Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22337

Assertion `Alloced_length >= (str_length + length + net_length_size(length))' failed in Binary_string::q_net_store_data on long MULTIPOLYGON query with session_track_user_variables=1 (optimized builds)

    XMLWordPrintable

    Details

      Description

      SET @@session.session_track_user_variables=1;
      set @a='MULTIPOLYGON(((0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)))';
      

      Leads to:

      10.5.3 98003440c2f8d20164a191ced1b7d92b283bb68f

      mysqld: /test/10.5_dbg/sql/sql_string.h:725: void Binary_string::q_net_store_data(const uchar*, size_t): Assertion `Alloced_length >= (str_length + length + net_length_size(length))' failed.
      

      10.5.3 98003440c2f8d20164a191ced1b7d92b283bb68f

      Core was generated by `/test/MD210420-mariadb-10.5.3-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      Program terminated with signal SIGABRT, Aborted.
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      [Current thread is 1 (Thread 0x7ff90f206700 (LWP 1139608))]
      (gdb) bt
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      #1  0x000055cf9881203d in my_write_core (sig=sig@entry=6) at /test/10.5_dbg/mysys/stacktrace.c:518
      #2  0x000055cf97fb7d7b in handle_fatal_signal (sig=6) at /test/10.5_dbg/sql/signal_handler.cc:329
      #3  <signal handler called>
      #4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
      #5  0x00007ff90d94a801 in __GI_abort () at abort.c:79
      #6  0x00007ff90d93a39a in __assert_fail_base (fmt=0x7ff90dac17d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55cf98961a20 "Alloced_length >= (str_length + length + net_length_size(length))", file=file@entry=0x55cf98961658 "/test/10.5_dbg/sql/sql_string.h", line=line@entry=725, function=function@entry=0x55cf98963940 <_ZZN13Binary_string16q_net_store_dataEPKhmE19__PRETTY_FUNCTION__> "void Binary_string::q_net_store_data(const uchar*, size_t)") at assert.c:92
      #7  0x00007ff90d93a412 in __GI___assert_fail (assertion=assertion@entry=0x55cf98961a20 "Alloced_length >= (str_length + length + net_length_size(length))", file=file@entry=0x55cf98961658 "/test/10.5_dbg/sql/sql_string.h", line=line@entry=725, function=function@entry=0x55cf98963940 <_ZZN13Binary_string16q_net_store_dataEPKhmE19__PRETTY_FUNCTION__> "void Binary_string::q_net_store_data(const uchar*, size_t)") at assert.c:101
      #8  0x000055cf97c23514 in Binary_string::q_net_store_data (length=517, from=0x7ff8e1880688 "MULTIPOLYGON(((0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0"..., this=0x7ff90f204e08) at /test/10.5_dbg/sql/sql_string.h:724
      #9  User_variables_tracker::store (this=0x7ff8e181afb8, thd=<optimized out>, buf=0x7ff90f204e00) at /test/10.5_dbg/sql/session_tracker.cc:1211
      #10 0x000055cf97c25112 in Session_tracker::store (this=this@entry=0x7ff8e181aec0, thd=thd@entry=0x7ff8e1815088, buf=buf@entry=0x7ff90f204e00) at /test/10.5_dbg/sql/session_tracker.cc:1251
      #11 0x000055cf97c1b384 in net_send_ok (thd=0x7ff8e1815088, server_status=server_status@entry=16386, statement_warn_count=statement_warn_count@entry=0, affected_rows=affected_rows@entry=0, id=id@entry=0, message=<optimized out>, message@entry=0x7ff8e181aba3 "", is_eof=false, skip_flush=false) at /test/10.5_dbg/sql/protocol.cc:282
      #12 0x000055cf97c1b5b0 in Protocol::send_ok (this=0x7ff8e1815650, server_status=16386, statement_warn_count=0, affected_rows=0, last_insert_id=0, message=0x7ff8e181aba3 "", skip_flush=false) at /test/10.5_dbg/sql/protocol.cc:643
      #13 0x000055cf97c1bf3b in Protocol::end_statement (this=0x7ff8e1815650) at /test/10.5_dbg/sql/protocol.cc:606
      #14 0x000055cf97d0908c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7ff8e1815088, packet=<optimized out>, packet@entry=0x7ff8e1867089 "set @a='MULTIPOLYGON(((0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0"..., packet_length=<optimized out>, packet_length@entry=526, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:2430
      #15 0x000055cf97d0549b in do_command (thd=0x7ff8e1815088) at /test/10.5_dbg/sql/sql_parse.cc:1358
      #16 0x000055cf97e60415 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x7ff8ed3c53a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1422
      #17 0x000055cf97e60744 in handle_one_connection (arg=arg@entry=0x7ff8ed3c53a8) at /test/10.5_dbg/sql/sql_connect.cc:1319
      #18 0x000055cf982c0fb0 in pfs_spawn_thread (arg=0x7ff90cc45b08) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
      #19 0x00007ff90e62d6db in start_thread (arg=0x7ff90f206700) at pthread_create.c:463
      #20 0x00007ff90da2b88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      Bug confirmed present in:
      MariaDB: 10.5.2 (dbg), 10.5.2 (opt), 10.5.3 (dbg), 10.5.3 (opt)

      Bug confirmed not present in:
      MariaDB: 10.1.45 (dbg), 10.1.45 (opt), 10.2.32 (dbg), 10.2.32 (opt), 10.3.23 (dbg), 10.3.23 (opt), 10.4.13 (dbg), 10.4.13 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

      MariaDB 10.4.3 (opt) output:

      10.4.13>SET @@session.session_track_user_variables=1;
      ERROR 1193 (HY000): Unknown system variable 'session_track_user_variables'
      10.4.13>set @a='MULTIPOLYGON(((0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)))';
      Query OK, 0 rows affected (0.000 sec)
      

        Attachments

          Activity

            People

            Assignee:
            holyfoot Alexey Botchkov
            Reporter:
            Roel Roel Van de Paar
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: