Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.2(EOL), 10.3(EOL)
-
None
Description
--source include/have_innodb.inc
|
|
|
CREATE TABLE t1 ( |
pk INT, |
c TEXT,
|
vc LONGTEXT AS (c) VIRTUAL, |
i INT, |
PRIMARY KEY(pk), |
UNIQUE(i), |
INDEX(vc(64)) |
) ENGINE=InnoDB;
|
|
|
INSERT INTO t1 (pk,c,i) VALUES (1,REPEAT('foo ',15000),0); |
REPLACE INTO t1 (pk,c,i) SELECT pk,c,i FROM t1; |
|
|
# Cleanup
|
DROP TABLE t1; |
|
10.2 30289a271380 ASAN |
==6536==ERROR: AddressSanitizer: heap-use-after-free on address 0x630000100488 at pc 0x559f3b265c4d bp 0x7f3ca0844200 sp 0x7f3ca08441f8
|
READ of size 60000 at 0x630000100488 thread T27
|
#0 0x559f3b265c4c in mem_heap_dup(mem_block_info_t*, void const*, unsigned long) /data/src/10.2/storage/innobase/mem/mem0mem.cc:56
|
#1 0x559f3b40dd82 in dfield_dup /data/src/10.2/storage/innobase/include/data0data.ic:285
|
#2 0x559f3b417ef4 in row_upd_index_replace_new_col_val /data/src/10.2/storage/innobase/row/row0upd.cc:1287
|
#3 0x559f3b41847e in row_upd_index_replace_new_col_vals_index_pos(dtuple_t*, dict_index_t*, upd_t const*, unsigned long, mem_block_info_t*) /data/src/10.2/storage/innobase/row/row0upd.cc:1367
|
#4 0x559f3b54c9a4 in btr_cur_pessimistic_update(unsigned long, btr_cur_t*, unsigned long**, mem_block_info_t**, mem_block_info_t*, big_rec_t**, upd_t*, unsigned long, que_thr_t*, unsigned long, mtr_t*) /data/src/10.2/storage/innobase/btr/btr0cur.cc:4206
|
#5 0x559f3b32fb72 in row_ins_clust_index_entry_by_modify /data/src/10.2/storage/innobase/row/row0ins.cc:394
|
#6 0x559f3b3395c3 in row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t*, unsigned long, dtuple_t*, unsigned long, que_thr_t*, bool) /data/src/10.2/storage/innobase/row/row0ins.cc:2688
|
#7 0x559f3b33b937 in row_ins_clust_index_entry(dict_index_t*, dtuple_t*, que_thr_t*, unsigned long, bool) /data/src/10.2/storage/innobase/row/row0ins.cc:3218
|
#8 0x559f3b33bdc6 in row_ins_index_entry /data/src/10.2/storage/innobase/row/row0ins.cc:3314
|
#9 0x559f3b33c805 in row_ins_index_entry_step /data/src/10.2/storage/innobase/row/row0ins.cc:3464
|
#10 0x559f3b33d0d0 in row_ins /data/src/10.2/storage/innobase/row/row0ins.cc:3606
|
#11 0x559f3b33e1d1 in row_ins_step(que_thr_t*) /data/src/10.2/storage/innobase/row/row0ins.cc:3843
|
#12 0x559f3b374a11 in row_insert_for_mysql(unsigned char const*, row_prebuilt_t*) /data/src/10.2/storage/innobase/row/row0mysql.cc:1469
|
#13 0x559f3b1144c4 in ha_innobase::write_row(unsigned char*) /data/src/10.2/storage/innobase/handler/ha_innodb.cc:8595
|
#14 0x559f3a9925b0 in handler::ha_write_row(unsigned char*) /data/src/10.2/sql/handler.cc:6001
|
#15 0x559f3a33c486 in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.2/sql/sql_insert.cc:1654
|
#16 0x559f3a34aa3d in select_insert::send_data(List<Item>&) /data/src/10.2/sql/sql_insert.cc:3757
|
#17 0x559f3a4ac1aa in end_send /data/src/10.2/sql/sql_select.cc:19822
|
#18 0x559f3a4a4ac8 in evaluate_join_record /data/src/10.2/sql/sql_select.cc:18874
|
#19 0x559f3a4dbd2c in AGGR_OP::end_send() /data/src/10.2/sql/sql_select.cc:26580
|
#20 0x559f3a4a2812 in sub_select_postjoin_aggr(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18369
|
#21 0x559f3a4a2f90 in sub_select(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18605
|
#22 0x559f3a4a1aaf in do_select /data/src/10.2/sql/sql_select.cc:18200
|
#23 0x559f3a441f78 in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3530
|
#24 0x559f3a43fc0f in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3325
|
#25 0x559f3a442ff5 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3725
|
#26 0x559f3a422eca in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:373
|
#27 0x559f3a399512 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4518
|
#28 0x559f3a3af1e0 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7891
|
#29 0x559f3a38a69b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1806
|
#30 0x559f3a38773f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1360
|
#31 0x559f3a6c18d5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
|
#32 0x559f3a6c12ea in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
#33 0x559f3b0ca489 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
|
#34 0x7f3cb12aa493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#35 0x7f3caf69093e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
|
|
0x630000100488 is located 136 bytes inside of 60136-byte region [0x630000100400,0x63000010eee8)
|
freed by thread T27 here:
|
#0 0x7f3cb1514527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
|
#1 0x559f3b267951 in mem_heap_block_free(mem_block_info_t*, mem_block_info_t*) /data/src/10.2/storage/innobase/mem/mem0mem.cc:440
|
#2 0x559f3b40d38f in mem_heap_free /data/src/10.2/storage/innobase/include/mem0mem.ic:535
|
#3 0x559f3b41b50a in row_upd_store_v_row(upd_node_t*, upd_t const*, THD*, TABLE*) /data/src/10.2/storage/innobase/row/row0upd.cc:2166
|
#4 0x559f3b41ba39 in row_upd_store_row(upd_node_t*, THD*, TABLE*) /data/src/10.2/storage/innobase/row/row0upd.cc:2220
|
#5 0x559f3b41f843 in row_upd_del_mark_clust_rec /data/src/10.2/storage/innobase/row/row0upd.cc:2960
|
#6 0x559f3b4206d4 in row_upd_clust_step /data/src/10.2/storage/innobase/row/row0upd.cc:3144
|
#7 0x559f3b42118b in row_upd /data/src/10.2/storage/innobase/row/row0upd.cc:3261
|
#8 0x559f3b421ead in row_upd_step(que_thr_t*) /data/src/10.2/storage/innobase/row/row0upd.cc:3407
|
#9 0x559f3b377436 in row_update_for_mysql(row_prebuilt_t*) /data/src/10.2/storage/innobase/row/row0mysql.cc:1927
|
#10 0x559f3b119109 in ha_innobase::delete_row(unsigned char const*) /data/src/10.2/storage/innobase/handler/ha_innodb.cc:9488
|
#11 0x559f3a993420 in handler::ha_delete_row(unsigned char const*) /data/src/10.2/sql/handler.cc:6061
|
#12 0x559f3a33c2a0 in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.2/sql/sql_insert.cc:1892
|
#13 0x559f3a34aa3d in select_insert::send_data(List<Item>&) /data/src/10.2/sql/sql_insert.cc:3757
|
#14 0x559f3a4ac1aa in end_send /data/src/10.2/sql/sql_select.cc:19822
|
#15 0x559f3a4a4ac8 in evaluate_join_record /data/src/10.2/sql/sql_select.cc:18874
|
#16 0x559f3a4dbd2c in AGGR_OP::end_send() /data/src/10.2/sql/sql_select.cc:26580
|
#17 0x559f3a4a2812 in sub_select_postjoin_aggr(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18369
|
#18 0x559f3a4a2f90 in sub_select(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18605
|
#19 0x559f3a4a1aaf in do_select /data/src/10.2/sql/sql_select.cc:18200
|
#20 0x559f3a441f78 in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3530
|
#21 0x559f3a43fc0f in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3325
|
#22 0x559f3a442ff5 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3725
|
#23 0x559f3a422eca in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:373
|
#24 0x559f3a399512 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4518
|
#25 0x559f3a3af1e0 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7891
|
#26 0x559f3a38a69b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1806
|
#27 0x559f3a38773f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1360
|
#28 0x559f3a6c18d5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
|
#29 0x559f3a6c12ea in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
|
|
previously allocated by thread T27 here:
|
#0 0x7f3cb151473f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
|
#1 0x559f3b266fdf in mem_heap_create_block_func(mem_block_info_t*, unsigned long, char const*, unsigned int, unsigned long) /data/src/10.2/storage/innobase/mem/mem0mem.cc:296
|
#2 0x559f3b2676ee in mem_heap_add_block(mem_block_info_t*, unsigned long) /data/src/10.2/storage/innobase/mem/mem0mem.cc:397
|
#3 0x559f3b533557 in mem_heap_alloc /data/src/10.2/storage/innobase/include/mem0mem.ic:203
|
#4 0x559f3b559342 in btr_copy_externally_stored_field(unsigned long*, unsigned char const*, page_size_t const&, unsigned long, mem_block_info_t*) /data/src/10.2/storage/innobase/btr/btr0cur.cc:7766
|
