[MDEV-17782] Assertion `scale <= precision' failed in decimal_bin_size - Jira

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.5.4, 10.2(EOL), 10.3(EOL), 10.4(EOL)
Fix Version/s: 10.5
Component/s: None
Labels:
None

Description

--source include/have_innodb.inc

CREATE TABLE t1 (pk int) ENGINE=InnoDB;

SELECT 1 FROM t1 GROUP BY  ROUND((CONVERT('1978-04-10', DECIMAL(61,36))),pk);

10.2 00572a0b0cc81c38f19
/10.2/strings/decimal.c:1467: decimal_bin_size: Assertion `scale <= precision' failed.

assert/assert.c:92(__assert_fail_base)[0x7f3acaaaabd7]
/lib/x86_64-linux-gnu/libc.so.6(+0x2dc82)[0x7f3acaaaac82]
/10.2/sql/mysqld(decimal_bin_size+0xf3)[0x55653a0d06d1]
strings/decimal.c:1468(decimal_bin_size)[0x556538b81341]
sql/my_decimal.h:264(my_decimal_get_binary_size(unsigned int, unsigned int))[0x556538b66015]
sql/sql_select.cc:22989(calc_group_buffer(JOIN, st_order))[0x556538ad9ff3]
sql/sql_select.cc:1972(JOIN::optimize_inner())[0x556538ad1953]
sql/sql_select.cc:1115(JOIN::optimize())[0x556538aeae33]
sql/sql_select.cc:3804(mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex))[0x556538aca7e5]
sql/sql_select.cc:376(handle_select(THD, LEX, select_result*, unsigned long))[0x556538a52155]
sql/sql_parse.cc:6477(execute_sqlcom_select(THD, TABLE_LIST))[0x556538a3f61b]
sql/sql_parse.cc:3535(mysql_execute_command(THD*))[0x556538a5a8b9]
sql/sql_parse.cc:8011(mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool))[0x556538a35f6e]
sql/sql_parse.cc:1834(dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool))[0x556538a330ed]
sql/sql_parse.cc:1386(do_command(THD*))[0x556538d5ad62]
sql/sql_connect.cc:1335(do_handle_one_connection(CONNECT*))[0x556538d5a76a]
sql/sql_connect.cc:1242(handle_one_connection)[0x556539f0bfda]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7f3acb6ef6ba]
x86_64/clone.S:111(clone)[0x7f3acab8441d]

Attachments

Issue Links

relates to

MDEV-23850 Server crash with SIGFPE in decimal2bin, ASAN global-buffer-overflow in decimal_bin_size, assertion `scale <= precision'

Closed

Activity

Roel Van de Paar added a comment - 2020-06-19 11:07 - edited

USE test;

CREATE TABLE t ENGINE=InnoDB SELECT 0.12345678901234567890123456789012345 AS f;

SELECT ROUND(f,f) FROM t GROUP BY 1;

Leads to:

10.5.4 4080e3acefd7e58d88c2f3539fb6a0fb359cf057
mysqld: /test/10.5_dbg/strings/decimal.c:1467: decimal_bin_size: Assertion `scale <= precision' failed.

