Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16680

[draft] ASAN use-after-poison in JOIN::cleanup, SEGV in String::free()

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.3
    • None
    • None
    • None

    Description

      10.3 186a998b5b932851d64666c92e3062c9e997e77b

      =================================================================
      		 
      ==23117==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x55ab8241634e bp 0x7fe13614d100 sp 0x7fe13614d0f0 T33)
      		 
          #0 0x55ab8241634d in String::free() /home/alice/git/10.3/sql/sql_string.h:355
      		 
          #1 0x55ab824161a7 in String::~String() /home/alice/git/10.3/sql/sql_string.h:196
      		 
          #2 0x55ab825b9240 in Copy_field::~Copy_field() /home/alice/git/10.3/sql/field.h:4766
      		 
          #3 0x55ab825bd3c1 in TMP_TABLE_PARAM::cleanup() /home/alice/git/10.3/sql/sql_class.h:5515
      		 
          #4 0x55ab825bd294 in TMP_TABLE_PARAM::~TMP_TABLE_PARAM() /home/alice/git/10.3/sql/sql_class.h:5508
      		 
          #5 0x55ab827674e8 in JOIN::cleanup(bool) /home/alice/git/10.3/sql/sql_select.cc:12724
      		 
          #6 0x55ab8272db49 in JOIN::destroy() /home/alice/git/10.3/sql/sql_select.cc:4047
      		 
          #7 0x55ab828c8c88 in st_select_lex::cleanup() /home/alice/git/10.3/sql/sql_union.cc:1952
      		 
          #8 0x55ab8272ea8e in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/alice/git/10.3/sql/sql_select.cc:4232
      		 
          #9 0x55ab8270a138 in handle_select(THD*, LEX*, select_result*, unsigned long) /home/alice/git/10.3/sql/sql_select.cc:382
      		 
          #10 0x55ab8268fc89 in execute_sqlcom_select /home/alice/git/10.3/sql/sql_parse.cc:6542
      		 
          #11 0x55ab8267e49c in mysql_execute_command(THD*) /home/alice/git/10.3/sql/sql_parse.cc:3765
      		 
          #12 0x55ab82698597 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/alice/git/10.3/sql/sql_parse.cc:8073
      		 
          #13 0x55ab8267327e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/alice/git/10.3/sql/sql_parse.cc:1847
      		 
          #14 0x55ab82670416 in do_command(THD*) /home/alice/git/10.3/sql/sql_parse.cc:1392
      		 
          #15 0x55ab829bf871 in do_handle_one_connection(CONNECT*) /home/alice/git/10.3/sql/sql_connect.cc:1402
      		 
          #16 0x55ab829bf24e in handle_one_connection /home/alice/git/10.3/sql/sql_connect.cc:1308
      		 
          #17 0x7fe1643506b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
      		 
          #18 0x7fe1637e541c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)


      ==11811==ERROR: AddressSanitizer: use-after-poison on address 0x629000ec4c60 at pc 0x55d6f1cb3457 bp 0x7fcf71b731b0 sp 0x7fcf71b731a0
      		 
      READ of size 8 at 0x629000ec4c60 thread T33
      		 
          #0 0x55d6f1cb3456 in JOIN::cleanup(bool) /home/alice/git/10.3/sql/sql_select.cc:12723
      		 
          #1 0x55d6f1c79b49 in JOIN::destroy() /home/alice/git/10.3/sql/sql_select.cc:4047
      		 
          #2 0x55d6f1e14c88 in st_select_lex::cleanup() /home/alice/git/10.3/sql/sql_union.cc:1952
      		 
          #3 0x55d6f1c7aa8e in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/alice/git/10.3/sql/sql_select.cc:4232
      		 
          #4 0x55d6f1c56138 in handle_select(THD*, LEX*, select_result*, unsigned long) /home/alice/git/10.3/sql/sql_select.cc:382
      		 
          #5 0x55d6f1bdbc89 in execute_sqlcom_select /home/alice/git/10.3/sql/sql_parse.cc:6542
      		 
          #6 0x55d6f1bca49c in mysql_execute_command(THD*) /home/alice/git/10.3/sql/sql_parse.cc:3765
      		 
          #7 0x55d6f1be4597 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/alice/git/10.3/sql/sql_parse.cc:8073
      		 
          #8 0x55d6f1bbf27e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/alice/git/10.3/sql/sql_parse.cc:1847
      		 
          #9 0x55d6f1bbc416 in do_command(THD*) /home/alice/git/10.3/sql/sql_parse.cc:1392
      		 
          #10 0x55d6f1f0b871 in do_handle_one_connection(CONNECT*) /home/alice/git/10.3/sql/sql_connect.cc:1402
      		 
          #11 0x55d6f1f0b24e in handle_one_connection /home/alice/git/10.3/sql/sql_connect.cc:1308
      		 
          #12 0x7fcf9ff816b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
      		 
          #13 0x7fcf9f41641c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)


      Version: '10.3.9-MariaDB-debug-log'  socket: '/home/alice/aliska/3/current1_4/mysql.sock'  port: 13060  Source distribution
      		 
      =================================================================
      		 
      ==4627==ERROR: AddressSanitizer: use-after-poison on address 0x62900120a2d8 at pc 0x5594caf20457 bp 0x7f6cb24defb0 sp 0x7f6cb24defa0
      		 
      READ of size 8 at 0x62900120a2d8 thread T32
      		 
          #0 0x5594caf20456 in JOIN::cleanup(bool) /home/alice/git/10.3/sql/sql_select.cc:12723
      		 
          #1 0x5594caf1f8f3 in JOIN::join_free() /home/alice/git/10.3/sql/sql_select.cc:12616
      		 
          #2 0x5594caf23fb4 in return_zero_rows /home/alice/git/10.3/sql/sql_select.cc:13235
      		 
          #3 0x5594caee5f4d in JOIN::exec_inner() /home/alice/git/10.3/sql/sql_select.cc:3956
      		 
          #4 0x5594caee4521 in JOIN::exec() /home/alice/git/10.3/sql/sql_select.cc:3815
      		 
          #5 0x5594caee78f3 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/alice/git/10.3/sql/sql_select.cc:4220
      		 
          #6 0x5594caec3138 in handle_select(THD*, LEX*, select_result*, unsigned long) /home/alice/git/10.3/sql/sql_select.cc:382
      		 
          #7 0x5594cae48c89 in execute_sqlcom_select /home/alice/git/10.3/sql/sql_parse.cc:6542
      		 
          #8 0x5594cae3749c in mysql_execute_command(THD*) /home/alice/git/10.3/sql/sql_parse.cc:3765
      		 
          #9 0x5594cae51597 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/alice/git/10.3/sql/sql_parse.cc:8073
      		 
          #10 0x5594cae2c27e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/alice/git/10.3/sql/sql_parse.cc:1847
      		 
          #11 0x5594cae29416 in do_command(THD*) /home/alice/git/10.3/sql/sql_parse.cc:1392
      		 
          #12 0x5594cb178871 in do_handle_one_connection(CONNECT*) /home/alice/git/10.3/sql/sql_connect.cc:1402
      		 
          #13 0x5594cb17824e in handle_one_connection /home/alice/git/10.3/sql/sql_connect.cc:1308
      		 
          #14 0x7f6ce06726b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
      		 
          #15 0x7f6cdfb0741c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-13355 Assertion `using_unique_constraint || group_buff <= param->group_buff + param->group_length' failed in create_tmp_table

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              alice Alice Sherepa
              alice Alice Sherepa
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.