Type:
Bug
Priority:
Major
Resolution:
Fixed
Affects Version/s:
10.1(EOL) , 10.2(EOL) , 10.3(EOL) , 10.4(EOL) , 10.5 , 10.6
SELECT 0xF0 >> 4 | 0xFF, (0xF0 >> 4) | 0xFF, 0xF0 >> (4 | 0xFF);
Leads to:
10.6.0 c498250888ec126fddda2867d1239b2a7734482f
/test/10.6_dbg_asan/sql/sql_type_int.h:91:42: runtime error: shift exponent 255 is too large for 64-bit type 'long long unsigned int'
10.6.0 c498250888ec126fddda2867d1239b2a7734482f (Debug)
#1 0x55fe03aa5302 in Func_handler_shift_right_decimal_to_ulonglong::to_longlong_null(Item_handled_func*) const /test/10.6_dbg_asan/sql/item_func.cc:2196
#2 0x55fe036c3cf9 in Item_handled_func::Handler_int::val_int(Item_handled_func*) const /test/10.6_dbg_asan/sql/item_func.h:704
#3 0x55fe02b81b27 in Item_handled_func::val_int() /test/10.6_dbg_asan/sql/item_func.h:791
#4 0x55fe02b60a78 in Type_handler::Item_send_longlong(Item*, Protocol*, st_value*) const /test/10.6_dbg_asan/sql/sql_type.cc:7383
#5 0x55fe02bd0c62 in Type_handler_longlong::Item_send(Item*, Protocol*, st_value*) const /test/10.6_dbg_asan/sql/sql_type.h:5638
#6 0x55fe015732e5 in Item::send(Protocol*, st_value*) /test/10.6_dbg_asan/sql/item.h:1059
#7 0x55fe01559d8b in Protocol::send_result_set_row(List<Item>*) /test/10.6_dbg_asan/sql/protocol.cc:1082
#8 0x55fe019acda7 in select_send::send_data(List<Item>&) /test/10.6_dbg_asan/sql/sql_class.cc:3025
#9 0x55fe020f542d in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/10.6_dbg_asan/sql/sql_class.h:5325
#10 0x55fe020f542d in JOIN::exec_inner() /test/10.6_dbg_asan/sql/sql_select.cc:4337
#11 0x55fe020fc19a in JOIN::exec() /test/10.6_dbg_asan/sql/sql_select.cc:4250
#12 0x55fe020ed2c5 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.6_dbg_asan/sql/sql_select.cc:4665
#13 0x55fe020eec99 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.6_dbg_asan/sql/sql_select.cc:417
#14 0x55fe01d036a2 in execute_sqlcom_select /test/10.6_dbg_asan/sql/sql_parse.cc:6118
#15 0x55fe01d63f0a in mysql_execute_command(THD*) /test/10.6_dbg_asan/sql/sql_parse.cc:3820
#16 0x55fe01cc7eda in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.6_dbg_asan/sql/sql_parse.cc:7883
#17 0x55fe01d3694c in dispatch_command(enum_server_command, THD*, char*, unsigned int) /test/10.6_dbg_asan/sql/sql_parse.cc:1816
#18 0x55fe01d4bd14 in do_command(THD*) /test/10.6_dbg_asan/sql/sql_parse.cc:1348
#19 0x55fe0272a0ee in do_handle_one_connection(CONNECT*, bool) /test/10.6_dbg_asan/sql/sql_connect.cc:1410
#20 0x55fe0272d371 in handle_one_connection /test/10.6_dbg_asan/sql/sql_connect.cc:1312
#21 0x55fe04c27923 in pfs_spawn_thread /test/10.6_dbg_asan/storage/perfschema/pfs.cc:2201
#22 0x14595360d608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
#23 0x145952761292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
10.6.0 c498250888ec126fddda2867d1239b2a7734482f (Optimized)
#1 0x561951cf8b59 in Longlong_null::operator>>(Longlong_null const&) const /test/10.6_opt_asan/sql/sql_type_int.h:86
#2 0x561951cf8b59 in Func_handler_shift_right_decimal_to_ulonglong::to_longlong_null(Item_handled_func*) const /test/10.6_opt_asan/sql/item_func.cc:2196
#3 0x561951a8e377 in Item_handled_func::Handler_int::val_int(Item_handled_func*) const /test/10.6_opt_asan/sql/item_func.h:704
#4 0x5619510db690 in Type_handler::Item_send_longlong(Item*, Protocol*, st_value*) const /test/10.6_opt_asan/sql/sql_type.cc:7383
#5 0x56194fedfd29 in Protocol::send_result_set_row(List<Item>*) /test/10.6_opt_asan/sql/protocol.cc:1082
#6 0x56195025bb29 in select_send::send_data(List<Item>&) /test/10.6_opt_asan/sql/sql_class.cc:3025
