Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18205

Assertion `str_length < len' failed in Binary_string::realloc_raw

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.4(EOL)
    • 10.4.2
    • Server
    • None

    Description

      SELECT GROUP_CONCAT( UpdateXML( '<a>new year</a>', '/a', '2019-01-01 00:00:00' ), ENCODE('text','pass') ) AS f;
      

      10.4 30da40bb8c3

      mysqld: /data/src/10.4/sql/sql_string.cc:106: bool Binary_string::realloc_raw(size_t): Assertion `str_length < len' failed.
      190110 22:15:52 [ERROR] mysqld got signal 6 ;
       
      #7  0x00007feb94776ee2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
      #8  0x0000561281fa32a0 in Binary_string::realloc_raw (this=0x7feb8e9073c8, alloc_length=4) at /data/src/10.4/sql/sql_string.cc:106
      #9  0x0000561281dbf379 in Binary_string::realloc (this=0x7feb8e9073c8, arg_length=4) at /data/src/10.4/sql/sql_string.h:619
      #10 0x0000561281fa5004 in copy_if_not_alloced (to=0x7feb8e9073c0, from=0x7feb7c015b60, from_length=4) at /data/src/10.4/sql/sql_string.cc:944
      #11 0x00005612822af443 in Item_func_encode::val_str (this=0x7feb7c015cd0, str=0x7feb8e9073c0) at /data/src/10.4/sql/item_strfunc.cc:2304
      #12 0x00005612822e3f1d in dump_leaf_key (key_arg=0x7feb7c0421b9, count=1, item_arg=0x7feb7c016010) at /data/src/10.4/sql/item_sum.cc:3579
      #13 0x00005612822e511f in Item_func_group_concat::add (this=0x7feb7c016010) at /data/src/10.4/sql/item_sum.cc:3883
      #14 0x00005612822e6b2b in Aggregator_simple::add (this=0x7feb7c017868) at /data/src/10.4/sql/item_sum.h:715
      #15 0x0000561281f6d1b5 in Item_sum::aggregator_add (this=0x7feb7c016010) at /data/src/10.4/sql/item_sum.h:558
      #16 0x0000561281f6d0a0 in Item_sum::reset_and_add (this=0x7feb7c016010) at /data/src/10.4/sql/item_sum.h:443
      #17 0x0000561281f61bb4 in init_sum_functions (func_ptr=0x7feb7c0176d0, end_ptr=0x7feb7c0176d8) at /data/src/10.4/sql/sql_select.cc:24331
      #18 0x0000561281f58b9b in end_send_group (join=0x7feb7c016d10, join_tab=0x0, end_of_records=false) at /data/src/10.4/sql/sql_select.cc:20779
      #19 0x0000561281f54539 in do_select (join=0x7feb7c016d10, procedure=0x0) at /data/src/10.4/sql/sql_select.cc:18887
      #20 0x0000561281f2d265 in JOIN::exec_inner (this=0x7feb7c016d10) at /data/src/10.4/sql/sql_select.cc:4094
      #21 0x0000561281f2c6a6 in JOIN::exec (this=0x7feb7c016d10) at /data/src/10.4/sql/sql_select.cc:3888
      #22 0x0000561281f2d965 in mysql_select (thd=0x7feb7c000b00, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7feb7c016ce8, unit=0x7feb7c0049c0, select_lex=0x7feb7c015218) at /data/src/10.4/sql/sql_select.cc:4293
      #23 0x0000561281f1f271 in handle_select (thd=0x7feb7c000b00, lex=0x7feb7c0048f8, result=0x7feb7c016ce8, setup_tables_done_option=0) at /data/src/10.4/sql/sql_select.cc:385
      #24 0x0000561281ee94b8 in execute_sqlcom_select (thd=0x7feb7c000b00, all_tables=0x0) at /data/src/10.4/sql/sql_parse.cc:6567
      #25 0x0000561281edfab4 in mysql_execute_command (thd=0x7feb7c000b00) at /data/src/10.4/sql/sql_parse.cc:3776
      #26 0x0000561281eed2c4 in mysql_parse (thd=0x7feb7c000b00, rawbuf=0x7feb7c0150d8 "SELECT GROUP_CONCAT( UpdateXML( '<a>new year</a>', '/a', '2019-01-01 00:00:00' ), ENCODE('text','pass') ) AS f", length=110, parser_state=0x7feb8e908600, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:8104
      #27 0x0000561281eda4ee in dispatch_command (command=COM_QUERY, thd=0x7feb7c000b00, packet=0x7feb7c00b421 "", packet_length=110, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1851
      #28 0x0000561281ed8f12 in do_command (thd=0x7feb7c000b00) at /data/src/10.4/sql/sql_parse.cc:1396
      #29 0x0000561282045140 in do_handle_one_connection (connect=0x561284c17320) at /data/src/10.4/sql/sql_connect.cc:1402
      #30 0x0000561282044ec4 in handle_one_connection (arg=0x561284c17320) at /data/src/10.4/sql/sql_connect.cc:1308
      #31 0x0000561282504308 in pfs_spawn_thread (arg=0x561284b28140) at /data/src/10.4/storage/perfschema/pfs.cc:1862
      #32 0x00007feb96232494 in start_thread (arg=0x7feb8e909700) at pthread_create.c:333
      #33 0x00007feb9483393f in clone () from /lib/x86_64-linux-gnu/libc.so.6
      

