Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL)
Description
Each of these testcases leads to UBSAN issues in strings/decimal.c, each with individual stack traces:
SELECT RIGHT('a', -10000000000000000000); |
SELECT LPAD (0,-18446744073709551615,0); |
SELECT RPAD (0,-18446744073709551615,0); |
SELECT LOCATE (0,0,-18446744073709551615); |
SELECT INSERT (0,18446744073709551616,1,0); |
SELECT HEX(COLUMN_CREATE (1,99999999999999999999999999999 AS INT)); |
SELECT COLUMN_GET (COLUMN_CREATE (1,99999999999999999999999999999 AS DECIMAL),1 AS INT); |
SELECT 0 + (10101010101010101010101010101010101010101010101010101010101010101<<4); |
These issues and others like it significantly affect UBSAN testing. Please fix asap.
Setup (though ASAN can likely be left off):
Compiled with GCC >=7.5.0 (I use GCC 9.3.0) and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1
|
Attachments
Issue Links
- relates to
-
-
- Closed
-
-
MDEV-25454 Make MariaDB server UBSAN safe
-
- Confirmed
-
Activity
SELECT COLUMN_GET (COLUMN_CREATE (1,99999999999999999999999999999 AS DECIMAL),1 AS INT); |
Leads to:
|
10.7.1 8dd4794c4e11b8790fadf0c203bcd118e7b755e8 (Optimized) |
/test/10.7_opt_san/strings/decimal.c:1169:8: runtime error: signed integer overflow: -99999999999 * 1000000000 cannot be represented in type 'long long int'
|
|
10.7.1 8dd4794c4e11b8790fadf0c203bcd118e7b755e8 (Optimized) |
#0 0x55772709c606 in decimal2longlong /test/10.7_opt_san/strings/decimal.c:1169
|
#1 0x557724f4e9d4 in my_decimal2int(unsigned int, st_decimal_t const*, bool, long long*, decimal_round_mode) /test/10.7_opt_san/sql/my_decimal.cc:357
|
#2 0x5577249fd22b in Item_dyncol_get::val_int() /test/10.7_opt_san/sql/item_strfunc.cc:5013
|
#3 0x557724a08189 in Item_dyncol_get::val_int_signed_typecast() /test/10.7_opt_san/sql/item_strfunc.h:2127
|
#4 0x55772475ebff in Item_func_signed::val_int() /test/10.7_opt_san/sql/item_func.h:1318
|
#5 0x557723ad2760 in Type_handler::Item_send_longlong(Item*, Protocol*, st_value*) const /test/10.7_opt_san/sql/sql_type.cc:7497
|
#6 0x557722748791 in Protocol::send_result_set_row(List<Item>*) /test/10.7_opt_san/sql/protocol.cc:1327
|
#7 0x557722ab0839 in select_send::send_data(List<Item>&) /test/10.7_opt_san/sql/sql_class.cc:3072
|
#8 0x557723176b77 in JOIN::exec_inner() /test/10.7_opt_san/sql/sql_select.cc:4601
|
#9 0x55772317ab99 in JOIN::exec() /test/10.7_opt_san/sql/sql_select.cc:4513
|
#10 0x55772316a705 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.7_opt_san/sql/sql_select.cc:4991
|
#11 0x55772316e5b3 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.7_opt_san/sql/sql_select.cc:545
|
#12 0x557722daaf4f in execute_sqlcom_select /test/10.7_opt_san/sql/sql_parse.cc:6253
|
#13 0x557722deaa53 in mysql_execute_command(THD*, bool) /test/10.7_opt_san/sql/sql_parse.cc:3944
|
#14 0x557722d7afe8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.7_opt_san/sql/sql_parse.cc:8028
|
#15 0x557722dd0655 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.7_opt_san/sql/sql_parse.cc:1894
|
#16 0x557722ddbe52 in do_command(THD*, bool) /test/10.7_opt_san/sql/sql_parse.cc:1402
|
#17 0x5577236877bd in do_handle_one_connection(CONNECT*, bool) /test/10.7_opt_san/sql/sql_connect.cc:1418
|
#18 0x55772368a2b4 in handle_one_connection /test/10.7_opt_san/sql/sql_connect.cc:1312
|
#19 0x557725652ce1 in pfs_spawn_thread /test/10.7_opt_san/storage/perfschema/pfs.cc:2201
|
#20 0x14d582d8e608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
