Details
Description
CREATE TABLE t5 ( |
i1 smallint(11) unsigned zerofill , |
e1 enum('','a') , |
b1 mediumblob /*!100301 COMPRESSED*/ , |
d2 date NOT NULL DEFAULT '1900-01-01', |
pk bigint(20) unsigned NOT NULL DEFAULT 0, |
d1 timestamp NULL , |
v1 varbinary(3362) ,
|
t1 time NOT NULL DEFAULT '00:00:00' |
);
|
|
INSERT INTO t5 VALUES (00000000004,'','ufhjdtv','1992-07-25',1,'2035-06-05 09:02:48','f','13:25:21'),(00000000001,'','jdt','1998-07-03',2,'1994-05-05 19:59:20','','09:09:19'),(00000000000,'','d','2007-12-05',3,'0000-00-00 00:00:00','tvs','02:51:15'); |
|
SELECT GROUP_CONCAT(t5.i1, IF(t5.e1, t5.b1, t5.e1), |
IF(t5.d1, t5.t1, t5.d1), t5.v1, |
IF(t5.i1, t5.i1, t5.d2), t5.v1, t5.b1 |
ORDER BY 2,6,1,7,4,3,5 SEPARATOR ';') |
FROM (t5 JOIN t5 AS tt ON (tt.pk != t5.pk)); |
10.3 commit 1748a31ae8d69e49
|
Version: '10.3.9-MariaDB-debug-log' socket: '/home/alice/git/10.3/mysql-test/var/tmp/mysqld.1.sock' port: 16000 Source distribution
|
=================================================================
|
==22714==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c00000cd70 at pc 0x7f2a7f953676 bp 0x7f2a73e24900 sp 0x7f2a73e240a8
|
READ of size 2 at 0x60c00000cd70 thread T5
|
#0 0x7f2a7f953675 in memcmp (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x77675)
|
#1 0x55ead621f4e2 in my_strnncoll_binary /home/alice/git/10.3/strings/ctype-bin.c:85
|
#2 0x55ead621f565 in my_strnncollsp_binary /home/alice/git/10.3/strings/ctype-bin.c:124
|
#3 0x55ead50bce36 in Field_blob::cmp(unsigned char const*, unsigned int, unsigned char const*, unsigned int) /home/alice/git/10.3/sql/field.cc:8364
|
#4 0x55ead50bd0de in Field_blob::cmp_max(unsigned char const*, unsigned char const*, unsigned int) /home/alice/git/10.3/sql/field.cc:8377
|
#5 0x55ead50e0c2b in Field_blob::cmp(unsigned char const*, unsigned char const*) /home/alice/git/10.3/sql/field.h:3651
|
#6 0x55ead5340596 in group_concat_key_cmp_with_order /home/alice/git/10.3/sql/item_sum.cc:3525
|
#7 0x55ead61cf79f in tree_insert /home/alice/git/10.3/mysys/tree.c:250
|
#8 0x55ead5344292 in Item_func_group_concat::add() /home/alice/git/10.3/sql/item_sum.cc:3880
|
#9 0x55ead53480c5 in Aggregator_simple::add() /home/alice/git/10.3/sql/item_sum.h:706
|
#10 0x55ead4b92fd7 in Item_sum::aggregator_add() (/home/alice/git/10.3/sql/mysqld+0x10ecfd7)
|
#11 0x55ead4b77c97 in update_sum_func /home/alice/git/10.3/sql/sql_select.cc:24207
|
#12 0x55ead4b60650 in end_send_group(JOIN*, st_join_table*, bool) /home/alice/git/10.3/sql/sql_select.cc:20664
|
#13 0x55ead4e0c908 in JOIN_CACHE::generate_full_extensions(unsigned char*) /home/alice/git/10.3/sql/sql_join_cache.cc:2400
|
#14 0x55ead4e0c223 in JOIN_CACHE::join_matching_records(bool) /home/alice/git/10.3/sql/sql_join_cache.cc:2292
|
#15 0x55ead4e0abb6 in JOIN_CACHE::join_records(bool) /home/alice/git/10.3/sql/sql_join_cache.cc:2088
|
#16 0x55ead4b55295 in sub_select_cache(JOIN*, st_join_table*, bool) /home/alice/git/10.3/sql/sql_select.cc:19051
|
#17 0x55ead4b55772 in sub_select(JOIN*, st_join_table*, bool) /home/alice/git/10.3/sql/sql_select.cc:19222
|
#18 0x55ead4b543e6 in do_select /home/alice/git/10.3/sql/sql_select.cc:18813
|
#19 0x55ead4af3c0c in JOIN::exec_inner() /home/alice/git/10.3/sql/sql_select.cc:4021
|
#20 0x55ead4af1951 in JOIN::exec() /home/alice/git/10.3/sql/sql_select.cc:3815
|
#21 0x55ead4af4d23 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/alice/git/10.3/sql/sql_select.cc:4220
|
#22 0x55ead4ad0568 in handle_select(THD*, LEX*, select_result*, unsigned long) /home/alice/git/10.3/sql/sql_select.cc:382
|
#23 0x55ead4a560b9 in execute_sqlcom_select /home/alice/git/10.3/sql/sql_parse.cc:6542
|
#24 0x55ead4a448cc in mysql_execute_command(THD*) /home/alice/git/10.3/sql/sql_parse.cc:3765
|
#25 0x55ead4a5e9c7 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/alice/git/10.3/sql/sql_parse.cc:8073
|
#26 0x55ead4a396ae in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/alice/git/10.3/sql/sql_parse.cc:1847
|
#27 0x55ead4a36846 in do_command(THD*) /home/alice/git/10.3/sql/sql_parse.cc:1392
|
#28 0x55ead4d85ca1 in do_handle_one_connection(CONNECT*) /home/alice/git/10.3/sql/sql_connect.cc:1402
|
#29 0x55ead4d8567e in handle_one_connection /home/alice/git/10.3/sql/sql_connect.cc:1308
|
#30 0x55ead609d1d4 in pfs_spawn_thread /home/alice/git/10.3/storage/perfschema/pfs.cc:1862
|
#31 0x7f2a7e7886b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
|
#32 0x7f2a7dc1d41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
|
without ASAN it returns: ZLIB: Input data corrupted
CURRENT_TEST: main.1_my
|
mysqltest: At line 20: query 'SELECT GROUP_CONCAT(t5.i1, IF(t5.e1, t5.b1, t5.e1),
|
IF(t5.d1, t5.t1, t5.d1), t5.v1,
|
IF(t5.i1, t5.i1, t5.d2), t5.v1, t5.b1
|
ORDER BY 2,6,1,7,4,3,5 SEPARATOR ';')
|
FROM (t5 JOIN t5 AS tt ON (tt.pk != t5.pk))' failed: 1259: ZLIB: Input data corrupted
|
Attachments
Issue Links
- relates to
-
MDEV-14391 InnoDB crash, memory corruption
- Closed
-
MDEV-16698 ASAN: heap-use-after-free in field_longstr::uncompress
- Closed
-
MDEV-20619 AddressSanitizer: heap-use-after-free in my_strnncollsp_simple or my_strnncoll_binary upon SELECT with partitions and virtual columns
- Closed
-
MDEV-31845 UBSAN: runtime error: null pointer passed as argument 2, which is declared to never be null in my_strnncoll_binary on SELECT
- Confirmed