Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18770

AddressSanitizer: memcpy-param-overlap in my_strnxfrm_8bit_bin

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 5.5(EOL), 10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL), 11.3(EOL), 11.4
    • 10.5, 10.6, 10.11, 11.4
    • Server

    Description

      Note: might be closely related to, or even a duplicate of, MDEV-17299.

      CREATE TABLE t1 (a INT, b DATE);
      		 
      INSERT INTO t1 VALUES (2, '2012-07-20'),(3, '2031-07-20');
      		 
      SELECT GROUP_CONCAT('foo') AS f FROM t1 GROUP BY BINARY ( SUBSTR( b FROM a ) );
      		 
       
      		 
      # Cleanup
      		 
      DROP TABLE t1;

      10.1 243f829c ASAN

      		 
      ==11266==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x61500002e7d1,0x61500002e7da) and [0x61500002e7d2, 0x61500002e7db) overlap
      		 
          #0 0x7fcca66c891f (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x2e91f)
      		 
          #1 0x559a4f6427a9 in my_strnxfrm_8bit_bin /data/src/10.1/strings/ctype-bin.c:422
      		 
          #2 0x559a4e7c120a in make_sortkey /data/src/10.1/sql/filesort.cc:1055
      		 
          #3 0x559a4e7c5b4f in find_all_keys /data/src/10.1/sql/filesort.cc:840
      		 
          #4 0x559a4e7c5b4f in filesort(THD*, TABLE*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*, unsigned long long*, Filesort_tracker*) /data/src/10.1/sql/filesort.cc:301
      		 
          #5 0x559a4e3a9d35 in create_sort_index /data/src/10.1/sql/sql_select.cc:21677
      		 
          #6 0x559a4e3d06f8 in JOIN::exec_inner() /data/src/10.1/sql/sql_select.cc:3245
      		 
          #7 0x559a4e3d1e54 in JOIN::exec() /data/src/10.1/sql/sql_select.cc:2562
      		 
          #8 0x559a4e3c66a7 in mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.1/sql/sql_select.cc:3499
      		 
          #9 0x559a4e3c6e95 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.1/sql/sql_select.cc:388
      		 
          #10 0x559a4e296077 in execute_sqlcom_select /data/src/10.1/sql/sql_parse.cc:5950
      		 
          #11 0x559a4e2b0287 in mysql_execute_command(THD*) /data/src/10.1/sql/sql_parse.cc:2995
      		 
          #12 0x559a4e2c8498 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.1/sql/sql_parse.cc:7468
      		 
          #13 0x559a4e2cf27c in dispatch_command(enum_server_command, THD*, char*, unsigned int) /data/src/10.1/sql/sql_parse.cc:1496
      		 
          #14 0x559a4e2d5a08 in do_command(THD*) /data/src/10.1/sql/sql_parse.cc:1124
      		 
          #15 0x559a4e57dedd in do_handle_one_connection(THD*) /data/src/10.1/sql/sql_connect.cc:1330
      		 
          #16 0x559a4e57e3ee in handle_one_connection /data/src/10.1/sql/sql_connect.cc:1242
      		 
          #17 0x559a4ee4dd26 in pfs_spawn_thread /data/src/10.1/storage/perfschema/pfs.cc:1861
      		 
          #18 0x7fcca6484493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
      		 
          #19 0x7fcca483d93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
      		 
       
      		 
      0x61500002e7d1 is located 209 bytes inside of 452-byte region [0x61500002e700,0x61500002e8c4)
      		 
      allocated by thread T6 here:
      		 
          #0 0x7fcca66ee73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
      		 
          #1 0x559a4f61a484 in sf_malloc /data/src/10.1/mysys/safemalloc.c:115
      		 
          #2 0x559a4f712eda (/data/bld/10.1-asan/bin/mysqld+0x1d9feda)
      		 
       
      		 
      Thread T6 created by T0 here:
      		 
          #0 0x7fcca66bdbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
      		 
          #1 0x559a4ee5957d in spawn_thread_v1 /data/src/10.1/storage/perfschema/pfs.cc:1911
      		 
       
      		 
      0x61500002e7d2 is located 210 bytes inside of 452-byte region [0x61500002e700,0x61500002e8c4)
      		 
      allocated by thread T6 here:
      		 
          #0 0x7fcca66ee73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
      		 
          #1 0x559a4f61a484 in sf_malloc /data/src/10.1/mysys/safemalloc.c:115
      		 
          #2 0x559a4f712eda (/data/bld/10.1-asan/bin/mysqld+0x1d9feda)
      		 
       
      		 
      SUMMARY: AddressSanitizer: memcpy-param-overlap ??:0 ??
      		 
      ==11266==ABORTING

      Reproducible with at least MyISAM and InnoDB.
      No obvious problems on non-ASAN builds.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28686 Assertion `0' in Type_handler_string_result::make_sort_key or unexpected result

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-17299 Assertion `maybe_null' failed in make_sortkey

          • Major - Major loss of function.
          • Closed

          Activity

            People

              bar Alexander Barkov
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.