Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

phxsqlproxy 在GetDBNameFromReqBuf调用中产生core dump #168

Open
loveleon opened this issue Oct 29, 2018 · 2 comments
Open

phxsqlproxy 在GetDBNameFromReqBuf调用中产生core dump #168

loveleon opened this issue Oct 29, 2018 · 2 comments

Comments

@loveleon
Copy link

gdb core文件,发现在
void IOChannel::GetDBNameFromReqBuf(const char * buf, int buf_size) {
if (buf_size > 5) {
char cmd = buf[4];
if (cmd == COM_INIT_DB) {
int buf_len = 0;
memcpy(&buf_len, buf, 3);
db_name_ = std::string(buf + 5, buf_len - 1);
LOG_DEBUG("bufsize %d buflen %d ret [%s]", buf_size, buf_len, db_name_.c_str());
}
}
}
构造db_name_值时候,堆栈如下:
(gdb) bt
#0 __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:84
#1 0x0000000000415e12 in std::string::_S_construct<char const*> (
__beg=0x7f6d77197ef5 "\003\335xxt\0\036J_A_ORG_HIS_MAX_USED_LIMIT_PCTsq\0~\0\034\0\0\0\003sq\0~\0\037", '\377' <repeats 11 times>, "\376\377\377\377\376\0\0\0\001uq\0~\0\"\0\0\0\002\004xxxt\0\033J_FIRST_LOANCARD_OPEN_MONTHt\0\a2015.09t\0\021J_A_PMT_M3_CNT_18q\0~\0\030t\0\020J_LBL_IS_ACCFUNDq\0~\0"..., __end=0x7f6d7775af50 "", __a=...)
at /usr/include/c++/4.8/bits/basic_string.tcc:140
#2 0x00000000005bc3ed in std::basic_string<char, std::char_traits, std::allocator >::basic_string(char const*, unsigned long, std::allocator const&) ()
#3 0x0000000000413ebe in phxsqlproxy::IOChannel::GetDBNameFromReqBuf (this=0x12ac0f0,
buf=0x7f6d77197ef0 "\0\0\002\003\335xxt\0\036J_A_ORG_HIS_MAX_USED_LIMIT_PCTsq\0~\0\034\0\0\0\003sq\0~\0\037", '\377' <repeats 11 times>, "\376\377\377\377\376\0\0\0\001uq\0~\0\"\0\0\0\002\004xxxt\0\033J_FIRST_LOANCARD_OPEN_MONTHt\0\a2015.09t\0\021J_A_PMT_M3_CNT_18q\0~\0\030t\0\020J_LBL_IS_ACCFUNDq"..., buf_size=16384) at io_channel.cpp:268
#4 0x000000000041392e in phxsqlproxy::IOChannel::TransMsgDirect (this=0x12ac0f0, source_fd=109, dest_fd=112, pf=0x7f6d7719bf70, nfds=2) at io_channel.cpp:178
#5 0x0000000000413495 in phxsqlproxy::IOChannel::TransMsg (this=0x12ac0f0, client_fd=109, sqlsvr_fd=112) at io_channel.cpp:107
#6 0x0000000000410b8d in phxsqlproxy::IORoutine::run (this=0x12ac060) at io_routine.cpp:161
#7 0x0000000000416efd in phxsqlproxy::RoutineRun (p=0x12ac060) at phxcoroutine.cpp:35
#8 0x0000000000438c13 in CoRoutineFunc (co=0x7f6de40d1530) at co_routine.cpp:440
#9 0x0000000000000000 in ?? ()
请问,在IOChannel::TransMsgDirect 函数中,定义char buf[1024*16],然后POLLIN中,
if ((read_once = read(source_fd, buf, sizeof(buf))) <= 0) { 中,能否确保读到一个完整的mysql报文。这里的逻辑处理,是否导致了底层数据读取出错?或是mysql client端协议与mysql server5.6版本不同导致?

@loveleon
Copy link
Author

在frame 3中,
(gdb) p/x buf[0]
$1 = 0x5c
(gdb) p/x buf[1]
$2 = 0x30
(gdb) p/x buf[2]
$3 = 0x5c
(gdb)

@loveleon
Copy link
Author

loveleon commented Nov 1, 2018

mysql 字段为longblob时候,如果发送数据包长度,超过16k。read_once操作读取包就不会是完整报文。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant