ASAN use-after-poison in process_str_arg / ... / mark_unsupported_func or unexpected ER_BAD_FIELD_ERROR upon ALTER TABLE

--source include/have_innodb.inc

CREATE TABLE t1 (a INT, b SMALLINT) ENGINE=InnoDB;

--connect (con1,localhost,root,,test)

ALTER TABLE t1 ADD CONSTRAINT CHECK (b < 8);

--error ER_ALTER_OPERATION_NOT_SUPPORTED_REASON

ALTER TABLE t1 MODIFY COLUMN b INT, ALGORITHM=INPLACE;

--connection default

ALTER TABLE t1 ADD PRIMARY KEY (a);

# Cleanup

--connection default

DROP TABLE t1;

--disconnect con1

==900==ERROR: AddressSanitizer: use-after-poison on address 0x62b00002a9b8 at pc 0x7fbbd58c75fa bp 0x7fbbc4c91d80 sp 0x7fbbc4c91d58

READ of size 22741 at 0x62b00002a9b8 thread T27

    #0 0x7fbbd58c75f9 in __interceptor_strnlen (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x2a5f9)

    #1 0x55664d7248bc in process_str_arg /data/src/10.2/strings/my_vsnprintf.c:205

    #2 0x55664d728c95 in my_vsnprintf_ex /data/src/10.2/strings/my_vsnprintf.c:626

    #3 0x55664d729c9b in my_vsnprintf /data/src/10.2/strings/my_vsnprintf.c:704

    #4 0x55664d729db5 in my_snprintf /data/src/10.2/strings/my_vsnprintf.c:713

    #5 0x55664c61c653 in mark_unsupported_func /data/src/10.2/sql/item.cc:1495

    #6 0x55664c61c80a in mark_unsupported_function(char const*, void*, unsigned int) /data/src/10.2/sql/item.cc:1510

    #7 0x55664c66aa47 in Item_field::check_vcol_func_processor(void*) /data/src/10.2/sql/item.h:2686

    #8 0x55664be29803 in Item::walk(bool (Item::*)(void*), bool, void*) (/data/bld/10.2-asan/bin/mysqld+0xabb803)

    #9 0x55664bf02546 in Item_args::walk_args(bool (Item::*)(void*), bool, void*) /data/src/10.2/sql/item.h:3937

    #10 0x55664bf03024 in Item_func_or_sum::walk(bool (Item::*)(void*), bool, void*) /data/src/10.2/sql/item.h:4222

    #11 0x55664c5b0576 in check_expression(Virtual_column_info*, char const*, enum_vcol_info_type) /data/src/10.2/sql/field.cc:9874

    #12 0x55664c1eb16e in mysql_prepare_create_table /data/src/10.2/sql/sql_table.cc:4214

    #13 0x55664c1ee19d in mysql_create_frm_image(THD*, char const*, char const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /data/src/10.2/sql/sql_table.cc:4652

    #14 0x55664c1ef701 in create_table_impl /data/src/10.2/sql/sql_table.cc:4898

    #15 0x55664c20a998 in mysql_alter_table(THD*, char*, char*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /data/src/10.2/sql/sql_table.cc:9244

    #16 0x55664c337250 in Sql_cmd_alter_table::execute(THD*) /data/src/10.2/sql/sql_alter.cc:329

    #17 0x55664c000d67 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:6228

    #18 0x55664c00b89d in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:8015

    #19 0x55664bfe628a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1826

    #20 0x55664bfe331f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1379

    #21 0x55664c328dc6 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1335

    #22 0x55664c3287db in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241

    #23 0x55664cd43a4b in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862

    #24 0x7fbbd5687493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

    #25 0x7fbbd3a6d93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

0x62b00003028c is located 0 bytes to the right of 24716-byte region [0x62b00002a200,0x62b00003028c)

allocated by thread T28 here:

    #0 0x7fbbd58f173f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)

    #1 0x55664d661cd7 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118

    #2 0x55664d630f2e in my_malloc /data/src/10.2/mysys/my_malloc.c:101

    #3 0x55664d611573 in reset_root_defaults /data/src/10.2/mysys/my_alloc.c:146

    #4 0x55664bf39437 in THD::init_for_queries() /data/src/10.2/sql/sql_class.cc:1306

    #5 0x55664c328198 in prepare_new_connection_state(THD*) /data/src/10.2/sql/sql_connect.cc:1172

    #6 0x55664c328821 in thd_prepare_connection(THD*) /data/src/10.2/sql/sql_connect.cc:1256

    #7 0x55664c328d9c in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1326

    #8 0x55664c3287db in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241

    #9 0x55664cd43a4b in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1862

    #10 0x7fbbd5687493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)

Thread T27 created by T0 here:

    #0 0x7fbbd58c0bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)

    #1 0x55664cd44013 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912

    #2 0x55664bddfa9e in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239

    #3 0x55664bdf4a3b in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6466

    #4 0x55664bdf5140 in create_new_thread /data/src/10.2/sql/mysqld.cc:6536

    #5 0x55664bdf6157 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6811

    #6 0x55664bdf3f90 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6085

    #7 0x55664bddde3f in main /data/src/10.2/sql/main.cc:25

    #8 0x7fbbd39a52b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

Thread T28 created by T0 here:

    #0 0x7fbbd58c0bba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)

    #1 0x55664cd44013 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1912

    #2 0x55664bddfa9e in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1239

    #3 0x55664bdf4a3b in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6466

    #4 0x55664bdf5140 in create_new_thread /data/src/10.2/sql/mysqld.cc:6536

    #5 0x55664bdf6157 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6811

    #6 0x55664bdf3f90 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6085

    #7 0x55664bddde3f in main /data/src/10.2/sql/main.cc:25

    #8 0x7fbbd39a52b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)

SUMMARY: AddressSanitizer: use-after-poison ??:0 __interceptor_strnlen

Shadow bytes around the buggy address:

  0x0c567fffd4e0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0c567fffd4f0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0c567fffd500: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0c567fffd510: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0c567fffd520: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

=>0x0c567fffd530: f7 f7 f7 f7 f7 f7 f7[f7]f7 f7 f7 f7 f7 f7 f7 f7

  0x0c567fffd540: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0c567fffd550: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0c567fffd560: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0c567fffd570: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

  0x0c567fffd580: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07 

  Heap left redzone:       fa

  Heap right redzone:      fb

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack partial redzone:   f4

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Contiguous container OOB:fc

  ASan internal:           fe

==900==ABORTING

At line 11: query 'ALTER TABLE t1 ADD PRIMARY KEY (a)' failed: 1300: Invalid utf8mb4 character string: '\x8F\x8F\x8F\x8F\x8F\x8F\x8F\x8F\x8F\x8F\x8F\x8F\x8F\x8F\x8F\x8F

--source include/have_innodb.inc

CREATE TABLE t1 (a INT, b SMALLINT) ENGINE=InnoDB;

ALTER TABLE t1 ADD CONSTRAINT CHECK (b < 8);

--error ER_ALTER_OPERATION_NOT_SUPPORTED_REASON

ALTER TABLE t1 MODIFY COLUMN b INT, ALGORITHM=INPLACE;

ALTER TABLE t1 ADD PRIMARY KEY (a);

# Cleanup

--connection default

DROP TABLE t1;

 At line 8: query 'ALTER TABLE t1 ADD PRIMARY KEY (a)' failed: 1054: Unknown column 'tmp_field' in 'CHECK'