Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17678

AddressSanitizer: heap-use-after-free in field_unpack upon modifying column type

    XMLWordPrintable

Details

    Description

      set sql_mode='';
      		 
      create table t2 ( pk int(11) not null auto_increment, c2 datetime(2) , c1 int, vc2 datetime(6) generated always as (c2), primary key (pk), key c1 (c1,c2,vc2)) engine=myisam;
      		 
      insert into `t2` (c1,c2) values (0,'1900-01-01 '),(0,'1988-03-26'),(0,'2027-12-03'),(1,'1971-12-28 '),(0,'2027-12-03'),(0,null),(0,'2027-12-03'),(0,'2027-12-03'),(1,'2013-06-07 '),(null,'2027-12-03'),(1,'1900-01-01 '),(1,'2027-12-03'),(0,'1900-01-01 '),(0,'1900-01-01 '),(1,null),(null,'2027-12-03'),(null,'2027-12-03'),(1,'2027-12-03'),(1,'2027-12-03'),(0,'2027-12-03'),(0,'2027-12-03'),(1,'2027-12-03'),(1,'2027-12-03'),(1,'2027-12-03'),(0,'2027-12-03'),(null,'2027-12-03'),(0,'2027-12-03'),(0,null),(0,'1900-01-01 '),(1,'2027-12-03'),(1,'1998-02-01 '),(0,'2027-12-03'),(0,'1900-01-01 '),(1,'1982-06-01 '),(1,null),(null,'2027-12-03'),(0,'2027-12-03'),(1,null),(1,'2027-12-03'),(0,'1989-07-13 '),(1,'2024-02-01 '),(1,'2027-12-03'),(1,'2027-12-03'),(null,'2027-12-03'),(0,'2029-09-07 '),(0,null),(1,'2027-12-03'),(0,'2027-12-03'),(0,'2027-12-03'),(1,'2013-02-14 '),(1,'2014-03-27 '),(1,null),(0,'2027-12-03'),(0,'2027-12-03'),(0,'2032-06-26 '),(1,'1998-05-18 '),(1,'2027-12-03'),(1,'1900-01-01 '),(0,'1900-01-01 '),(1,'2027-12-03'),(0,'2027-12-03'),(1,'2027-12-03'),(1,null),(0,'1900-01-01 '),(1,'2027-12-03'),(0,'1900-01-01 '),(1,'2027-12-03'),(0,'1997-04-15 '),(0,null),(0,'2020-12-07 '),(1,null),(0,'2027-12-03'),(null,'2027-12-03'),(1,'2027-12-03'),(0,'2027-12-03'),(1,'2027-12-03'),(1,'2027-12-03'),(0,'1993-02-13 '),(1,'2027-12-03'),(1,'2027-12-03'),(0,null),(0,'2027-12-03'),(0,'2027-12-03'),(1,'2027-12-03'),(0,'2027-12-03'),(1,'2027-12-03'),(0,'1900-01-01 '),(null,null),(1,'2027-12-03'),(1,'2027-12-03'),(1,'2027-12-03 '),(0,null),(null,null),(null,null),(1,'2027-12-03'),(null,null),(null,null),(0,null),(null,null),(null,null);
      		 
       
      		 
      alter table  t2  change column pk tscol3 datetime;

      10.2 f3e9d9a6e6b2614b

      		 
         #0 0x5655322a1f64 in mi_uint5korr /git/10.2/include/byte_order_generic_x86_64.h:91
      		 
          #1 0x5655322a372d in my_datetime_packed_from_binary(unsigned char const*, unsigned int) /git/10.2/sql/compat56.cc:308
      		 
          #2 0x5655322e835e in Field_datetimef::get_TIME(st_mysql_time*, unsigned char const*, unsigned long long) const /git/10.2/sql/field.cc:6880
      		 
          #3 0x56553231040e in Field_datetimef::get_date(st_mysql_time*, unsigned long long) /git/10.2/sql/field.h:3008
      		 
          #4 0x5655322e7846 in Field_datetime_with_dec::val_str(String*, String*) /git/10.2/sql/field.cc:6821
      		 
          #5 0x565531bb7f89 in Field::val_str(String*) /git/10.2/sql/field.h:866
      		 
          #6 0x5655325811b6 in field_unpack(String*, Field*, unsigned char const*, unsigned int, bool) /git/10.2/sql/key.cc:369
      		 
          #7 0x565532581bf6 in key_unpack(String*, TABLE*, st_key*) /git/10.2/sql/key.cc:442
      		 
          #8 0x565532344873 in print_keydup_error(TABLE*, st_key*, char const*, unsigned long) /git/10.2/sql/handler.cc:3339
      		 
          #9 0x565532344ab0 in print_keydup_error(TABLE*, st_key*, unsigned long) /git/10.2/sql/handler.cc:3361
      		 
          #10 0x5655329fdb6f in ha_myisam::repair(THD*, st_handler_check_param&, bool) /git/10.2/storage/myisam/ha_myisam.cc:1275
      		 
          #11 0x565532a003a0 in ha_myisam::enable_indexes(unsigned int) /git/10.2/storage/myisam/ha_myisam.cc:1606
      		 
          #12 0x565532a0121b in ha_myisam::end_bulk_insert() /git/10.2/storage/myisam/ha_myisam.cc:1756
      		 
          #13 0x565531d33446 in handler::ha_end_bulk_insert() /git/10.2/sql/handler.h:2912
      		 
          #14 0x565531f7ef3a in copy_data_between_tables /git/10.2/sql/sql_table.cc:10164
      		 
          #15 0x565531f7b286 in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /git/10.2/sql/sql_table.cc:9572
      		 
          #16 0x56553209aad0 in Sql_cmd_alter_table::execute(THD*) /git/10.2/sql/sql_alter.cc:329
      		 
          #17 0x565531d82e55 in mysql_execute_command(THD*) /git/10.2/sql/sql_parse.cc:6228
      		 
          #18 0x565531d8d694 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /git/10.2/sql/sql_parse.cc:8015
      		 
          #19 0x565531d68b80 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /git/10.2/sql/sql_parse.cc:1826
      		 
          #20 0x565531d65d25 in do_command(THD*) /git/10.2/sql/sql_parse.cc:1379
      		 
          #21 0x56553208cead in do_handle_one_connection(CONNECT*) /git/10.2/sql/sql_connect.cc:1335
      		 
          #22 0x56553208c8b5 in handle_one_connection /git/10.2/sql/sql_connect.cc:1241
      		 
          #23 0x56553323671d in pfs_spawn_thread /git/10.2/storage/perfschema/pfs.cc:1862
      		 
          #24 0x7fcd07b626b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
      		 
          #25 0x7fcd06ff741c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)

      Attachments

        1. 2391.test
          10 kB
          Elena Stepanova

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-18270 ASAN heap-use-after-free in Field_long::val_int()

          • Major - Major loss of function.
          • Closed

          Activity

            People

              nikitamalyavin Nikita Malyavin
              alice Alice Sherepa
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.