Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18270

ASAN heap-use-after-free in Field_long::val_int()

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.2, 10.3, 10.4
    • Fix Version/s: N/A
    • Component/s: Virtual Columns
    • Labels:
      None

      Description

      create table t1 (pk int not null auto_increment, c2 datetime(2) , c1 int , vc2 datetime(6) generated always as (c2) stored, 
          primary key (pk), key c1 (c1,c2,vc2)) engine=myisam;
       
       insert into t1(c1,c2,pk) values (0,'1900-01-01 ',1),(0,'2003-12-28',2),(0,'2003-12-28',3),(1,'1971-12-28 ',4),(0,'2003-12-28',5),(0,null,6),(0,'2003-12-28',7),(0,'2003-12-28',8),(1,'2013-06-07 ',9),(null,'2003-12-28',10),(1,'1900-01-01 ',11),(1,'2003-12-28',12),(0,'1900-01-01 ',13),(0,'1900-01-01 ',14),(1,null,15),(null,'2003-12-28',16),(null,'2003-12-28',17),(1,'2003-12-28',18),(1,'2003-12-28',19),(0,'2003-12-28',20),(0,'2003-12-28',21),(1,'2003-12-28',22),(1,'2003-12-28',23),(1,'2003-12-28',24),(0,'2003-12-28',25),(null,'2003-12-28',26),(0,'2003-12-28',27),(0,null,28),(0,'1900-01-01 ',29),(1,'2003-12-28',30),(1,'1998-02-01 ',31),(0,'2003-12-28',32),(0,'1900-01-01 ',33),(1,'1982-06-01 ',34),(1,null,35),(null,'2003-12-28',36),(0,'2003-12-28',37),(1,null,38),(1,'2003-12-28',39),(0,'1989-07-13 ',40),(1,'2024-02-01 ',41),(1,'2003-12-28',42),(1,'2003-12-28',43),(null,'2003-12-28',44),(0,'2029-09-07 ',45),(0,null,46),(1,'2003-12-28',47),(0,'2003-12-28',48),(0,'2003-12-28',49),(1,'2013-02-14 ',50),(1,'2014-03-27 ',51),(1,null,52),(0,'2003-12-28',53),(0,'2003-12-28',54),(0,'2032-06-26 ',55),(1,'1998-05-18 ',56),(1,'2003-12-28',57),(1,'1900-01-01 ',58),(0,'1900-01-01 ',59),(1,'2003-12-28',60),(0,'2003-12-28',61),(1,'2003-12-28',62),(1,null,63),(0,'1900-01-01 ',64),(1,'2003-12-28',65),(0,'1900-01-01 ',66),(1,'2003-12-28',67),(0,'1997-04-15 ',68),(0,null,69),(0,'2020-12-07 ',70),(1,null,71),(0,'2003-12-28',72),(null,'2003-12-28',73),(1,'2003-12-28',74),(0,'2003-12-28',75),(1,'2003-12-28',76),(1,'2003-12-28',77),(0,'1993-02-13 ',78),(1,'2003-12-28',79),(1,'2003-12-28',80),(0,null,90),(0,'2003-12-28',91),(0,'2003-12-28',92),(1,'2003-12-28',93),(0,'2003-12-28',94),(1,'2003-12-28',95),(0,'1900-01-01 ',96),(null,null,97),(1,'2003-12-28',98),(1,'2003-12-28',99),(1,'2027-12-03 ',100),(0,null,2055),(null,null,2056),(null,null,2057),(1,'2003-12-28',2058),(null,null,2059),(null,null,2060),(0,null,2061),(null,null,2071),(null,null,2072);
      

      10.2 f3e9d9a6e6b2614b

         ==30257==ERROR: AddressSanitizer: heap-use-after-free on address 0x60f0000462e1 at pc 0x55a0a2f26fda bp 0x7f4105b41650 sp 0x7f4105b41640
      READ of size 4 at 0x60f0000462e1 thread T27
          #0 0x55a0a2f26fd9 in Field_long::val_int() /10.2/sql/field.cc:4269
          #1 0x55a0a2974fb1 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /10.2/sql/sql_insert.cc:1196
          #2 0x55a0a29d396a in mysql_execute_command(THD*) /10.2/sql/sql_parse.cc:4436
          #3 0x55a0a29ea694 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.2/sql/sql_parse.cc:8015
          #4 0x55a0a29c5b80 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.2/sql/sql_parse.cc:1826
          #5 0x55a0a29c2d25 in do_command(THD*) /10.2/sql/sql_parse.cc:1379
          #6 0x55a0a2ce9ead in do_handle_one_connection(CONNECT*) /10.2/sql/sql_connect.cc:1335
          #7 0x55a0a2ce98b5 in handle_one_connection /10.2/sql/sql_connect.cc:1241
          #8 0x55a0a3e9371d in pfs_spawn_thread /10.2/storage/perfschema/pfs.cc:1862
          #9 0x7f411d1196b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
          #10 0x7f411c5ae41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              alice Alice Sherepa
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: