plugin crash with very long query #145
Comments
|
BTW: tested with latest version of plugin |
|
Hi. Can you send me a tarball with the query and with minimal statements to create the table that corresponds to the select? We will try to reproduce and fix. Please also send your mysqld configuration and version information (mysql version, plugin version, OS version, 64 vs. 32 bit). Thanks! Aharon Aharon (Arnold) Robbins From: Rick Pizzi [mailto:[email protected]] We are suffering a plugin crash when a very long query is issued. The crash does not happen in the plugin itself, however, it has been verified that the crash does not happen when the audit plugin is not loaded, so here we are. `stack_bottom = 7f6b4ec34d40 thread_stack 0x40000 Trying to get some variables. The query itself is about 3.8 MB in size (!!) and although I agree the query is ugly, the plugin should not make mysqld crash. I will post a piece of it below, it is much longer than this but you get the idea as it is like that until the end. `SELECT * FROM ( SELECT * FROM HOTELS WHERE ID_CITY = '-100027' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM
— |
|
This was easy than expected as the bug bites even with an empty table. Please find attached the original query and a create table statement that you can use to run the query against the table. We are using latest version of your plugin (1.0.9) and our MySQL version is 5.6.29-76.2-log Percona Server on x86. |
|
Much thanks. We will start investigating. Aharon (Arnold) Robbins From: Rick Pizzi [mailto:[email protected]] This was easy than expected as the bug bites even with an empty table. Please find attached the original query and a create table statement that you can use to run the query against the schema. We are using latest version of your plugin (1.0.9) and our MySQL version is 5.6.29-76.2-log Percona Server on x86. issue145.tar.gzhttps://github.com/mcafee/mysql-audit/files/368934/issue145.tar.gz — |
|
I have reproduced this on generic MySQL 5.6.29. We’re working on it. Thanks! Aharon (Arnold) Robbins From: Rick Pizzi [mailto:[email protected]] This was easy than expected as the bug bites even with an empty table. Please find attached the original query and a create table statement that you can use to run the query against the schema. We are using latest version of your plugin (1.0.9) and our MySQL version is 5.6.29-76.2-log Percona Server on x86. issue145.tar.gzhttps://github.com/mcafee/mysql-audit/files/368934/issue145.tar.gz — |
|
Any news? This problem keeps biting us.... |
|
Hi. We have reproduced the problem. It’s quite a nasty one, unfortunately. We are working on it. Is there any way you can reduce the size of that query? Just wondering. Thanks, Aharon Aharon (Arnold) Robbins From: Rick Pizzi [mailto:[email protected]] Any news? This problem keeps biting us.... — |
|
The app team said they fixed that query, but some other unrelated issues are delaying the deployment of the version with the fix in production. Rick On 17 Aug 2016, at 12:25, aharonrobbins [email protected] wrote:
|
|
HI. I managed to track down the problem! I will start working on a fix tomorrow. Thanks Aharon Aharon (Arnold) Robbins From: Rick Pizzi [mailto:[email protected]] The app team said they fixed that query, but some other unrelated issues are delaying the deployment of the version with the fix in production. Rick On 17 Aug 2016, at 12:25, aharonrobbins <[email protected]mailto:[email protected]> wrote:
— |
|
Great!! Rick On 17 Aug 2016, at 17:37, aharonrobbins [email protected] wrote:
|
prototype for check_table_access() function.
|
I have just pushed the fix to the source code, and uploaded dev-snapshot binaries to bintray.com. Let us know how it goes. Thanks for finding and reporting this issue. |
|
Arnold, thanks for fixing this. Thanks On 25 Aug 2016, at 12:40, aharonrobbins [email protected] wrote:
|
|
It should be safe. Maybe try in a test environment to be sure, but there haven’t been major upheavals in the code. Thanks, Aharon Aharon (Arnold) Robbins From: Rick Pizzi [mailto:[email protected]] Arnold, thanks for fixing this. Thanks On 25 Aug 2016, at 12:40, aharonrobbins <[email protected]mailto:[email protected]> wrote:
— |
|
I’m asking because we have 1.0.9 (release) all over. Of course we can replace with snapshot only where the bug bites. Any idea when 1.1.0 will be GA? Thanks again for your hard work. Rick On 25 Aug 2016, at 12:55, aharonrobbins [email protected] wrote:
|
|
I would suggest replacing 1.0.9 just where the bug bites. That minimizes your risk. No schedule at the moment for 1.1.0. But again, there’s not a lot of difference. The main changes were to update the pcre and yajl libraries to the most current version, adding offsets for more releases, and bug fixes for major issues, all as noted in the ChangeLog on the wiki. Hope this helps, Aharon Aharon (Arnold) Robbins From: Rick Pizzi [mailto:[email protected]] I’m asking because we have 1.0.9 (release) all over. Of course we can replace with snapshot only where the bug bites. Any idea when 1.1.0 will be GA? Thanks again for your hard work. Rick On 25 Aug 2016, at 12:55, aharonrobbins <[email protected]mailto:[email protected]> wrote:
— |
We are suffering a plugin crash when a very long query is issued. The crash does not happen in the plugin itself, however, it has been verified that the crash does not happen when the audit plugin is not loaded, so here we are.
`stack_bottom = 7f6b4ec34d40 thread_stack 0x40000
/usr/sbin/mysqld(my_print_stacktrace+0x2c)[0x8d2e0c]
/usr/sbin/mysqld(handle_fatal_signal+0x461)[0x6580b1]
/lib64/libpthread.so.0[0x3ba2a0f7e0]
/usr/sbin/mysqld(my_hash_first+0xb)[0x8b5abb]
/usr/sbin/mysqld(my_hash_search+0x11)[0x8b5b21]
/usr/sbin/mysqld(_Z23check_grant_all_columnsP3THDmP24Field_iterator_table_ref+0x125)[0x6713d5]
/usr/sbin/mysqld(_Z13insert_fieldsP3THDP23Name_resolution_contextPKcS4_P13List_iteratorI4ItemEb+0x709)[0x691e39]
/usr/sbin/mysqld(_Z10setup_wildP3THDP10TABLE_LISTR4ListI4ItemEPS5_j+0x23d)[0x69224d]
/usr/sbin/mysqld(_ZN4JOIN7prepareEP10TABLE_LISTjP4ItemjP8st_orderS5_S3_P13st_select_lexP18st_select_lex_unit+0x291)[0x6f7921]
/usr/sbin/mysqld(_ZN18st_select_lex_unit7prepareEP3THDP13select_resultm+0x88b)[0x7451ab]
/usr/sbin/mysqld(_Z21mysql_derived_prepareP3THDP3LEXP10TABLE_LIST+0x12f)[0x6b312f]
/usr/sbin/mysqld(_Z20mysql_handle_derivedP3LEXPFbP3THDS0_P10TABLE_LISTE+0x66)[0x6b2f96]
/usr/sbin/mysqld(_Z30open_normal_and_derived_tablesP3THDP10TABLE_LISTj+0x90)[0x6956e0]
/usr/sbin/mysqld[0x55c704]
/usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x1a9c)[0x6da75c]
/usr/lib64/mysql/plugin/libaudit_plugin.so(+0xed36)[0x7f8094736d36]
/usr/sbin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x5a8)[0x6dfe18]
/usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x106f)[0x6e161f]
/usr/sbin/mysqld(_Z24do_handle_one_connectionP3THD+0x162)[0x6adec2]
/usr/sbin/mysqld(handle_one_connection+0x40)[0x6adfb0]
/usr/sbin/mysqld(pfs_spawn_thread+0x143)[0xb39f23]
/lib64/libpthread.so.0[0x3ba2a07aa1]
/lib64/libc.so.6(clone+0x6d)[0x3ba26e893d]
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (7f6a2c040280): is an invalid pointer
`
The query itself is about 3.8 MB in size (!!) and although I agree the query is ugly, the plugin should not make mysqld crash. I will post a piece of it below, it is much longer than this but you get the idea as it is like that until the end.
`SELECT * FROM ( SELECT * FROM HOTELS WHERE ID_CITY = '-100027' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM
HOTELS WHERE ID_CITY = '-1000786' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-10
0088' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1001060' AND ID_PROVIDER=2 AND
NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1001125' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excels
ior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-100132' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOT
ELS WHERE ID_CITY = '-1001954' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-100215
6' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1002850' AND ID_PROVIDER=2 AND NAM
E LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1002866' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior
%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-100290' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS
WHERE ID_CITY = '-1003154' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1003232'
AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1003248' AND ID_PROVIDER=2 AND NAME L
IKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1003555' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%'
UNION SELECT * FROM HOTELS WHERE ID_CITY = '-100356' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WH
ERE ID_CITY = '-1003585' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-100452' AND
ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1004589' AND ID_PROVIDER=2 AND NAME LIKE
'%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1004815' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNIO
N SELECT * FROM HOTELS WHERE ID_CITY = '-100499' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE
ID_CITY = '-1005165' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-100534' AND ID_P
ROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1005604' AND ID_PROVIDER=2 AND NAME LIKE '%Br
itannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1006230' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SE
LECT * FROM HOTELS WHERE ID_CITY = '-1006376' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_
CITY = '-1007067' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1007299' AND ID_PRO
VIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1007511' AND ID_PROVIDER=2 AND NAME LIKE '%Brit
annia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1007821' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELE
CT * FROM HOTELS WHERE ID_CITY = '-1008239' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CI
TY = '-1008370' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-100853' AND ID_PROVID
ER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1009158' AND ID_PROVIDER=2 AND NAME LIKE '%Britann
ia Excelsior%' UNION SELECT * FROM HOTELS WHERE ID_CITY = '-1009225' AND ID_PROVIDER=2 AND NAME LIKE '%Britannia Excelsior%' UNION SELECT
The text was updated successfully, but these errors were encountered: