Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22380

Assertion `name.length == strlen(name.str)' failed in Item::print_item_w_name on SELECT w/ optimizer_trace enabled

Details

    Description

      SET optimizer_trace="enabled=on";
      		 
      SELECT 'a\0';

      Leads to:

      10.5.3 98003440c2f8d20164a191ced1b7d92b283bb68f

      		 
      mysqld: /test/10.5_dbg/sql/item.cc:497: void Item::print_item_w_name(String*, enum_query_type): Assertion `name.length == strlen(name.str)' failed.

      10.5.3 98003440c2f8d20164a191ced1b7d92b283bb68f

      		 
      Core was generated by `/test/MD210420-mariadb-10.5.3-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      		 
      Program terminated with signal SIGABRT, Aborted.
      		 
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
      		 
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      		 
      [Current thread is 1 (Thread 0x7fb8730c0700 (LWP 546313))]
      		 
      (gdb) bt
      		 
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      		 
      #1  0x00005566a1a0103d in my_write_core (sig=sig@entry=6) at /test/10.5_dbg/mysys/stacktrace.c:518
      		 
      #2  0x00005566a11a6d7b in handle_fatal_signal (sig=6) at /test/10.5_dbg/sql/signal_handler.cc:329
      		 
      #3  <signal handler called>
      		 
      #4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
      		 
      #5  0x00007fb871804801 in __GI_abort () at abort.c:79
      		 
      #6  0x00007fb8717f439a in __assert_fail_base (fmt=0x7fb87197b7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5566a1d13328 "name.length == strlen(name.str)", file=file@entry=0x5566a1d12b0e "/test/10.5_dbg/sql/item.cc", line=line@entry=497, function=function@entry=0x5566a1d12900 <Item::print_item_w_name(String*, enum_query_type)::__PRETTY_FUNCTION__> "void Item::print_item_w_name(String*, enum_query_type)") at assert.c:92
      		 
      #7  0x00007fb8717f4412 in __GI___assert_fail (assertion=assertion@entry=0x5566a1d13328 "name.length == strlen(name.str)", file=file@entry=0x5566a1d12b0e "/test/10.5_dbg/sql/item.cc", line=line@entry=497, function=function@entry=0x5566a1d12900 <Item::print_item_w_name(String*, enum_query_type)::__PRETTY_FUNCTION__> "void Item::print_item_w_name(String*, enum_query_type)") at assert.c:101
      		 
      #8  0x00005566a11d04e5 in Item::print_item_w_name (this=this@entry=0x7fb845874598, str=str@entry=0x7fb8730be050, query_type=query_type@entry=1037) at /test/10.5_dbg/sql/item.cc:497
      		 
      #9  0x00005566a0f58856 in st_select_lex::print (this=this@entry=0x7fb845874120, thd=thd@entry=0x7fb845815088, str=str@entry=0x7fb8730be050, query_type=query_type@entry=1037) at /test/10.5_dbg/sql/sql_select.cc:27658
      		 
      #10 0x00005566a1105eca in opt_trace_print_expanded_query (thd=0x7fb845815088, select_lex=0x7fb845874120, writer=writer@entry=0x7fb8730be5a0) at /test/10.5_dbg/sql/opt_trace.cc:118
      		 
      #11 0x00005566a0f6ce3c in JOIN::prepare (this=this@entry=0x7fb845874f20, tables_init=tables_init@entry=0x0, conds_init=conds_init@entry=0x0, og_num=og_num@entry=0, order_init=order_init@entry=0x0, skip_order_by=skip_order_by@entry=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fb845874120, unit_arg=0x7fb845819098) at /test/10.5_dbg/sql/sql_select.cc:1482
      		 
      #12 0x00005566a0f79385 in mysql_select (thd=thd@entry=0x7fb845815088, tables=0x0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fb845874ef8, unit=0x7fb845819098, select_lex=0x7fb845874120) at /test/10.5_dbg/sql/sql_select.cc:4634
      		 
      #13 0x00005566a0f79787 in handle_select (thd=thd@entry=0x7fb845815088, lex=lex@entry=0x7fb845818fd0, result=result@entry=0x7fb845874ef8, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:417
      		 
      #14 0x00005566a0f03ef4 in execute_sqlcom_select (thd=thd@entry=0x7fb845815088, all_tables=0x0) at /test/10.5_dbg/sql/sql_parse.cc:6172
      		 
      #15 0x00005566a0efc919 in mysql_execute_command (thd=thd@entry=0x7fb845815088) at /test/10.5_dbg/sql/sql_parse.cc:3901
      		 
      #16 0x00005566a0f09f2b in mysql_parse (thd=thd@entry=0x7fb845815088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7fb8730bf450, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7957
      		 
      #17 0x00005566a0ef5c45 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fb845815088, packet=packet@entry=0x7fb845867089 "SELECT 'a\\0'", packet_length=packet_length@entry=12, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1839
      		 
      #18 0x00005566a0ef449b in do_command (thd=0x7fb845815088) at /test/10.5_dbg/sql/sql_parse.cc:1358
      		 
      #19 0x00005566a104f415 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x7fb8513c53a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1422
      		 
      #20 0x00005566a104f744 in handle_one_connection (arg=arg@entry=0x7fb8513c53a8) at /test/10.5_dbg/sql/sql_connect.cc:1319
      		 
      #21 0x00005566a14affb0 in pfs_spawn_thread (arg=0x7fb870c45b08) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
      		 
      #22 0x00007fb8724e76db in start_thread (arg=0x7fb8730c0700) at pthread_create.c:463
      		 
      #23 0x00007fb8718e588f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Bug confirmed present in:
      MariaDB: 10.4.13 (dbg), 10.5.2 (dbg), 10.5.3 (dbg)

      Bug confirmed not present in:
      MariaDB: 10.1.45 (dbg), 10.1.45 (opt), 10.2.32 (dbg), 10.2.32 (opt), 10.3.23 (dbg), 10.3.23 (opt), 10.4.13 (opt), 10.5.2 (opt), 10.5.3 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

      MariaDB 10.3.23, dbg:

      10.3.23>SET optimizer_trace="enabled=on";
      		 
      ERROR 1193 (HY000): Unknown system variable 'optimizer_trace'
      		 
       
      		 
      10.3.23>SELECT 'a\0';
      		 
      +----+
      		 
      | a  |
      		 
      +----+
      		 
      | a  |
      		 
      +----+
      		 
      1 row in set (0.000 sec)

      MariaDB 10.5.3, opt:

      10.5.3>SET optimizer_trace="enabled=on";
      		 
      Query OK, 0 rows affected (0.000 sec)
      		 
       
      		 
      10.5.3>SELECT 'a\0';
      		 
      +----+
      		 
      | a  |
      		 
      +----+
      		 
      | a  |
      		 
      +----+
      		 
      1 row in set (0.000 sec)

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-24349 ASAN use-after-poison in require_quotes or Item::print_item_w_name or Assertion `name.length == strlen(name.str)' failed

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-25399 Assertion `name.length == strlen(name.str)' failed in Item_func_sp::make_send_field

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            View 5 older comments
            bar Alexander Barkov added a comment -

            Also repeatable with:

            SET optimizer_trace="enabled=on";
            		 
            EXECUTE IMMEDIATE CONCAT('SELECT ''a', 0x00, '''');

            bar Alexander Barkov added a comment - Also repeatable with: SET optimizer_trace= "enabled=on" ; EXECUTE IMMEDIATE CONCAT( 'SELECT ' 'a' , 0x00, '' '' );
            bar Alexander Barkov added a comment -

            sanja, can you please assign to someone in the Server team? Thanks.

            bar Alexander Barkov added a comment - sanja , can you please assign to someone in the Server team? Thanks.
            bar Alexander Barkov added a comment - - edited

            psergey,sanja,Roel,julien.fritsch, I don't think it's really related to optimizer. Sanja's team sounds the best candidate to fix for me.

            bar Alexander Barkov added a comment - - edited psergey , sanja , Roel , julien.fritsch , I don't think it's really related to optimizer. Sanja's team sounds the best candidate to fix for me.
            bar Alexander Barkov added a comment - - edited

            The problem is in the Item code. Item::name is assigned to a string with a 0x00 byte in the middle. The rest of the code does not expect it.

            bar Alexander Barkov added a comment - - edited The problem is in the Item code. Item::name is assigned to a string with a 0x00 byte in the middle. The rest of the code does not expect it.
            sanja Oleksandr Byelkin added a comment -

            It is natural so far behaviour, nothing terrible.

            We probably shoud process names of automatic generated fields to avoid special simbols and symbols used in parsing in them.

            sanja Oleksandr Byelkin added a comment - It is natural so far behaviour, nothing terrible. We probably shoud process names of automatic generated fields to avoid special simbols and symbols used in parsing in them.

            People

              bar Alexander Barkov
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.