Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16932

ASAN heap-use-after-free in my_charlen_utf8 / my_well_formed_char_length_utf8 on 2nd execution of SP with ALTER trying to add bad CHECK

Details

    Description

      Note: it might be the same problem as MDEV-16788, but the stack trace and the test case are different, so before closing it as a duplicate please make sure that the patch for MDEV-16788 does actually fix the problem here.

      CREATE TABLE t1 (a INT);
      		 
      CREATE PROCEDURE sp() ALTER TABLE t1 ADD CONSTRAINT CHECK (b > 0);
      		 
      --error ER_BAD_FIELD_ERROR
      		 
      CALL sp;
      		 
      --error ER_BAD_FIELD_ERROR
      		 
      CALL sp;
      		 
       
      		 
      # Cleanup
      		 
      DROP PROCEDURE sp;
      		 
      DROP TABLE t1;

      10.2 4ddcb4eb46c6

      		 
      ==1816==ERROR: AddressSanitizer: heap-use-after-free on address 0x6250000dcba0 at pc 0x55887fd9bdce bp 0x7f0212486450 sp 0x7f0212486448
      		 
      READ of size 1 at 0x6250000dcba0 thread T5
      		 
          #0 0x55887fd9bdcd in my_charlen_utf8 /data/src/10.2/strings/ctype-utf8.c:5400
      		 
          #1 0x55887fd9be39 in my_well_formed_char_length_utf8 /data/src/10.2/strings/ctype-mb.ic:187
      		 
          #2 0x55887e575d82 in Well_formed_prefix_status::Well_formed_prefix_status(charset_info_st const*, char const*, char const*, unsigned long) /data/src/10.2/sql/sql_string.h:62
      		 
          #3 0x55887e575dc8 in Well_formed_prefix::Well_formed_prefix(charset_info_st const*, char const*, unsigned long, unsigned long) /data/src/10.2/sql/sql_string.h:76
      		 
          #4 0x55887e6c5ec1 in check_string_char_length(st_mysql_lex_string*, unsigned int, unsigned int, charset_info_st const*, bool) /data/src/10.2/sql/sql_parse.cc:9824
      		 
          #5 0x55887e8994e4 in mysql_prepare_create_table /data/src/10.2/sql/sql_table.cc:4209
      		 
          #6 0x55887e89c669 in mysql_create_frm_image(THD*, char const*, char const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /data/src/10.2/sql/sql_table.cc:4656
      		 
          #7 0x55887e89dbc1 in create_table_impl /data/src/10.2/sql/sql_table.cc:4902
      		 
          #8 0x55887e8b8e28 in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.2/sql/sql_table.cc:9248
      		 
          #9 0x55887e9e3709 in Sql_cmd_alter_table::execute(THD*) /data/src/10.2/sql/sql_alter.cc:324
      		 
          #10 0x55887e6b0230 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6225
      		 
          #11 0x55887f031ead in sp_instr_stmt::exec_core(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3246
      		 
          #12 0x55887f030af9 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /data/src/10.2/sql/sp_head.cc:3009
      		 
          #13 0x55887f031777 in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3162
      		 
          #14 0x55887f027078 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1327
      		 
          #15 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
      		 
          #16 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
      		 
          #17 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
      		 
          #18 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
      		 
          #19 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
      		 
          #20 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
      		 
          #21 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
      		 
          #22 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
      		 
          #23 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
      		 
          #24 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
      		 
          #25 0x7f021ccf893e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
      		 
       
      		 
      0x6250000dcba0 is located 2720 bytes inside of 8268-byte region [0x6250000dc100,0x6250000de14c)
      		 
      freed by thread T5 here:
      		 
          #0 0x7f021eb7c527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
      		 
          #1 0x55887fd06a2b in free_memory /data/src/10.2/mysys/safemalloc.c:279
      		 
          #2 0x55887fd06031 in sf_free /data/src/10.2/mysys/safemalloc.c:197
      		 
          #3 0x55887fcd522a in my_free /data/src/10.2/mysys/my_malloc.c:217
      		 
          #4 0x55887fcb68a0 in free_root /data/src/10.2/mysys/my_alloc.c:398
      		 
          #5 0x55887f027216 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1346
      		 
          #6 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
      		 
          #7 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
      		 
          #8 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
      		 
          #9 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
      		 
          #10 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
      		 
          #11 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
      		 
          #12 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
      		 
          #13 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
      		 
          #14 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
      		 
          #15 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
      		 
       
      		 
      previously allocated by thread T5 here:
      		 
          #0 0x7f021eb7c73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
      		 
          #1 0x55887fd057a1 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
      		 
          #2 0x55887fcd4962 in my_malloc /data/src/10.2/mysys/my_malloc.c:101
      		 
          #3 0x55887fcb5805 in alloc_root /data/src/10.2/mysys/my_alloc.c:241
      		 
          #4 0x55887e6ca1c1 in Query_arena::memdup_w_gap(void const*, unsigned long, unsigned int) /data/src/10.2/sql/sql_class.h:986
      		 
          #5 0x55887e699d66 in alloc_query(THD*, char const*, unsigned int) /data/src/10.2/sql/sql_parse.cc:2647
      		 
          #6 0x55887f031663 in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3150
      		 
          #7 0x55887f027078 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1327
      		 
          #8 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
      		 
          #9 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
      		 
          #10 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
      		 
          #11 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
      		 
          #12 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
      		 
          #13 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
      		 
          #14 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
      		 
          #15 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
      		 
          #16 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
      		 
          #17 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
      		 
       
      		 
      Thread T5 created by T0 here:
      		 
          #0 0x7f021eb4bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
      		 
          #1 0x55887f3e4eb5 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912
      		 
          #2 0x55887e48fd8e in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239
      		 
          #3 0x55887e4a4cb6 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6457
      		 
          #4 0x55887e4a53bb in create_new_thread /data/src/10.2/sql/mysqld.cc:6527
      		 
          #5 0x55887e4a63d2 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6802
      		 
          #6 0x55887e4a420b in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6076
      		 
          #7 0x55887e48e12f in main /data/src/10.2/sql/main.cc:25
      		 
          #8 0x7f021cc302b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
      		 
       
      		 
      SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/strings/ctype-utf8.c:5400 my_charlen_utf8
      		 
      Shadow bytes around the buggy address:
      		 
        0x0c4a80013920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80013930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80013940: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80013950: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80013960: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
      =>0x0c4a80013970: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80013980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a80013990: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a800139a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a800139b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x0c4a800139c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Heap right redzone:      fb
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack partial redzone:   f4
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Contiguous container OOB:fc
      		 
        ASan internal:           fe
      		 
      ==1816==ABORTING

      Reproducible with at least MyISAM and InnoDB.

      Valgrind fails in a similar fashion.
      Non-ASAN builds don't crash, but with some luck fail with an odd error indicating a corruption. e.g.:

      mysqltest: At line 6: query 'CALL sp' failed with wrong errno 1059: 'Identifier name '' is too long', instead of 1054...

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-16788 2nd execution of SP: ASAN heap-use-after-free in my_strcasecmp_utf8 or Assertion `ls->length < 0xFFFFFFFFL && ((ls->length == 0 && !ls->str) || ls->length == strlen(ls->str))' or unexpected ER_TOO_LONG_IDENT

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            elenst Elena Stepanova created issue -
            elenst Elena Stepanova made changes -
            Field Original Value New Value
            Description {code:sql}
            CREATE TABLE t1 (a INT);
            CREATE PROCEDURE sp() ALTER TABLE t1 ADD CONSTRAINT CHECK (b > 0);
            --error ER_BAD_FIELD_ERROR
            CALL sp;
            --error ER_BAD_FIELD_ERROR
            CALL sp;

            # Cleanup
            DROP PROCEDURE sp;
            DROP TABLE t1;
            {code}

            {noformat:title=10.2 4ddcb4eb46c6}
            ==1816==ERROR: AddressSanitizer: heap-use-after-free on address 0x6250000dcba0 at pc 0x55887fd9bdce bp 0x7f0212486450 sp 0x7f0212486448
            READ of size 1 at 0x6250000dcba0 thread T5
                #0 0x55887fd9bdcd in my_charlen_utf8 /data/src/10.2/strings/ctype-utf8.c:5400
                #1 0x55887fd9be39 in my_well_formed_char_length_utf8 /data/src/10.2/strings/ctype-mb.ic:187
                #2 0x55887e575d82 in Well_formed_prefix_status::Well_formed_prefix_status(charset_info_st const*, char const*, char const*, unsigned long) /data/src/10.2/sql/sql_string.h:62
                #3 0x55887e575dc8 in Well_formed_prefix::Well_formed_prefix(charset_info_st const*, char const*, unsigned long, unsigned long) /data/src/10.2/sql/sql_string.h:76
                #4 0x55887e6c5ec1 in check_string_char_length(st_mysql_lex_string*, unsigned int, unsigned int, charset_info_st const*, bool) /data/src/10.2/sql/sql_parse.cc:9824
                #5 0x55887e8994e4 in mysql_prepare_create_table /data/src/10.2/sql/sql_table.cc:4209
                #6 0x55887e89c669 in mysql_create_frm_image(THD*, char const*, char const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /data/src/10.2/sql/sql_table.cc:4656
                #7 0x55887e89dbc1 in create_table_impl /data/src/10.2/sql/sql_table.cc:4902
                #8 0x55887e8b8e28 in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.2/sql/sql_table.cc:9248
                #9 0x55887e9e3709 in Sql_cmd_alter_table::execute(THD*) /data/src/10.2/sql/sql_alter.cc:324
                #10 0x55887e6b0230 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6225
                #11 0x55887f031ead in sp_instr_stmt::exec_core(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3246
                #12 0x55887f030af9 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /data/src/10.2/sql/sp_head.cc:3009
                #13 0x55887f031777 in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3162
                #14 0x55887f027078 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1327
                #15 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
                #16 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
                #17 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
                #18 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
                #19 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
                #20 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
                #21 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
                #22 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
                #23 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
                #24 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
                #25 0x7f021ccf893e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