#5 0x559f3b14dd3e in innobase_get_computed_value(dtuple_t const*, dict_v_col_t const*, dict_index_t const*, mem_block_info_t**, mem_block_info_t*, dict_field_t const*, THD*, TABLE*, dict_table_t const*, upd_t*, dict_foreign_t*) /data/src/10.2/storage/innobase/handler/ha_innodb.cc:22321
|
#6 0x559f3b41b495 in row_upd_store_v_row(upd_node_t*, upd_t const*, THD*, TABLE*) /data/src/10.2/storage/innobase/row/row0upd.cc:2159
|
#7 0x559f3b41ba39 in row_upd_store_row(upd_node_t*, THD*, TABLE*) /data/src/10.2/storage/innobase/row/row0upd.cc:2220
|
#8 0x559f3b41f843 in row_upd_del_mark_clust_rec /data/src/10.2/storage/innobase/row/row0upd.cc:2960
|
#9 0x559f3b4206d4 in row_upd_clust_step /data/src/10.2/storage/innobase/row/row0upd.cc:3144
|
#10 0x559f3b42118b in row_upd /data/src/10.2/storage/innobase/row/row0upd.cc:3261
|
#11 0x559f3b421ead in row_upd_step(que_thr_t*) /data/src/10.2/storage/innobase/row/row0upd.cc:3407
|
#12 0x559f3b377436 in row_update_for_mysql(row_prebuilt_t*) /data/src/10.2/storage/innobase/row/row0mysql.cc:1927
|
#13 0x559f3b119109 in ha_innobase::delete_row(unsigned char const*) /data/src/10.2/storage/innobase/handler/ha_innodb.cc:9488
|
#14 0x559f3a993420 in handler::ha_delete_row(unsigned char const*) /data/src/10.2/sql/handler.cc:6061
|
#15 0x559f3a33c2a0 in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.2/sql/sql_insert.cc:1892
|
#16 0x559f3a34aa3d in select_insert::send_data(List<Item>&) /data/src/10.2/sql/sql_insert.cc:3757
|
#17 0x559f3a4ac1aa in end_send /data/src/10.2/sql/sql_select.cc:19822
|
#18 0x559f3a4a4ac8 in evaluate_join_record /data/src/10.2/sql/sql_select.cc:18874
|
#19 0x559f3a4dbd2c in AGGR_OP::end_send() /data/src/10.2/sql/sql_select.cc:26580
|
#20 0x559f3a4a2812 in sub_select_postjoin_aggr(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18369
|
#21 0x559f3a4a2f90 in sub_select(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18605
|
#22 0x559f3a4a1aaf in do_select /data/src/10.2/sql/sql_select.cc:18200
|
#23 0x559f3a441f78 in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3530
|
#24 0x559f3a43fc0f in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3325
|
#25 0x559f3a442ff5 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3725
|
#26 0x559f3a422eca in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:373
|
#27 0x559f3a399512 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4518
|
#28 0x559f3a3af1e0 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7891
|
#29 0x559f3a38a69b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1806
|
|
|
Thread T27 created by T0 here:
|
#0 0x7f3cb14e3bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x559f3b0caa51 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912
|
#2 0x559f3a18970f in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239
|
#3 0x559f3a19e458 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6423
|
#4 0x559f3a19eb5d in create_new_thread /data/src/10.2/sql/mysqld.cc:6493
|
#5 0x559f3a19fb6e in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6768
|
#6 0x559f3a19d9a5 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6042
|
#7 0x559f3a187c3f in main /data/src/10.2/sql/main.cc:25
|
#8 0x7f3caf5c82b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/storage/innobase/mem/mem0mem.cc:56 mem_heap_dup(mem_block_info_t*, void const*, unsigned long)
|
Shadow bytes around the buggy address:
|
0x0c6080018040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c6080018050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c6080018060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c6080018070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c6080018080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c6080018090: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c60800180a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c60800180b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c60800180c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c60800180d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c60800180e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
==6536==ABORTING
|
--source include/have_innodb.inc
|
|
|
CREATE TABLE t1 ( |