#7 0x56195086ac9e in JOIN::exec_inner() /test/10.6_opt_asan/sql/sql_select.cc:4337
#8 0x56195086da29 in JOIN::exec() /test/10.6_opt_asan/sql/sql_select.cc:4250
#9 0x56195085e5bd in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.6_opt_asan/sql/sql_select.cc:4665
#10 0x561950863853 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.6_opt_asan/sql/sql_select.cc:417
#11 0x5619505265d1 in execute_sqlcom_select /test/10.6_opt_asan/sql/sql_parse.cc:6118
#12 0x56195056855e in mysql_execute_command(THD*) /test/10.6_opt_asan/sql/sql_parse.cc:3820
#13 0x5619504f3dcd in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.6_opt_asan/sql/sql_parse.cc:7883
#14 0x56195054ce0d in dispatch_command(enum_server_command, THD*, char*, unsigned int) /test/10.6_opt_asan/sql/sql_parse.cc:1816
#15 0x561950558c82 in do_command(THD*) /test/10.6_opt_asan/sql/sql_parse.cc:1348
#16 0x561950d47a1c in do_handle_one_connection(CONNECT*, bool) /test/10.6_opt_asan/sql/sql_connect.cc:1410
#17 0x561950d4a754 in handle_one_connection /test/10.6_opt_asan/sql/sql_connect.cc:1312
#18 0x561952d4ceaa in pfs_spawn_thread /test/10.6_opt_asan/storage/perfschema/pfs.cc:2201
#19 0x14ee863b4608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
#20 0x14ee85508292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
Setup:
Compiled with GCC >=7.5.0 (I use GCC 9.3.0) and:
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
Set before execution:
export UBSAN_OPTIONS=print_stacktrace=1
Bug confirmed present in:
MariaDB: 10.1.49 (dbg), 10.1.49 (opt), 10.2.36 (dbg), 10.2.36 (opt), 10.3.27 (dbg), 10.3.27 (opt), 10.4.17 (dbg), 10.4.17 (opt), 10.5.8 (dbg), 10.5.8 (opt), 10.6.0 (dbg), 10.6.0 (opt)
relates to
MDEV-25454
Make MariaDB server UBSAN safe
Confirmed
{"report":{"fcp":718.4000000953674,"ttfb":136.60000014305115,"pageVisibility":"visible","entityId":93776,"key":"jira.project.issue.view-issue","isInitial":true,"threshold":1000,"elementTimings":{},"userDeviceMemory":8,"userDeviceProcessors":64,"apdex":1,"journeyId":"fcbcf853-3843-4f9d-aa07-56129860fb2a","navigationType":0,"readyForUser":782.2999999523163,"redirectCount":0,"resourceLoadedEnd":891.2999999523163,"resourceLoadedStart":145.29999995231628,"resourceTiming":[{"duration":112.5,"initiatorType":"link","name":"https://jira.mariadb.org/s/2c21342762a6a02add1c328bed317ffd-CDN/lu2bu7/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/css/_super/batch.css","startTime":145.29999995231628,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":145.29999995231628,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":257.7999999523163,"responseStart":0,"secureConnectionStart":0},{"duration":112.29999995231628,"initiatorType":"link","name":"https://jira.mariadb.org/s/7ebd35e77e471bc30ff0eba799ebc151-CDN/lu2bu7/820016/12ta74/8679b4946efa1a0bb029a3a22206fb5d/_/download/contextbatch/css/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":145.5,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":145.5,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":257.7999999523163,"responseStart":0,"secureConnectionStart":0},{"duration":122.70000004768372,"initiatorType":"script","name":"https://jira.mariadb.org/s/fbf975c0cce4b1abf04784eeae9ba1f4-CDN/lu2bu7/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/js/_super/batch.js?locale=en","startTime":145.70000004768372,"connectEnd":145.70000004768372,"connectStart":145.70000004768372,"domainLookupEnd":145.70000004768372,"domainLookupStart":145.70000004768372,"fetchStart":145.70000004768372,"redirectEnd":0,"redirectStart":0,"requestStart":145.70000004768372,"responseEnd":268