Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL)
Description
CREATE TABLE t1 (a CHAR(11)); |
CREATE TABLE t2 (b DATETIME); |
|
|
INSERT INTO t1 VALUES ('2010-02-19') ; |
SET SQL_MODE= 'PAD_CHAR_TO_FULL_LENGTH'; |
INSERT INTO t2 SELECT * FROM t1; |
|
|
# Cleanup
|
DROP TABLE t1, t2; |
|
10.3 f4484dfd ASAN |
==10453==ERROR: AddressSanitizer: unknown-crash on address 0x61900009d91c at pc 0x5556c807590d bp 0x7efd5d115a70 sp 0x7efd5d115a68
|
READ of size 1 at 0x61900009d91c thread T5
|
#0 0x5556c807590c in get_date_time_separator /data/src/10.3/sql-common/my_time.c:188
|
#1 0x5556c8076a87 in str_to_datetime /data/src/10.3/sql-common/my_time.c:369
|
#2 0x5556c6ae647c in str_to_datetime(charset_info_st const*, char const*, unsigned long, st_mysql_time*, unsigned long long, st_mysql_time_status*) /data/src/10.3/sql/sql_time.cc:381
|
#3 0x5556c6eae604 in Field_temporal_with_date::store(char const*, unsigned long, charset_info_st const*) /data/src/10.3/sql/field.cc:5663
|
#4 0x5556c6ef11f3 in Field::save_in_field_str(Field*) /data/src/10.3/sql/field.h:630
|
#5 0x5556c6ef4540 in Field_str::save_in_field(Field*) /data/src/10.3/sql/field.h:1747
|
#6 0x5556c6ef172c in Field::store_field(Field*) /data/src/10.3/sql/field.h:790
|
#7 0x5556c6f09a91 in field_conv_incompatible /data/src/10.3/sql/field_conv.cc:836
|
#8 0x5556c6f09b2e in field_conv(Field*, Field*) /data/src/10.3/sql/field_conv.cc:849
|
#9 0x5556c6f8fda8 in save_field_in_field /data/src/10.3/sql/item.cc:6707
|
#10 0x5556c6f90404 in Item_field::save_in_field(Field*, bool) /data/src/10.3/sql/item.cc:6758
|
#11 0x5556c66d4ee2 in fill_record(THD*, TABLE*, Field**, List<Item>&, bool, bool) /data/src/10.3/sql/sql_base.cc:8567
|
#12 0x5556c66d538c in fill_record_n_invoke_before_triggers(THD*, TABLE*, Field**, List<Item>&, bool, trg_event_type) /data/src/10.3/sql/sql_base.cc:8620
|
#13 0x5556c6789ad9 in select_insert::store_values(List<Item>&) /data/src/10.3/sql/sql_insert.cc:3898
|
#14 0x5556c6788d0a in select_insert::send_data(List<Item>&) /data/src/10.3/sql/sql_insert.cc:3829
|
#15 0x5556c692b00c in end_send /data/src/10.3/sql/sql_select.cc:20580
|
#16 0x5556c691fa0e in do_select /data/src/10.3/sql/sql_select.cc:18893
|
#17 0x5556c68bc855 in JOIN::exec_inner() /data/src/10.3/sql/sql_select.cc:4040
|
#18 0x5556c68ba483 in JOIN::exec() /data/src/10.3/sql/sql_select.cc:3834
|
#19 0x5556c68bd99c in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.3/sql/sql_select.cc:4239
|
#20 0x5556c68984b0 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.3/sql/sql_select.cc:385
|
#21 0x5556c680f2b3 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4836
|
#22 0x5556c68241f4 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8091
|
#23 0x5556c67fe2d1 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1857
|
#24 0x5556c67fb333 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1403
|
#25 0x5556c6b6ee8f in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
|
#26 0x5556c6b6e89b in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
|
#27 0x5556c76a52d1 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
|
#28 0x7efd69933493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
#29 0x7efd67b0193e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe893e)
|
|
|
0x61900009d91c is located 156 bytes inside of 1100-byte region [0x61900009d880,0x61900009dccc)
|
allocated by thread T5 here:
|
#0 0x7efd69b9d73f in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5473f)
|
#1 0x5556c8053f1b in sf_malloc /data/src/10.3/mysys/safemalloc.c:118
|
#2 0x5556c8024816 in my_malloc /data/src/10.3/mysys/my_malloc.c:101
|
#3 0x5556c80040c2 in alloc_root /data/src/10.3/mysys/my_alloc.c:250
|
#4 0x5556c8005abe in strmake_root /data/src/10.3/mysys/my_alloc.c:479
|
#5 0x5556c6ab14b8 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/src/10.3/sql/table.cc:3173
|
#6 0x5556c66b1640 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/src/10.3/sql/sql_base.cc:1975
|
#7 0x5556c66b8d1c in open_and_process_table /data/src/10.3/sql/sql_base.cc:3596
|
#8 0x5556c66bb6fd in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:4121
|
#9 0x5556c66bff15 in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/src/10.3/sql/sql_base.cc:4996
|
#10 0x5556c663127e in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/src/10.3/sql/sql_base.h:502
|
#11 0x5556c67718d7 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.3/sql/sql_insert.cc:760
|
#12 0x5556c680e3c9 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:4729
|
#13 0x5556c68241f4 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:8091
|
#14 0x5556c67fe2d1 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1857
|
#15 0x5556c67fb333 in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1403
|
#16 0x5556c6b6ee8f in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1402
|
#17 0x5556c6b6e89b in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308
|
#18 0x5556c76a52d1 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1862
|
#19 0x7efd69933493 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7493)
|
|
|
Thread T5 created by T0 here:
|
#0 0x7efd69b6cbba in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x23bba)
|
#1 0x5556c76a5899 in spawn_thread_v1 /data/src/10.3/storage/perfschema/pfs.cc:1912
|
#2 0x5556c6566b08 in inline_mysql_thread_create /data/src/10.3/include/mysql/psi/mysql_thread.h:1268
|
#3 0x5556c657c49e in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6589
|
#4 0x5556c657cba3 in create_new_thread /data/src/10.3/sql/mysqld.cc:6659
|
#5 0x5556c657dbba in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6934
|
#6 0x5556c657b95b in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6211
|
#7 0x5556c6564b8f in main /data/src/10.3/sql/main.cc:25
|
#8 0x7efd67a392b0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202b0)
|
|
|
SUMMARY: AddressSanitizer: unknown-crash /data/src/10.3/sql-common/my_time.c:188 get_date_time_separator
|
Shadow bytes around the buggy address:
|
0x0c328000bad0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c328000bae0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c328000baf0: f7 f7 f7 f7 f7 f7 f7 f7 f7 04 fa fa fa fa fa fa
|
0x0c328000bb00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c328000bb10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x0c328000bb20: 00 03 00[04]00 04 00 00 00 00 00 00 00 00 00 00
|
0x0c328000bb30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c328000bb40: 00 00 00 00 00 00 00 00 00 04 00 00 f7 f7 f7 f7
|
0x0c328000bb50: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c328000bb60: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c328000bb70: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Heap right redzone: fb
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack partial redzone: f4
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Contiguous container OOB:fc
|
ASan internal: fe
|
==10453==ABORTING
|
Reproducible with at least MyISAM and InnoDB.
Couldn't reproduce on 10.4 or 5.5.