[MDEV-22744] *SAN: sql/item_xmlfunc.cc:791:43: runtime error: downcast of address ... which does not point to an object of type 'Item_func' note: object is of type 'Item_bool' (on optimized builds) - Jira

10.5.4>SELECT extractValue('<a>a</a>', '/a[true()]');

+----------------------------------------+

| extractValue('<a>a</a>', '/a[true()]') |

+----------------------------------------+

| a                                      |

+----------------------------------------+

1 row in set (0.003 sec)

Leads to:

10.5.4 c2a929185c147fc85bbf91e2c537bcdd98f2e680
/test/10.5_opt/sql/item_xmlfunc.cc:791:43: runtime error: downcast of address 0x62b000087538 which does not point to an object of type 'Item_func'
0x62b000087538: note: object is of type 'Item_bool'
00 00 00 00 e8 5d 59 0a f0 55 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 71 41 10
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'Item_bool'

Setup:

Compiled with GCC >=7.5.0 and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF

Set before execution:

    export ASAN_OPTIONS=quarantine_size_mb=512:atexit=true:detect_invalid_pointer_pairs=1:dump_instruction_bytes=true:abort_on_error=1

Bug confirmed present in:
MariaDB: 10.4.14 (dbg), 10.4.14 (opt), 10.5.4 (dbg), 10.5.4 (opt)

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server