[MDEV-18770] AddressSanitizer: memcpy-param-overlap in my_strnxfrm_8bit_bin - Jira

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 5.5(EOL), 10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL), 11.3(EOL), 11.4
Fix Version/s: 10.5, 10.6, 10.11, 11.4
Component/s: Server
Labels:
- ASAN

Description

Note: might be closely related to, or even a duplicate of, ~~MDEV-17299~~.

CREATE TABLE t1 (a INT, b DATE);

INSERT INTO t1 VALUES (2, '2012-07-20'),(3, '2031-07-20');

SELECT GROUP_CONCAT('foo') AS f FROM t1 GROUP BY BINARY ( SUBSTR( b FROM a ) );

# Cleanup

DROP TABLE t1;

10.1 243f829c ASAN
==11266==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x61500002e7d1,0x61500002e7da) and [0x61500002e7d2, 0x61500002e7db) overlap
#0 0x7fcca66c891f (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x2e91f)
#1 0x559a4f6427a9 in my_strnxfrm_8bit_bin /data/src/10.1/strings/ctype-bin.c:422
#2 0x559a4e7c120a in make_sortkey /data/src/10.1/sql/filesort.cc:1055
#3 0x559a4e7c5b4f in find_all_keys /data/src/10.1/sql/filesort.cc:840
#4 0x559a4e7c5b4f in filesort(THD, TABLE, st_sort_field, unsigned int, SQL_SELECT, unsigned long long, bool, unsigned long long, unsigned long long, Filesort_tracker*) /data/src/10.1/sql/filesort.cc:301
#5 0x559a4e3a9d35 in create_sort_index /data/src/10.1/sql/sql_select.cc:21677
#6 0x559a4e3d06f8 in JOIN::exec_inner() /data/src/10.1/sql/sql_select.cc:3245
#7 0x559a4e3d1e54 in JOIN::exec() /data/src/10.1/sql/sql_select.cc:2562
#8 0x559a4e3c66a7 in mysql_select(THD, Item*, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.1/sql/sql_select.cc:3499
#9 0x559a4e3c6e95 in handle_select(THD, LEX, select_result*, unsigned long) /data/src/10.1/sql/sql_select.cc:388
#10 0x559a4e296077 in execute_sqlcom_select /data/src/10.1/sql/sql_parse.cc:5950
#11 0x559a4e2b0287 in mysql_execute_command(THD*) /data/src/10.1/sql/sql_parse.cc:2995
#12 0x559a4e2c8498 in mysql_parse(THD, char, unsigned int, Parser_state*) /data/src/10.1/sql/sql_parse.cc:7468
#13 0x559a4e2cf27c in dispatch_command(enum_server_command, THD, char, unsigned int) /data/src/10.1/sql/sql_parse.cc:1496
#14 0x559a4e2d5a08 in do_command(THD*) /data/src/10.1/sql/sql_parse.cc:1124
#15 0x559a4e57dedd in do_handle_one_connection(THD*) /data/src/10.1/sql/sql_connect.cc:1330
#16 0x559a4e57e3ee in handle_one_connection /data/src/10.1/sql/sql_connect.cc:1242
#17 0x559a4ee4dd26 in pfs_spawn_thread /data/src/10.1/storage/perfschema/pfs.cc:1861
#18 0x7fcca6484493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
#19 0x7fcca483d93e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)

0x61500002e7d1 is located 209 bytes inside of 452-byte region [0x61500002e700,0x61500002e8c4)
allocated by thread T6 here:
#0 0x7fcca66ee73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
#1 0x559a4f61a484 in sf_malloc /data/src/10.1/mysys/safemalloc.c:115
#2 0x559a4f712eda (/data/bld/10.1-asan/bin/mysqld+0x1d9feda)

Thread T6 created by T0 here:
#0 0x7fcca66bdbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
#1 0x559a4ee5957d in spawn_thread_v1 /data/src/10.1/storage/perfschema/pfs.cc:1911

0x61500002e7d2 is located 210 bytes inside of 452-byte region [0x61500002e700,0x61500002e8c4)
allocated by thread T6 here:
#0 0x7fcca66ee73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
#1 0x559a4f61a484 in sf_malloc /data/src/10.1/mysys/safemalloc.c:115
#2 0x559a4f712eda (/data/bld/10.1-asan/bin/mysqld+0x1d9feda)

SUMMARY: AddressSanitizer: memcpy-param-overlap ??:0 ??
==11266==ABORTING

Reproducible with at least MyISAM and InnoDB.
No obvious problems on non-ASAN builds.

Attachments

Issue Links

relates to

MDEV-28686 Assertion `0' in Type_handler_string_result::make_sort_key or unexpected result

Closed

MDEV-35621 UBSAN: runtime error: applying zero offset to null pointer in my_strnxfrm_utf8mb3_general_ci, my_uca_scanner_init_any and my_uca_scanner_next_utf8mb3 and in _utf8mb4 functions, and null pointer passed as argument 2, which is declared to never be null

Confirmed

MDEV-17299 Assertion `maybe_null' failed in make_sortkey

Closed

Activity

Ascending order - Click to sort in descending order

Alice Sherepa added a comment - 2020-04-03 14:37

adding just to make it searchable:

