Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.3(EOL), 10.4(EOL), 10.5, 10.6
Description
SELECT 0 FROM (SELECT 0) t01, (SELECT 0) t02, (SELECT 0) t03, (SELECT 0) t04, (SELECT 0) t05, (SELECT 0) t06, (SELECT 0) t07, (SELECT 0) t08, (SELECT 0) t09, (SELECT 0) t10, (SELECT 0) t11, (SELECT 0) t12, (SELECT 0) t13, (SELECT 0) t14, (SELECT 0) t15, (SELECT 0) t16, (SELECT 0) t17, (SELECT 0) t18, (SELECT 0) t19, (SELECT 0) t20, (SELECT 0) t21, (SELECT 0) t22, (SELECT 0) t23, (SELECT 0) t24, (SELECT 0) t25, (SELECT 0) t26, (SELECT 0) t27, (SELECT 0) t28, (SELECT 0) t29, (SELECT 0) t30, (SELECT 0) t31, (SELECT 0) t32, (SELECT 0) t33, (SELECT 0) t34, (SELECT 0) t35, (SELECT 0) t36, (SELECT 0) t37, (SELECT 0) t38, (SELECT 0) t39, (SELECT 0) t40, (SELECT 0) t41, (SELECT 0) t42, (SELECT 0) t43, (SELECT 0) t44, (SELECT 0) t45, (SELECT 0) t46, (SELECT 0) t47, (SELECT 0) t48, (SELECT 0) t49, (SELECT 0) t50, (SELECT 0) t51, (SELECT 0) t52, (SELECT 0) t53, (SELECT 0) t54, (SELECT 0) t55, (SELECT 0) t56, (SELECT 0) t57, (SELECT 0) t58, (SELECT 0) t59, (SELECT 0) t60, (SELECT 0) t61;
|
Leads to:
10.5.4 c2a929185c147fc85bbf91e2c537bcdd98f2e680 (optimized) |
/test/10.5_opt/sql/opt_split.cc:1150:28: runtime error: shift exponent 61 is too large for 32-bit type 'int'
|
10.6.0 c498250888ec126fddda2867d1239b2a7734482f (Debug) |
/test/10.6_dbg_asan/sql/opt_split.cc:1150:28: runtime error: shift exponent 61 is too large for 32-bit type 'int'
|
#0 0x55b5d97e9acb in JOIN::fix_all_splittings_in_plan() /test/10.6_dbg_asan/sql/opt_split.cc:1150
|
#1 0x55b5d8becd60 in JOIN::optimize_inner() /test/10.6_dbg_asan/sql/sql_select.cc:2268
|
#2 0x55b5d8bee9c9 in JOIN::optimize() /test/10.6_dbg_asan/sql/sql_select.cc:1627
|
#3 0x55b5d8bf2f72 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.6_dbg_asan/sql/sql_select.cc:4651
|
#4 0x55b5d8bf4c99 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.6_dbg_asan/sql/sql_select.cc:417
|
#5 0x55b5d88096a2 in execute_sqlcom_select /test/10.6_dbg_asan/sql/sql_parse.cc:6118
|
#6 0x55b5d8869f0a in mysql_execute_command(THD*) /test/10.6_dbg_asan/sql/sql_parse.cc:3820
|
#7 0x55b5d87cdeda in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.6_dbg_asan/sql/sql_parse.cc:7883
|
#8 0x55b5d883c94c in dispatch_command(enum_server_command, THD*, char*, unsigned int) /test/10.6_dbg_asan/sql/sql_parse.cc:1816
|
#9 0x55b5d8851d14 in do_command(THD*) /test/10.6_dbg_asan/sql/sql_parse.cc:1348
|
#10 0x55b5d92300ee in do_handle_one_connection(CONNECT*, bool) /test/10.6_dbg_asan/sql/sql_connect.cc:1410
|
#11 0x55b5d9233371 in handle_one_connection /test/10.6_dbg_asan/sql/sql_connect.cc:1312
|
#12 0x55b5db72d923 in pfs_spawn_thread /test/10.6_dbg_asan/storage/perfschema/pfs.cc:2201
|
#13 0x14a105a94608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
|
#14 0x14a104be8292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
|
10.6.0 c498250888ec126fddda2867d1239b2a7734482f (Optimized) |
/test/10.6_opt_asan/sql/opt_split.cc:1150:28: runtime error: shift exponent 61 is too large for 32-bit type 'int'
|
#0 0x55af6c8d4912 in JOIN::fix_all_splittings_in_plan() /test/10.6_opt_asan/sql/opt_split.cc:1150
|
#1 0x55af6d751a33 in JOIN::optimize_inner() /test/10.6_opt_asan/sql/sql_select.cc:2268
|
#2 0x55af6d75653f in JOIN::optimize() /test/10.6_opt_asan/sql/sql_select.cc:1627
|
#3 0x55af6d7642ca in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.6_opt_asan/sql/sql_select.cc:4651
|
#4 0x55af6d769853 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.6_opt_asan/sql/sql_select.cc:417
|
#5 0x55af6d42c5d1 in execute_sqlcom_select /test/10.6_opt_asan/sql/sql_parse.cc:6118
|
#6 0x55af6d46e55e in mysql_execute_command(THD*) /test/10.6_opt_asan/sql/sql_parse.cc:3820
|
#7 0x55af6d3f9dcd in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.6_opt_asan/sql/sql_parse.cc:7883
|
#8 0x55af6d452e0d in dispatch_command(enum_server_command, THD*, char*, unsigned int) /test/10.6_opt_asan/sql/sql_parse.cc:1816
|
#9 0x55af6d45ec82 in do_command(THD*) /test/10.6_opt_asan/sql/sql_parse.cc:1348
|
#10 0x55af6dc4da1c in do_handle_one_connection(CONNECT*, bool) /test/10.6_opt_asan/sql/sql_connect.cc:1410
|
#11 0x55af6dc50754 in handle_one_connection /test/10.6_opt_asan/sql/sql_connect.cc:1312
|
#12 0x55af6fc52eaa in pfs_spawn_thread /test/10.6_opt_asan/storage/perfschema/pfs.cc:2201
|
#13 0x14f872690608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
|
#14 0x14f8717e4292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
|
Setup:
Compiled with GCC >=7.5.0 (I use GCC 9.3.0) and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF
|
Set before execution:
|
export ASAN_OPTIONS=quarantine_size_mb=512:atexit=true:detect_invalid_pointer_pairs=1:dump_instruction_bytes=true:abort_on_error=1
|
Bug confirmed present in:
MariaDB: 10.3.24 (dbg), 10.3.24 (opt), 10.4.14 (dbg), 10.4.14 (opt), 10.5.4 (dbg), 10.5.4 (opt), 10.6.0 (dbg), 10.6.0 (opt)
Bug confirmed not present in:
MariaDB: 10.1.46 (dbg), 10.1.46 (opt), 10.2.33 (dbg), 10.2.33 (opt)