AddressSanitizer: memcpy-param-overlap in Static_binary_string::q_append or String::append

CREATE TABLE t1 (a DATE, b DATETIME, c VARCHAR(8));

INSERT INTO t1 VALUES

    ('1996-03-06','1985-11-16 08:00:46','foo'),

    ('2028-08-26','1900-01-01 00:00:00','bar'),

    ('1973-05-04','1900-01-01 00:00:00','qux');

SELECT CONCAT_WS(' ', a, b, PASSWORD(c)) AS f FROM t1 GROUP BY f WITH ROLLUP;

# Cleanup

DROP TABLE t1;

==3527==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x62b000062dc3,0x62b000062dd6) and [0x62b000062db8, 0x62b000062dcb) overlap

    #0 0x7f89a61b6986  (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x5c986)

    #1 0x55674e21a544 in Static_binary_string::q_append(char const*, unsigned long) /data/src/10.4/sql/sql_string.h:312

    #2 0x55674e294ae3 in Binary_string::append(char const*, unsigned long) /data/src/10.4/sql/sql_string.h:531

    #3 0x55674e294b2b in Binary_string::append(Binary_string const&) /data/src/10.4/sql/sql_string.h:536

    #4 0x55674e294d9e in String::append(String const&) /data/src/10.4/sql/sql_string.h:858

    #5 0x55674edaf714 in Item_func_concat_ws::val_str(String*) /data/src/10.4/sql/item_strfunc.cc:966

    #6 0x55674ec9cf1e in Cached_item_str::cmp() /data/src/10.4/sql/item_buff.cc:84

    #7 0x55674e5d35d9 in test_if_group_changed(List<Cached_item>&) /data/src/10.4/sql/sql_select.cc:24805

    #8 0x55674e5bde81 in end_send_group(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:21632

    #9 0x55674e5b58c0 in evaluate_join_record /data/src/10.4/sql/sql_select.cc:20558

    #10 0x55674e5b4b40 in sub_select(JOIN*, st_join_table*, bool) /data/src/10.4/sql/sql_select.cc:20377

    #11 0x55674e5b28c6 in do_select /data/src/10.4/sql/sql_select.cc:19876

    #12 0x55674e54b7cd in JOIN::exec_inner() /data/src/10.4/sql/sql_select.cc:4452

    #13 0x55674e5490d9 in JOIN::exec() /data/src/10.4/sql/sql_select.cc:4234

    #14 0x55674e54cb8b in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.4/sql/sql_select.cc:4666

    #15 0x55674e5223d2 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.4/sql/sql_select.cc:420

    #16 0x55674e4a4a44 in execute_sqlcom_select /data/src/10.4/sql/sql_parse.cc:6360

    #17 0x55674e492850 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:3899

    #18 0x55674e4ad063 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:7901

    #19 0x55674e48637e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1842

    #20 0x55674e48327e in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1360

    #21 0x55674e80a494 in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1412

    #22 0x55674e809e48 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316

    #23 0x55674fc73773 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869

    #24 0x7f89a5f444a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)

    #25 0x7f89a4078d0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)

0x62b000062dc3 is located 3011 bytes inside of 24716-byte region [0x62b000062200,0x62b00006828c)

allocated by thread T5 here:

    #0 0x7f89a621bd28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)

    #1 0x55674fda4f1f in sf_malloc /data/src/10.4/mysys/safemalloc.c:118

    #2 0x55674fd76da8 in my_malloc /data/src/10.4/mysys/my_malloc.c:101

    #3 0x55674fd5685a in reset_root_defaults /data/src/10.4/mysys/my_alloc.c:151

    #4 0x55674e3855b5 in THD::init_for_queries() /data/src/10.4/sql/sql_class.cc:1386

    #5 0x55674e809805 in prepare_new_connection_state(THD*) /data/src/10.4/sql/sql_connect.cc:1247

    #6 0x55674e809e8e in thd_prepare_connection(THD*) /data/src/10.4/sql/sql_connect.cc:1331

    #7 0x55674e80a44a in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1402

    #8 0x55674e809e48 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316

    #9 0x55674fc73773 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869

    #10 0x7f89a5f444a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)

Thread T5 created by T0 here:

    #0 0x7f89a618af59 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)

    #1 0x55674fc73b60 in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1919

    #2 0x55674e1dc518 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1275

    #3 0x55674e1f0ac1 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6234

    #4 0x55674e1f11a4 in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6304

    #5 0x55674e1f152f in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6402

    #6 0x55674e1f2181 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6560

    #7 0x55674e1f0342 in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5892

    #8 0x55674e1da3ff in main /data/src/10.4/sql/main.cc:25

    #9 0x7f89a3fb02e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)

0x62b000062db8 is located 3000 bytes inside of 24716-byte region [0x62b000062200,0x62b00006828c)

allocated by thread T5 here:

    #0 0x7f89a621bd28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)

