Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22044

Long function name crashes MariaDB 10.1 to 10.5 (debug) | Assertion `strlen(name_arg) <= (64*3)' failed in MDL_key::mdl_key_init

    XMLWordPrintable

Details

    • Bug
    • Status: Confirmed (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.1, 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11
    • 10.4, 10.5, 10.6
    • Parser

    Description

      DROP FUNCTION a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012;

      or

      DROP FUNCTION 0111111111122222222223333333333444444444455555555556666666666777777777788888888889999999999aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeeeffffffffffgggggggggghhhhhhhhhhiiiiiiiiiijjjjjjjjjjkk;

      or 

      USE test;
      		 
      DROP FUNCTION f111111111122222222223333333333444444444455555555556666666666777777777788888888889999999999aaaaaaaaaabbbbbbbbbbccccccccccddddddddddeeeeeeeeeeffffffffffgggggggggghhhhhhhhhhiiiiiiiiiijjjjjjjjjjkk;

      Leads to:

      mysqld: /data/git/10.5_dbg/sql/mdl.h:426: void MDL_key::mdl_key_init(MDL_key::enum_mdl_namespace, const char*, const char*): Assertion `strlen(name_arg) <= (64*3)' failed.


      Core was generated by `/data/MD180320-mariadb-10.5.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      		 
      Program terminated with signal SIGABRT, Aborted.
      		 
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
      		 
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      		 
      57	../sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.
      		 
      [Current thread is 1 (Thread 0x7f6054a03700 (LWP 28433))]
      		 
      (gdb) bt
      		 
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
      		 
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      		 
      #1  0x000055eeb83597d4 in my_write_core (sig=sig@entry=6) at /data/git/10.5_dbg/mysys/stacktrace.c:518
      		 
      #2  0x000055eeb7b02b5f in handle_fatal_signal (sig=6) at /data/git/10.5_dbg/sql/signal_handler.cc:325
      		 
      #3  <signal handler called>
      		 
      #4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
      		 
      #5  0x00007f6053147801 in __GI_abort () at abort.c:79
      		 
      #6  0x00007f605313739a in __assert_fail_base (
      		 
          fmt=0x7f60532be7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
          assertion=assertion@entry=0x55eeb84ef27e "strlen(name_arg) <= (64*3)", 
          file=file@entry=0x55eeb84be056 "/data/git/10.5_dbg/sql/mdl.h", line=line@entry=426, 
          function=function@entry=0x55eeb8508f20 <_ZZN7MDL_key12mdl_key_initENS_18enum_mdl_namespaceEPKcS2_E19__PRETTY_FUNCTION__> "void MDL_key::mdl_key_init(MDL_key::enum_mdl_namespace, const char*, const char*)")
      		 
          at assert.c:92
      		 
      #7  0x00007f6053137412 in __GI___assert_fail (
      		 
          assertion=assertion@entry=0x55eeb84ef27e "strlen(name_arg) <= (64*3)", 
          file=file@entry=0x55eeb84be056 "/data/git/10.5_dbg/sql/mdl.h", line=line@entry=426, 
          function=function@entry=0x55eeb8508f20 <_ZZN7MDL_key12mdl_key_initENS_18enum_mdl_namespaceEPKcS2_E19__PRETTY_FUNCTION__> "void MDL_key::mdl_key_init(MDL_key::enum_mdl_namespace, const char*, const char*)")
      		 
          at assert.c:101
      		 
      #8  0x000055eeb79b7e09 in MDL_key::mdl_key_init (
      		 
          name_arg=0x7f6027c74400 "a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012", db=0x7f6027c744c8 "test", mdl_namespace_arg=MDL_key::FUNCTION, this=0x7f6054a01730)
      		 
          at /data/git/10.5_dbg/sql/mdl.h:426
      		 
      #9  MDL_request::init_with_source (this=this@entry=0x7f6054a01710, 
          mdl_namespace=mdl_namespace@entry=MDL_key::FUNCTION, db_arg=<optimized out>,
      		 