pk INT, |
c TEXT,
|
vc TEXT AS (c) VIRTUAL, |
i INT, |
PRIMARY KEY(pk), |
UNIQUE(i), |
INDEX(vc(64)) |
) ENGINE=InnoDB;
|
|
|
INSERT INTO t1 (pk,c,i) VALUES (1,REPEAT('foo ',15000),0); |
REPLACE INTO t1 (pk,c,i) SELECT pk,c,i FROM t1; |
|
|
# Cleanup
|
DROP TABLE t1; |
==6644==ERROR: AddressSanitizer: heap-use-after-free on address 0x6300000d0488 at pc 0x560b98fd4c4d bp 0x7f15a74bd4f0 sp 0x7f15a74bd4e8
|
READ of size 60000 at 0x6300000d0488 thread T27
|
#0 0x560b98fd4c4c in mem_heap_dup(mem_block_info_t*, void const*, unsigned long) /data/src/10.2/storage/innobase/mem/mem0mem.cc:56
|
#1 0x560b990d8c74 in dfield_dup /data/src/10.2/storage/innobase/include/data0data.ic:285
|
#2 0x560b990df3aa in row_mysql_convert_row_to_innobase /data/src/10.2/storage/innobase/row/row0mysql.cc:676
|
#3 0x560b990e3848 in row_insert_for_mysql(unsigned char const*, row_prebuilt_t*) /data/src/10.2/storage/innobase/row/row0mysql.cc:1450
|
#4 0x560b98e834c4 in ha_innobase::write_row(unsigned char*) /data/src/10.2/storage/innobase/handler/ha_innodb.cc:8595
|
#5 0x560b987015b0 in handler::ha_write_row(unsigned char*) /data/src/10.2/sql/handler.cc:6001
|
#6 0x560b980ab486 in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.2/sql/sql_insert.cc:1654
|
#7 0x560b980b9a3d in select_insert::send_data(List<Item>&) /data/src/10.2/sql/sql_insert.cc:3757
|
#8 0x560b9821b1aa in end_send /data/src/10.2/sql/sql_select.cc:19822
|
#9 0x560b98213ac8 in evaluate_join_record /data/src/10.2/sql/sql_select.cc:18874
|
#10 0x560b9824ad2c in AGGR_OP::end_send() /data/src/10.2/sql/sql_select.cc:26580
|
#11 0x560b98211812 in sub_select_postjoin_aggr(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18369
|
#12 0x560b98211f90 in sub_select(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18605
|
#13 0x560b98210aaf in do_select /data/src/10.2/sql/sql_select.cc:18200
|
#14 0x560b981b0f78 in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3530
|
#15 0x560b981aec0f in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3325
|
#16 0x560b981b1ff5 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3725
|
#17 0x560b98191eca in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:373
|
#18 0x560b98108512 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4518
|
#19 0x560b9811e1e0 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7891
|
#20 0x560b980f969b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1806
|
#21 0x560b980f673f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1360
|
#22 0x560b984308d5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
|
#23 0x560b984302ea in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
#24 0x560b98e39489 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
|
#25 0x7f15b7f22493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#26 0x7f15b630893e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
|
|
0x6300000d0488 is located 136 bytes inside of 60136-byte region [0x6300000d0400,0x6300000deee8)
|
freed by thread T27 here:
|
#0 0x7f15b818c527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
|
#1 0x560b98fd6951 in mem_heap_block_free(mem_block_info_t*, mem_block_info_t*) /data/src/10.2/storage/innobase/mem/mem0mem.cc:440
|
#2 0x560b9917c38f in mem_heap_free /data/src/10.2/storage/innobase/include/mem0mem.ic:535
|
#3 0x560b9918a50a in row_upd_store_v_row(upd_node_t*, upd_t const*, THD*, TABLE*) /data/src/10.2/storage/innobase/row/row0upd.cc:2166
|
#4 0x560b9918aa39 in row_upd_store_row(upd_node_t*, THD*, TABLE*) /data/src/10.2/storage/innobase/row/row0upd.cc:2220
|
#5 0x560b9918e843 in row_upd_del_mark_clust_rec /data/src/10.2/storage/innobase/row/row0upd.cc:2960
|
#6 0x560b9918f6d4 in row_upd_clust_step /data/src/10.2/storage/innobase/row/row0upd.cc:3144
|
#7 0x560b9919018b in row_upd /data/src/10.2/storage/innobase/row/row0upd.cc:3261
|
#8 0x560b99190ead in row_upd_step(que_thr_t*) /data/src/10.2/storage/innobase/row/row0upd.cc:3407
|
#9 0x560b990e6436 in row_update_for_mysql(row_prebuilt_t*) /data/src/10.2/storage/innobase/row/row0mysql.cc:1927
|
#10 0x560b98e88109 in ha_innobase::delete_row(unsigned char const*) /data/src/10.2/storage/innobase/handler/ha_innodb.cc:9488
|
#11 0x560b98702420 in handler::ha_delete_row(unsigned char const*) /data/src/10.2/sql/handler.cc:6061
|
#12 0x560b980ab2a0 in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.2/sql/sql_insert.cc:1892
|
#13 0x560b980b9a3d in select_insert::send_data(List<Item>&) /data/src/10.2/sql/sql_insert.cc:3757
|
#14 0x560b9821b1aa in end_send /data/src/10.2/sql/sql_select.cc:19822
|
#15 0x560b98213ac8 in evaluate_join_record /data/src/10.2/sql/sql_select.cc:18874
|
#16 0x560b9824ad2c in AGGR_OP::end_send() /data/src/10.2/sql/sql_select.cc:26580
|
#17 0x560b98211812 in sub_select_postjoin_aggr(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18369
|
#18 0x560b98211f90 in sub_select(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18605
|
#19 0x560b98210aaf in do_select /data/src/10.2/sql/sql_select.cc:18200
|
#20 0x560b981b0f78 in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3530
|
#21 0x560b981aec0f in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3325
|
#22 0x560b981b1ff5 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3725
|
#23 0x560b98191eca in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:373
|
#24 0x560b98108512 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4518
|
#25 0x560b9811e1e0 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7891
|
#26 0x560b980f969b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1806
|
#27 0x560b980f673f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1360
|
#28 0x560b984308d5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
|
#29 0x560b984302ea in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
|
|
previously allocated by thread T27 here:
|
#0 0x7f15b818c73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
|
#1 0x560b98fd5fdf in mem_heap_create_block_func(mem_block_info_t*, unsigned long, char const*, unsigned int, unsigned long) /data/src/10.2/storage/innobase/mem/mem0mem.cc:296
|
#2 0x560b98fd66ee in mem_heap_add_block(mem_block_info_t*, unsigned long) /data/src/10.2/storage/innobase/mem/mem0mem.cc:397
|
#3 0x560b992a2557 in mem_heap_alloc /data/src/10.2/storage/innobase/include/mem0mem.ic:203
|
#4 0x560b992c8342 in btr_copy_externally_stored_field(unsigned long*, unsigned char const*, page_size_t const&, unsigned long, mem_block_info_t*) /data/src/10.2/storage/innobase/btr/btr0cur.cc:7766
|
#5 0x560b98ebcd3e in innobase_get_computed_value(dtuple_t const*, dict_v_col_t const*, dict_index_t const*, mem_block_info_t**, mem_block_info_t*, dict_field_t const*, THD*, TABLE*, dict_table_t const*, upd_t*, dict_foreign_t*) /data/src/10.2/storage/innobase/handler/ha_innodb.cc:22321
|
#6 0x560b9918a495 in row_upd_store_v_row(upd_node_t*, upd_t const*, THD*, TABLE*) /data/src/10.2/storage/innobase/row/row0upd.cc:2159
|
#7 0x560b9918aa39 in row_upd_store_row(upd_node_t*, THD*, TABLE*) /data/src/10.2/storage/innobase/row/row0upd.cc:2220
|
#8 0x560b9918e843 in row_upd_del_mark_clust_rec /data/src/10.2/storage/innobase/row/row0upd.cc:2960
|
#9 0x560b9918f6d4 in row_upd_clust_step /data/src/10.2/storage/innobase/row/row0upd.cc:3144
|
#10 0x560b9919018b in row_upd /data/src/10.2/storage/innobase/row/row0upd.cc:3261
|
#11 0x560b99190ead in row_upd_step(que_thr_t*) /data/src/10.2/storage/innobase/row/row0upd.cc:3407
|
#12 0x560b990e6436 in row_update_for_mysql(row_prebuilt_t*) /data/src/10.2/storage/innobase/row/row0mysql.cc:1927
|
#13 0x560b98e88109 in ha_innobase::delete_row(unsigned char const*) /data/src/10.2/storage/innobase/handler/ha_innodb.cc:9488
|
#14 0x560b98702420 in handler::ha_delete_row(unsigned char const*) /data/src/10.2/sql/handler.cc:6061
|
#15 0x560b980ab2a0 in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.2/sql/sql_insert.cc:1892
|
#16 0x560b980b9a3d in select_insert::send_data(List<Item>&) /data/src/10.2/sql/sql_insert.cc:3757
|
#17 0x560b9821b1aa in end_send /data/src/10.2/sql/sql_select.cc:19822
|
#18 0x560b98213ac8 in evaluate_join_record /data/src/10.2/sql/sql_select.cc:18874