.40000009536743,"responseStart":268.40000009536743,"secureConnectionStart":145.70000004768372},{"duration":169.89999985694885,"initiatorType":"script","name":"https://jira.mariadb.org/s/099b33461394b8015fc36c0a4b96e19f-CDN/lu2bu7/820016/12ta74/8679b4946efa1a0bb029a3a22206fb5d/_/download/contextbatch/js/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en&slack-enabled=true","startTime":146.10000014305115,"connectEnd":146.10000014305115,"connectStart":146.10000014305115,"domainLookupEnd":146.10000014305115,"domainLookupStart":146.10000014305115,"fetchStart":146.10000014305115,"redirectEnd":0,"redirectStart":0,"requestStart":146.10000014305115,"responseEnd":316,"responseStart":316,"secureConnectionStart":146.10000014305115},{"duration":173.59999990463257,"initiatorType":"script","name":"https://jira.mariadb.org/s/94c15bff32baef80f4096a08aceae8bc-CDN/lu2bu7/820016/12ta74/c92c0caa9a024ae85b0ebdbed7fb4bd7/_/download/contextbatch/js/atl.global,-_super/batch.js?locale=en","startTime":146.20000004768372,"connectEnd":146.20000004768372,"connectStart":146.20000004768372,"domainLookupEnd":146.20000004768372,"domainLookupStart":146.20000004768372,"fetchStart":146.20000004768372,"redirectEnd":0,"redirectStart":0,"requestStart":146.20000004768372,"responseEnd":319.7999999523163,"responseStart":319.7999999523163,"secureConnectionStart":146.20000004768372},{"duration":174,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bu7/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-en/jira.webresources:calendar-en.js","startTime":146.40000009536743,"connectEnd":146.40000009536743,"connectStart":146.40000009536743,"domainLookupEnd":146.40000009536743,"domainLookupStart":146.40000009536743,"fetchStart":146.40000009536743,"redirectEnd":0,"redirectStart":0,"requestStart":146.40000009536743,"responseEnd":320.40000009536743,"responseStart":320.40000009536743,"secureConnectionStart":146.40000009536743},{"duration":174.5,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bu7/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-localisation-moment/jira.webresources:calendar-localisation-moment.js","startTime":146.40000009536743,"connectEnd":146.40000009536743,"connectStart":146.40000009536743,"domainLookupEnd":146.40000009536743,"domainLookupStart":146.40000009536743,"fetchStart":146.40000009536743,"redirectEnd":0,"redirectStart":0,"requestStart":146.40000009536743,"responseEnd":320.90000009536743,"responseStart":320.90000009536743,"secureConnectionStart":146.40000009536743},{"duration":175.10000014305115,"initiatorType":"link","name":"https://jira.mariadb.org/s/b04b06a02d1959df322d9cded3aeecc1-CDN/lu2bu7/820016/12ta74/a2ff6aa845ffc9a1d22fe23d9ee791fc/_/download/contextbatch/css/jira.global.look-and-feel,-_super/batch.css","startTime":146.5,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":146.5,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":321.60000014305115,"responseStart":0,"secureConnectionStart":0},{"duration":175,"initiatorType":"script","name":"https://jira.mariadb.org/rest/api/1.0/shortcuts/820016/47140b6e0a9bc2e4913da06536125810/shortcuts.js?context=issuenavigation&context=issueaction","startTime":146.60000014305115,"connectEnd":146.60000014305115,"connectStart":146.60000014305115,"domainLookupEnd":146.60000014305115,"domainLookupStart":146.60000014305115,"fetchStart":146.60000014305115,"redirectEnd":0,"redirectStart":0,"requestStart":146.60000014305115,"responseEnd":321.60000014305115,"responseStart":321.60000014305115,"secureConnectionStart":146.60000014305115},{"duration":175.40000009536743,"initiatorType