Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Cannot Reproduce
-
10.0.37
-
None
Description
marge made between 10.0.36 and 10.0.37 ( acc97298e5605174b6891d6439555069f95089d9 ) makes ASAN complain:
=================================================================
|
==21184==ERROR: AddressSanitizer: use-after-poison on address 0x62100012e3ca at pc 0x7ffff72790ed bp 0x7fffed8a16f0 sp 0x7fffed8a0e98
|
WRITE of size 999 at 0x62100012e3ca thread T5
|
#0 0x7ffff72790ec (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x9a0ec)
|
#1 0x5555563bbe9b in memset /usr/include/x86_64-linux-gnu/bits/string_fortified.h:71
|
#2 0x5555563bbe9b in Field_blob::get_key_image(unsigned char*, unsigned int, Field::imagetype) sql/field.cc:7615
|
#3 0x55555673fe34 in get_mm_leaf sql/opt_range.cc:8568
|
#4 0x555556742451 in get_mm_parts sql/opt_range.cc:8258
|
#5 0x55555675c40d in get_func_mm_tree sql/opt_range.cc:7889
|
#6 0x55555675db73 in get_full_func_mm_tree sql/opt_range.cc:7999
|
#7 0x555556760157 in get_mm_tree sql/opt_range.cc:8200
|
#8 0x55555675e331 in get_mm_tree sql/opt_range.cc:8047
|
#9 0x555556761f7a in calculate_cond_selectivity_for_table(THD*, TABLE*, Item*) sql/opt_range.cc:3669
|
#10 0x555555fd1a6d in make_join_statistics sql/sql_select.cc:4002
|
#11 0x555555feb92b in JOIN::optimize_inner() sql/sql_select.cc:1372
|
#12 0x555555ff8947 in JOIN::optimize() sql/sql_select.cc:1041
|
#13 0x555555ffa9a9 in mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) sql/sql_select.cc:3334
|
#14 0x555555ffb4b5 in handle_select(THD*, LEX*, select_result*, unsigned long) sql/sql_select.cc:365
|
#15 0x555555e9c782 in execute_sqlcom_select sql/sql_parse.cc:5308
|
#16 0x555555eb7305 in mysql_execute_command(THD*) sql/sql_parse.cc:2558
|
#17 0x555555ed5253 in mysql_parse(THD*, char*, unsigned int, Parser_state*) sql/sql_parse.cc:6644
|
#18 0x555555ed956f in dispatch_command(enum_server_command, THD*, char*, unsigned int) sql/sql_parse.cc:1301
|
#19 0x555555ede67e in do_command(THD*) sql/sql_parse.cc:1003
|
#20 0x5555561f3045 in do_handle_one_connection(THD*) sql/sql_connect.cc:1377
|
#21 0x5555561f33b9 in handle_one_connection sql/sql_connect.cc:1292
|
#22 0x555556c080eb in pfs_spawn_thread storage/perfschema/pfs.cc:1861
|
#23 0x7ffff6833163 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x8163)
|
#24 0x7ffff6444dee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11adee)
|
|
0x62100012e54c is located 0 bytes to the right of 4172-byte region [0x62100012d500,0x62100012e54c)
|
allocated by thread T5 here:
|
#0 0x7ffff72ccf30 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xedf30)
|
#1 0x5555572e26fd in sf_malloc mysys/safemalloc.c:115
|
#2 0x5555574267da (/home/sanja/maria/git/server/sql/mysqld+0x1ed27da)
|
|
Thread T5 created by T0 here:
|
#0 0x7ffff7229e5f in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x4ae5f)
|
#1 0x555556c149d5 in spawn_thread_v1 storage/perfschema/pfs.cc:1911
|
|
SUMMARY: AddressSanitizer: use-after-poison (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x9a0ec)
|
Shadow bytes around the buggy address:
|
0x0c428001dc20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c428001dc30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c428001dc40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c428001dc50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c428001dc60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x0c428001dc70: 00 00 00 00 00 00 00 00 00[02]f7 f7 f7 f7 f7 f7
|
0x0c428001dc80: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c428001dc90: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c428001dca0: f7 f7 f7 f7 f7 f7 f7 f7 f7 04 fa fa fa fa fa fa
|
0x0c428001dcb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c428001dcc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
#5 0x00007ffff727910f in ?? () from /usr/lib/x86_64-linux-gnu/libasan.so.5
|
#6 0x00005555563bbe9c in memset (__len=999, __ch=0, __dest=0x62100012dfe4) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:71
|
#7 Field_blob::get_key_image (this=0x6190001ded38, buff=0x62100012dfe1 '\245' <repeats 200 times>..., length=1000, type_arg=<optimized out>) at sql/field.cc:7615
|
#8 0x000055555673fe35 in get_mm_leaf (param=param@entry=0x7fffed8a2cf0, conf_func=conf_func@entry=0x6250000b7360, field=0x6190001ded38, key_part=key_part@entry=0x62100012d588, type=<optimized out>, type@entry=Item_func::GT_FUNC, value=value@entry=0x6250000b72c0) at sql/opt_range.cc:8568
|
#9 0x0000555556742452 in get_mm_parts (param=param@entry=0x7fffed8a2cf0, cond_func=cond_func@entry=0x6250000b7360, field=field@entry=0x6190001ded38, type=<optimized out>, value=value@entry=0x6250000b72c0, cmp_type=cmp_type@entry=STRING_RESULT) at sql/opt_range.cc:8258
|
#10 0x000055555675c40e in get_func_mm_tree (param=param@entry=0x7fffed8a2cf0, cond_func=cond_func@entry=0x6250000b7360, field=field@entry=0x6190001ded38, value=value@entry=0x6250000b72c0, cmp_type=cmp_type@entry=STRING_RESULT, inv=inv@entry=false) at sql/opt_range.cc:7889
|
#11 0x000055555675db74 in get_full_func_mm_tree (param=param@entry=0x7fffed8a2cf0, cond_func=cond_func@entry=0x6250000b7360, field_item=field_item@entry=0x6250000b71b0, value=value@entry=0x6250000b72c0, inv=inv@entry=false) at sql/opt_range.cc:7999
|
#12 0x0000555556760158 in get_mm_tree (param=param@entry=0x7fffed8a2cf0, cond=0x6250000b7360) at sql/opt_range.cc:8200
|
#13 0x000055555675e332 in get_mm_tree (param=param@entry=0x7fffed8a2cf0, cond=cond@entry=0x6250000b77f8) at sql/opt_range.cc:8047
|
#14 0x0000555556761f7b in calculate_cond_selectivity_for_table (thd=<optimized out>, table=0x61e0000fa8f0, cond=<optimized out>) at sql/opt_range.cc:3669
|
#15 0x0000555555fd1a6e in make_join_statistics (join=join@entry=0x6250000b7a08, tables_list=..., conds=0x6250000b77f8, keyuse_array=keyuse_array@entry=0x6250000b7d30) at sql/sql_select.cc:4002
|
#16 0x0000555555feb92c in JOIN::optimize_inner (this=this@entry=0x6250000b7a08) at sql/sql_select.cc:1372
|
#17 0x0000555555ff8948 in JOIN::optimize (this=this@entry=0x6250000b7a08) at sql/sql_select.cc:1041
|
#18 0x0000555555ffa9aa in mysql_select (thd=thd@entry=0x62a000066270, rref_pointer_array=rref_pointer_array@entry=0x62a00006a5a0, tables=<optimized out>, wild_num=<optimized out>, fields=..., conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=<optimized out>, having=<optimized out>, proc_param=<optimized out>, select_options=<optimized out>, result=<optimized out>, unit=<optimized out>, select_lex=<optimized out>) at sql/sql_select.cc:3334
|
#19 0x0000555555ffb4b6 in handle_select (thd=thd@entry=0x62a000066270, lex=lex@entry=0x62a000069b40, result=result@entry=0x6250000b79e8, setup_tables_done_option=setup_tables_done_option@entry=0) at sql/sql_select.cc:365
|
#20 0x0000555555e9c783 in execute_sqlcom_select (thd=thd@entry=0x62a000066270, all_tables=<optimized out>) at sql/sql_parse.cc:5308
|
#21 0x0000555555eb7306 in mysql_execute_command (thd=thd@entry=0x62a000066270) at sql/sql_parse.cc:2558
|
#22 0x0000555555ed5254 in mysql_parse (thd=thd@entry=0x62a000066270, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7fffed8a7f10) at sql/sql_parse.cc:6644
|
#23 0x0000555555ed9570 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x62a000066270, packet=packet@entry=0x629000041271 "select * from t2 where col1 > 'b' and col1 < 'd'", packet_length=packet_length@entry=48) at sql/sql_class.h:972
|
#24 0x0000555555ede67f in do_command (thd=0x62a000066270) at sql/sql_parse.cc:1003
|
Attachments
Issue Links
- relates to
-
MDEV-18300 ASAN error in Field_blob::get_key_image upon UPDATE with subquery
- Closed