|
#19 0x560b9824ad2c in AGGR_OP::end_send() /data/src/10.2/sql/sql_select.cc:26580
|
#20 0x560b98211812 in sub_select_postjoin_aggr(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18369
|
#21 0x560b98211f90 in sub_select(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18605
|
#22 0x560b98210aaf in do_select /data/src/10.2/sql/sql_select.cc:18200
|
#23 0x560b981b0f78 in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3530
|
#24 0x560b981aec0f in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3325
|
#25 0x560b981b1ff5 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3725
|
#26 0x560b98191eca in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:373
|
#27 0x560b98108512 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4518
|
#28 0x560b9811e1e0 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7891
|
#29 0x560b980f969b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1806
|
|
|
Thread T27 created by T0 here:
|
#0 0x7f15b815bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x560b98e39a51 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912
|
#2 0x560b97ef870f in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239
|
#3 0x560b97f0d458 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6423
|
#4 0x560b97f0db5d in create_new_thread /data/src/10.2/sql/mysqld.cc:6493
|
#5 0x560b97f0eb6e in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6768
|
#6 0x560b97f0c9a5 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6042
|
#7 0x560b97ef6c3f in main /data/src/10.2/sql/main.cc:25
|
#8 0x7f15b62402b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/storage/innobase/mem/mem0mem.cc:56 mem_heap_dup(mem_block_info_t*, void const*, unsigned long)
|
Shadow bytes around the buggy address:
|
0x0c6080012040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c6080012050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c6080012060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c6080012070: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c6080012080: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c6080012090: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c60800120a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c60800120b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c60800120c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c60800120d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c60800120e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
==6644==ABORTING
|
--source include/have_innodb.inc
|
|
|
CREATE TABLE t1 ( |
pk INT, |
c BLOB NOT NULL, |
vc BLOB AS (c) VIRTUAL, |
i INT, |
PRIMARY KEY(pk), |
INDEX(vc(64)), |
UNIQUE(i) |
) ENGINE=InnoDB;
|
|
|
INSERT IGNORE INTO t1 (pk,c,i) VALUES (1,REPEAT('foo ',200),0); |
|
|
SELECT * FROM `t1` INTO OUTFILE 't1.data'; |
LOAD DATA INFILE 't1.data' REPLACE INTO TABLE t1; |
|
|
# Cleanup
|
DROP TABLE t1; |
==9857==ERROR: AddressSanitizer: heap-use-after-free on address 0x6190000e8421 at pc 0x55ee62b73153 bp 0x7f27d71a7f40 sp 0x7f27d71a7f38
|
READ of size 800 at 0x6190000e8421 thread T27
|
#0 0x55ee62b73152 in dfield_data_is_binary_equal /data/src/10.2/storage/innobase/include/data0data.ic:331
|
#1 0x55ee62b7c3ab in row_upd_build_difference_binary(dict_index_t*, dtuple_t const*, unsigned char const*, unsigned long const*, bool, trx_t*, mem_block_info_t*, TABLE*) /data/src/10.2/storage/innobase/row/row0upd.cc:1100
|
#2 0x55ee62a949da in row_ins_clust_index_entry_by_modify /data/src/10.2/storage/innobase/row/row0ins.cc:364
|
#3 0x55ee62a9e5c3 in row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t*, unsigned long, dtuple_t*, unsigned long, que_thr_t*, bool) /data/src/10.2/storage/innobase/row/row0ins.cc:2688
|
#4 0x55ee62aa0777 in row_ins_clust_index_entry(dict_index_t*, dtuple_t*, que_thr_t*, unsigned long, bool) /data/src/10.2/storage/innobase/row/row0ins.cc:3202
|
#5 0x55ee62aa0dc6 in row_ins_index_entry /data/src/10.2/storage/innobase/row/row0ins.cc:3314
|
#6 0x55ee62aa1805 in row_ins_index_entry_step /data/src/10.2/storage/innobase/row/row0ins.cc:3464