10.5 4197014ba0ba8cb895f3b49b
#0 0x7fb5eb74d105 (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3f105)
#1 0x55a5943e4c17 in my_strnxfrm_8bit_bin /10.5/strings/ctype-bin.c:403
#2 0x55a592df2730 in charset_info_st::strnxfrm(unsigned char, unsigned long, unsigned char const, unsigned long) const /10.5/include/m_ctype.h:796
#3 0x55a592e1530f in Type_handler_string_result::make_sort_key_part(unsigned char, Item, SORT_FIELD_ATTR const, Sort_param) const /10.5/sql/filesort.cc:1159
#4 0x55a592e2244b in make_sortkey /10.5/sql/filesort.cc:3005
#5 0x55a592e16c08 in make_sortkey /10.5/sql/filesort.cc:1340
#6 0x55a592e13c72 in find_all_keys /10.5/sql/filesort.cc:954
#7 0x55a592e0f677 in filesort(THD, TABLE, Filesort, Filesort_tracker, JOIN*, unsigned long long) /10.5/sql/filesort.cc:356
#8 0x55a5927cab01 in create_sort_index(THD, JOIN, st_join_table, Filesort) /10.5/sql/sql_select.cc:23858
#9 0x55a5927b95a4 in st_join_table::sort_table() /10.5/sql/sql_select.cc:21587
#10 0x55a5927b8aad in join_init_read_record(st_join_table*) /10.5/sql/sql_select.cc:21526
#11 0x55a5927b2323 in sub_select(JOIN, st_join_table, bool) /10.5/sql/sql_select.cc:20600
#12 0x55a5927b056c in do_select /10.5/sql/sql_select.cc:20137
#13 0x55a59273e765 in JOIN::exec_inner() /10.5/sql/sql_select.cc:4463
#14 0x55a59273bdb7 in JOIN::exec() /10.5/sql/sql_select.cc:4244
#15 0x55a59273fccc in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /10.5/sql/sql_select.cc:4668
#16 0x55a59271200f in handle_select(THD, LEX, select_result*, unsigned long) /10.5/sql/sql_select.cc:417
#17 0x55a5929135e4 in Sql_cmd_create_table_like::execute(THD*) /10.5/sql/sql_table.cc:11771
#18 0x55a592681bd4 in mysql_execute_command(THD*) /10.5/sql/sql_parse.cc:5908
#19 0x55a59268f3aa in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /10.5/sql/sql_parse.cc:7953
#20 0x55a592665198 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /10.5/sql/sql_parse.cc:1839
#21 0x55a592661bcd in do_command(THD*) /10.5/sql/sql_parse.cc:1358
#22 0x55a592a7fa98 in do_handle_one_connection(CONNECT*, bool) /10.5/sql/sql_connect.cc:1422
#23 0x55a592a7f333 in handle_one_connection /10.5/sql/sql_connect.cc:1319
#24 0x55a59371d779 in pfs_spawn_thread /10.5/storage/perfschema/pfs.cc:2201
#25 0x7fb5eb6f4fa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486
#26 0x7fb5ead254ce in clone (/lib/x86_64-linux-gnu/libc.so.6+0xf94ce)

Alice Sherepa added a comment - 2020-04-03 14:37 adding just to make it searchable: 10.5 4197014ba0ba8cb895f3b49b #0 0x7fb5eb74d105 (/usr/lib/x86_64-linux-gnu/libasan.so.5+0x3f105) #1 0x55a5943e4c17 in my_strnxfrm_8bit_bin /10.5/strings/ctype-bin.c:403 #2 0x55a592df2730 in charset_info_st::strnxfrm(unsigned char*, unsigned long, unsigned char const*, unsigned long) const /10.5/include/m_ctype.h:796 #3 0x55a592e1530f in Type_handler_string_result::make_sort_key_part(unsigned char*, Item*, SORT_FIELD_ATTR const*, Sort_param*) const /10.5/sql/filesort.cc:1159 #4 0x55a592e2244b in make_sortkey /10.5/sql/filesort.cc:3005 #5 0x55a592e16c08 in make_sortkey /10.5/sql/filesort.cc:1340 #6 0x55a592e13c72 in find_all_keys /10.5/sql/filesort.cc:954 #7 0x55a592e0f677 in filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) /10.5/sql/filesort.cc:356 #8 0x55a5927cab01 in create_sort_index(THD*, JOIN*, st_join_table*, Filesort*) /10.5/sql/sql_select.cc:23858 #9 0x55a5927b95a4 in st_join_table::sort_table() /10.5/sql/sql_select.cc:21587 #10 0x55a5927b8aad in join_init_read_record(st_join_table*) /10.5/sql/sql_select.cc:21526 #11 0x55a5927b2323 in sub_select(JOIN*, st_join_table*, bool) /10.5/sql/sql_select.cc:20600 #12 0x55a5927b056c in do_select /10.5/sql/sql_select.cc:20137 #13 0x55a59273e765 in JOIN::exec_inner() /10.5/sql/sql_select.cc:4463 #14 0x55a59273bdb7 in JOIN::exec() /10.5/sql/sql_select.cc:4244 #15 0x55a59273fccc in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /10.5/sql/sql_select.cc:4668 #16 0x55a59271200f in handle_select(THD*, LEX*, select_result*, unsigned long) /10.5/sql/sql_select.cc:417 #17 0x55a5929135e4 in Sql_cmd_create_table_like::execute(THD*) /10.5/sql/sql_table.cc:11771 #18 0x55a592681bd4 in mysql_execute_command(THD*) /10.5/sql/sql_parse.cc:5908 #19 0x55a59268f3aa in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.5/sql/sql_parse.cc:7953 #20 0x55a592665198 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.5/sql/sql_parse.cc:1839 #21 0x55a592661bcd in do_command(THD*) /10.5/sql/sql_parse.cc:1358 #22 0x55a592a7fa98 in do_handle_one_connection(CONNECT*, bool) /10.5/sql/sql_connect.cc:1422 #23 0x55a592a7f333 in handle_one_connection /10.5/sql/sql_connect.cc:1319 #24 0x55a59371d779 in pfs_spawn_thread /10.5/storage/perfschema/pfs.cc:2201 #25 0x7fb5eb6f4fa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486 #26 0x7fb5ead254ce in clone (/lib/x86_64-linux-gnu/libc.so.6+0xf94ce)