            0x6250000dcba0 is located 2720 bytes inside of 8268-byte region [0x6250000dc100,0x6250000de14c)
            freed by thread T5 here:
                #0 0x7f021eb7c527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
                #1 0x55887fd06a2b in free_memory /data/src/10.2/mysys/safemalloc.c:279
                #2 0x55887fd06031 in sf_free /data/src/10.2/mysys/safemalloc.c:197
                #3 0x55887fcd522a in my_free /data/src/10.2/mysys/my_malloc.c:217
                #4 0x55887fcb68a0 in free_root /data/src/10.2/mysys/my_alloc.c:398
                #5 0x55887f027216 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1346
                #6 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
                #7 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
                #8 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
                #9 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
                #10 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
                #11 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
                #12 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
                #13 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
                #14 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
                #15 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

            previously allocated by thread T5 here:
                #0 0x7f021eb7c73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
                #1 0x55887fd057a1 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
                #2 0x55887fcd4962 in my_malloc /data/src/10.2/mysys/my_malloc.c:101
                #3 0x55887fcb5805 in alloc_root /data/src/10.2/mysys/my_alloc.c:241
                #4 0x55887e6ca1c1 in Query_arena::memdup_w_gap(void const*, unsigned long, unsigned int) /data/src/10.2/sql/sql_class.h:986
                #5 0x55887e699d66 in alloc_query(THD*, char const*, unsigned int) /data/src/10.2/sql/sql_parse.cc:2647
                #6 0x55887f031663 in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3150
                #7 0x55887f027078 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1327
                #8 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
                #9 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
                #10 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
                #11 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
                #12 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
                #13 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
                #14 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
                #15 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
                #16 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
                #17 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

            Thread T5 created by T0 here:
                #0 0x7f021eb4bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
                #1 0x55887f3e4eb5 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912
                #2 0x55887e48fd8e in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239
                #3 0x55887e4a4cb6 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6457
                #4 0x55887e4a53bb in create_new_thread /data/src/10.2/sql/mysqld.cc:6527
                #5 0x55887e4a63d2 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6802
                #6 0x55887e4a420b in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6076
                #7 0x55887e48e12f in main /data/src/10.2/sql/main.cc:25
                #8 0x7f021cc302b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

            SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/strings/ctype-utf8.c:5400 my_charlen_utf8
            Shadow bytes around the buggy address:
              0x0c4a80013920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013940: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013950: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013960: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            =>0x0c4a80013970: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013990: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a800139a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a800139b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a800139c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            Shadow byte legend (one shadow byte represents 8 application bytes):
              Addressable: 00
              Partially addressable: 01 02 03 04 05 06 07
              Heap left redzone: fa
              Heap right redzone: fb
              Freed heap region: fd
              Stack left redzone: f1
              Stack mid redzone: f2
              Stack right redzone: f3
              Stack partial redzone: f4
              Stack after return: f5
              Stack use after scope: f8
              Global redzone: f9
              Global init order: f6
              Poisoned by user: f7
              Contiguous container OOB:fc
              ASan internal: fe
            ==1816==ABORTING
            {noformat}

            Reproducible with at least MyISAM and InnoDB.

            Valgrind fails in a similar fashion.
            Non-ASAN builds don't crash, but with some luck fail with an odd error indicating a corruption. e.g.:
            {noformat}
            mysqltest: At line 6: query 'CALL sp' failed with wrong errno 1059: 'Identifier name '' is too long', instead of 1054...
            {noformat}             		Note: it might be the same problem as MDEV-16788, but the stack trace and the test case are different, so before closing it as a duplicate please make sure that the patch for MDEV-16788 does actually fix the problem here.

            {code:sql}
            CREATE TABLE t1 (a INT);
            CREATE PROCEDURE sp() ALTER TABLE t1 ADD CONSTRAINT CHECK (b > 0);
            --error ER_BAD_FIELD_ERROR
            CALL sp;
            --error ER_BAD_FIELD_ERROR
            CALL sp;

            # Cleanup
            DROP PROCEDURE sp;
            DROP TABLE t1;
            {code}

            {noformat:title=10.2 4ddcb4eb46c6}
            ==1816==ERROR: AddressSanitizer: heap-use-after-free on address 0x6250000dcba0 at pc 0x55887fd9bdce bp 0x7f0212486450 sp 0x7f0212486448
            READ of size 1 at 0x6250000dcba0 thread T5
                #0 0x55887fd9bdcd in my_charlen_utf8 /data/src/10.2/strings/ctype-utf8.c:5400
                #1 0x55887fd9be39 in my_well_formed_char_length_utf8 /data/src/10.2/strings/ctype-mb.ic:187
                #2 0x55887e575d82 in Well_formed_prefix_status::Well_formed_prefix_status(charset_info_st const*, char const*, char const*, unsigned long) /data/src/10.2/sql/sql_string.h:62
                #3 0x55887e575dc8 in Well_formed_prefix::Well_formed_prefix(charset_info_st const*, char const*, unsigned long, unsigned long) /data/src/10.2/sql/sql_string.h:76
                #4 0x55887e6c5ec1 in check_string_char_length(st_mysql_lex_string*, unsigned int, unsigned int, charset_info_st const*, bool) /data/src/10.2/sql/sql_parse.cc:9824
                #5 0x55887e8994e4 in mysql_prepare_create_table /data/src/10.2/sql/sql_table.cc:4209
                #6 0x55887e89c669 in mysql_create_frm_image(THD*, char const*, char const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /data/src/10.2/sql/sql_table.cc:4656
                #7 0x55887e89dbc1 in create_table_impl /data/src/10.2/sql/sql_table.cc:4902
                #8 0x55887e8b8e28 in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.2/sql/sql_table.cc:9248
                #9 0x55887e9e3709 in Sql_cmd_alter_table::execute(THD*) /data/src/10.2/sql/sql_alter.cc:324
                #10 0x55887e6b0230 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6225
                #11 0x55887f031ead in sp_instr_stmt::exec_core(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3246
                #12 0x55887f030af9 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /data/src/10.2/sql/sp_head.cc:3009
                #13 0x55887f031777 in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3162
                #14 0x55887f027078 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1327
                #15 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
                #16 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
                #17 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
                #18 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
                #19 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
                #20 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
                #21 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
                #22 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
                #23 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
                #24 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
                #25 0x7f021ccf893e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

            0x6250000dcba0 is located 2720 bytes inside of 8268-byte region [0x6250000dc100,0x6250000de14c)
            freed by thread T5 here:
                #0 0x7f021eb7c527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
                #1 0x55887fd06a2b in free_memory /data/src/10.2/mysys/safemalloc.c:279
                #2 0x55887fd06031 in sf_free /data/src/10.2/mysys/safemalloc.c:197
                #3 0x55887fcd522a in my_free /data/src/10.2/mysys/my_malloc.c:217
                #4 0x55887fcb68a0 in free_root /data/src/10.2/mysys/my_alloc.c:398
                #5 0x55887f027216 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1346
                #6 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
                #7 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
                #8 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
                #9 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
                #10 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
                #11 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
                #12 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
                #13 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
                #14 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
                #15 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

            previously allocated by thread T5 here:
                #0 0x7f021eb7c73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
                #1 0x55887fd057a1 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
                #2 0x55887fcd4962 in my_malloc /data/src/10.2/mysys/my_malloc.c:101
                #3 0x55887fcb5805 in alloc_root /data/src/10.2/mysys/my_alloc.c:241
                #4 0x55887e6ca1c1 in Query_arena::memdup_w_gap(void const*, unsigned long, unsigned int) /data/src/10.2/sql/sql_class.h:986
                #5 0x55887e699d66 in alloc_query(THD*, char const*, unsigned int) /data/src/10.2/sql/sql_parse.cc:2647
                #6 0x55887f031663 in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3150
                #7 0x55887f027078 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1327
                #8 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
                #9 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
                #10 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
                #11 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
                #12 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
                #13 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
                #14 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
                #15 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
                #16 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
                #17 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

            Thread T5 created by T0 here:
                #0 0x7f021eb4bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
                #1 0x55887f3e4eb5 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912
                #2 0x55887e48fd8e in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239
                #3 0x55887e4a4cb6 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6457
                #4 0x55887e4a53bb in create_new_thread /data/src/10.2/sql/mysqld.cc:6527
                #5 0x55887e4a63d2 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6802
                #6 0x55887e4a420b in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6076
                #7 0x55887e48e12f in main /data/src/10.2/sql/main.cc:25
                #8 0x7f021cc302b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

            SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/strings/ctype-utf8.c:5400 my_charlen_utf8
            Shadow bytes around the buggy address:
              0x0c4a80013920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013940: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013950: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013960: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            =>0x0c4a80013970: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013990: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a800139a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a800139b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a800139c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            Shadow byte legend (one shadow byte represents 8 application bytes):
              Addressable: 00
              Partially addressable: 01 02 03 04 05 06 07
              Heap left redzone: fa
              Heap right redzone: fb
              Freed heap region: fd
              Stack left redzone: f1
              Stack mid redzone: f2
              Stack right redzone: f3
              Stack partial redzone: f4
              Stack after return: f5
              Stack use after scope: f8
              Global redzone: f9
              Global init order: f6
              Poisoned by user: f7
              Contiguous container OOB:fc
              ASan internal: fe
            ==1816==ABORTING
            {noformat}

            Reproducible with at least MyISAM and InnoDB.

            Valgrind fails in a similar fashion.
            Non-ASAN builds don't crash, but with some luck fail with an odd error indicating a corruption. e.g.:
            {noformat}
            mysqltest: At line 6: query 'CALL sp' failed with wrong errno 1059: 'Identifier name '' is too long', instead of 1054...
            {noformat}
            elenst Elena Stepanova made changes -
            elenst Elena Stepanova made changes -
            Assignee Oleksandr Byelkin [ sanja ] Sergei Golubchik [ serg ]
            Description Note: it might be the same problem as MDEV-16788, but the stack trace and the test case are different, so before closing it as a duplicate please make sure that the patch for MDEV-16788 does actually fix the problem here.

            {code:sql}
            CREATE TABLE t1 (a INT);
            CREATE PROCEDURE sp() ALTER TABLE t1 ADD CONSTRAINT CHECK (b > 0);
            --error ER_BAD_FIELD_ERROR
            CALL sp;
            --error ER_BAD_FIELD_ERROR
            CALL sp;

            # Cleanup
            DROP PROCEDURE sp;
            DROP TABLE t1;
            {code}

            {noformat:title=10.2 4ddcb4eb46c6}
            ==1816==ERROR: AddressSanitizer: heap-use-after-free on address 0x6250000dcba0 at pc 0x55887fd9bdce bp 0x7f0212486450 sp 0x7f0212486448
            READ of size 1 at 0x6250000dcba0 thread T5
                #0 0x55887fd9bdcd in my_charlen_utf8 /data/src/10.2/strings/ctype-utf8.c:5400
                #1 0x55887fd9be39 in my_well_formed_char_length_utf8 /data/src/10.2/strings/ctype-mb.ic:187
                #2 0x55887e575d82 in Well_formed_prefix_status::Well_formed_prefix_status(charset_info_st const*, char const*, char const*, unsigned long) /data/src/10.2/sql/sql_string.h:62
                #3 0x55887e575dc8 in Well_formed_prefix::Well_formed_prefix(charset_info_st const*, char const*, unsigned long, unsigned long) /data/src/10.2/sql/sql_string.h:76
                #4 0x55887e6c5ec1 in check_string_char_length(st_mysql_lex_string*, unsigned int, unsigned int, charset_info_st const*, bool) /data/src/10.2/sql/sql_parse.cc:9824
                #5 0x55887e8994e4 in mysql_prepare_create_table /data/src/10.2/sql/sql_table.cc:4209
                #6 0x55887e89c669 in mysql_create_frm_image(THD*, char const*, char const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /data/src/10.2/sql/sql_table.cc:4656
                #7 0x55887e89dbc1 in create_table_impl /data/src/10.2/sql/sql_table.cc:4902
                #8 0x55887e8b8e28 in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.2/sql/sql_table.cc:9248
                #9 0x55887e9e3709 in Sql_cmd_alter_table::execute(THD*) /data/src/10.2/sql/sql_alter.cc:324
                #10 0x55887e6b0230 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6225
                #11 0x55887f031ead in sp_instr_stmt::exec_core(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3246
                #12 0x55887f030af9 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /data/src/10.2/sql/sp_head.cc:3009
                #13 0x55887f031777 in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3162
                #14 0x55887f027078 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1327
                #15 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
                #16 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
                #17 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
                #18 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
                #19 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
                #20 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
                #21 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
                #22 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
                #23 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
                #24 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
                #25 0x7f021ccf893e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

            0x6250000dcba0 is located 2720 bytes inside of 8268-byte region [0x6250000dc100,0x6250000de14c)
            freed by thread T5 here:
                #0 0x7f021eb7c527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
                #1 0x55887fd06a2b in free_memory /data/src/10.2/mysys/safemalloc.c:279
                #2 0x55887fd06031 in sf_free /data/src/10.2/mysys/safemalloc.c:197
                #3 0x55887fcd522a in my_free /data/src/10.2/mysys/my_malloc.c:217
                #4 0x55887fcb68a0 in free_root /data/src/10.2/mysys/my_alloc.c:398
                #5 0x55887f027216 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1346
                #6 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
                #7 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
                #8 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
                #9 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
                #10 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
                #11 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
                #12 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
                #13 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
                #14 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
                #15 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

            previously allocated by thread T5 here:
                #0 0x7f021eb7c73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
                #1 0x55887fd057a1 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
                #2 0x55887fcd4962 in my_malloc /data/src/10.2/mysys/my_malloc.c:101
                #3 0x55887fcb5805 in alloc_root /data/src/10.2/mysys/my_alloc.c:241
                #4 0x55887e6ca1c1 in Query_arena::memdup_w_gap(void const*, unsigned long, unsigned int) /data/src/10.2/sql/sql_class.h:986
                #5 0x55887e699d66 in alloc_query(THD*, char const*, unsigned int) /data/src/10.2/sql/sql_parse.cc:2647
                #6 0x55887f031663 in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3150
                #7 0x55887f027078 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1327
                #8 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
                #9 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
                #10 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
                #11 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
                #12 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
                #13 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
                #14 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
                #15 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
                #16 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
                #17 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

            Thread T5 created by T0 here:
                #0 0x7f021eb4bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
                #1 0x55887f3e4eb5 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912
                #2 0x55887e48fd8e in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239
                #3 0x55887e4a4cb6 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6457
                #4 0x55887e4a53bb in create_new_thread /data/src/10.2/sql/mysqld.cc:6527
                #5 0x55887e4a63d2 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6802
                #6 0x55887e4a420b in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6076
                #7 0x55887e48e12f in main /data/src/10.2/sql/main.cc:25
                #8 0x7f021cc302b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

            SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/strings/ctype-utf8.c:5400 my_charlen_utf8
            Shadow bytes around the buggy address:
              0x0c4a80013920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013940: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013950: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013960: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            =>0x0c4a80013970: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013990: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a800139a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a800139b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a800139c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            Shadow byte legend (one shadow byte represents 8 application bytes):
              Addressable: 00
              Partially addressable: 01 02 03 04 05 06 07
              Heap left redzone: fa
              Heap right redzone: fb
              Freed heap region: fd
              Stack left redzone: f1
              Stack mid redzone: f2
              Stack right redzone: f3
              Stack partial redzone: f4
              Stack after return: f5
              Stack use after scope: f8
              Global redzone: f9
              Global init order: f6
              Poisoned by user: f7
              Contiguous container OOB:fc
              ASan internal: fe
            ==1816==ABORTING
            {noformat}

            Reproducible with at least MyISAM and InnoDB.

            Valgrind fails in a similar fashion.
            Non-ASAN builds don't crash, but with some luck fail with an odd error indicating a corruption. e.g.:
            {noformat}
            mysqltest: At line 6: query 'CALL sp' failed with wrong errno 1059: 'Identifier name '' is too long', instead of 1054...
            {noformat}             		_Note: it might be the same problem as MDEV-16788, but the stack trace and the test case are different, so before closing it as a duplicate please make sure that the patch for MDEV-16788 does actually fix the problem here._

            {code:sql}
            CREATE TABLE t1 (a INT);
            CREATE PROCEDURE sp() ALTER TABLE t1 ADD CONSTRAINT CHECK (b > 0);
            --error ER_BAD_FIELD_ERROR
            CALL sp;
            --error ER_BAD_FIELD_ERROR
            CALL sp;

            # Cleanup
            DROP PROCEDURE sp;
            DROP TABLE t1;
            {code}

            {noformat:title=10.2 4ddcb4eb46c6}
            ==1816==ERROR: AddressSanitizer: heap-use-after-free on address 0x6250000dcba0 at pc 0x55887fd9bdce bp 0x7f0212486450 sp 0x7f0212486448
            READ of size 1 at 0x6250000dcba0 thread T5
                #0 0x55887fd9bdcd in my_charlen_utf8 /data/src/10.2/strings/ctype-utf8.c:5400
                #1 0x55887fd9be39 in my_well_formed_char_length_utf8 /data/src/10.2/strings/ctype-mb.ic:187
                #2 0x55887e575d82 in Well_formed_prefix_status::Well_formed_prefix_status(charset_info_st const*, char const*, char const*, unsigned long) /data/src/10.2/sql/sql_string.h:62
                #3 0x55887e575dc8 in Well_formed_prefix::Well_formed_prefix(charset_info_st const*, char const*, unsigned long, unsigned long) /data/src/10.2/sql/sql_string.h:76
                #4 0x55887e6c5ec1 in check_string_char_length(st_mysql_lex_string*, unsigned int, unsigned int, charset_info_st const*, bool) /data/src/10.2/sql/sql_parse.cc:9824
                #5 0x55887e8994e4 in mysql_prepare_create_table /data/src/10.2/sql/sql_table.cc:4209
                #6 0x55887e89c669 in mysql_create_frm_image(THD*, char const*, char const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /data/src/10.2/sql/sql_table.cc:4656
                #7 0x55887e89dbc1 in create_table_impl /data/src/10.2/sql/sql_table.cc:4902
                #8 0x55887e8b8e28 in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.2/sql/sql_table.cc:9248
                #9 0x55887e9e3709 in Sql_cmd_alter_table::execute(THD*) /data/src/10.2/sql/sql_alter.cc:324
                #10 0x55887e6b0230 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6225
                #11 0x55887f031ead in sp_instr_stmt::exec_core(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3246
                #12 0x55887f030af9 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /data/src/10.2/sql/sp_head.cc:3009
                #13 0x55887f031777 in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3162
                #14 0x55887f027078 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1327
                #15 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
                #16 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
                #17 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
                #18 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
                #19 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
                #20 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
                #21 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
                #22 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
                #23 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
                #24 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
                #25 0x7f021ccf893e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

