[MDEV-23665] Assertion `length <= 64' failed in PFS_variable_name_row::make_row and Assertion `length <= NAME_CHAR_LEN' failed on performance_schema related SELECT - Jira

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.5, 10.6, 10.7, 10.8
Fix Version/s: 10.5, 10.6
Component/s: Performance Schema
Labels:
None

Description

# mysqld options required for replay:  --performance-schema

SET @X2345678901234567890123456789012345678901234567890123456789012345 = 12;

SELECT * FROM performance_schema.user_variables_by_thread;

Leads to:

10.5.6 1c587481966abc7a9ad5309d0a91ca920f7a5657 (Debug)
mysqld: /test/10.5_dbg/storage/perfschema/table_helper.cc:840: void PFS_variable_name_row::make_row(const char*, size_t): Assertion `length <= 64' failed.

10.5.6 1c587481966abc7a9ad5309d0a91ca920f7a5657 (Debug)
Core was generated by `/test/MD110820-mariadb-10.5.6-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
[Current thread is 1 (Thread 0x153e0f5bc700 (LWP 583194))]
(gdb) bt
#0 __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
#1 0x00005573fc076b86 in my_write_core (sig=sig@entry=6) at /test/10.5_dbg/mysys/stacktrace.c:519
#2 0x00005573fb82dd7b in handle_fatal_signal (sig=6) at /test/10.5_dbg/sql/signal_handler.cc:330
#3 <signal handler called>
#4 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#5 0x0000153e0d8528b1 in __GI_abort () at abort.c:79
#6 0x0000153e0d84242a in __assert_fail_base (fmt=0x153e0d9c9a38 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5573fc1d0c1e "length <= 64", file=file@entry=0x5573fc43ddb8 "/test/10.5_dbg/storage/perfschema/table_helper.cc", line=line@entry=840, function=function@entry=0x5573fc43e220 <PFS_variable_name_row::make_row(char const, unsigned long)::__PRETTY_FUNCTION__> "void PFS_variable_name_row::make_row(const char, size_t)") at assert.c:92
#7 0x0000153e0d8424a2 in __GI___assert_fail (assertion=assertion@entry=0x5573fc1d0c1e "length <= 64", file=file@entry=0x5573fc43ddb8 "/test/10.5_dbg/storage/perfschema/table_helper.cc", line=line@entry=840, function=function@entry=0x5573fc43e220 <PFS_variable_name_row::make_row(char const, unsigned long)::__PRETTY_FUNCTION__> "void PFS_variable_name_row::make_row(const char, size_t)") at assert.c:101
#8 0x00005573fbb8c39b in PFS_variable_name_row::make_row (this=this@entry=0x153de4899d88, str=str@entry=0x153de4823350 "X2345678901234567890123456789012345678901234567890123456789012345", length=length@entry=65) at /test/10.5_dbg/storage/perfschema/table_helper.cc:840
#9 0x00005573fbb9b2d3 in User_variables::materialize (this=this@entry=0x153de4861868, pfs=pfs@entry=0x153e0b01a280, thd=thd@entry=0x153de4815088) at /test/10.5_dbg/storage/perfschema/table_uvar_by_thread.cc:109
#10 0x00005573fbb9b5a1 in table_uvar_by_thread::materialize (this=this@entry=0x153de4861840, thread=thread@entry=0x153e0b01a280) at /test/10.5_dbg/storage/perfschema/table_uvar_by_thread.cc:251
#11 0x00005573fbb9b73e in table_uvar_by_thread::rnd_next (this=0x153de4861840) at /test/10.5_dbg/storage/perfschema/table_uvar_by_thread.cc:194
#12 0x00005573fbb375f1 in ha_perfschema::rnd_next (this=0x153de488a0a0, buf=0x153de4852fc0 "\377") at /test/10.5_dbg/storage/perfschema/ha_perfschema.cc:359
#13 0x00005573fb835cf2 in handler::ha_rnd_next (this=0x153de488a0a0, buf=0x153de4852fc0 "\377") at /test/10.5_dbg/sql/handler.cc:3060
#14 0x00005573fb9d74b5 in rr_sequential (info=0x153de48783d8) at /test/10.5_dbg/sql/records.cc:519