10.5.4 4080e3acefd7e58d88c2f3539fb6a0fb359cf057
Core was generated by `/test/MD150620-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x14c404157700 (LWP 2047906))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x00005615893284c6 in my_write_core (sig=sig@entry=6) at /test/10.5_dbg/mysys/stacktrace.c:518
#2 0x0000561588acad60 in handle_fatal_signal (sig=6) at /test/10.5_dbg/sql/signal_handler.cc:330
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#5 0x000014c40c87f801 in __GI_abort () at abort.c:79
#6 0x000014c40c86f39a in __assert_fail_base (fmt=0x14c40c9f67d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x561589a993f5 "scale <= precision", file=file@entry=0x561589a990e8 "/test/10.5_dbg/strings/decimal.c", line=line@entry=1467, function=function@entry=0x561589a99560 <__PRETTY_FUNCTION__.15244> "decimal_bin_size") at assert.c:92
#7 0x000014c40c86f412 in __GI___assert_fail (assertion=assertion@entry=0x561589a993f5 "scale <= precision", file=file@entry=0x561589a990e8 "/test/10.5_dbg/strings/decimal.c", line=line@entry=1467, function=function@entry=0x561589a99560 <__PRETTY_FUNCTION__.15244> "decimal_bin_size") at assert.c:101
#8 0x0000561589372c4c in decimal_bin_size (precision=<optimized out>, scale=<optimized out>) at /test/10.5_dbg/strings/decimal.c:1467
#9 0x0000561588876847 in my_decimal_get_binary_size (scale=<optimized out>, precision=<optimized out>) at /test/10.5_dbg/sql/my_decimal.h:334
#10 calc_group_buffer (param=param@entry=0x14c3eac75d28, group=0x14c3eac75148) at /test/10.5_dbg/sql/sql_select.cc:24910
#11 0x0000561588876931 in calc_group_buffer (join=join@entry=0x14c3eac75b30, group=<optimized out>) at /test/10.5_dbg/sql/sql_select.cc:24959
#12 0x000056158889715f in JOIN::optimize_stage2 (this=this@entry=0x14c3eac75b30) at /test/10.5_dbg/sql/sql_select.cc:2705
#13 0x000056158889c8a1 in JOIN::optimize_inner (this=this@entry=0x14c3eac75b30) at /test/10.5_dbg/sql/sql_select.cc:2262
#14 0x000056158889cbc4 in JOIN::optimize (this=this@entry=0x14c3eac75b30) at /test/10.5_dbg/sql/sql_select.cc:1612
#15 0x000056158889d551 in mysql_select (thd=thd@entry=0x14c3eac15088, tables=<optimized out>, fields=@0x14c3eac742a0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c3eac74968, last = 0x14c3eac74968, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=<optimized out>, group=0x14c3eac75148, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14c3eac75b08, unit=0x14c3eac190a0, select_lex=0x14c3eac74150) at /test/10.5_dbg/sql/sql_select.cc:4635
#16 0x000056158889d8cd in handle_select (thd=thd@entry=0x14c3eac15088, lex=lex@entry=0x14c3eac18fd8, result=result@entry=0x14c3eac75b08, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:417
#17 0x00005615888271ed in execute_sqlcom_select (thd=thd@entry=0x14c3eac15088, all_tables=0x14c3eac749c0) at /test/10.5_dbg/sql/sql_parse.cc:6209
#18 0x0000561588820312 in mysql_execute_command (thd=thd@entry=0x14c3eac15088) at /test/10.5_dbg/sql/sql_parse.cc:3939
#19 0x000056158882d15c in mysql_parse (thd=thd@entry=0x14c3eac15088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14c404156350, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7993
#20 0x0000561588819c60 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14c3eac15088, packet=packet@entry=0x14c3eac67089 "SELECT ROUND(f,f) FROM t GROUP BY 1", packet_length=packet_length@entry=35, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1874
#21 0x000056158881843a in do_command (thd=0x14c3eac15088) at /test/10.5_dbg/sql/sql_parse.cc:1355
#22 0x0000561588973c47 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x14c3edd7a808, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411
#23 0x0000561588974363 in handle_one_connection (arg=arg@entry=0x14c3edd7a808) at /test/10.5_dbg/sql/sql_connect.cc:1313
#24 0x0000561588dd5902 in pfs_spawn_thread (arg=0x14c40b446c88) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
#25 0x000014c40d5626db in start_thread (arg=0x14c404157700) at pthread_create.c:463
#26 0x000014c40c96088f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.2.33 (dbg), 10.3.24 (dbg), 10.4.14 (dbg), 10.5.4 (dbg)

Bug confirmed not present in:
MariaDB: 10.1.46 (dbg), 10.1.46 (opt), 10.2.33 (opt), 10.3.24 (opt), 10.4.14 (opt), 10.5.4 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