|
#7 0x55ee62aa20d0 in row_ins /data/src/10.2/storage/innobase/row/row0ins.cc:3606
|
#8 0x55ee62aa31d1 in row_ins_step(que_thr_t*) /data/src/10.2/storage/innobase/row/row0ins.cc:3843
|
#9 0x55ee62ad9a11 in row_insert_for_mysql(unsigned char const*, row_prebuilt_t*) /data/src/10.2/storage/innobase/row/row0mysql.cc:1469
|
#10 0x55ee628794c4 in ha_innobase::write_row(unsigned char*) /data/src/10.2/storage/innobase/handler/ha_innodb.cc:8595
|
#11 0x55ee620f75b0 in handler::ha_write_row(unsigned char*) /data/src/10.2/sql/handler.cc:6001
|
#12 0x55ee61aa1486 in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.2/sql/sql_insert.cc:1654
|
#13 0x55ee624d8ffe in read_sep_field /data/src/10.2/sql/sql_load.cc:1217
|
#14 0x55ee624d4e5e in mysql_load(THD*, sql_exchange*, TABLE_LIST*, List<Item>&, List<Item>&, List<Item>&, enum_duplicates, bool, bool) /data/src/10.2/sql/sql_load.cc:612
|
#15 0x55ee61b0099f in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4809
|
#16 0x55ee61b141e0 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7891
|
#17 0x55ee61aef69b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1806
|
#18 0x55ee61aec73f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1360
|
#19 0x55ee61e268d5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
|
#20 0x55ee61e262ea in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
#21 0x55ee6282f489 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
|
#22 0x7f27e7c0e493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#23 0x7f27e5ff493e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
|
|
0x6190000e8421 is located 161 bytes inside of 968-byte region [0x6190000e8380,0x6190000e8748)
|
freed by thread T27 here:
|
#0 0x7f27e7e78527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
|
#1 0x55ee629cc951 in mem_heap_block_free(mem_block_info_t*, mem_block_info_t*) /data/src/10.2/storage/innobase/mem/mem0mem.cc:440
|
#2 0x55ee62b71f96 in mem_heap_free_heap_top /data/src/10.2/storage/innobase/include/mem0mem.ic:272
|
#3 0x55ee62b720bd in mem_heap_empty /data/src/10.2/storage/innobase/include/mem0mem.ic:303
|
#4 0x55ee62b86787 in row_upd /data/src/10.2/storage/innobase/row/row0upd.cc:3310
|
#5 0x55ee62b86ead in row_upd_step(que_thr_t*) /data/src/10.2/storage/innobase/row/row0upd.cc:3407
|
#6 0x55ee62adc436 in row_update_for_mysql(row_prebuilt_t*) /data/src/10.2/storage/innobase/row/row0mysql.cc:1927
|
#7 0x55ee6287e109 in ha_innobase::delete_row(unsigned char const*) /data/src/10.2/storage/innobase/handler/ha_innodb.cc:9488
|
#8 0x55ee620f8420 in handler::ha_delete_row(unsigned char const*) /data/src/10.2/sql/handler.cc:6061
|
#9 0x55ee61aa12a0 in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.2/sql/sql_insert.cc:1892
|
#10 0x55ee624d8ffe in read_sep_field /data/src/10.2/sql/sql_load.cc:1217
|
#11 0x55ee624d4e5e in mysql_load(THD*, sql_exchange*, TABLE_LIST*, List<Item>&, List<Item>&, List<Item>&, enum_duplicates, bool, bool) /data/src/10.2/sql/sql_load.cc:612
|
#12 0x55ee61b0099f in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4809
|
#13 0x55ee61b141e0 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7891
|
#14 0x55ee61aef69b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1806
|
#15 0x55ee61aec73f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1360
|
#16 0x55ee61e268d5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
|
#17 0x55ee61e262ea in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
#18 0x55ee6282f489 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
|
#19 0x7f27e7c0e493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
previously allocated by thread T27 here:
|
#0 0x7f27e7e7873f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
|
#1 0x55ee629cbfdf in mem_heap_create_block_func(mem_block_info_t*, unsigned long, char const*, unsigned int, unsigned long) /data/src/10.2/storage/innobase/mem/mem0mem.cc:296
|
#2 0x55ee629cc6ee in mem_heap_add_block(mem_block_info_t*, unsigned long) /data/src/10.2/storage/innobase/mem/mem0mem.cc:397
|