          db_arg@entry=0x7f6027c744c8 "test", name_arg=<optimized out>, 
          name_arg@entry=0x7f6027c74400 "a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012", mdl_type_arg=mdl_type_arg@entry=MDL_EXCLUSIVE, 
          mdl_duration_arg=mdl_duration_arg@entry=MDL_TRANSACTION, 
          src_file=0x55eeb868d960 "/data/git/10.5_dbg/sql/lock.cc", src_line=927)
      		 
          at /data/git/10.5_dbg/sql/mdl.cc:978
      		 
      #10 0x000055eeb7c4cd5d in lock_object_name (thd=thd@entry=0x7f6027c15088, mdl_type=MDL_key::FUNCTION, 
          db=0x7f6027c744c8 "test", 
          name=0x7f6027c74400 "a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012") at /data/git/10.5_dbg/sql/lock.cc:926
      		 
      #11 0x000055eeb7cae405 in Sp_handler::sp_drop_routine (
      		 
          this=this@entry=0x55eeb8ffe908 <sp_handler_function>, thd=thd@entry=0x7f6027c15088, 
          name=0x7f6027c744d0) at /data/git/10.5_dbg/sql/sp.cc:1578
      		 
      #12 0x000055eeb7864b27 in drop_routine (thd=thd@entry=0x7f6027c15088, lex=lex@entry=0x7f6027c18fc8)
      		 
          at /data/git/10.5_dbg/sql/sql_parse.cc:6462
      		 
      #13 0x000055eeb786020a in mysql_execute_command (thd=thd@entry=0x7f6027c15088)
      		 
          at /data/git/10.5_dbg/sql/sql_parse.cc:5643
      		 
      #14 0x000055eeb78687a5 in mysql_parse (thd=thd@entry=0x7f6027c15088, rawbuf=<optimized out>, 
          length=<optimized out>, parser_state=parser_state@entry=0x7f6054a02450, 
          is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false)
      		 
          at /data/git/10.5_dbg/sql/sql_parse.cc:7926
      		 
      #15 0x000055eeb7854664 in dispatch_command (command=command@entry=COM_QUERY, 
          thd=thd@entry=0x7f6027c15088, 
          packet=packet@entry=0x7f6027c67089 "drop function a12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345"..., packet_length=packet_length@entry=207, 
          is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false)
      		 
          at /data/git/10.5_dbg/sql/sql_parse.cc:1839
      		 
      #16 0x000055eeb7852eaf in do_command (thd=0x7f6027c15088) at /data/git/10.5_dbg/sql/sql_parse.cc:1358
      		 
      #17 0x000055eeb79aca09 in do_handle_one_connection (connect=<optimized out>, 
          connect@entry=0x7f6030e2b3a8, put_in_cache=put_in_cache@entry=true)
      		 
          at /data/git/10.5_dbg/sql/sql_connect.cc:1422
      		 
      #18 0x000055eeb79acd38 in handle_one_connection (arg=arg@entry=0x7f6030e2b3a8)
      		 
          at /data/git/10.5_dbg/sql/sql_connect.cc:1319
      		 
      #19 0x000055eeb7e09cfc in pfs_spawn_thread (arg=0x7f6052445888)
      		 
          at /data/git/10.5_dbg/storage/perfschema/pfs.cc:2201
      		 
      #20 0x00007f6053e2a6db in start_thread (arg=0x7f6054a03700) at pthread_create.c:463
      		 
      #21 0x00007f605322888f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Reducing the length of the function name by one character stops the bug from happening; this is the minimum length required.

      Bug confirmed present in:
      MariaDB: 10.1.45 (dbg), 10.2.32 (dbg), 10.3.23 (dbg), 10.4.13 (dbg), 10.5.2 (dbg)
      MariaDB: 10.1.46 (dbg), 10.2.33 (dbg), 10.3.24 (dbg), 10.4.14 (dbg), 10.5.5 (dbg)
      MySQL: 5.6.47 (dbg)

      Bug confirmed not present in:
      MariaDB: 10.1.45 (opt), 10.2.32 (opt), 10.3.23 (opt), 10.4.13 (opt), 10.5.2 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

      Attachments

        Activity

          People

            sanja Oleksandr Byelkin
            Roel Roel Van de Paar
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.