Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.5.4, 10.4.14, 10.6
Description
USE test;
|
CREATE FUNCTION f (i MEDIUMINT(254) UNSIGNED ZEROFILL) RETURNS MEDIUMINT ZEROFILL READS SQL DATA RETURN CONCAT('0000000000000',i);
|
SELECT f(1.e+1);
|
Leads to:
10.5.4 c2a929185c147fc85bbf91e2c537bcdd98f2e680 (optimized) |
/test/10.5_opt/sql/item.cc:2788:70: runtime error: member call on address 0x62b000086e58 which does not point to an object of type 'Query_arena'
|
0x62b000086e58: note: object has invalid vptr
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
^~~~~~~~~~~~~~~~~~~~~~~
|
invalid vptr
|
/test/10.5_opt/sql/sql_class.cc:3763:19: runtime error: member access within address 0x62b000086e58 which does not point to an object of type 'Query_arena'
|
0x62b000086e58: note: object has invalid vptr
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 5b 08 00 b0 62 00 00 01 00 00 00
|
^~~~~~~~~~~~~~~~~~~~~~~
|
invalid vptr
|
/test/10.5_opt/sql/sql_class.cc:3764:19: runtime error: member access within address 0x62b000086e58 which does not point to an object of type 'Query_arena'
|
0x62b000086e58: note: object has invalid vptr
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 5b 08 00 b0 62 00 00 01 00 00 00
|
^~~~~~~~~~~~~~~~~~~~~~~
|
invalid vptr
|
/test/10.5_opt/sql/sql_class.cc:3765:15: runtime error: member access within address 0x62b000086e58 which does not point to an object of type 'Query_arena'
|
0x62b000086e58: note: object has invalid vptr
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 5b 08 00 b0 62 00 00 01 00 00 00
|
^~~~~~~~~~~~~~~~~~~~~~~
|
invalid vptr
|
/test/10.5_opt/sql/sql_class.cc:3869:23: runtime error: member call on address 0x62b000086e58 which does not point to an object of type 'Query_arena'
|
0x62b000086e58: note: object has invalid vptr
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 5b 08 00 b0 62 00 00 01 00 00 00
|
^~~~~~~~~~~~~~~~~~~~~~~
|
invalid vptr
|
/test/10.5_opt/sql/sql_class.cc:3763:3: runtime error: member access within address 0x62b000086e58 which does not point to an object of type 'Query_arena'
|
0x62b000086e58: note: object has invalid vptr
|
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 5b 08 00 b0 62 00 00 01 00 00 00
|
^~~~~~~~~~~~~~~~~~~~~~~
|
invalid vptr
|
/test/10.5_opt/sql/item.cc:2803:31: runtime error: member call on address 0x62b000086e58 which does not point to an object of type 'Query_arena'
|
0x62b000086e58: note: object has invalid vptr
|
00 00 00 00 00 00 00 00 00 00 00 00 b0 25 09 00 50 62 00 00 b0 5b 08 00 b0 62 00 00 01 00 00 00
|
^~~~~~~~~~~~~~~~~~~~~~~
|
invalid vptr
|
/test/10.5_opt/sql/sql_class.cc:3749:10: runtime error: member access within address 0x62b000086e58 which does not point to an object of type 'Query_arena'
|
0x62b000086e58: note: object has invalid vptr
|
00 00 00 00 00 00 00 00 00 00 00 00 b0 25 09 00 50 62 00 00 b0 5b 08 00 b0 62 00 00 01 00 00 00
|
^~~~~~~~~~~~~~~~~~~~~~~
|
invalid vptr
|
/test/10.5_opt/sql/sql_class.cc:3751:11: runtime error: member access within address 0x62b000086e58 which does not point to an object of type 'Query_arena'
|
0x62b000086e58: note: object has invalid vptr
|
00 00 00 00 00 00 00 00 00 00 00 00 b0 25 09 00 50 62 00 00 b0 5b 08 00 b0 62 00 00 01 00 00 00
|
^~~~~~~~~~~~~~~~~~~~~~~
|
invalid vptr
|
/test/10.5_opt/sql/sql_class.cc:3749:21: runtime error: member access within address 0x62b000086e58 which does not point to an object of type 'Query_arena'
|
0x62b000086e58: note: object has invalid vptr
|
00 00 00 00 00 00 00 00 00 00 00 00 b0 25 09 00 50 62 00 00 b0 5b 08 00 b0 62 00 00 01 00 00 00
|
^~~~~~~~~~~~~~~~~~~~~~~
|
invalid vptr
|
Setup:
Compiled with GCC >=7.5.0 (I use GCC 9.3.0) and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1
|
Bug confirmed present in:
MariaDB: 10.4.14 (dbg), 10.4.14 (opt), 10.5.4 (dbg), 10.5.4 (opt)
Bug confirmed not present in:
MariaDB: 10.1.46 (dbg), 10.1.46 (opt), 10.2.33 (dbg), 10.2.33 (opt), 10.3.24 (dbg), 10.3.24 (opt)