Elena Stepanova added a comment - 2020-04-10 21:03

And another one, I guess same family (at least I don't see a point chasing it separately until this issue has been fixed):

10.5 6cf8f05f
#7 0x00007fc793a3efe0 in __memset_sse2 () from /lib64/libc.so.6
#8 0x000055f36c11e712 in my_fill_8bit (cs=0x55f36cecccc0 <my_charset_bin>, s=0x7fc618022e42 "", l=4294967295, fill=0) at /home/elenst/src/10.5/strings/ctype-simple.c:1117
#9 0x000055f36b78ba03 in charset_info_st::fill (this=0x55f36cecccc0 <my_charset_bin>, to=0x7fc618022e42 "", len=4294967295, ch=0) at /home/elenst/src/10.5/include/m_ctype.h:670
#10 0x000055f36b799ccc in Type_handler_string_result::make_sort_key_part (this=0x55f36d0bce20 <type_handler_long_blob>, to=0x7fc618022e42 "", item=0x7fc6180b15b8, sort_field=0x7fc6180b2a78, param=0x7fc79009df00) at /home/elenst/src/10.5/sql/filesort.cc:1161
#11 0x000055f36b79ebef in make_sortkey (param=0x7fc79009df00, to=0x7fc618022e41 "\001") at /home/elenst/src/10.5/sql/filesort.cc:3007
#12 0x000055f36b79a685 in make_sortkey (param=0x7fc79009df00, to=0x7fc618022e38 "\001o^\215\324\253", ref_pos=0x7fc61805c570 "", using_packed_sortkeys=false) at /home/elenst/src/10.5/sql/filesort.cc:1340
#13 0x000055f36b799311 in find_all_keys (thd=0x7fc618000b18, param=0x7fc79009df00, select=0x0, fs_info=0x7fc6180bab50, buffpek_pointers=0x7fc79009e110, tempfile=0x7fc79009dfa0, pq=0x0, found_rows=0x7fc6180bad40) at /home/elenst/src/10.5/sql/filesort.cc:955
#14 0x000055f36b797308 in filesort (thd=0x7fc618000b18, table=0x7fc61805a9c0, filesort=0x7fc6180b2270, tracker=0x7fc6180b2420, join=0x7fc6180152f8, first_table_bit=1) at /home/elenst/src/10.5/sql/filesort.cc:361
#15 0x000055f36b4d1e2f in create_sort_index (thd=0x7fc618000b18, join=0x7fc6180152f8, tab=0x7fc618017a80, fsort=0x7fc6180b2270) at /home/elenst/src/10.5/sql/sql_select.cc:23860
#16 0x000055f36b4cbe96 in st_join_table::sort_table (this=0x7fc618017a80) at /home/elenst/src/10.5/sql/sql_select.cc:21589
#17 0x000055f36b4cba64 in join_init_read_record (tab=0x7fc618017a80) at /home/elenst/src/10.5/sql/sql_select.cc:21528
#18 0x000055f36b4e0760 in AGGR_OP::end_send (this=0x7fc6180184e0) at /home/elenst/src/10.5/sql/sql_select.cc:28882
#19 0x000055f36b4c92be in sub_select_postjoin_aggr (join=0x7fc6180152f8, join_tab=0x7fc618017a80, end_of_records=true) at /home/elenst/src/10.5/sql/sql_select.cc:20315
#20 0x000055f36b4c9623 in sub_select (join=0x7fc6180152f8, join_tab=0x7fc6180176d8, end_of_records=true) at /home/elenst/src/10.5/sql/sql_select.cc:20550
#21 0x000055f36b4c8d4f in do_select (join=0x7fc6180152f8, procedure=0x0) at /home/elenst/src/10.5/sql/sql_select.cc:20141
#22 0x000055f36b49c4f6 in JOIN::exec_inner (this=0x7fc6180152f8) at /home/elenst/src/10.5/sql/sql_select.cc:4463
#23 0x000055f36b49b625 in JOIN::exec (this=0x7fc6180152f8) at /home/elenst/src/10.5/sql/sql_select.cc:4244
#24 0x000055f36b49cd7f in mysql_select (thd=0x7fc618000b18, tables=0x7fc6180136a0, fields=..., conds=0x7fc618013eb0, og_num=2, order=0x0, group=0x7fc618014050, having=0x0, proc_param=0x0, select_options=2214857472, result=0x7fc6180152d0, unit=0x7fc618004b20, select_lex=0x7fc618012958) at /home/elenst/src/10.5/sql/sql_select.cc:4668
#25 0x000055f36b48c84b in handle_select (thd=0x7fc618000b18, lex=0x7fc618004a58, result=0x7fc6180152d0, setup_tables_done_option=0) at /home/elenst/src/10.5/sql/sql_select.cc:429
#26 0x000055f36b4518df in execute_sqlcom_select (thd=0x7fc618000b18, all_tables=0x7fc6180136a0) at /home/elenst/src/10.5/sql/sql_parse.cc:6168
#27 0x000055f36b44858c in mysql_execute_command (thd=0x7fc618000b18) at /home/elenst/src/10.5/sql/sql_parse.cc:3901
#28 0x000055f36b456864 in mysql_parse (thd=0x7fc618000b18, rawbuf=0x7fc618012580 "SELECT /* QNO 495 CON_ID 17 */ BIT_OR( ( IFNULL( ( IS_FREE_LOCK( 'will' ) ), ( BINARY -29111 ) ) ) ) AS field1 FROM `t8` WHERE COERCIBILITY( -5379831229870768128 ) GROUP BY UUID_SHORT(), DES_ENCRYPT( "..., length=441, parser_state=0x7fc79009f520, is_com_multi=false, is_next_command=false) at /home/elenst/src/10.5/sql/sql_parse.cc:7953
#29 0x000055f36b442212 in dispatch_command (command=COM_QUERY, thd=0x7fc618000b18, packet=0x7fc618008929 "", packet_length=442, is_com_multi=false, is_next_command=false) at /home/elenst/src/10.5/sql/sql_parse.cc:1840
#30 0x000055f36b44088e in do_command (thd=0x7fc618000b18) at /home/elenst/src/10.5/sql/sql_parse.cc:1359
#31 0x000055f36b5e6aa5 in do_handle_one_connection (connect=0x55f37d88f248, put_in_cache=true) at /home/elenst/src/10.5/sql/sql_connect.cc:1422
#32 0x000055f36b5e67be in handle_one_connection (arg=0x55f37d88f248) at /home/elenst/src/10.5/sql/sql_connect.cc:1319
#33 0x000055f36bb243c6 in pfs_spawn_thread (arg=0x55f37d77f798) at /home/elenst/src/10.5/storage/perfschema/pfs.cc:2201
#34 0x00007fc79501cdd5 in start_thread () from /lib64/libpthread.so.0
#35 0x00007fc793aadead in clone () from /lib64/libc.so.6

