bug: use after free in PacketReader::next_async #66
Comments
discord9
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
discord9
changed the title
I discovered this bug while using the opensrv MySQL implementation in Greptime DB. It appears that when parsing a large SQL file, opensrv reuses some of its u8 arrays, leading to a string validation issue with from_utf8. This results in corrupted bytes. I am currently working on a minimal reproducible example, but I can reliably reproduce the issue with a large query (about 500 lines of SQL) in Greptime DB.
This may be related to Issue #49. I am still trying to understand the code, but I suspect that the data race originates from the opensrv crate. I have placed numerous UTF-8 checks in the call stack, and soon after exiting the opensrv call to AsyncMysqlIntermediary.run, the validity of the UTF-8 suddenly fails, resulting in the query &str being corrupted.(Note that the first few check for utf8 is oked after calling
AsyncMysqlIntermediary.runindicating a data race)edited: I made a fix in #67 removing unsafe line
The text was updated successfully, but these errors were encountered: