phxsql icon indicating copy to clipboard operation
phxsql copied to clipboard
verified publisher icon Tencent

phxsqlproxy 在GetDBNameFromReqBuf调用中产生core dump

Open loveleon opened this issue 7 years ago • 2 comments

gdb core文件,发现在 void IOChannel::GetDBNameFromReqBuf(const char * buf, int buf_size) { if (buf_size > 5) { char cmd = buf[4]; if (cmd == COM_INIT_DB) { int buf_len = 0; memcpy(&buf_len, buf, 3); db_name_ = std::string(buf + 5, buf_len - 1); LOG_DEBUG("bufsize %d buflen %d ret [%s]", buf_size, buf_len, db_name_.c_str()); } } } 构造db_name_值时候,堆栈如下: (gdb) bt #0 __memcpy_sse2_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-sse2-unaligned.S:84 #1 0x0000000000415e12 in std::string::_S_construct<char const*> ( __beg=0x7f6d77197ef5 "\003\335xxt\0\036J_A_ORG_HIS_MAX_USED_LIMIT_PCTsq\0~\0\034\0\0\0\003sq\0~\0\037", '\377' <repeats 11 times>, "\376\377\377\377\376\0\0\0\001uq\0~\0\"\0\0\0\002\004xxxt\0\033J_FIRST_LOANCARD_OPEN_MONTHt\0\a2015.09t\0\021J_A_PMT_M3_CNT_18q\0~\0\030t\0\020J_LBL_IS_ACCFUNDq\0~\0"..., __end=0x7f6d7775af50 "", __a=...) at /usr/include/c++/4.8/bits/basic_string.tcc:140 #2 0x00000000005bc3ed in std::basic_string<char, std::char_traits, std::allocator >::basic_string(char const*, unsigned long, std::allocator const&) () #3 0x0000000000413ebe in phxsqlproxy::IOChannel::GetDBNameFromReqBuf (this=0x12ac0f0, buf=0x7f6d77197ef0 "\0\0\002\003\335xxt\0\036J_A_ORG_HIS_MAX_USED_LIMIT_PCTsq\0~\0\034\0\0\0\003sq\0~\0\037", '\377' <repeats 11 times>, "\376\377\377\377\376\0\0\0\001uq\0~\0\"\0\0\0\002\004xxxt\0\033J_FIRST_LOANCARD_OPEN_MONTHt\0\a2015.09t\0\021J_A_PMT_M3_CNT_18q\0~\0\030t\0\020J_LBL_IS_ACCFUNDq"..., buf_size=16384) at io_channel.cpp:268 #4 0x000000000041392e in phxsqlproxy::IOChannel::TransMsgDirect (this=0x12ac0f0, source_fd=109, dest_fd=112, pf=0x7f6d7719bf70, nfds=2) at io_channel.cpp:178 #5 0x0000000000413495 in phxsqlproxy::IOChannel::TransMsg (this=0x12ac0f0, client_fd=109, sqlsvr_fd=112) at io_channel.cpp:107 #6 0x0000000000410b8d in phxsqlproxy::IORoutine::run (this=0x12ac060) at io_routine.cpp:161 #7 0x0000000000416efd in phxsqlproxy::RoutineRun (p=0x12ac060) at phxcoroutine.cpp:35 #8 0x0000000000438c13 in CoRoutineFunc (co=0x7f6de40d1530) at co_routine.cpp:440 #9 0x0000000000000000 in ?? () 请问,在IOChannel::TransMsgDirect 函数中,定义char buf[1024*16],然后POLLIN中, if ((read_once = read(source_fd, buf, sizeof(buf))) <= 0) { 中,能否确保读到一个完整的mysql报文。这里的逻辑处理,是否导致了底层数据读取出错?或是mysql client端协议与mysql server5.6版本不同导致?

loveleon avatar Oct 29 '18 10:10 loveleon

在frame 3中, (gdb) p/x buf[0] $1 = 0x5c (gdb) p/x buf[1] $2 = 0x30 (gdb) p/x buf[2] $3 = 0x5c (gdb)

loveleon avatar Oct 30 '18 01:10 loveleon

mysql 字段为longblob时候,如果发送数据包长度,超过16k。read_once操作读取包就不会是完整报文。

loveleon avatar Nov 01 '18 02:11 loveleon