Elena Stepanova added a comment - 2020-04-10 21:03 And another one, I guess same family (at least I don't see a point chasing it separately until this issue has been fixed): 10.5 6cf8f05f #7 0x00007fc793a3efe0 in __memset_sse2 () from /lib64/libc.so.6 #8 0x000055f36c11e712 in my_fill_8bit (cs=0x55f36cecccc0 <my_charset_bin>, s=0x7fc618022e42 "", l=4294967295, fill=0) at /home/elenst/src/10.5/strings/ctype-simple.c:1117 #9 0x000055f36b78ba03 in charset_info_st::fill (this=0x55f36cecccc0 <my_charset_bin>, to=0x7fc618022e42 "", len=4294967295, ch=0) at /home/elenst/src/10.5/include/m_ctype.h:670 #10 0x000055f36b799ccc in Type_handler_string_result::make_sort_key_part (this=0x55f36d0bce20 <type_handler_long_blob>, to=0x7fc618022e42 "", item=0x7fc6180b15b8, sort_field=0x7fc6180b2a78, param=0x7fc79009df00) at /home/elenst/src/10.5/sql/filesort.cc:1161 #11 0x000055f36b79ebef in make_sortkey (param=0x7fc79009df00, to=0x7fc618022e41 "\001") at /home/elenst/src/10.5/sql/filesort.cc:3007 #12 0x000055f36b79a685 in make_sortkey (param=0x7fc79009df00, to=0x7fc618022e38 "\001o^\215\324\253", ref_pos=0x7fc61805c570 "", using_packed_sortkeys=false) at /home/elenst/src/10.5/sql/filesort.cc:1340 #13 0x000055f36b799311 in find_all_keys (thd=0x7fc618000b18, param=0x7fc79009df00, select=0x0, fs_info=0x7fc6180bab50, buffpek_pointers=0x7fc79009e110, tempfile=0x7fc79009dfa0, pq=0x0, found_rows=0x7fc6180bad40) at /home/elenst/src/10.5/sql/filesort.cc:955 #14 0x000055f36b797308 in filesort (thd=0x7fc618000b18, table=0x7fc61805a9c0, filesort=0x7fc6180b2270, tracker=0x7fc6180b2420, join=0x7fc6180152f8, first_table_bit=1) at /home/elenst/src/10.5/sql/filesort.cc:361 #15 0x000055f36b4d1e2f in create_sort_index (thd=0x7fc618000b18, join=0x7fc6180152f8, tab=0x7fc618017a80, fsort=0x7fc6180b2270) at /home/elenst/src/10.5/sql/sql_select.cc:23860 #16 0x000055f36b4cbe96 in st_join_table::sort_table (this=0x7fc618017a80) at /home/elenst/src/10.5/sql/sql_select.cc:21589 #17 0x000055f36b4cba64 in join_init_read_record (tab=0x7fc618017a80) at /home/elenst/src/10.5/sql/sql_select.cc:21528 #18 0x000055f36b4e0760 in AGGR_OP::end_send (this=0x7fc6180184e0) at /home/elenst/src/10.5/sql/sql_select.cc:28882 #19 0x000055f36b4c92be in sub_select_postjoin_aggr (join=0x7fc6180152f8, join_tab=0x7fc618017a80, end_of_records=true) at /home/elenst/src/10.5/sql/sql_select.cc:20315 #20 0x000055f36b4c9623 in sub_select (join=0x7fc6180152f8, join_tab=0x7fc6180176d8, end_of_records=true) at /home/elenst/src/10.5/sql/sql_select.cc:20550 #21 0x000055f36b4c8d4f in do_select (join=0x7fc6180152f8, procedure=0x0) at /home/elenst/src/10.5/sql/sql_select.cc:20141 #22 0x000055f36b49c4f6 in JOIN::exec_inner (this=0x7fc6180152f8) at /home/elenst/src/10.5/sql/sql_select.cc:4463 #23 0x000055f36b49b625 in JOIN::exec (this=0x7fc6180152f8) at /home/elenst/src/10.5/sql/sql_select.cc:4244 #24 0x000055f36b49cd7f in mysql_select (thd=0x7fc618000b18, tables=0x7fc6180136a0, fields=..., conds=0x7fc618013eb0, og_num=2, order=0x0, group=0x7fc618014050, having=0x0, proc_param=0x0, select_options=2214857472, result=0x7fc6180152d0, unit=0x7fc618004b20, select_lex=0x7fc618012958) at /home/elenst/src/10.5/sql/sql_select.cc:4668 #25 0x000055f36b48c84b in handle_select (thd=0x7fc618000b18, lex=0x7fc618004a58, result=0x7fc6180152d0, setup_tables_done_option=0) at /home/elenst/src/10.5/sql/sql_select.cc:429 #26 0x000055f36b4518df in execute_sqlcom_select (thd=0x7fc618000b18, all_tables=0x7fc6180136a0) at /home/elenst/src/10.5/sql/sql_parse.cc:6168 #27 0x000055f36b44858c in mysql_execute_command (thd=0x7fc618000b18) at /home/elenst/src/10.5/sql/sql_parse.cc:3901 #28 0x000055f36b456864 in mysql_parse (thd=0x7fc618000b18, rawbuf=0x7fc618012580 "SELECT /* QNO 495 CON_ID 17 */ BIT_OR( ( IFNULL( ( IS_FREE_LOCK( 'will' ) ), ( BINARY -29111 ) ) ) ) AS field1 FROM `t8` WHERE COERCIBILITY( -5379831229870768128 ) GROUP BY UUID_SHORT(), DES_ENCRYPT( "..., length=441, parser_state=0x7fc79009f520, is_com_multi=false, is_next_command=false) at /home/elenst/src/10.5/sql/sql_parse.cc:7953 #29 0x000055f36b442212 in dispatch_command (command=COM_QUERY, thd=0x7fc618000b18, packet=0x7fc618008929 "", packet_length=442, is_com_multi=false, is_next_command=false) at /home/elenst/src/10.5/sql/sql_parse.cc:1840 #30 0x000055f36b44088e in do_command (thd=0x7fc618000b18) at /home/elenst/src/10.5/sql/sql_parse.cc:1359 #31 0x000055f36b5e6aa5 in do_handle_one_connection (connect=0x55f37d88f248, put_in_cache=true) at /home/elenst/src/10.5/sql/sql_connect.cc:1422 #32 0x000055f36b5e67be in handle_one_connection (arg=0x55f37d88f248) at /home/elenst/src/10.5/sql/sql_connect.cc:1319 #33 0x000055f36bb243c6 in pfs_spawn_thread (arg=0x55f37d77f798) at /home/elenst/src/10.5/storage/perfschema/pfs.cc:2201 #34 0x00007fc79501cdd5 in start_thread () from /lib64/libpthread.so.0 #35 0x00007fc793aadead in clone () from /lib64/libc.so.6

Elena Stepanova added a comment - 2020-09-08 19:41

The test case from the description doesn't fail anymore on 10.5, but still fails on 10.4.

Here is another one, probably belongs to the same family:

CREATE TABLE t1 (a INT, b TIME);

INSERT INTO t1 VALUES (1,'00:00:00'),(2,'11:11:11');

SET SESSION collation_connection= armscii8_nopad_bin;

SELECT SUBSTR((@x := b) FROM a) AS f FROM t1 GROUP BY f WITH ROLLUP;

# Cleanup

DROP TABLE t1;

10.2 9dedba16
==1680958==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x616000021d7c,0x616000021d83) and [0x616000021d7d, 0x616000021d84) overlap
#0 0x7f0893d2919e (/lib/x86_64-linux-gnu/libasan.so.5+0x9b19e)
#1 0x55e96c9a6985 in my_strnxfrm_8bit_nopad_bin /data/src/10.2/strings/ctype-bin.c:417
#2 0x55e96b678c3a in Type_handler_string_result::make_sort_key(unsigned char, Item, SORT_FIELD_ATTR const, Sort_param) const /data/src/10.2/sql/filesort.cc:1067
#3 0x55e96ae3e1a5 in Item::make_sort_key(unsigned char, Item, SORT_FIELD_ATTR const, Sort_param) const /data/src/10.2/sql/item.h:933
#4 0x55e96b679e00 in make_sortkey /data/src/10.2/sql/filesort.cc:1196
#5 0x55e96b6776d7 in find_all_keys /data/src/10.2/sql/filesort.cc:871
#6 0x55e96b6733cb in filesort(THD, TABLE, Filesort, Filesort_tracker, JOIN*, unsigned long long) /data/src/10.2/sql/filesort.cc:275
#7 0x55e96b18e571 in create_sort_index(THD, JOIN, st_join_table, Filesort) /data/src/10.2/sql/sql_select.cc:22059
#8 0x55e96b17db84 in st_join_table::sort_table() /data/src/10.2/sql/sql_select.cc:19821
#9 0x55e96b17d19c in join_init_read_record(st_join_table*) /data/src/10.2/sql/sql_select.cc:19762
#10 0x55e96b176c6a in sub_select(JOIN, st_join_table, bool) /data/src/10.2/sql/sql_select.cc:18853
#11 0x55e96b174f7b in do_select /data/src/10.2/sql/sql_select.cc:18400
#12 0x55e96b10f44e in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3638
#13 0x55e96b10cf65 in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3433
#14 0x55e96b110747 in mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.2/sql/sql_select.cc:3833
#15 0x55e96b0ed34b in handle_select(THD, LEX, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:361
#16 0x55e96b065a91 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6218
#17 0x55e96b052899 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3524
#18 0x55e96b06ef47 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7733
#19 0x55e96b048242 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1823
#20 0x55e96b04501e in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1377
#21 0x55e96b3c8735 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
#22 0x55e96b3c7ff8 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
#23 0x55e96c74e0f5 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
#24 0x7f0893c2e608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477
#25 0x7f0893808102 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122102)

0x616000021d7c is located 252 bytes inside of 524-byte region [0x616000021c80,0x616000021e8c)
allocated by thread T5 here:
#0 0x7f0893d9bbc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
#1 0x55e96c9312a3 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
#2 0x55e96c8fd658 in my_malloc /data/src/10.2/mysys/my_malloc.c:101
#3 0x55e96bb5a24f in Filesort_buffer::alloc_sort_buffer(unsigned int, unsigned int) /data/src/10.2/sql/filesort_utils.cc:138
#4 0x55e96b680ef9 in SORT_INFO::alloc_sort_buffer(unsigned int, unsigned int) /data/src/10.2/sql/filesort.h:144
#5 0x55e96b67318c in filesort(THD, TABLE, Filesort, Filesort_tracker, JOIN*, unsigned long long) /data/src/10.2/sql/filesort.cc:253
#6 0x55e96b18e571 in create_sort_index(THD, JOIN, st_join_table, Filesort) /data/src/10.2/sql/sql_select.cc:22059
#7 0x55e96b17db84 in st_join_table::sort_table() /data/src/10.2/sql/sql_select.cc:19821
#8 0x55e96b17d19c in join_init_read_record(st_join_table*) /data/src/10.2/sql/sql_select.cc:19762
#9 0x55e96b176c6a in sub_select(JOIN, st_join_table, bool) /data/src/10.2/sql/sql_select.cc:18853
#10 0x55e96b174f7b in do_select /data/src/10.2/sql/sql_select.cc:18400
#11 0x55e96b10f44e in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3638
#12 0x55e96b10cf65 in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3433
#13 0x55e96b110747 in mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.2/sql/sql_select.cc:3833
#14 0x55e96b0ed34b in handle_select(THD, LEX, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:361
#15 0x55e96b065a91 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6218
#16 0x55e96b052899 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3524
#17 0x55e96b06ef47 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7733
#18 0x55e96b048242 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1823
#19 0x55e96b04501e in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1377
#20 0x55e96b3c8735 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
#21 0x55e96b3c7ff8 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
#22 0x55e96c74e0f5 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
#23 0x7f0893c2e608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477

Thread T5 created by T0 here:
#0 0x7f0893cc8805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805)
#1 0x55e96c74e4e6 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1919
#2 0x55e96adecf67 in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1246
#3 0x55e96ae048f7 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6518
#4 0x55e96ae05088 in create_new_thread /data/src/10.2/sql/mysqld.cc:6588
#5 0x55e96ae06213 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6846
#6 0x55e96ae03c69 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6137
#7 0x55e96adeb84c in main /data/src/10.2/sql/main.cc:25
#8 0x7f089370d0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

0x616000021d7d is located 253 bytes inside of 524-byte region [0x616000021c80,0x616000021e8c)
allocated by thread T5 here:
#0 0x7f0893d9bbc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
#1 0x55e96c9312a3 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
#2 0x55e96c8fd658 in my_malloc /data/src/10.2/mysys/my_malloc.c:101
#3 0x55e96bb5a24f in Filesort_buffer::alloc_sort_buffer(unsigned int, unsigned int) /data/src/10.2/sql/filesort_utils.cc:138
#4 0x55e96b680ef9 in SORT_INFO::alloc_sort_buffer(unsigned int, unsigned int) /data/src/10.2/sql/filesort.h:144
#5 0x55e96b67318c in filesort(THD, TABLE, Filesort, Filesort_tracker, JOIN*, unsigned long long) /data/src/10.2/sql/filesort.cc:253
#6 0x55e96b18e571 in create_sort_index(THD, JOIN, st_join_table, Filesort) /data/src/10.2/sql/sql_select.cc:22059
#7 0x55e96b17db84 in st_join_table::sort_table() /data/src/10.2/sql/sql_select.cc:19821
#8 0x55e96b17d19c in join_init_read_record(st_join_table*) /data/src/10.2/sql/sql_select.cc:19762
#9 0x55e96b176c6a in sub_select(JOIN, st_join_table, bool) /data/src/10.2/sql/sql_select.cc:18853
#10 0x55e96b174f7b in do_select /data/src/10.2/sql/sql_select.cc:18400
#11 0x55e96b10f44e in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3638
#12 0x55e96b10cf65 in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3433
#13 0x55e96b110747 in mysql_select(THD, TABLE_LIST, unsigned int, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /data/src/10.2/sql/sql_select.cc:3833
#14 0x55e96b0ed34b in handle_select(THD, LEX, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:361
#15 0x55e96b065a91 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6218
#16 0x55e96b052899 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3524
#17 0x55e96b06ef47 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7733
#18 0x55e96b048242 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1823
#19 0x55e96b04501e in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1377
#20 0x55e96b3c8735 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
#21 0x55e96b3c7ff8 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
#22 0x55e96c74e0f5 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
#23 0x7f0893c2e608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477

SUMMARY: AddressSanitizer: memcpy-param-overlap (/lib/x86_64-linux-gnu/libasan.so.5+0x9b19e)
==1680958==ABORTING

Reproducible on 10.2-10.4 with at least MyISAM, InnoDB, Aria.
The test case is not applicable to 10.1 due to the collation value.
No ASAN failures on 10.5, it returns an error instead (I am not sure whether the error is expected):

10.5 30ff6164
mysqltest: At line 4: query 'SELECT SUBSTR((@x := b) FROM a) AS f FROM t1 GROUP BY f WITH ROLLUP' failed: 1271: Illegal mix of collations for operation 'substr'

Elena Stepanova added a comment - 2020-09-08 19:41 The test case from the description doesn't fail anymore on 10.5, but still fails on 10.4. Here is another one, probably belongs to the same family: CREATE TABLE t1 (a INT , b TIME ); INSERT INTO t1 VALUES (1, '00:00:00' ),(2, '11:11:11' ); SET SESSION collation_connection= armscii8_nopad_bin; SELECT SUBSTR((@x := b) FROM a) AS f FROM t1 GROUP BY f WITH ROLLUP ; # Cleanup DROP TABLE t1; 10.2 9dedba16 ==1680958==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x616000021d7c,0x616000021d83) and [0x616000021d7d, 0x616000021d84) overlap #0 0x7f0893d2919e (/lib/x86_64-linux-gnu/libasan.so.5+0x9b19e) #1 0x55e96c9a6985 in my_strnxfrm_8bit_nopad_bin /data/src/10.2/strings/ctype-bin.c:417 #2 0x55e96b678c3a in Type_handler_string_result::make_sort_key(unsigned char*, Item*, SORT_FIELD_ATTR const*, Sort_param*) const /data/src/10.2/sql/filesort.cc:1067 #3 0x55e96ae3e1a5 in Item::make_sort_key(unsigned char*, Item*, SORT_FIELD_ATTR const*, Sort_param*) const /data/src/10.2/sql/item.h:933 #4 0x55e96b679e00 in make_sortkey /data/src/10.2/sql/filesort.cc:1196 #5 0x55e96b6776d7 in find_all_keys /data/src/10.2/sql/filesort.cc:871 #6 0x55e96b6733cb in filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) /data/src/10.2/sql/filesort.cc:275 #7 0x55e96b18e571 in create_sort_index(THD*, JOIN*, st_join_table*, Filesort*) /data/src/10.2/sql/sql_select.cc:22059 #8 0x55e96b17db84 in st_join_table::sort_table() /data/src/10.2/sql/sql_select.cc:19821 #9 0x55e96b17d19c in join_init_read_record(st_join_table*) /data/src/10.2/sql/sql_select.cc:19762 #10 0x55e96b176c6a in sub_select(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18853 #11 0x55e96b174f7b in do_select /data/src/10.2/sql/sql_select.cc:18400 #12 0x55e96b10f44e in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3638 #13 0x55e96b10cf65 in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3433 #14 0x55e96b110747 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3833 #15 0x55e96b0ed34b in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:361 #16 0x55e96b065a91 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6218 #17 0x55e96b052899 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3524 #18 0x55e96b06ef47 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7733 #19 0x55e96b048242 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1823 #20 0x55e96b04501e in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1377 #21 0x55e96b3c8735 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336 #22 0x55e96b3c7ff8 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #23 0x55e96c74e0f5 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869 #24 0x7f0893c2e608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477 #25 0x7f0893808102 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122102) 0x616000021d7c is located 252 bytes inside of 524-byte region [0x616000021c80,0x616000021e8c) allocated by thread T5 here: #0 0x7f0893d9bbc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8) #1 0x55e96c9312a3 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118 #2 0x55e96c8fd658 in my_malloc /data/src/10.2/mysys/my_malloc.c:101 #3 0x55e96bb5a24f in Filesort_buffer::alloc_sort_buffer(unsigned int, unsigned int) /data/src/10.2/sql/filesort_utils.cc:138 #4 0x55e96b680ef9 in SORT_INFO::alloc_sort_buffer(unsigned int, unsigned int) /data/src/10.2/sql/filesort.h:144 #5 0x55e96b67318c in filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) /data/src/10.2/sql/filesort.cc:253 #6 0x55e96b18e571 in create_sort_index(THD*, JOIN*, st_join_table*, Filesort*) /data/src/10.2/sql/sql_select.cc:22059 #7 0x55e96b17db84 in st_join_table::sort_table() /data/src/10.2/sql/sql_select.cc:19821 #8 0x55e96b17d19c in join_init_read_record(st_join_table*) /data/src/10.2/sql/sql_select.cc:19762 #9 0x55e96b176c6a in sub_select(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18853 #10 0x55e96b174f7b in do_select /data/src/10.2/sql/sql_select.cc:18400 #11 0x55e96b10f44e in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3638 #12 0x55e96b10cf65 in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3433 #13 0x55e96b110747 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3833 #14 0x55e96b0ed34b