Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-17699

AddressSanitizer: use-after-poison in base_list_iterator::next_fast

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Cannot Reproduce
    • 10.4
    • N/A
    • N/A
    • None

    Description

      create table t1 (i1 int, b1 blob not null, pk int not null, i2 int, c1 char(2)) engine=myisam;
      		 
      insert into t1 values (null,'a',1,null,'a');
      		 
       
      create table t2 (pk int not null primary key) engine=myisam;
      		 
      insert into t2 values (1),(2),(3); 
       
      		 
      create algorithm=temptable view v1 as select * from t2;
      		 
       
      select  1 from (select * from t1) as tb1
      		 
      	right join (t1 as a join t1 as b  on (b.c1 = a.c1)) on (b.b1 != a.i1) and (b.b1 != a.i2)
      		 
      where b.pk in (select count(t2.pk) from (t2, v1));

      10.4 47b7ca629f5e9146

      		 
       
      AddressSanitizer: use-after-poison
      		 
          #0 0x5573a3925510 in base_list_iterator::next_fast() /10.4/sql/sql_list.h:433
      		 
          #1 0x5573a3b89974 in List_iterator_fast<Item_equal>::operator++(int) /10.4/sql/sql_list.h:560
      		 
          #2 0x5573a3cafb4e in substitute_for_best_equal_field /10.4/sql/sql_select.cc:15545
      		 
          #3 0x5573a3caf49e in substitute_for_best_equal_field /10.4/sql/sql_select.cc:15458
      		 
          #4 0x5573a3c53337 in JOIN::optimize_stage2() /10.4/sql/sql_select.cc:2351
      		 
          #5 0x5573a3c51921 in JOIN::optimize_inner() /10.4/sql/sql_select.cc:2193
      		 
          #6 0x5573a3c4b87a in JOIN::optimize() /10.4/sql/sql_select.cc:1551
      		 
          #7 0x5573a3c688f2 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /10.4/sql/sql_select.cc:4564
      		 
          #8 0x5573a3c3fa0b in handle_select(THD*, LEX*, select_result*, unsigned long) /10.4/sql/sql_select.cc:424
      		 
          #9 0x5573a3bc4534 in execute_sqlcom_select /10.4/sql/sql_parse.cc:6604
      		 
          #10 0x5573a3bb12e6 in mysql_execute_command(THD*) /10.4/sql/sql_parse.cc:3841
      		 
          #11 0x5573a3bcca12 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.4/sql/sql_parse.cc:8157
      		 
          #12 0x5573a3ba54bf in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.4/sql/sql_parse.cc:1829
      		 
          #13 0x5573a3ba23ba in do_command(THD*) /10.4/sql/sql_parse.cc:1358
      		 
          #14 0x5573a3f165c1 in do_handle_one_connection(CONNECT*) /10.4/sql/sql_connect.cc:1399
      		 
          #15 0x5573a3f15f8b in handle_one_connection /10.4/sql/sql_connect.cc:1302
      		 
          #16 0x5573a52d1d8c in pfs_spawn_thread /10.4/storage/perfschema/pfs.cc:1862
      		 
          #17 0x7fa8d4e4d6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
      		 
          #18 0x7fa8d40de41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-17071 Server crashes in TABLE_LIST::get_tablenr or ASAN use-after-poison in write_record upon INSERT into view

          • Major - Major loss of function.
          • Confirmed

          Activity

            People

              alice Alice Sherepa
              alice Alice Sherepa
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.