#3 0x55ee62b1c4af in mem_heap_alloc /data/src/10.2/storage/innobase/include/mem0mem.ic:203
|
#4 0x55ee62b24827 in row_build_low /data/src/10.2/storage/innobase/row/row0row.cc:425
|
#5 0x55ee62b2526f in row_build(unsigned long, dict_index_t const*, unsigned char const*, unsigned long const*, dict_table_t const*, dtuple_t const*, unsigned long const*, row_ext_t**, mem_block_info_t*) /data/src/10.2/storage/innobase/row/row0row.cc:604
|
#6 0x55ee62b8091e in row_upd_store_row(upd_node_t*, THD*, TABLE*) /data/src/10.2/storage/innobase/row/row0upd.cc:2216
|
#7 0x55ee62b84843 in row_upd_del_mark_clust_rec /data/src/10.2/storage/innobase/row/row0upd.cc:2960
|
#8 0x55ee62b856d4 in row_upd_clust_step /data/src/10.2/storage/innobase/row/row0upd.cc:3144
|
#9 0x55ee62b8618b in row_upd /data/src/10.2/storage/innobase/row/row0upd.cc:3261
|
#10 0x55ee62b86ead in row_upd_step(que_thr_t*) /data/src/10.2/storage/innobase/row/row0upd.cc:3407
|
#11 0x55ee62adc436 in row_update_for_mysql(row_prebuilt_t*) /data/src/10.2/storage/innobase/row/row0mysql.cc:1927
|
#12 0x55ee6287e109 in ha_innobase::delete_row(unsigned char const*) /data/src/10.2/storage/innobase/handler/ha_innodb.cc:9488
|
#13 0x55ee620f8420 in handler::ha_delete_row(unsigned char const*) /data/src/10.2/sql/handler.cc:6061
|
#14 0x55ee61aa12a0 in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.2/sql/sql_insert.cc:1892
|
#15 0x55ee624d8ffe in read_sep_field /data/src/10.2/sql/sql_load.cc:1217
|
#16 0x55ee624d4e5e in mysql_load(THD*, sql_exchange*, TABLE_LIST*, List<Item>&, List<Item>&, List<Item>&, enum_duplicates, bool, bool) /data/src/10.2/sql/sql_load.cc:612
|
#17 0x55ee61b0099f in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4809
|
#18 0x55ee61b141e0 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7891
|
#19 0x55ee61aef69b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1806
|
#20 0x55ee61aec73f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1360
|
#21 0x55ee61e268d5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
|
#22 0x55ee61e262ea in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
|
#23 0x55ee6282f489 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
|
#24 0x7f27e7c0e493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
Thread T27 created by T0 here:
|
#0 0x7f27e7e47bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x55ee6282fa51 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912
|
#2 0x55ee618ee70f in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239
|
#3 0x55ee61903458 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6423
|
#4 0x55ee61903b5d in create_new_thread /data/src/10.2/sql/mysqld.cc:6493
|
#5 0x55ee61904b6e in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6768
|
#6 0x55ee619029a5 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6042
|
#7 0x55ee618ecc3f in main /data/src/10.2/sql/main.cc:25
|
#8 0x7f27e5f2c2b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/storage/innobase/include/data0data.ic:331 dfield_data_is_binary_equal
|
Shadow bytes around the buggy address:
|
0x0c3280015030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c3280015040: 00 00 00 04 fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280015050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280015060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c3280015070: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x0c3280015080: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
|
0x0c3280015090: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c32800150a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c32800150b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c32800150c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x0c32800150d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
==9857==ABORTING
|
Attachments
Issue Links
- blocks
-
-
- Closed
-
- causes
-
-
- Stalled
-
- is duplicated by
-
-
- Closed
-
- relates to
-
MDEV-5800 indexes on virtual (not materialized) columns
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
(3 relates to)