            0x6250000dcba0 is located 2720 bytes inside of 8268-byte region [0x6250000dc100,0x6250000de14c)
            freed by thread T5 here:
                #0 0x7f021eb7c527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
                #1 0x55887fd06a2b in free_memory /data/src/10.2/mysys/safemalloc.c:279
                #2 0x55887fd06031 in sf_free /data/src/10.2/mysys/safemalloc.c:197
                #3 0x55887fcd522a in my_free /data/src/10.2/mysys/my_malloc.c:217
                #4 0x55887fcb68a0 in free_root /data/src/10.2/mysys/my_alloc.c:398
                #5 0x55887f027216 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1346
                #6 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
                #7 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
                #8 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
                #9 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
                #10 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
                #11 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
                #12 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
                #13 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
                #14 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
                #15 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

            previously allocated by thread T5 here:
                #0 0x7f021eb7c73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
                #1 0x55887fd057a1 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
                #2 0x55887fcd4962 in my_malloc /data/src/10.2/mysys/my_malloc.c:101
                #3 0x55887fcb5805 in alloc_root /data/src/10.2/mysys/my_alloc.c:241
                #4 0x55887e6ca1c1 in Query_arena::memdup_w_gap(void const*, unsigned long, unsigned int) /data/src/10.2/sql/sql_class.h:986
                #5 0x55887e699d66 in alloc_query(THD*, char const*, unsigned int) /data/src/10.2/sql/sql_parse.cc:2647
                #6 0x55887f031663 in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3150
                #7 0x55887f027078 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1327
                #8 0x55887f02ae65 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2116
                #9 0x55887e69b3de in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2912
                #10 0x55887e6ad6da in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5825
                #11 0x55887e6bacb9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8009
                #12 0x55887e6958a0 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
                #13 0x55887e692944 in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1378
                #14 0x55887e9d53a5 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335
                #15 0x55887e9d4dba in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
                #16 0x55887f3e48ed in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862
                #17 0x7f021e912493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

            Thread T5 created by T0 here:
                #0 0x7f021eb4bbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
                #1 0x55887f3e4eb5 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912
                #2 0x55887e48fd8e in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239
                #3 0x55887e4a4cb6 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6457
                #4 0x55887e4a53bb in create_new_thread /data/src/10.2/sql/mysqld.cc:6527
                #5 0x55887e4a63d2 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6802
                #6 0x55887e4a420b in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6076
                #7 0x55887e48e12f in main /data/src/10.2/sql/main.cc:25
                #8 0x7f021cc302b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

            SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/strings/ctype-utf8.c:5400 my_charlen_utf8
            Shadow bytes around the buggy address:
              0x0c4a80013920: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013930: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013940: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013950: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013960: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            =>0x0c4a80013970: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a80013990: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a800139a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a800139b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
              0x0c4a800139c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            Shadow byte legend (one shadow byte represents 8 application bytes):
              Addressable: 00
              Partially addressable: 01 02 03 04 05 06 07
              Heap left redzone: fa
              Heap right redzone: fb
              Freed heap region: fd
              Stack left redzone: f1
              Stack mid redzone: f2
              Stack right redzone: f3
              Stack partial redzone: f4
              Stack after return: f5
              Stack use after scope: f8
              Global redzone: f9
              Global init order: f6
              Poisoned by user: f7
              Contiguous container OOB:fc
              ASan internal: fe
            ==1816==ABORTING
            {noformat}

            Reproducible with at least MyISAM and InnoDB.

            Valgrind fails in a similar fashion.
            Non-ASAN builds don't crash, but with some luck fail with an odd error indicating a corruption. e.g.:
            {noformat}
            mysqltest: At line 6: query 'CALL sp' failed with wrong errno 1059: 'Identifier name '' is too long', instead of 1054...
            {noformat}
            alice Alice Sherepa made changes -
            Status Open [ 1 ] Confirmed [ 10101 ]
            alice Alice Sherepa added a comment -

            Similar testcase, adding to make it searchable

            CREATE TABLE t1 (d1 int, CONSTRAINT y CHECK (d1 <> 2)); 
             
            		 
            CREATE PROCEDURE sp() ALTER TABLE t1 ADD CONSTRAINT CHECK (b > 0);
            		 
            --error ER_BAD_FIELD_ERROR
            		 
            CALL sp;
            		 
            --error ER_BAD_FIELD_ERROR
            		 
            CALL sp;
            		 
             
            # Cleanup
            		 
            DROP PROCEDURE sp;
            		 
            DROP TABLE t1;


             10.3 89a87e8e422bc342ed317
            		 
            ==16422==ERROR: AddressSanitizer: heap-use-after-free on address 0x6250001753f8 at pc 0x55fb8a921a24 bp 0x7f2270c949b0 sp 0x7f2270c949a0
            		 
            READ of size 1 at 0x6250001753f8 thread T27
            		 
                #0 0x55fb8a921a23 in my_strcasecmp_utf8 /git/10.3/strings/ctype-utf8.c:5300
            		 
                #1 0x55fb892a4bc1 in lex_string_cmp /git/10.3/sql/lex_string.h:28
            		 
                #2 0x55fb892bdba0 in mysql_prepare_create_table /git/10.3/sql/sql_table.cc:4230
            		 
                #3 0x55fb892c1013 in mysql_create_frm_image(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /git/10.3/sql/sql_table.cc:4701
            		 
                #4 0x55fb892c2508 in create_table_impl /git/10.3/sql/sql_table.cc:4950
            		 
                #5 0x55fb892de178 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /git/10.3/sql/sql_table.cc:9576
            		 
                #6 0x55fb8941d3e5 in Sql_cmd_alter_table::execute(THD*) /git/10.3/sql/sql_alter.cc:497
            		 
                #7 0x55fb890d9cf8 in mysql_execute_command(THD*) /git/10.3/sql/sql_parse.cc:6283
            		 
                #8 0x55fb88eedb29 in sp_instr_stmt::exec_core(THD*, unsigned int*) /git/10.3/sql/sp_head.cc:3594
            		 
                #9 0x55fb88eec45c in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /git/10.3/sql/sp_head.cc:3322
            		 
                #10 0x55fb88eed311 in sp_instr_stmt::execute(THD*, unsigned int*) /git/10.3/sql/sp_head.cc:3500
            		 
                #11 0x55fb88ee06e0 in sp_head::execute(THD*, bool) /git/10.3/sql/sp_head.cc:1354
            		 
                #12 0x55fb88ee58a2 in sp_head::execute_procedure(THD*, List<Item>*) /git/10.3/sql/sp_head.cc:2294
            		 
                #13 0x55fb890c51bd in do_execute_sp /git/10.3/sql/sql_parse.cc:2949
            		 
                #14 0x55fb890c6c01 in Sql_cmd_call::execute(THD*) /git/10.3/sql/sql_parse.cc:3189
            		 
                #15 0x55fb890d9cf8 in mysql_execute_command(THD*) /git/10.3/sql/sql_parse.cc:6283
            		 
                #16 0x55fb890e4988 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /git/10.3/sql/sql_parse.cc:8090
            		 
                #17 0x55fb890bf491 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /git/10.3/sql/sql_parse.cc:1850
            		 
                #18 0x55fb890bc629 in do_command(THD*) /git/10.3/sql/sql_parse.cc:1395
            		 
                #19 0x55fb8940eb74 in do_handle_one_connection(CONNECT*) /git/10.3/sql/sql_connect.cc:1402
            		 
                #20 0x55fb8940e551 in handle_one_connection /git/10.3/sql/sql_connect.cc:1308
            		 
                #21 0x55fb8a722ad4 in pfs_spawn_thread /git/10.3/storage/perfschema/pfs.cc:1862
            		 
                #22 0x7f22881616b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
            		 
                #23 0x7f22875f641c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)


            Version: '10.2.19-MariaDB-debug-log'  
            =================================================================
            		 
            ==16330==ERROR: AddressSanitizer: heap-use-after-free on address 0x625000118bb0 at pc 0x55db8c830a5f bp 0x7fedb79f8150 sp 0x7fedb79f8140
            		 
            READ of size 1 at 0x625000118bb0 thread T27
            		 
                #0 0x55db8c830a5e in my_charlen_utf8 /git/10.2/strings/ctype-utf8.c:5396
            		 
                #1 0x55db8c830aca in my_well_formed_char_length_utf8 /git/10.2/strings/ctype-mb.ic:187
            		 
                #2 0x55db8b076938 in Well_formed_prefix_status::Well_formed_prefix_status(charset_info_st const*, char const*, char const*, unsigned long) /git/10.2/sql/sql_string.h:62
            		 
                #3 0x55db8b07697e in Well_formed_prefix::Well_formed_prefix(charset_info_st const*, char const*, unsigned long, unsigned long) /git/10.2/sql/sql_string.h:76
            		 
                #4 0x55db8b1bda3c in check_string_char_length(st_mysql_lex_string*, unsigned int, unsigned int, charset_info_st const*, bool) /git/10.2/sql/sql_parse.cc:9827
            		 
                #5 0x55db8b37f23c in mysql_prepare_create_table /git/10.2/sql/sql_table.cc:4208
            		 
                #6 0x55db8b382162 in mysql_create_frm_image(THD*, char const*, char const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /git/10.2/sql/sql_table.cc:4650
            		 
                #7 0x55db8b3834d5 in create_table_impl /git/10.2/sql/sql_table.cc:4898
            		 
                #8 0x55db8b39daa6 in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /git/10.2/sql/sql_table.cc:9238
            		 
                #9 0x55db8b4be8a4 in Sql_cmd_alter_table::execute(THD*) /git/10.2/sql/sql_alter.cc:329
            		 
                #10 0x55db8b1a849d in mysql_execute_command(THD*) /git/10.2/sql/sql_parse.cc:6225
            		 
                #11 0x55db8bae4dd5 in sp_instr_stmt::exec_core(THD*, unsigned int*) /git/10.2/sql/sp_head.cc:3246
            		 
                #12 0x55db8bae3a58 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /git/10.2/sql/sp_head.cc:3009
            		 
                #13 0x55db8bae46b2 in sp_instr_stmt::execute(THD*, unsigned int*) /git/10.2/sql/sp_head.cc:3162
            		 
                #14 0x55db8bada053 in sp_head::execute(THD*, bool) /git/10.2/sql/sp_head.cc:1327
            		 
                #15 0x55db8baddeaa in sp_head::execute_procedure(THD*, List<Item>*) /git/10.2/sql/sp_head.cc:2116
            		 
                #16 0x55db8b193c40 in do_execute_sp /git/10.2/sql/sql_parse.cc:2912
            		 
                #17 0x55db8b1a59f9 in mysql_execute_command(THD*) /git/10.2/sql/sql_parse.cc:5825
            		 
                #18 0x55db8b1b2cdc in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /git/10.2/sql/sql_parse.cc:8012
            		 
                #19 0x55db8b18e215 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /git/10.2/sql/sql_parse.cc:1824
            		 
                #20 0x55db8b18b3c9 in do_command(THD*) /git/10.2/sql/sql_parse.cc:1378
            		 
                #21 0x55db8b4b0c81 in do_handle_one_connection(CONNECT*) /git/10.2/sql/sql_connect.cc:1335
            		 
                #22 0x55db8b4b0689 in handle_one_connection /git/10.2/sql/sql_connect.cc:1241
            		 
                #23 0x55db8c6563e5 in pfs_spawn_thread /git/10.2/storage/perfschema/pfs.cc:1862
            		 
                #24 0x7fedcefe86b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
            		 
                #25 0x7fedce47d41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)

            alice Alice Sherepa added a comment - Similar testcase, adding to make it searchable CREATE TABLE t1 (d1 int , CONSTRAINT y CHECK (d1 <> 2));   CREATE PROCEDURE sp() ALTER TABLE t1 ADD CONSTRAINT CHECK (b > 0); --error ER_BAD_FIELD_ERROR CALL sp; --error ER_BAD_FIELD_ERROR CALL sp; # Cleanup DROP PROCEDURE sp; DROP TABLE t1; 10.3 89a87e8e422bc342ed317 ==16422==ERROR: AddressSanitizer: heap-use-after-free on address 0x6250001753f8 at pc 0x55fb8a921a24 bp 0x7f2270c949b0 sp 0x7f2270c949a0 READ of size 1 at 0x6250001753f8 thread T27 #0 0x55fb8a921a23 in my_strcasecmp_utf8 /git/10.3/strings/ctype-utf8.c:5300 #1 0x55fb892a4bc1 in lex_string_cmp /git/10.3/sql/lex_string.h:28 #2 0x55fb892bdba0 in mysql_prepare_create_table /git/10.3/sql/sql_table.cc:4230 #3 0x55fb892c1013 in mysql_create_frm_image(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /git/10.3/sql/sql_table.cc:4701 #4 0x55fb892c2508 in create_table_impl /git/10.3/sql/sql_table.cc:4950 #5 0x55fb892de178 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /git/10.3/sql/sql_table.cc:9576 #6 0x55fb8941d3e5 in Sql_cmd_alter_table::execute(THD*) /git/10.3/sql/sql_alter.cc:497 #7 0x55fb890d9cf8 in mysql_execute_command(THD*) /git/10.3/sql/sql_parse.cc:6283 #8 0x55fb88eedb29 in sp_instr_stmt::exec_core(THD*, unsigned int*) /git/10.3/sql/sp_head.cc:3594 #9 0x55fb88eec45c in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /git/10.3/sql/sp_head.cc:3322 #10 0x55fb88eed311 in sp_instr_stmt::execute(THD*, unsigned int*) /git/10.3/sql/sp_head.cc:3500 #11 0x55fb88ee06e0 in sp_head::execute(THD*, bool) /git/10.3/sql/sp_head.cc:1354 #12 0x55fb88ee58a2 in sp_head::execute_procedure(THD*, List<Item>*) /git/10.3/sql/sp_head.cc:2294 #13 0x55fb890c51bd in do_execute_sp /git/10.3/sql/sql_parse.cc:2949 #14 0x55fb890c6c01 in Sql_cmd_call::execute(THD*) /git/10.3/sql/sql_parse.cc:3189 #15 0x55fb890d9cf8 in mysql_execute_command(THD*) /git/10.3/sql/sql_parse.cc:6283 #16 0x55fb890e4988 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /git/10.3/sql/sql_parse.cc:8090 #17 0x55fb890bf491 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /git/10.3/sql/sql_parse.cc:1850 #18 0x55fb890bc629 in do_command(THD*) /git/10.3/sql/sql_parse.cc:1395 #19 0x55fb8940eb74 in do_handle_one_connection(CONNECT*) /git/10.3/sql/sql_connect.cc:1402 #20 0x55fb8940e551 in handle_one_connection /git/10.3/sql/sql_connect.cc:1308 #21 0x55fb8a722ad4 in pfs_spawn_thread /git/10.3/storage/perfschema/pfs.cc:1862 #22 0x7f22881616b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) #23 0x7f22875f641c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c) Version: '10.2.19-MariaDB-debug-log' ================================================================= ==16330==ERROR: AddressSanitizer: heap-use-after-free on address 0x625000118bb0 at pc 0x55db8c830a5f bp 0x7fedb79f8150 sp 0x7fedb79f8140 READ of size 1 at 0x625000118bb0 thread T27 #0 0x55db8c830a5e in my_charlen_utf8 /git/10.2/strings/ctype-utf8.c:5396 #1 0x55db8c830aca in my_well_formed_char_length_utf8 /git/10.2/strings/ctype-mb.ic:187 #2 0x55db8b076938 in Well_formed_prefix_status::Well_formed_prefix_status(charset_info_st const*, char const*, char const*, unsigned long) /git/10.2/sql/sql_string.h:62 #3 0x55db8b07697e in Well_formed_prefix::Well_formed_prefix(charset_info_st const*, char const*, unsigned long, unsigned long) /git/10.2/sql/sql_string.h:76 #4 0x55db8b1bda3c in check_string_char_length(st_mysql_lex_string*, unsigned int, unsigned int, charset_info_st const*, bool) /git/10.2/sql/sql_parse.cc:9827 #5 0x55db8b37f23c in mysql_prepare_create_table /git/10.2/sql/sql_table.cc:4208 #6 0x55db8b382162 in mysql_create_frm_image(THD*, char const*, char const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /git/10.2/sql/sql_table.cc:4650 #7 0x55db8b3834d5 in create_table_impl /git/10.2/sql/sql_table.cc:4898 #8 0x55db8b39daa6 in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /git/10.2/sql/sql_table.cc:9238 #9 0x55db8b4be8a4 in Sql_cmd_alter_table::execute(THD*) /git/10.2/sql/sql_alter.cc:329 #10 0x55db8b1a849d in mysql_execute_command(THD*) /git/10.2/sql/sql_parse.cc:6225 #11 0x55db8bae4dd5 in sp_instr_stmt::exec_core(THD*, unsigned int*) /git/10.2/sql/sp_head.cc:3246 #12 0x55db8bae3a58 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /git/10.2/sql/sp_head.cc:3009 #13 0x55db8bae46b2 in sp_instr_stmt::execute(THD*, unsigned int*) /git/10.2/sql/sp_head.cc:3162 #14 0x55db8bada053 in sp_head::execute(THD*, bool) /git/10.2/sql/sp_head.cc:1327 #15 0x55db8baddeaa in sp_head::execute_procedure(THD*, List<Item>*) /git/10.2/sql/sp_head.cc:2116 #16 0x55db8b193c40 in do_execute_sp /git/10.2/sql/sql_parse.cc:2912 #17 0x55db8b1a59f9 in mysql_execute_command(THD*) /git/10.2/sql/sql_parse.cc:5825 #18 0x55db8b1b2cdc in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /git/10.2/sql/sql_parse.cc:8012 #19 0x55db8b18e215 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /git/10.2/sql/sql_parse.cc:1824 #20 0x55db8b18b3c9 in do_command(THD*) /git/10.2/sql/sql_parse.cc:1378 #21 0x55db8b4b0c81 in do_handle_one_connection(CONNECT*) /git/10.2/sql/sql_connect.cc:1335 #22 0x55db8b4b0689 in handle_one_connection /git/10.2/sql/sql_connect.cc:1241 #23 0x55db8c6563e5 in pfs_spawn_thread /git/10.2/storage/perfschema/pfs.cc:1862 #24 0x7fedcefe86b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) #25 0x7fedce47d41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
            alice Alice Sherepa made changes -
            Affects Version/s 10.4 [ 22408 ]
            alice Alice Sherepa made changes -
            Fix Version/s 10.4 [ 22408 ]
            elenst Elena Stepanova made changes -
            Labels affects-tests
            elenst Elena Stepanova added a comment - - edited

            Probably the same root cause, different test case and different stack trace.

            CREATE TABLE t1 (f INT, s DATE, e DATE, PERIOD FOR app(s,e));
            		 
            CREATE PROCEDURE sp() ALTER TABLE t1 ADD CONSTRAINT CHECK (x > 0);
            		 
            --error ER_BAD_FIELD_ERROR
            		 
            CALL sp;
            		 
            --error ER_BAD_FIELD_ERROR
            		 
            CALL sp;
            		 
             
            		 
            # Cleanup
            		 
            DROP PROCEDURE sp;
            		 
            DROP TABLE t1;

            10.4 ASAN a65d3b2c

            		 
            ==20067==ERROR: AddressSanitizer: heap-use-after-free on address 0x625000107858 at pc 0x557252bcb704 bp 0x7f4f262f23a0 sp 0x7f4f262f2398
            		 
            READ of size 1 at 0x625000107858 thread T5
            		 
                #0 0x557252bcb703 in my_strcasecmp_utf8 /data/src/10.4/strings/ctype-utf8.c:5109
            		 
                #1 0x55725145fa0b in make_unique_constraint_name /data/src/10.4/sql/sql_table.cc:5373
            		 
                #2 0x557251458b1c in mysql_prepare_create_table /data/src/10.4/sql/sql_table.cc:4308
            		 
                #3 0x55725145c215 in mysql_create_frm_image(THD*, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /data/src/10.4/sql/sql_table.cc:4785
            		 
                #4 0x55725145d71d in create_table_impl /data/src/10.4/sql/sql_table.cc:5026
            		 
                #5 0x55725147b8ce in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.4/sql/sql_table.cc:9850
            		 
                #6 0x5572515d7c18 in Sql_cmd_alter_table::execute(THD*) /data/src/10.4/sql/sql_alter.cc:496
            		 
                #7 0x5572512505f5 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6344
            		 
                #8 0x55725102fa3c in sp_instr_stmt::exec_core(THD*, unsigned int*) /data/src/10.4/sql/sp_head.cc:3606
            		 
                #9 0x55725102e1c9 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /data/src/10.4/sql/sp_head.cc:3334
            		 
                #10 0x55725102f15e in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.4/sql/sp_head.cc:3512
            		 
                #11 0x5572510220aa in sp_head::execute(THD*, bool) /data/src/10.4/sql/sp_head.cc:1345
            		 
                #12 0x557251027375 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.4/sql/sp_head.cc:2287
            		 
                #13 0x55725123973d in do_execute_sp /data/src/10.4/sql/sql_parse.cc:3009
            		 
                #14 0x55725123b237 in Sql_cmd_call::execute(THD*) /data/src/10.4/sql/sql_parse.cc:3251
            		 
                #15 0x5572512505f5 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6344
            		 
                #16 0x55725125ad89 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8154
            		 
                #17 0x5572512331f2 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1832
            		 
                #18 0x557251230037 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1365
            		 
                #19 0x5572515c25eb in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1398
            		 
                #20 0x5572515c1fe4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1301
            		 
                #21 0x557251f5828c in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
            		 
                #22 0x7f4f31ac5493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
            		 
                #23 0x7f4f2fa8d93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
            		 
             
            		 
            0x625000107858 is located 3928 bytes inside of 8160-byte region [0x625000106900,0x6250001088e0)
            		 
            freed by thread T5 here:
            		 
                #0 0x7f4f31d2f527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527)
            		 
                #1 0x557252af160f in my_free /data/src/10.4/mysys/my_malloc.c:222
            		 
                #2 0x557252ad108d in free_root /data/src/10.4/mysys/my_alloc.c:428
            		 
                #3 0x557251022248 in sp_head::execute(THD*, bool) /data/src/10.4/sql/sp_head.cc:1364
            		 
                #4 0x557251027375 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.4/sql/sp_head.cc:2287
            		 
                #5 0x55725123973d in do_execute_sp /data/src/10.4/sql/sql_parse.cc:3009
            		 
                #6 0x55725123b237 in Sql_cmd_call::execute(THD*) /data/src/10.4/sql/sql_parse.cc:3251
            		 
                #7 0x5572512505f5 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6344
            		 
                #8 0x55725125ad89 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8154
            		 
                #9 0x5572512331f2 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1832
            		 
                #10 0x557251230037 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1365
            		 
                #11 0x5572515c25eb in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1398
            		 
                #12 0x5572515c1fe4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1301
            		 
                #13 0x557251f5828c in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
            		 
                #14 0x7f4f31ac5493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
            		 
             
            		 
            previously allocated by thread T5 here:
            		 
                #0 0x7f4f31d2f73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
            		 
                #1 0x557252af0a8d in my_malloc /data/src/10.4/mysys/my_malloc.c:101
            		 
                #2 0x557252acfe55 in alloc_root /data/src/10.4/mysys/my_alloc.c:250
            		 
                #3 0x557251269c5b in Query_arena::memdup_w_gap(void const*, unsigned long, unsigned long) /data/src/10.4/sql/sql_class.h:1063
            		 
                #4 0x557251237fe9 in alloc_query(THD*, char const*, unsigned long) /data/src/10.4/sql/sql_parse.cc:2743
            		 
                #5 0x55725102f03b in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.4/sql/sp_head.cc:3499
            		 
                #6 0x5572510220aa in sp_head::execute(THD*, bool) /data/src/10.4/sql/sp_head.cc:1345
            		 
                #7 0x557251027375 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.4/sql/sp_head.cc:2287
            		 
                #8 0x55725123973d in do_execute_sp /data/src/10.4/sql/sql_parse.cc:3009
            		 
                #9 0x55725123b237 in Sql_cmd_call::execute(THD*) /data/src/10.4/sql/sql_parse.cc:3251
            		 
                #10 0x5572512505f5 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6344
            		 
                #11 0x55725125ad89 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8154
            		 
                #12 0x5572512331f2 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1832
            		 
                #13 0x557251230037 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1365
            		 
                #14 0x5572515c25eb in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1398
            		 
                #15 0x5572515c1fe4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1301
            		 
                #16 0x557251f5828c in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862
            		 
                #17 0x7f4f31ac5493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
            		 
             
            		 
            Thread T5 created by T0 here:
            		 
                #0 0x7f4f31cfebba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
            		 
                #1 0x557251f58854 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912
            		 
                #2 0x557250f7ff66 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268
            		 
                #3 0x557250f94dd4 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6218
            		 
                #4 0x557250f954d9 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6288
            		 
                #5 0x557250f95869 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6386
            		 
                #6 0x557250f964b5 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6544
            		 
                #7 0x557250f9460f in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5876
            		 
                #8 0x557250f7ddef in main /data/src/10.4/sql/main.cc:25
            		 
                #9 0x7f4f2f9c52b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
            		 
             
            		 
            SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.4/strings/ctype-utf8.c:5109 my_strcasecmp_utf8
            		 
            Shadow bytes around the buggy address:
            		 
              0x0c4a80018eb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c4a80018ec0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c4a80018ed0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c4a80018ee0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c4a80018ef0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
            =>0x0c4a80018f00: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd
            		 
              0x0c4a80018f10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c4a80018f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c4a80018f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c4a80018f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
              0x0c4a80018f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
            		 
            Shadow byte legend (one shadow byte represents 8 application bytes):
            		 
              Addressable:           00
            		 
              Partially addressable: 01 02 03 04 05 06 07 
              Heap left redzone:       fa
            		 
              Heap right redzone:      fb
            		 
              Freed heap region:       fd
            		 
              Stack left redzone:      f1
            		 
              Stack mid redzone:       f2
            		 
              Stack right redzone:     f3
            		 
              Stack partial redzone:   f4
            		 
              Stack after return:      f5
            		 
              Stack use after scope:   f8
            		 
              Global redzone:          f9
            		 
              Global init order:       f6
            		 
              Poisoned by user:        f7
            		 
              Contiguous container OOB:fc
            		 
              ASan internal:           fe
            		 
            ==20067==ABORTING

            Due to the nature of the test case, it is only applicable to 10.4.