Roel Van de Paar added a comment - 2020-06-19 11:07 - edited USE test; CREATE TABLE t ENGINE=InnoDB SELECT 0.12345678901234567890123456789012345 AS f; SELECT ROUND(f,f) FROM t GROUP BY 1; Leads to: 10.5.4 4080e3acefd7e58d88c2f3539fb6a0fb359cf057 mysqld: /test/10.5_dbg/strings/decimal.c:1467: decimal_bin_size: Assertion `scale <= precision' failed. 10.5.4 4080e3acefd7e58d88c2f3539fb6a0fb359cf057 Core was generated by `/test/MD150620-mariadb-10.5.4-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'. Program terminated with signal SIGABRT, Aborted. #0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57 [Current thread is 1 (Thread 0x14c404157700 (LWP 2047906))] (gdb) bt #0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57 #1 0x00005615893284c6 in my_write_core (sig=sig@entry=6) at /test/10.5_dbg/mysys/stacktrace.c:518 #2 0x0000561588acad60 in handle_fatal_signal (sig=6) at /test/10.5_dbg/sql/signal_handler.cc:330 #3 <signal handler called> #4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #5 0x000014c40c87f801 in __GI_abort () at abort.c:79 #6 0x000014c40c86f39a in __assert_fail_base (fmt=0x14c40c9f67d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x561589a993f5 "scale <= precision", file=file@entry=0x561589a990e8 "/test/10.5_dbg/strings/decimal.c", line=line@entry=1467, function=function@entry=0x561589a99560 <__PRETTY_FUNCTION__.15244> "decimal_bin_size") at assert.c:92 #7 0x000014c40c86f412 in __GI___assert_fail (assertion=assertion@entry=0x561589a993f5 "scale <= precision", file=file@entry=0x561589a990e8 "/test/10.5_dbg/strings/decimal.c", line=line@entry=1467, function=function@entry=0x561589a99560 <__PRETTY_FUNCTION__.15244> "decimal_bin_size") at assert.c:101 #8 0x0000561589372c4c in decimal_bin_size (precision=<optimized out>, scale=<optimized out>) at /test/10.5_dbg/strings/decimal.c:1467 #9 0x0000561588876847 in my_decimal_get_binary_size (scale=<optimized out>, precision=<optimized out>) at /test/10.5_dbg/sql/my_decimal.h:334 #10 calc_group_buffer (param=param@entry=0x14c3eac75d28, group=0x14c3eac75148) at /test/10.5_dbg/sql/sql_select.cc:24910 #11 0x0000561588876931 in calc_group_buffer (join=join@entry=0x14c3eac75b30, group=<optimized out>) at /test/10.5_dbg/sql/sql_select.cc:24959 #12 0x000056158889715f in JOIN::optimize_stage2 (this=this@entry=0x14c3eac75b30) at /test/10.5_dbg/sql/sql_select.cc:2705 #13 0x000056158889c8a1 in JOIN::optimize_inner (this=this@entry=0x14c3eac75b30) at /test/10.5_dbg/sql/sql_select.cc:2262 #14 0x000056158889cbc4 in JOIN::optimize (this=this@entry=0x14c3eac75b30) at /test/10.5_dbg/sql/sql_select.cc:1612 #15 0x000056158889d551 in mysql_select (thd=thd@entry=0x14c3eac15088, tables=<optimized out>, fields=@0x14c3eac742a0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c3eac74968, last = 0x14c3eac74968, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=<optimized out>, group=0x14c3eac75148, having=0x0, proc_param=0x0, select_options=2147748608, result=0x14c3eac75b08, unit=0x14c3eac190a0, select_lex=0x14c3eac74150) at /test/10.5_dbg/sql/sql_select.cc:4635 #16 0x000056158889d8cd in handle_select (thd=thd@entry=0x14c3eac15088, lex=lex@entry=0x14c3eac18fd8, result=result@entry=0x14c3eac75b08, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:417 #17 0x00005615888271ed in execute_sqlcom_select (thd=thd@entry=0x14c3eac15088, all_tables=0x14c3eac749c0) at /test/10.5_dbg/sql/sql_parse.cc:6209 #18 0x0000561588820312 in mysql_execute_command (thd=thd@entry=0x14c3eac15088) at /test/10.5_dbg/sql/sql_parse.cc:3939 #19 0x000056158882d15c in mysql_parse (thd=thd@entry=0x14c3eac15088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14c404156350, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7993 #20 0x0000561588819c60 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14c3eac15088, packet=packet@entry=0x14c3eac67089 "SELECT ROUND(f,f) FROM t GROUP BY 1", packet_length=packet_length@entry=35, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1874 #21 0x000056158881843a in do_command (thd=0x14c3eac15088) at /test/10.5_dbg/sql/sql_parse.cc:1355 #22 0x0000561588973c47 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x14c3edd7a808, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1411 #23 0x0000561588974363 in handle_one_connection (arg=arg@entry=0x14c3edd7a808) at /test/10.5_dbg/sql/sql_connect.cc:1313 #24 0x0000561588dd5902 in pfs_spawn_thread (arg=0x14c40b446c88) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201 #25 0x000014c40d5626db in start_thread (arg=0x14c404157700) at pthread_create.c:463 #26 0x000014c40c96088f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Bug confirmed present in: MariaDB: 10.2.33 (dbg), 10.3.24 (dbg), 10.4.14 (dbg), 10.5.4 (dbg) Bug confirmed not present in: MariaDB: 10.1.46 (dbg), 10.1.46 (opt), 10.2.33 (opt), 10.3.24 (opt), 10.4.14 (opt), 10.5.4 (opt) MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

MariaDB Server

Assertion `scale <= precision' failed in decimal_bin_size

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration