Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.5.4, 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL)
-
None
Description
10.5.4>SELECT extractValue('<a>a</a>', '/a[true()]');
|
+----------------------------------------+
|
| extractValue('<a>a</a>', '/a[true()]') |
|
+----------------------------------------+
|
| a |
|
+----------------------------------------+
|
1 row in set (0.003 sec)
|
Leads to:
|
10.5.4 c2a929185c147fc85bbf91e2c537bcdd98f2e680 |
/test/10.5_opt/sql/item_xmlfunc.cc:791:43: runtime error: downcast of address 0x62b000087538 which does not point to an object of type 'Item_func'
|
0x62b000087538: note: object is of type 'Item_bool'
|
00 00 00 00 e8 5d 59 0a f0 55 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 71 41 10
|
^~~~~~~~~~~~~~~~~~~~~~~
|
vptr for 'Item_bool'
|
Setup:
Compiled with GCC >=7.5.0 and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF
|
Set before execution:
|
export ASAN_OPTIONS=quarantine_size_mb=512:atexit=true:detect_invalid_pointer_pairs=1:dump_instruction_bytes=true:abort_on_error=1
|
Bug confirmed present in:
MariaDB: 10.4.14 (dbg), 10.4.14 (opt), 10.5.4 (dbg), 10.5.4 (opt)