            elenst Elena Stepanova added a comment - - edited Probably the same root cause, different test case and different stack trace. CREATE TABLE t1 (f INT , s DATE , e DATE , PERIOD FOR app(s,e)); CREATE PROCEDURE sp() ALTER TABLE t1 ADD CONSTRAINT CHECK (x > 0); --error ER_BAD_FIELD_ERROR CALL sp; --error ER_BAD_FIELD_ERROR CALL sp;   # Cleanup DROP PROCEDURE sp; DROP TABLE t1; 10.4 ASAN a65d3b2c ==20067==ERROR: AddressSanitizer: heap-use-after-free on address 0x625000107858 at pc 0x557252bcb704 bp 0x7f4f262f23a0 sp 0x7f4f262f2398 READ of size 1 at 0x625000107858 thread T5 #0 0x557252bcb703 in my_strcasecmp_utf8 /data/src/10.4/strings/ctype-utf8.c:5109 #1 0x55725145fa0b in make_unique_constraint_name /data/src/10.4/sql/sql_table.cc:5373 #2 0x557251458b1c in mysql_prepare_create_table /data/src/10.4/sql/sql_table.cc:4308 #3 0x55725145c215 in mysql_create_frm_image(THD*, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /data/src/10.4/sql/sql_table.cc:4785 #4 0x55725145d71d in create_table_impl /data/src/10.4/sql/sql_table.cc:5026 #5 0x55725147b8ce in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.4/sql/sql_table.cc:9850 #6 0x5572515d7c18 in Sql_cmd_alter_table::execute(THD*) /data/src/10.4/sql/sql_alter.cc:496 #7 0x5572512505f5 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6344 #8 0x55725102fa3c in sp_instr_stmt::exec_core(THD*, unsigned int*) /data/src/10.4/sql/sp_head.cc:3606 #9 0x55725102e1c9 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /data/src/10.4/sql/sp_head.cc:3334 #10 0x55725102f15e in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.4/sql/sp_head.cc:3512 #11 0x5572510220aa in sp_head::execute(THD*, bool) /data/src/10.4/sql/sp_head.cc:1345 #12 0x557251027375 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.4/sql/sp_head.cc:2287 #13 0x55725123973d in do_execute_sp /data/src/10.4/sql/sql_parse.cc:3009 #14 0x55725123b237 in Sql_cmd_call::execute(THD*) /data/src/10.4/sql/sql_parse.cc:3251 #15 0x5572512505f5 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6344 #16 0x55725125ad89 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8154 #17 0x5572512331f2 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1832 #18 0x557251230037 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1365 #19 0x5572515c25eb in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1398 #20 0x5572515c1fe4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1301 #21 0x557251f5828c in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862 #22 0x7f4f31ac5493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493) #23 0x7f4f2fa8d93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)   0x625000107858 is located 3928 bytes inside of 8160-byte region [0x625000106900,0x6250001088e0) freed by thread T5 here: #0 0x7f4f31d2f527 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x54527) #1 0x557252af160f in my_free /data/src/10.4/mysys/my_malloc.c:222 #2 0x557252ad108d in free_root /data/src/10.4/mysys/my_alloc.c:428 #3 0x557251022248 in sp_head::execute(THD*, bool) /data/src/10.4/sql/sp_head.cc:1364 #4 0x557251027375 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.4/sql/sp_head.cc:2287 #5 0x55725123973d in do_execute_sp /data/src/10.4/sql/sql_parse.cc:3009 #6 0x55725123b237 in Sql_cmd_call::execute(THD*) /data/src/10.4/sql/sql_parse.cc:3251 #7 0x5572512505f5 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6344 #8 0x55725125ad89 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8154 #9 0x5572512331f2 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1832 #10 0x557251230037 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1365 #11 0x5572515c25eb in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1398 #12 0x5572515c1fe4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1301 #13 0x557251f5828c in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862 #14 0x7f4f31ac5493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)   previously allocated by thread T5 here: #0 0x7f4f31d2f73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f) #1 0x557252af0a8d in my_malloc /data/src/10.4/mysys/my_malloc.c:101 #2 0x557252acfe55 in alloc_root /data/src/10.4/mysys/my_alloc.c:250 #3 0x557251269c5b in Query_arena::memdup_w_gap(void const*, unsigned long, unsigned long) /data/src/10.4/sql/sql_class.h:1063 #4 0x557251237fe9 in alloc_query(THD*, char const*, unsigned long) /data/src/10.4/sql/sql_parse.cc:2743 #5 0x55725102f03b in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.4/sql/sp_head.cc:3499 #6 0x5572510220aa in sp_head::execute(THD*, bool) /data/src/10.4/sql/sp_head.cc:1345 #7 0x557251027375 in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.4/sql/sp_head.cc:2287 #8 0x55725123973d in do_execute_sp /data/src/10.4/sql/sql_parse.cc:3009 #9 0x55725123b237 in Sql_cmd_call::execute(THD*) /data/src/10.4/sql/sql_parse.cc:3251 #10 0x5572512505f5 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:6344 #11 0x55725125ad89 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8154 #12 0x5572512331f2 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1832 #13 0x557251230037 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1365 #14 0x5572515c25eb in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1398 #15 0x5572515c1fe4 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1301 #16 0x557251f5828c in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1862 #17 0x7f4f31ac5493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)   Thread T5 created by T0 here: #0 0x7f4f31cfebba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba) #1 0x557251f58854 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1912 #2 0x557250f7ff66 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1268 #3 0x557250f94dd4 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6218 #4 0x557250f954d9 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6288 #5 0x557250f95869 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6386 #6 0x557250f964b5 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6544 #7 0x557250f9460f in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5876 #8 0x557250f7ddef in main /data/src/10.4/sql/main.cc:25 #9 0x7f4f2f9c52b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)   SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.4/strings/ctype-utf8.c:5109 my_strcasecmp_utf8 Shadow bytes around the buggy address: 0x0c4a80018eb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4a80018ec0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4a80018ed0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4a80018ee0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4a80018ef0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c4a80018f00: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd 0x0c4a80018f10: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4a80018f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4a80018f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4a80018f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4a80018f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==20067==ABORTING Due to the nature of the test case, it is only applicable to 10.4.
            elenst Elena Stepanova made changes -
            Assignee Sergei Golubchik [ serg ] Oleksandr Byelkin [ sanja ]
            elenst Elena Stepanova made changes -
            Priority Major [ 3 ] Critical [ 2 ]
            sanja Oleksandr Byelkin made changes -
            Status Confirmed [ 10101 ] In Progress [ 3 ]
            sanja Oleksandr Byelkin added a comment -

            I checked the last test case in 10.4 and my fix in 10.4, the bug is indeed the same so 10.2 fix will fix it.

            sanja Oleksandr Byelkin added a comment - I checked the last test case in 10.4 and my fix in 10.4, the bug is indeed the same so 10.2 fix will fix it.
            sanja Oleksandr Byelkin added a comment -

            revision-id: ddec45aa50e94c137d35dfb16b79feb8b119174b (mariadb-10.2.24-11-gddec45aa50e)
            parent(s): 50999738eaed907cfd94b554582b5416e0107642
            author: Oleksandr Byelkin
            committer: Oleksandr Byelkin
            timestamp: 2019-05-14 14:01:15 +0200
            message:

            MDEV-16932: ASAN heap-use-after-free in my_charlen_utf8 / my_well_formed_char_length_utf8 on 2nd execution of SP with ALTER trying to add bad CHECK

            In case of error the SP can be executed without re-comilation and so will reuse constructed constaint name, so the name should be allocated in the statement memory.

            sanja Oleksandr Byelkin added a comment - revision-id: ddec45aa50e94c137d35dfb16b79feb8b119174b (mariadb-10.2.24-11-gddec45aa50e) parent(s): 50999738eaed907cfd94b554582b5416e0107642 author: Oleksandr Byelkin committer: Oleksandr Byelkin timestamp: 2019-05-14 14:01:15 +0200 message: MDEV-16932 : ASAN heap-use-after-free in my_charlen_utf8 / my_well_formed_char_length_utf8 on 2nd execution of SP with ALTER trying to add bad CHECK In case of error the SP can be executed without re-comilation and so will reuse constructed constaint name, so the name should be allocated in the statement memory.
            sanja Oleksandr Byelkin made changes -
            Assignee Oleksandr Byelkin [ sanja ] Sergei Golubchik [ serg ]
            Status In Progress [ 3 ] In Review [ 10002 ]
            serg Sergei Golubchik made changes -
            Assignee Sergei Golubchik [ serg ] Oleksandr Byelkin [ sanja ]
            Status In Review [ 10002 ] Stalled [ 10000 ]
            sanja Oleksandr Byelkin added a comment -

            I answered how it works with storing the name.

            sanja Oleksandr Byelkin added a comment - I answered how it works with storing the name.
            sanja Oleksandr Byelkin made changes -
            Assignee Oleksandr Byelkin [ sanja ] Sergei Golubchik [ serg ]
            Status Stalled [ 10000 ] In Review [ 10002 ]
            serg Sergei Golubchik made changes -
            Assignee Sergei Golubchik [ serg ] Oleksandr Byelkin [ sanja ]
            Status In Review [ 10002 ] Stalled [ 10000 ]
            sanja Oleksandr Byelkin made changes -
            Status Stalled [ 10000 ] In Progress [ 3 ]
            sanja Oleksandr Byelkin added a comment -

            commit d7b274fa25776b261c0738f803abe1cf0dd69d38 (HEAD > bb-10.2MDEV-16932, origin/bb-10.2-MDEV-16932)
            Author: Oleksandr Byelkin <sanja@mariadb.com>
            Date: Tue May 14 14:01:15 2019 +0200

            MDEV-16932: ASAN heap-use-after-free in my_charlen_utf8 / my_well_formed_char_length_utf8 on 2nd execution of SP with ALTER trying to add bad CHECK

            Make automatic name generation during execution (not prepare).

            Check result of memory allocation operation.

            sanja Oleksandr Byelkin added a comment - commit d7b274fa25776b261c0738f803abe1cf0dd69d38 (HEAD > bb-10.2 MDEV-16932 , origin/bb-10.2- MDEV-16932 ) Author: Oleksandr Byelkin <sanja@mariadb.com> Date: Tue May 14 14:01:15 2019 +0200 MDEV-16932 : ASAN heap-use-after-free in my_charlen_utf8 / my_well_formed_char_length_utf8 on 2nd execution of SP with ALTER trying to add bad CHECK Make automatic name generation during execution (not prepare). Check result of memory allocation operation.
            sanja Oleksandr Byelkin made changes -
            Assignee Oleksandr Byelkin [ sanja ] Sergei Golubchik [ serg ]
            Status In Progress [ 3 ] In Review [ 10002 ]
            serg Sergei Golubchik made changes -
            Assignee Sergei Golubchik [ serg ] Oleksandr Byelkin [ sanja ]
            Status In Review [ 10002 ] Stalled [ 10000 ]
            sanja Oleksandr Byelkin made changes -
            Status Stalled [ 10000 ] In Progress [ 3 ]
            sanja Oleksandr Byelkin added a comment -

            commit 999cce215fbee4d0bcdb8df920f460cfee46e41b (HEAD > bb-10.2MDEV-16932, origin/bb-10.2-MDEV-16932)
            Author: Oleksandr Byelkin <sanja@mariadb.com>
            Date: Tue May 14 14:01:15 2019 +0200

            MDEV-16932: ASAN heap-use-after-free in my_charlen_utf8 / my_well_formed_char_length_utf8 on 2nd execution of SP with ALTER trying to add bad CHECK

            Make automatic name generation during execution (not prepare).

