Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18303

AddressSanitizer: heap-use-after-free in Field::eq

    XMLWordPrintable

Details

    Description

      set session optimizer_switch ='orderby_uses_equalities=on';
      		 
       
      		 
      create table t1 (v1 varchar(1)) ;
      		 
      insert into t1 values ('x'),('g'),('o'),('g'),('v'),('m'),('x'),('c'),('z'),('i');
      		 
       
      		 
      create table t2 (v1 varchar(1)) ;
      		 
       
      		 
      create table t3 (v1 varchar(1));
      		 
      insert into t3 values ('v'),('k'),('s'),('y'),('g'),('j'),('g'),('e'),('v'),('p');
      		 
       
      		 
      select t2.v1 as f1
      		 
      from t1 straight_join t2 on (t2.v1=t1.v1) where t2.v1 in (select min(t1.v1) from t3,t1)
      		 
      order by f1;
      		 
       
      		 
      drop table t1,t2,t3;

      10.1 1d72db45a880d07fec5eda

      		 
       AddressSanitizer: heap-use-after-free on address 0x6190000a5610 at pc 0x55fac577ad8f bp 0x7f60487ce830 sp 0x7f60487ce820
      		 
      READ of size 8 at 0x6190000a5610 thread T23
      		 
          #0 0x55fac577ad8e in Field::eq(Field*) /10.1/sql/field.h:781
      		 
          #1 0x55fac58541b9 in Item_equal::contains(Field*) /10.1/sql/item_cmpfunc.cc:6392
      		 
          #2 0x55fac53c4aa8 in compute_part_of_sort_key_for_equals(JOIN*, TABLE*, Item_field*, Bitmap<64u>*) /10.1/sql/sql_select.cc:20963
      		 
          #3 0x55fac53c5031 in test_if_skip_sort_order /10.1/sql/sql_select.cc:21064
      		 
          #4 0x55fac53e5a51 in create_sort_index /10.1/sql/sql_select.cc:21610
      		 
          #5 0x55fac5409f5b in JOIN::exec_inner() /10.1/sql/sql_select.cc:3240
      		 
          #6 0x55fac540b4b5 in JOIN::exec() /10.1/sql/sql_select.cc:2562
      		 
          #7 0x55fac540090c in mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /10.1/sql/sql_select.cc:3499
      		 
          #8 0x55fac54010d6 in handle_select(THD*, LEX*, select_result*, unsigned long) /10.1/sql/sql_select.cc:388
      		 
          #9 0x55fac52e21f8 in execute_sqlcom_select /10.1/sql/sql_parse.cc:5950
      		 
          #10 0x55fac52fab86 in mysql_execute_command(THD*) /10.1/sql/sql_parse.cc:2995
      		 
          #11 0x55fac53121e2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /10.1/sql/sql_parse.cc:7468
      		 
          #12 0x55fac5318753 in dispatch_command(enum_server_command, THD*, char*, unsigned int) /10.1/sql/sql_parse.cc:1496
      		 
          #13 0x55fac531ed56 in do_command(THD*) /10.1/sql/sql_parse.cc:1124
      		 
          #14 0x55fac5595a11 in do_handle_one_connection(THD*) /10.1/sql/sql_connect.cc:1330
      		 
          #15 0x55fac5595efd in handle_one_connection /10.1/sql/sql_connect.cc:1242
      		 
          #16 0x55fac63bf791 in pfs_spawn_thread /10.1/storage/perfschema/pfs.cc:1861
      		 
          #17 0x7f605d9806b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
      		 
          #18 0x7f605d02b41c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)

      Reproducible with Innodb and MyIsam. Reproducible only on 10.1 with the current test

      Attachments

        Activity

          People

            psergei Sergei Petrunia
            alice Alice Sherepa
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.