      Non-debug version just crashes with SIGABRT:

      Version: '10.4.2-MariaDB-log'  socket: '/dev/shm/var/tmp/mysqld.1.sock'  port: 16020  Source distribution
      190110 22:18:12 [ERROR] mysqld got signal 6 ;
       
      #3  0x00007f25f56b4fcf in raise () from /lib/x86_64-linux-gnu/libc.so.6
      #4  0x00007f25f56b63fa in abort () from /lib/x86_64-linux-gnu/libc.so.6
      #5  0x00007f25f56f2bd0 in __libc_message () from /lib/x86_64-linux-gnu/libc.so.6
      #6  0x00007f25f56f8f96 in malloc_printerr () from /lib/x86_64-linux-gnu/libc.so.6
      #7  0x00007f25f56f978e in _int_free () from /lib/x86_64-linux-gnu/libc.so.6
      #8  0x000055a7b289da66 in Binary_string::free (this=0x7f25eb7fb838) at /data/src/10.4/sql/sql_string.h:604
      #9  0x000055a7b2bc4160 in ~Binary_string (this=0x7f25eb7fb838, __in_chrg=<optimized out>) at /data/src/10.4/sql/sql_string.h:415
      #10 ~String (this=0x7f25eb7fb830, __in_chrg=<optimized out>) at /data/src/10.4/sql/sql_string.h:721
      #11 dump_leaf_key (key_arg=<optimized out>, count=count@entry=1, item_arg=item_arg@entry=0x7f25d4012948) at /data/src/10.4/sql/item_sum.cc:3630
      #12 0x000055a7b2bc44a2 in Item_func_group_concat::add (this=0x7f25d4012948) at /data/src/10.4/sql/item_sum.cc:3883
      #13 0x000055a7b29652fe in aggregator_add (this=<optimized out>) at /data/src/10.4/sql/item_sum.h:558
      #14 reset_and_add (this=0x7f25d4012948) at /data/src/10.4/sql/item_sum.h:443
      #15 init_sum_functions (func_ptr=0x7f25d4014008, end_ptr=0x7f25d4014010) at /data/src/10.4/sql/sql_select.cc:24331
      #16 0x000055a7b2990186 in end_send_group (join=0x7f25d4013648, join_tab=<optimized out>, end_of_records=<optimized out>) at /data/src/10.4/sql/sql_select.cc:20779
      #17 0x000055a7b299be66 in do_select (procedure=0x0, join=0x7f25d4013648) at /data/src/10.4/sql/sql_select.cc:18887
      #18 JOIN::exec_inner (this=this@entry=0x7f25d4013648) at /data/src/10.4/sql/sql_select.cc:4094
      #19 0x000055a7b299bec9 in JOIN::exec (this=this@entry=0x7f25d4013648) at /data/src/10.4/sql/sql_select.cc:3888
      #20 0x000055a7b299c015 in mysql_select (thd=thd@entry=0x7f25d40009a8, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f25d4013620, unit=0x7f25d40046a8, select_lex=0x7f25d4011b50) at /data/src/10.4/sql/sql_select.cc:4293
      #21 0x000055a7b299ca7e in handle_select (thd=thd@entry=0x7f25d40009a8, lex=lex@entry=0x7f25d40045e0, result=result@entry=0x7f25d4013620, setup_tables_done_option=setup_tables_done_option@entry=0) at /data/src/10.4/sql/sql_select.cc:385
      #22 0x000055a7b285513c in execute_sqlcom_select (thd=0x7f25d40009a8, all_tables=0x0) at /data/src/10.4/sql/sql_parse.cc:6567
      #23 0x000055a7b294621b in mysql_execute_command (thd=0x7f25d40009a8) at /data/src/10.4/sql/sql_parse.cc:3776
      #24 0x000055a7b2948a51 in mysql_parse (thd=0x7f25d40009a8, rawbuf=<optimized out>, length=110, parser_state=0x7f25eb7fd640, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.4/sql/sql_parse.cc:8104
      #25 0x000055a7b294b3c5 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f25d40009a8, packet=packet@entry=0x7f25d4009559 "", packet_length=packet_length@entry=110, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.4/sql/sql_parse.cc:1851
      #26 0x000055a7b294bd50 in do_command (thd=0x7f25d40009a8) at /data/src/10.4/sql/sql_parse.cc:1396
      #27 0x000055a7b2a1de74 in do_handle_one_connection (connect=connect@entry=0x55a7b52a9ec8) at /data/src/10.4/sql/sql_connect.cc:1402
      #28 0x000055a7b2a1e014 in handle_one_connection (arg=arg@entry=0x55a7b52a9ec8) at /data/src/10.4/sql/sql_connect.cc:1308
      #29 0x000055a7b2d164f4 in pfs_spawn_thread (arg=0x55a7b5235558) at /data/src/10.4/storage/perfschema/pfs.cc:1862
      #30 0x00007f25f7169494 in start_thread (arg=0x7f25eb7fe700) at pthread_create.c:333
      #31 0x00007f25f576a93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
      

      Not reproducible on 10.3.

      Attachments

        Activity

          People

            bar Alexander Barkov
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.