|
#21 0x14d582004292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
|
|
10.7.1 8dd4794c4e11b8790fadf0c203bcd118e7b755e8 (Debug) |
#0 0x55950f0a6c8d in decimal2longlong /test/10.7_dbg_san/strings/decimal.c:1169
|
#1 0x55950d0d75ef in my_decimal2int(unsigned int, st_decimal_t const*, bool, long long*, decimal_round_mode) /test/10.7_dbg_san/sql/my_decimal.cc:357
|
#2 0x55950ca6850d in Item_dyncol_get::val_int() /test/10.7_dbg_san/sql/item_strfunc.cc:5013
|
#3 0x55950ca75e0f in Item_dyncol_get::val_int_signed_typecast() /test/10.7_dbg_san/sql/item_strfunc.h:2127
|
#4 0x55950c77a96b in Item_func_signed::val_int() /test/10.7_dbg_san/sql/item_func.h:1318
|
#5 0x55950b8a792e in Type_handler::Item_send_longlong(Item*, Protocol*, st_value*) const /test/10.7_dbg_san/sql/sql_type.cc:7497
|
#6 0x55950b917060 in Type_handler_longlong::Item_send(Item*, Protocol*, st_value*) const /test/10.7_dbg_san/sql/sql_type.h:5745
|
#7 0x559509f5735f in Item::send(Protocol*, st_value*) /test/10.7_dbg_san/sql/item.h:1227
|
#8 0x55950a0fc9a5 in Protocol::send_result_set_row(List<Item>*) /test/10.7_dbg_san/sql/protocol.cc:1327
|
#9 0x55950a5464c3 in select_send::send_data(List<Item>&) /test/10.7_dbg_san/sql/sql_class.cc:3072
|
#10 0x55950ad27f9a in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/10.7_dbg_san/sql/sql_class.h:5631
|
#11 0x55950ad27f9a in JOIN::exec_inner() /test/10.7_dbg_san/sql/sql_select.cc:4601
|
#12 0x55950ad2f7a8 in JOIN::exec() /test/10.7_dbg_san/sql/sql_select.cc:4513
|
#13 0x55950ad200fa in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.7_dbg_san/sql/sql_select.cc:4991
|
#14 0x55950ad21a82 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.7_dbg_san/sql/sql_select.cc:545
|
#15 0x55950a8bb590 in execute_sqlcom_select /test/10.7_dbg_san/sql/sql_parse.cc:6253
|
#16 0x55950a91f4ec in mysql_execute_command(THD*, bool) /test/10.7_dbg_san/sql/sql_parse.cc:3944
|
#17 0x55950a883c94 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.7_dbg_san/sql/sql_parse.cc:8028
|
#18 0x55950a8f867a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.7_dbg_san/sql/sql_parse.cc:1894
|
#19 0x55950a90f0c2 in do_command(THD*, bool) /test/10.7_dbg_san/sql/sql_parse.cc:1402
|
#20 0x55950b39a2aa in do_handle_one_connection(CONNECT*, bool) /test/10.7_dbg_san/sql/sql_connect.cc:1418
|
#21 0x55950b39d143 in handle_one_connection /test/10.7_dbg_san/sql/sql_connect.cc:1312
|
#22 0x55950d7bd4ee in pfs_spawn_thread /test/10.7_dbg_san/storage/perfschema/pfs.cc:2201
|
#23 0x14fc649ff608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
|
#24 0x14fc63c75292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
|
Bug confirmed present in:
MariaDB: 10.2.41 (dbg), 10.2.41 (opt), 10.3.32 (dbg), 10.3.32 (opt), 10.4.22 (dbg), 10.4.22 (opt), 10.5.13 (dbg), 10.5.13 (opt), 10.6.5 (dbg), 10.6.5 (opt), 10.7.1 (dbg), 10.7.1 (opt)
bar If we could get a fix for these, it would be very appreciated, and much improve testing work.
I removed a global suppression that should have been removed as part of this fix.
This might explain numerous test failures on various POWER ISA platforms, like this:
10.6 b4911f5a34f8dcfb642c6f14535bc9d5d97ade44
main.func_math w7 [ fail ]Test ended at 2021-10-14 06:49:49CURRENT_TEST: main.func_mathmysqltest: At line 425: query 'SELECT 9223372036854775807 + 9223372036854775807' succeeded - should have failed with error ER_DATA_OUT_OF_RANGE (1690)...