in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:361 #15 0x55e96b065a91 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6218 #16 0x55e96b052899 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3524 #17 0x55e96b06ef47 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7733 #18 0x55e96b048242 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1823 #19 0x55e96b04501e in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1377 #20 0x55e96b3c8735 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336 #21 0x55e96b3c7ff8 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #22 0x55e96c74e0f5 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869 #23 0x7f0893c2e608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477 Thread T5 created by T0 here: #0 0x7f0893cc8805 in pthread_create (/lib/x86_64-linux-gnu/libasan.so.5+0x3a805) #1 0x55e96c74e4e6 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1919 #2 0x55e96adecf67 in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1246 #3 0x55e96ae048f7 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6518 #4 0x55e96ae05088 in create_new_thread /data/src/10.2/sql/mysqld.cc:6588 #5 0x55e96ae06213 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6846 #6 0x55e96ae03c69 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6137 #7 0x55e96adeb84c in main /data/src/10.2/sql/main.cc:25 #8 0x7f089370d0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) 0x616000021d7d is located 253 bytes inside of 524-byte region [0x616000021c80,0x616000021e8c) allocated by thread T5 here: #0 0x7f0893d9bbc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8) #1 0x55e96c9312a3 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118 #2 0x55e96c8fd658 in my_malloc /data/src/10.2/mysys/my_malloc.c:101 #3 0x55e96bb5a24f in Filesort_buffer::alloc_sort_buffer(unsigned int, unsigned int) /data/src/10.2/sql/filesort_utils.cc:138 #4 0x55e96b680ef9 in SORT_INFO::alloc_sort_buffer(unsigned int, unsigned int) /data/src/10.2/sql/filesort.h:144 #5 0x55e96b67318c in filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) /data/src/10.2/sql/filesort.cc:253 #6 0x55e96b18e571 in create_sort_index(THD*, JOIN*, st_join_table*, Filesort*) /data/src/10.2/sql/sql_select.cc:22059 #7 0x55e96b17db84 in st_join_table::sort_table() /data/src/10.2/sql/sql_select.cc:19821 #8 0x55e96b17d19c in join_init_read_record(st_join_table*) /data/src/10.2/sql/sql_select.cc:19762 #9 0x55e96b176c6a in sub_select(JOIN*, st_join_table*, bool) /data/src/10.2/sql/sql_select.cc:18853 #10 0x55e96b174f7b in do_select /data/src/10.2/sql/sql_select.cc:18400 #11 0x55e96b10f44e in JOIN::exec_inner() /data/src/10.2/sql/sql_select.cc:3638 #12 0x55e96b10cf65 in JOIN::exec() /data/src/10.2/sql/sql_select.cc:3433 #13 0x55e96b110747 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3833 #14 0x55e96b0ed34b in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:361 #15 0x55e96b065a91 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6218 #16 0x55e96b052899 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3524 #17 0x55e96b06ef47 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7733 #18 0x55e96b048242 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1823 #19 0x55e96b04501e in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1377 #20 0x55e96b3c8735 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336 #21 0x55e96b3c7ff8 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241 #22 0x55e96c74e0f5 in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869 #23 0x7f0893c2e608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477 SUMMARY: AddressSanitizer: memcpy-param-overlap (/lib/x86_64-linux-gnu/libasan.so.5+0x9b19e) ==1680958==ABORTING Reproducible on 10.2-10.4 with at least MyISAM, InnoDB, Aria. The test case is not applicable to 10.1 due to the collation value. No ASAN failures on 10.5, it returns an error instead (I am not sure whether the error is expected): 10.5 30ff6164 mysqltest: At line 4: query 'SELECT SUBSTR((@x := b) FROM a) AS f FROM t1 GROUP BY f WITH ROLLUP' failed: 1271: Illegal mix of collations for operation 'substr'

Alice Sherepa added a comment - 2023-07-21 11:02

not reproducible on 10.4-11.0 now (4b3f93063958834e3d)
the latest test case returns error on 10.5-11.1, but 10.4 :

SELECT SUBSTR((@x := b) FROM a) AS f FROM t1 GROUP BY f WITH ROLLUP;

00:00:00

1:11:11

NULL

Alice Sherepa added a comment - 2023-07-21 11:02 not reproducible on 10.4-11.0 now (4b3f93063958834e3d) the latest test case returns error on 10.5-11.1, but 10.4 : SELECT SUBSTR((@x := b) FROM a) AS f FROM t1 GROUP BY f WITH ROLLUP; f 00:00:00 1:11:11 NULL

People

Assignee:: Alexander Barkov

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2019-02-28 13:50

Updated:: 2024-12-11 04:26

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server