`}`