    #1 0x55674fda4f1f in sf_malloc /data/src/10.4/mysys/safemalloc.c:118

    #2 0x55674fd76da8 in my_malloc /data/src/10.4/mysys/my_malloc.c:101

    #3 0x55674fd5685a in reset_root_defaults /data/src/10.4/mysys/my_alloc.c:151

    #4 0x55674e3855b5 in THD::init_for_queries() /data/src/10.4/sql/sql_class.cc:1386

    #5 0x55674e809805 in prepare_new_connection_state(THD*) /data/src/10.4/sql/sql_connect.cc:1247

    #6 0x55674e809e8e in thd_prepare_connection(THD*) /data/src/10.4/sql/sql_connect.cc:1331

    #7 0x55674e80a44a in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1402

    #8 0x55674e809e48 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1316

    #9 0x55674fc73773 in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869

    #10 0x7f89a5f444a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)

SUMMARY: AddressSanitizer: memcpy-param-overlap (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x5c986) 

==3527==ABORTING

==3674==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x62b00002391b,0x62b00002392e) and [0x62b000023910, 0x62b000023923) overlap

    #0 0x7f7c37d8e986  (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x5c986)

    #1 0x55bcbafc1824 in String::append(String const&) /data/src/10.1/sql/sql_string.cc:440

    #2 0x55bcbb4a85bc in Item_func_concat_ws::val_str(String*) /data/src/10.1/sql/item_strfunc.cc:900

    #3 0x55bcbb39293a in Cached_item_str::cmp() /data/src/10.1/sql/item_buff.cc:84

    #4 0x55bcbae9f834 in test_if_group_changed /data/src/10.1/sql/sql_select.cc:23112

    #5 0x55bcbaf1a685 in end_send_group(JOIN*, st_join_table*, bool) /data/src/10.1/sql/sql_select.cc:19830

    #6 0x55bcbaeb0689 in evaluate_join_record /data/src/10.1/sql/sql_select.cc:18816

    #7 0x55bcbaeccda4 in sub_select(JOIN*, st_join_table*, bool) /data/src/10.1/sql/sql_select.cc:18632

    #8 0x55bcbaf05873 in do_select /data/src/10.1/sql/sql_select.cc:18248

    #9 0x55bcbaf49884 in JOIN::exec_inner() /data/src/10.1/sql/sql_select.cc:3277

    #10 0x55bcbaf4a8cb in JOIN::exec() /data/src/10.1/sql/sql_select.cc:2564

    #11 0x55bcbaf3d676 in mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.1/sql/sql_select.cc:3501

    #12 0x55bcbaf3fc63 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.1/sql/sql_select.cc:377

    #13 0x55bcbae0f577 in execute_sqlcom_select /data/src/10.1/sql/sql_parse.cc:5691

    #14 0x55bcbae2ad8a in mysql_execute_command(THD*) /data/src/10.1/sql/sql_parse.cc:3038

    #15 0x55bcbae417ec in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/src/10.1/sql/sql_parse.cc:7209

    #16 0x55bcbae48b24 in dispatch_command(enum_server_command, THD*, char*, unsigned int) /data/src/10.1/sql/sql_parse.cc:1499

    #17 0x55bcbae4dccb in do_command(THD*) /data/src/10.1/sql/sql_parse.cc:1131

    #18 0x55bcbb0f29f0 in do_handle_one_connection(THD*) /data/src/10.1/sql/sql_connect.cc:1331

    #19 0x55bcbb0f2fa8 in handle_one_connection /data/src/10.1/sql/sql_connect.cc:1242

    #20 0x55bcbba30f9a in pfs_spawn_thread /data/src/10.1/storage/perfschema/pfs.cc:1868

    #21 0x7f7c37b1c4a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)

    #22 0x7f7c3632ad0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)

0x62b00002391b is located 1819 bytes inside of 24716-byte region [0x62b000023200,0x62b00002928c)

allocated by thread T6 here:

    #0 0x7f7c37df3d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)

    #1 0x55bcbc0db416 in sf_malloc /data/src/10.1/mysys/safemalloc.c:115

    #2 0x55bcbc2385b2  (/data/bld/10.1-asan-nightly/bin/mysqld+0x1dd05b2)

Thread T6 created by T0 here:

    #0 0x7f7c37d62f59 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)

    #1 0x55bcbba3c91e in spawn_thread_v1 /data/src/10.1/storage/perfschema/pfs.cc:1918

0x62b000023910 is located 1808 bytes inside of 24716-byte region [0x62b000023200,0x62b00002928c)

allocated by thread T6 here:

    #0 0x7f7c37df3d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)

    #1 0x55bcbc0db416 in sf_malloc /data/src/10.1/mysys/safemalloc.c:115

    #2 0x55bcbc2385b2  (/data/bld/10.1-asan-nightly/bin/mysqld+0x1dd05b2)

SUMMARY: AddressSanitizer: memcpy-param-overlap (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x5c986)