            Check result of memory allocation operation.

            sanja Oleksandr Byelkin added a comment - commit 999cce215fbee4d0bcdb8df920f460cfee46e41b (HEAD > bb-10.2 MDEV-16932 , origin/bb-10.2- MDEV-16932 ) Author: Oleksandr Byelkin <sanja@mariadb.com> Date: Tue May 14 14:01:15 2019 +0200 MDEV-16932 : ASAN heap-use-after-free in my_charlen_utf8 / my_well_formed_char_length_utf8 on 2nd execution of SP with ALTER trying to add bad CHECK Make automatic name generation during execution (not prepare). Check result of memory allocation operation.
            sanja Oleksandr Byelkin added a comment -

            last comment in review answered by e-mail.

            sanja Oleksandr Byelkin added a comment - last comment in review answered by e-mail.
            sanja Oleksandr Byelkin made changes -
            Status In Progress [ 3 ] Stalled [ 10000 ]
            sanja Oleksandr Byelkin made changes -
            Assignee Oleksandr Byelkin [ sanja ] Sergei Golubchik [ serg ]
            Status Stalled [ 10000 ] In Review [ 10002 ]
            elenst Elena Stepanova added a comment - - edited

            The test case below causes the same failure on 10.4 (and 10.5) ASAN build, but also a SIGSEGV on 10.4 (and 10.5) non-debug build (note, there is no bad check here):

            --connect (con1,localhost,root,,test)
            		 
            PREPARE stmt FROM "CREATE OR REPLACE TABLE t1 (s DATE, e DATE, PERIOD FOR app(s,e))";
            		 
            EXECUTE stmt;
            		 
            SELECT 1;
            		 
            EXECUTE stmt;
            		 
            ALTER TABLE t1 FORCE;
            		 
             
            		 
            # Cleanup
            		 
            DROP TABLE t1;

            10.4 4d538250

            		 
            #3  <signal handler called>
            		 
            #4  build_frm_image (thd=thd@entry=0x7fc6780009a8, table=..., create_info=create_info@entry=0x7fc690159230, create_fields=..., keys=0, key_info=0x7fc678010f68, db_file=0x7fc678010858) at /data/src/10.4/sql/unireg.cc:184
            		 
            #5  0x0000563233c41b33 in mysql_create_frm_image (thd=thd@entry=0x7fc6780009a8, db=..., table_name=..., create_info=create_info@entry=0x7fc690159230, alter_info=alter_info@entry=0x7fc690159170, create_table_mode=create_table_mode@entry=-2, key_info=0x7fc6901565f0, key_count=0x7fc6901565d4, frm=0x7fc690156600) at /data/src/10.4/sql/sql_table.cc:4809
            		 
            #6  0x0000563233c45e80 in create_table_impl (thd=thd@entry=0x7fc6780009a8, orig_db=..., orig_table_name=..., db=..., table_name=..., path=path@entry=0x7fc690158ecd "./test/#sql-6e30_5", options=..., create_info=0x7fc690159230, alter_info=0x7fc690159170, create_table_mode=-2, is_trans=0x0, key_info=0x7fc6901565f0, key_count=0x7fc6901565d4, frm=0x7fc690156600) at /data/src/10.4/sql/sql_table.cc:5044
            		 
            #7  0x0000563233c499d4 in mysql_alter_table (thd=thd@entry=0x7fc6780009a8, new_db=new_db@entry=0x7fc678004fa0, new_name=new_name@entry=0x7fc6780053a8, create_info=create_info@entry=0x7fc690159230, table_list=<optimized out>, table_list@entry=0x7fc67800fd88, alter_info=alter_info@entry=0x7fc690159170, order_num=0, order=0x0, ignore=false) at /data/src/10.4/sql/sql_table.cc:9923
            		 
            #8  0x0000563233c99f92 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x7fc6780009a8) at /data/src/10.4/sql/sql_alter.cc:508
            		 
            #9  0x0000563233bbc660 in mysql_execute_command (thd=thd@entry=0x7fc6780009a8) at /data/src/10.4/sql/sql_parse.cc:6098
            		 
            #10 0x0000563233bc3809 in mysql_parse (thd=thd@entry=0x7fc6780009a8, rawbuf=<optimized out>, length=20, parser_state=parser_state@entry=0x7fc69015c1b0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.4/sql/sql_parse.cc:7908
            		 
            #11 0x0000563233bc5b98 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fc6780009a8, packet=packet@entry=0x7fc678007999 "ALTER TABLE t1 FORCE", packet_length=packet_length@entry=20, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.4/sql/sql_parse.cc:1843
            		 
            #12 0x0000563233bc72e9 in do_command (thd=0x7fc6780009a8) at /data/src/10.4/sql/sql_parse.cc:1360
            		 
            #13 0x0000563233c95bce in do_handle_one_connection (connect=connect@entry=0x5632375c84c8) at /data/src/10.4/sql/sql_connect.cc:1404
            		 
            #14 0x0000563233c95ce4 in handle_one_connection (arg=arg@entry=0x5632375c84c8) at /data/src/10.4/sql/sql_connect.cc:1306
            		 
            #15 0x000056323423ea44 in pfs_spawn_thread (arg=0x56323755b5c8) at /data/src/10.4/storage/perfschema/pfs.cc:1862
            		 
            #16 0x00007fc696ba24a4 in start_thread (arg=0x7fc69015d700) at pthread_create.c:456
            		 
            #17 0x00007fc6950ead0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

            On 10.4 non-asan debug build, at least on my machine, it fails with

            mysqltest: At line 5: query 'EXECUTE stmt' failed: 1059: Identifier name '' is too long

            elenst Elena Stepanova added a comment - - edited The test case below causes the same failure on 10.4 (and 10.5) ASAN build, but also a SIGSEGV on 10.4 (and 10.5) non-debug build (note, there is no bad check here) : --connect (con1,localhost,root,,test) PREPARE stmt FROM "CREATE OR REPLACE TABLE t1 (s DATE, e DATE, PERIOD FOR app(s,e))" ; EXECUTE stmt; SELECT 1; EXECUTE stmt; ALTER TABLE t1 FORCE ;   # Cleanup DROP TABLE t1; 10.4 4d538250 #3 <signal handler called> #4 build_frm_image (thd=thd@entry=0x7fc6780009a8, table=..., create_info=create_info@entry=0x7fc690159230, create_fields=..., keys=0, key_info=0x7fc678010f68, db_file=0x7fc678010858) at /data/src/10.4/sql/unireg.cc:184 #5 0x0000563233c41b33 in mysql_create_frm_image (thd=thd@entry=0x7fc6780009a8, db=..., table_name=..., create_info=create_info@entry=0x7fc690159230, alter_info=alter_info@entry=0x7fc690159170, create_table_mode=create_table_mode@entry=-2, key_info=0x7fc6901565f0, key_count=0x7fc6901565d4, frm=0x7fc690156600) at /data/src/10.4/sql/sql_table.cc:4809 #6 0x0000563233c45e80 in create_table_impl (thd=thd@entry=0x7fc6780009a8, orig_db=..., orig_table_name=..., db=..., table_name=..., path=path@entry=0x7fc690158ecd "./test/#sql-6e30_5", options=..., create_info=0x7fc690159230, alter_info=0x7fc690159170, create_table_mode=-2, is_trans=0x0, key_info=0x7fc6901565f0, key_count=0x7fc6901565d4, frm=0x7fc690156600) at /data/src/10.4/sql/sql_table.cc:5044 #7 0x0000563233c499d4 in mysql_alter_table (thd=thd@entry=0x7fc6780009a8, new_db=new_db@entry=0x7fc678004fa0, new_name=new_name@entry=0x7fc6780053a8, create_info=create_info@entry=0x7fc690159230, table_list=<optimized out>, table_list@entry=0x7fc67800fd88, alter_info=alter_info@entry=0x7fc690159170, order_num=0, order=0x0, ignore=false) at /data/src/10.4/sql/sql_table.cc:9923 #8 0x0000563233c99f92 in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x7fc6780009a8) at /data/src/10.4/sql/sql_alter.cc:508 #9 0x0000563233bbc660 in mysql_execute_command (thd=thd@entry=0x7fc6780009a8) at /data/src/10.4/sql/sql_parse.cc:6098 #10 0x0000563233bc3809 in mysql_parse (thd=thd@entry=0x7fc6780009a8, rawbuf=<optimized out>, length=20, parser_state=parser_state@entry=0x7fc69015c1b0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.4/sql/sql_parse.cc:7908 #11 0x0000563233bc5b98 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fc6780009a8, packet=packet@entry=0x7fc678007999 "ALTER TABLE t1 FORCE", packet_length=packet_length@entry=20, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.4/sql/sql_parse.cc:1843 #12 0x0000563233bc72e9 in do_command (thd=0x7fc6780009a8) at /data/src/10.4/sql/sql_parse.cc:1360 #13 0x0000563233c95bce in do_handle_one_connection (connect=connect@entry=0x5632375c84c8) at /data/src/10.4/sql/sql_connect.cc:1404 #14 0x0000563233c95ce4 in handle_one_connection (arg=arg@entry=0x5632375c84c8) at /data/src/10.4/sql/sql_connect.cc:1306 #15 0x000056323423ea44 in pfs_spawn_thread (arg=0x56323755b5c8) at /data/src/10.4/storage/perfschema/pfs.cc:1862 #16 0x00007fc696ba24a4 in start_thread (arg=0x7fc69015d700) at pthread_create.c:456 #17 0x00007fc6950ead0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97 On 10.4 non-asan debug build, at least on my machine, it fails with mysqltest: At line 5: query 'EXECUTE stmt' failed: 1059: Identifier name '' is too long
            serg Sergei Golubchik added a comment -

            ok to push 999cce2

            serg Sergei Golubchik added a comment - ok to push 999cce2
            serg Sergei Golubchik made changes -
            Assignee Sergei Golubchik [ serg ] Oleksandr Byelkin [ sanja ]
            Status In Review [ 10002 ] Stalled [ 10000 ]
            sanja Oleksandr Byelkin made changes -
            Fix Version/s 10.2.27 [ 23717 ]
            Fix Version/s 10.3.18 [ 23719 ]
            Fix Version/s 10.4.8 [ 23721 ]
            Fix Version/s 10.2 [ 14601 ]
            Fix Version/s 10.3 [ 22126 ]
            Fix Version/s 10.4 [ 22408 ]
            Resolution Fixed [ 1 ]
            Status Stalled [ 10000 ] Closed [ 6 ]
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 88820 ] MariaDB v4 [ 154771 ]

            People

              sanja Oleksandr Byelkin
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.