#15 0x00005573fb5d67c2 in READ_RECORD::read_record (this=0x153de48783d8) at /test/10.5_dbg/sql/records.h:80
#16 join_init_read_record (tab=0x153de4878310) at /test/10.5_dbg/sql/sql_select.cc:21569
#17 0x00005573fb5c59f1 in sub_select (join=0x153de4876bc8, join_tab=0x153de4878310, end_of_records=<optimized out>) at /test/10.5_dbg/sql/sql_select.cc:20621
#18 0x00005573fb5ffb32 in do_select (procedure=0x0, join=0x153de4876bc8) at /test/10.5_dbg/sql/sql_select.cc:20158
#19 JOIN::exec_inner (this=this@entry=0x153de4876bc8) at /test/10.5_dbg/sql/sql_select.cc:4450
#20 0x00005573fb60014d in JOIN::exec (this=this@entry=0x153de4876bc8) at /test/10.5_dbg/sql/sql_select.cc:4231
#21 0x00005573fb5fe449 in mysql_select (thd=thd@entry=0x153de4815088, tables=<optimized out>, fields=@0x153de48742c8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x153de4874728, last = 0x153de48775f8, elements = 3}, <No data fields>}, conds=0x0, og_num=0, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x153de4876ba0, unit=0x153de48190a0, select_lex=0x153de4874178) at /test/10.5_dbg/sql/sql_select.cc:4655
#22 0x00005573fb5fe778 in handle_select (thd=thd@entry=0x153de4815088, lex=lex@entry=0x153de4818fd8, result=result@entry=0x153de4876ba0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:417
#23 0x00005573fb586d72 in execute_sqlcom_select (thd=thd@entry=0x153de4815088, all_tables=0x153de48747b8) at /test/10.5_dbg/sql/sql_parse.cc:6210
#24 0x00005573fb57fe46 in mysql_execute_command (thd=thd@entry=0x153de4815088) at /test/10.5_dbg/sql/sql_parse.cc:3932
#25 0x00005573fb58cd4e in mysql_parse (thd=thd@entry=0x153de4815088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x153e0f5bb350, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7994
#26 0x00005573fb57977e in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x153de4815088, packet=packet@entry=0x153de4867089 "", packet_length=packet_length@entry=57, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1867
#27 0x00005573fb577f58 in do_command (thd=0x153de4815088) at /test/10.5_dbg/sql/sql_parse.cc:1348
#28 0x00005573fb6d4bc9 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x153de8072b88, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1410
#29 0x00005573fb6d52e5 in handle_one_connection (arg=arg@entry=0x153de8072b88) at /test/10.5_dbg/sql/sql_connect.cc:1312
#30 0x00005573fbb3b572 in pfs_spawn_thread (arg=0x153e0c446508) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
#31 0x0000153e0e5356db in start_thread (arg=0x153e0f5bc700) at pthread_create.c:463
#32 0x0000153e0d933a3f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.6 (dbg)

Bug confirmed not present in:
MariaDB: 10.1.47 (dbg), 10.1.47 (opt), 10.2.34 (dbg), 10.2.34 (opt), 10.3.25 (dbg), 10.3.25 (opt), 10.4.15 (dbg), 10.4.15 (opt), 10.5.6 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

Attachments

Issue Links

duplicates

MDEV-31967 User variable names over 64 symbols can cause problems with other components

Closed

relates to

MDEV-24683 ASAN heap-use-after-free in Binary_string::copy / table_uvar_by_thread::materialize

Confirmed

MDEV-31968 Spider uses too long variable names on a remote server

Open

Assertion `length <= 64' failed in PFS_variable_name_row::make_row and Assertion `length <= NAME_CHAR_LEN' failed on performance_schema related SELECT

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration