Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-24198

UBSAN: sql/sql_type_int.h:91:42: runtime error: shift exponent 255 is too large for 64-bit type 'long long unsigned int' (on optimized builds)

    XMLWordPrintable

Details

    • Bug
    • Status: Open (View Workflow)
    • Major
    • Resolution: Unresolved
    • 10.1, 10.2, 10.3, 10.4, 10.5, 10.6
    • 10.4, 10.5, 10.6
    • Data types

    Description

      SELECT 0xF0 >> 4 | 0xFF, (0xF0 >> 4) | 0xFF, 0xF0 >> (4 | 0xFF);
      

      Leads to:

      10.6.0 c498250888ec126fddda2867d1239b2a7734482f

      /test/10.6_dbg_asan/sql/sql_type_int.h:91:42: runtime error: shift exponent 255 is too large for 64-bit type 'long long unsigned int'
      

      10.6.0 c498250888ec126fddda2867d1239b2a7734482f (Debug)

          #1 0x55fe03aa5302 in Func_handler_shift_right_decimal_to_ulonglong::to_longlong_null(Item_handled_func*) const /test/10.6_dbg_asan/sql/item_func.cc:2196
          #2 0x55fe036c3cf9 in Item_handled_func::Handler_int::val_int(Item_handled_func*) const /test/10.6_dbg_asan/sql/item_func.h:704
          #3 0x55fe02b81b27 in Item_handled_func::val_int() /test/10.6_dbg_asan/sql/item_func.h:791
          #4 0x55fe02b60a78 in Type_handler::Item_send_longlong(Item*, Protocol*, st_value*) const /test/10.6_dbg_asan/sql/sql_type.cc:7383
          #5 0x55fe02bd0c62 in Type_handler_longlong::Item_send(Item*, Protocol*, st_value*) const /test/10.6_dbg_asan/sql/sql_type.h:5638
          #6 0x55fe015732e5 in Item::send(Protocol*, st_value*) /test/10.6_dbg_asan/sql/item.h:1059
          #7 0x55fe01559d8b in Protocol::send_result_set_row(List<Item>*) /test/10.6_dbg_asan/sql/protocol.cc:1082
          #8 0x55fe019acda7 in select_send::send_data(List<Item>&) /test/10.6_dbg_asan/sql/sql_class.cc:3025
          #9 0x55fe020f542d in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/10.6_dbg_asan/sql/sql_class.h:5325
          #10 0x55fe020f542d in JOIN::exec_inner() /test/10.6_dbg_asan/sql/sql_select.cc:4337
          #11 0x55fe020fc19a in JOIN::exec() /test/10.6_dbg_asan/sql/sql_select.cc:4250
          #12 0x55fe020ed2c5 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.6_dbg_asan/sql/sql_select.cc:4665
          #13 0x55fe020eec99 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.6_dbg_asan/sql/sql_select.cc:417
          #14 0x55fe01d036a2 in execute_sqlcom_select /test/10.6_dbg_asan/sql/sql_parse.cc:6118
          #15 0x55fe01d63f0a in mysql_execute_command(THD*) /test/10.6_dbg_asan/sql/sql_parse.cc:3820
          #16 0x55fe01cc7eda in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.6_dbg_asan/sql/sql_parse.cc:7883
          #17 0x55fe01d3694c in dispatch_command(enum_server_command, THD*, char*, unsigned int) /test/10.6_dbg_asan/sql/sql_parse.cc:1816
          #18 0x55fe01d4bd14 in do_command(THD*) /test/10.6_dbg_asan/sql/sql_parse.cc:1348
          #19 0x55fe0272a0ee in do_handle_one_connection(CONNECT*, bool) /test/10.6_dbg_asan/sql/sql_connect.cc:1410
          #20 0x55fe0272d371 in handle_one_connection /test/10.6_dbg_asan/sql/sql_connect.cc:1312
          #21 0x55fe04c27923 in pfs_spawn_thread /test/10.6_dbg_asan/storage/perfschema/pfs.cc:2201
          #22 0x14595360d608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
          #23 0x145952761292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
      

      10.6.0 c498250888ec126fddda2867d1239b2a7734482f (Optimized)

          #1 0x561951cf8b59 in Longlong_null::operator>>(Longlong_null const&) const /test/10.6_opt_asan/sql/sql_type_int.h:86
          #2 0x561951cf8b59 in Func_handler_shift_right_decimal_to_ulonglong::to_longlong_null(Item_handled_func*) const /test/10.6_opt_asan/sql/item_func.cc:2196
          #3 0x561951a8e377 in Item_handled_func::Handler_int::val_int(Item_handled_func*) const /test/10.6_opt_asan/sql/item_func.h:704
          #4 0x5619510db690 in Type_handler::Item_send_longlong(Item*, Protocol*, st_value*) const /test/10.6_opt_asan/sql/sql_type.cc:7383
          #5 0x56194fedfd29 in Protocol::send_result_set_row(List<Item>*) /test/10.6_opt_asan/sql/protocol.cc:1082
          #6 0x56195025bb29 in select_send::send_data(List<Item>&) /test/10.6_opt_asan/sql/sql_class.cc:3025
          #7 0x56195086ac9e in JOIN::exec_inner() /test/10.6_opt_asan/sql/sql_select.cc:4337
          #8 0x56195086da29 in JOIN::exec() /test/10.6_opt_asan/sql/sql_select.cc:4250
          #9 0x56195085e5bd in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.6_opt_asan/sql/sql_select.cc:4665
          #10 0x561950863853 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.6_opt_asan/sql/sql_select.cc:417
          #11 0x5619505265d1 in execute_sqlcom_select /test/10.6_opt_asan/sql/sql_parse.cc:6118
          #12 0x56195056855e in mysql_execute_command(THD*) /test/10.6_opt_asan/sql/sql_parse.cc:3820
          #13 0x5619504f3dcd in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.6_opt_asan/sql/sql_parse.cc:7883
          #14 0x56195054ce0d in dispatch_command(enum_server_command, THD*, char*, unsigned int) /test/10.6_opt_asan/sql/sql_parse.cc:1816
          #15 0x561950558c82 in do_command(THD*) /test/10.6_opt_asan/sql/sql_parse.cc:1348
          #16 0x561950d47a1c in do_handle_one_connection(CONNECT*, bool) /test/10.6_opt_asan/sql/sql_connect.cc:1410
          #17 0x561950d4a754 in handle_one_connection /test/10.6_opt_asan/sql/sql_connect.cc:1312
          #18 0x561952d4ceaa in pfs_spawn_thread /test/10.6_opt_asan/storage/perfschema/pfs.cc:2201
          #19 0x14ee863b4608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
          #20 0x14ee85508292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
      

      Setup:

      Compiled with GCC >=7.5.0 (I use GCC 9.3.0) and:
          -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
      Set before execution:
          export UBSAN_OPTIONS=print_stacktrace=1
      

      Bug confirmed present in:
      MariaDB: 10.1.49 (dbg), 10.1.49 (opt), 10.2.36 (dbg), 10.2.36 (opt), 10.3.27 (dbg), 10.3.27 (opt), 10.4.17 (dbg), 10.4.17 (opt), 10.5.8 (dbg), 10.5.8 (opt), 10.6.0 (dbg), 10.6.0 (opt)

      Attachments

        Issue Links

          Activity

            People

              sanja Oleksandr Byelkin
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.