":"link","name":"https://jira.mariadb.org/s/3ac36323ba5e4eb0af2aa7ac7211b4bb-CDN/lu2bu7/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/css/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.css?jira.create.linked.issue=true","startTime":146.70000004768372,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":146.70000004768372,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":322.10000014305115,"responseStart":0,"secureConnectionStart":0},{"duration":175.5,"initiatorType":"script","name":"https://jira.mariadb.org/s/3339d87fa2538a859872f2df449bf8d0-CDN/lu2bu7/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/js/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.js?jira.create.linked.issue=true&locale=en","startTime":146.79999995231628,"connectEnd":146.79999995231628,"connectStart":146.79999995231628,"domainLookupEnd":146.79999995231628,"domainLookupStart":146.79999995231628,"fetchStart":146.79999995231628,"redirectEnd":0,"redirectStart":0,"requestStart":146.79999995231628,"responseEnd":322.2999999523163,"responseStart":322.2999999523163,"secureConnectionStart":146.79999995231628},{"duration":735.2999999523163,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bu7/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-js/jira.webresources:bigpipe-js.js","startTime":155.10000014305115,"connectEnd":155.10000014305115,"connectStart":155.10000014305115,"domainLookupEnd":155.10000014305115,"domainLookupStart":155.10000014305115,"fetchStart":155.10000014305115,"redirectEnd":0,"redirectStart":0,"requestStart":155.10000014305115,"responseEnd":890.4000000953674,"responseStart":890.4000000953674,"secureConnectionStart":155.10000014305115},{"duration":733.7999999523163,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bu7/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-init/jira.webresources:bigpipe-init.js","startTime":157.5,"connectEnd":157.5,"connectStart":157.5,"domainLookupEnd":157.5,"domainLookupStart":157.5,"fetchStart":157.5,"redirectEnd":0,"redirectStart":0,"requestStart":157.5,"responseEnd":891.2999999523163,"responseStart":891.2999999523163,"secureConnectionStart":157.5},{"duration":404.40000009536743,"initiatorType":"xmlhttprequest","name":"https://jira.mariadb.org/rest/webResources/1.0/resources","startTime":480.7999999523163,"connectEnd":480.7999999523163,"connectStart":480.7999999523163,"domainLookupEnd":480.7999999523163,"domainLookupStart":480.7999999523163,"fetchStart":480.7999999523163,"redirectEnd":0,"redirectStart":0,"requestStart":480.7999999523163,"responseEnd":885.2000000476837,"responseStart":885.2000000476837,"secureConnectionStart":480.7999999523163}],"fetchStart":0,"domainLookupStart":0,"domainLookupEnd":0,"connectStart":0,"connectEnd":0,"requestStart":8,"responseStart":137,"responseEnd":157,"domLoading":140,"domInteractive":911,"domContentLoadedEventStart":911,"domContentLoadedEventEnd":946,"domComplete":1684,"loadEventStart":1684,"loadEventEnd":1686,"userAgent":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)","marks":[{"name":"bigPipe.sidebar-id.start","time":894.2000000476837},{"name":"bigPipe.sidebar-id.end","time":894.9000000953674},{"name":"bigPipe.activity-panel-pipe-id.start","time":895},{"name":"bigPipe.activity-panel-pipe-id.end","time":897.4000000953674},{"name":"activityTabFullyLoaded","time":948.9000000953674}],"measures":[],"correlationId":"b88342607d1aa5","effectiveType":"4g","downlink":9.8,"rtt":0,"serverDuration":67,"dbReadsTimeInMs":10,"dbConnsTimeInMs":16,"applicationHash":"9d11dbea5f4be3d4cc21f03a88dd11d8c8687422","experiments":[]}}