==2595397==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60800002049f at pc 0x556bd3fb902b bp 0x7f917d55dec0 sp 0x7f917d55deb0
|
READ of size 1 at 0x60800002049f thread T36
|
#0 0x556bd3fb902a in rec_init_offsets_comp_ordinary<> /home/jan/mysql/10.4-bugs/storage/innobase/rem/rem0rec.cc:417
|
#1 0x556bd3fab5ea in rec_init_offsets /home/jan/mysql/10.4-bugs/storage/innobase/rem/rem0rec.cc:641
|
#2 0x556bd3fadbdb in rec_get_offsets_func(unsigned char const*, dict_index_t const*, unsigned short*, bool, unsigned long, char const*, unsigned int, mem_block_info_t**) /home/jan/mysql/10.4-bugs/storage/innobase/rem/rem0rec.cc:920
|
#3 0x556bd3fb676a in wsrep_rec_get_foreign_key(unsigned char*, unsigned long*, unsigned char const*, dict_index_t*, dict_index_t*, unsigned long) /home/jan/mysql/10.4-bugs/storage/innobase/rem/rem0rec.cc:2682
|
#4 0x556bd3d09996 in wsrep_append_foreign_key(trx_t*, dict_foreign_t*, unsigned char const*, dict_index_t*, unsigned long, Wsrep_service_key_type) /home/jan/mysql/10.4-bugs/storage/innobase/handler/ha_innodb.cc:10184
|
#5 0x556bd400827d in row_ins_foreign_check_on_constraint /home/jan/mysql/10.4-bugs/storage/innobase/row/row0ins.cc:1388
|
#6 0x556bd4009f1d in row_ins_check_foreign_constraint(unsigned long, dict_foreign_t*, dict_table_t*, dtuple_t*, que_thr_t*) /home/jan/mysql/10.4-bugs/storage/innobase/row/row0ins.cc:1803
|
#7 0x556bd41097ee in row_upd_check_references_constraints /home/jan/mysql/10.4-bugs/storage/innobase/row/row0upd.cc:295
|
#8 0x556bd41195d3 in row_upd_del_mark_clust_rec /home/jan/mysql/10.4-bugs/storage/innobase/row/row0upd.cc:3000
|
#9 0x556bd411a7f4 in row_upd_clust_step /home/jan/mysql/10.4-bugs/storage/innobase/row/row0upd.cc:3170
|
#10 0x556bd411b52a in row_upd /home/jan/mysql/10.4-bugs/storage/innobase/row/row0upd.cc:3299
|
#11 0x556bd411c4b4 in row_upd_step(que_thr_t*) /home/jan/mysql/10.4-bugs/storage/innobase/row/row0upd.cc:3443
|
#12 0x556bd406191a in row_update_for_mysql(row_prebuilt_t*) /home/jan/mysql/10.4-bugs/storage/innobase/row/row0mysql.cc:1848
|
#13 0x556bd3d00aee in ha_innobase::delete_row(unsigned char const*) /home/jan/mysql/10.4-bugs/storage/innobase/handler/ha_innodb.cc:8887
|
#14 0x556bd376048a in handler::ha_delete_row(unsigned char const*) /home/jan/mysql/10.4-bugs/sql/handler.cc:6850
|
#15 0x556bd3bb4fcd in TABLE::delete_row() /home/jan/mysql/10.4-bugs/sql/sql_delete.cc:289
|
#16 0x556bd3bac207 in mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) /home/jan/mysql/10.4-bugs/sql/sql_delete.cc:804
|
#17 0x556bd2f422c4 in mysql_execute_command(THD*) /home/jan/mysql/10.4-bugs/sql/sql_parse.cc:4718
|
#18 0x556bd2f583ed in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/jan/mysql/10.4-bugs/sql/sql_parse.cc:7896
|
#19 0x556bd2f57180 in wsrep_mysql_parse /home/jan/mysql/10.4-bugs/sql/sql_parse.cc:7700
|
#20 0x556bd2f2f358 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/jan/mysql/10.4-bugs/sql/sql_parse.cc:1820
|
#21 0x556bd2f2bf83 in do_command(THD*) /home/jan/mysql/10.4-bugs/sql/sql_parse.cc:1352
|
#22 0x556bd3317b2c in do_handle_one_connection(CONNECT*) /home/jan/mysql/10.4-bugs/sql/sql_connect.cc:1412
|
#23 0x556bd33173d0 in handle_one_connection /home/jan/mysql/10.4-bugs/sql/sql_connect.cc:1316
|
#24 0x556bd49af320 in pfs_spawn_thread /home/jan/mysql/10.4-bugs/storage/perfschema/pfs.cc:1869
|
#25 0x7f919a0c3608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477
|
#26 0x7f9199881102 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122102)
|
Critical
10.2:
==2642055==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60800001c91f at pc 0x55aa4bacd76c bp 0x7f0652648f00 sp 0x7f0652648ef0READ of size 1 at 0x60800001c91f thread T34#0 0x55aa4bacd76b in rec_init_offsets_comp_ordinary /home/jan/mysql/10.2-bugs/storage/innobase/rem/rem0rec.cc:306#1 0x55aa4bacdd56 in rec_init_offsets /home/jan/mysql/10.2-bugs/storage/innobase/rem/rem0rec.cc:397#2 0x55aa4bacef4d in rec_get_offsets_func(unsigned char const*, dict_index_t const*, unsigned short*, bool, unsigned long, char const*, unsigned int, mem_block_info_t**) /home/jan/mysql/10.2-bugs/storage/innobase/rem/rem0rec.cc:621#3 0x55aa4bad6345 in wsrep_rec_get_foreign_key(unsigned char*, unsigned long*, unsigned char const*, dict_index_t*, dict_index_t*, unsigned long) /home/jan/mysql/10.2-bugs/storage/innobase/rem/rem0rec.cc:2205#4 0x55aa4b8abcc0 in wsrep_append_foreign_key(trx_t*, dict_foreign_t*, unsigned char const*, dict_index_t*, unsigned long, wsrep_key_type) /home/jan/mysql/10.2-bugs/storage/innobase/handler/ha_innodb.cc:10358#5 0x55aa4bb184f0 in row_ins_foreign_check_on_constraint /home/jan/mysql/10.2-bugs/storage/innobase/row/row0ins.cc:1412#6 0x55aa4bb19ccc in row_ins_check_foreign_constraint(unsigned long, dict_foreign_t*, dict_table_t*, dtuple_t*, que_thr_t*) /home/jan/mysql/10.2-bugs/storage/innobase/row/row0ins.cc:1808#7 0x55aa4bc150e8 in row_upd_check_references_constraints /home/jan/mysql/10.2-bugs/storage/innobase/row/row0upd.cc:325#8 0x55aa4bc21858 in row_upd_del_mark_clust_rec /home/jan/mysql/10.2-bugs/storage/innobase/row/row0upd.cc:3005#9 0x55aa4bc22781 in row_upd_clust_step /home/jan/mysql/10.2-bugs/storage/innobase/row/row0upd.cc:3166#10 0x55aa4bc23299 in row_upd /home/jan/mysql/10.2-bugs/storage/innobase/row/row0upd.cc:3292#11 0x55aa4bc24148 in row_upd_step(que_thr_t*) /home/jan/mysql/10.2-bugs/storage/innobase/row/row0upd.cc:3438#12 0x55aa4bb6679b in row_update_for_mysql(row_prebuilt_t*) /home/jan/mysql/10.2-bugs/storage/innobase/row/row0mysql.cc:1825#13 0x55aa4b8a2ded in ha_innobase::delete_row(unsigned char const*) /home/jan/mysql/10.2-bugs/storage/innobase/handler/ha_innodb.cc:9058#14 0x55aa4b394fcf in handler::ha_delete_row(unsigned char const*) /home/jan/mysql/10.2-bugs/sql/handler.cc:6168#15 0x55aa4b767247 in mysql_delete(THD*, TABLE_LIST*, Item*, SQL_I_List<st_order>*, unsigned long long, unsigned long long, select_result*) /home/jan/mysql/10.2-bugs/sql/sql_delete.cc:583#16 0x55aa4ad3dfbb in mysql_execute_command(THD*) /home/jan/mysql/10.2-bugs/sql/sql_parse.cc:4362#17 0x55aa4ad551ef in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/jan/mysql/10.2-bugs/sql/sql_parse.cc:7733#18 0x55aa4ad53cec in wsrep_mysql_parse /home/jan/mysql/10.2-bugs/sql/sql_parse.cc:7525#19 0x55aa4ad2e489 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/jan/mysql/10.2-bugs/sql/sql_parse.cc:1820#20 0x55aa4ad2b2c6 in do_command(THD*) /home/jan/mysql/10.2-bugs/sql/sql_parse.cc:1377#21 0x55aa4b0ae937 in do_handle_one_connection(CONNECT*) /home/jan/mysql/10.2-bugs/sql/sql_connect.cc:1336#22 0x55aa4b0ae1fa in handle_one_connection /home/jan/mysql/10.2-bugs/sql/sql_connect.cc:1241#23 0x55aa4c435633 in pfs_spawn_thread /home/jan/mysql/10.2-bugs/storage/perfschema/pfs.cc:1869#24 0x7f066de9c608 in start_thread /build/glibc-YYA7BZ/glibc-2.31/nptl/pthread_create.c:477#25 0x7f066da78102 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122102)