Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6
Description
SELECT 0xF0 >> 4 | 0xFF, (0xF0 >> 4) | 0xFF, 0xF0 >> (4 | 0xFF);
|
Leads to:
|
10.6.0 c498250888ec126fddda2867d1239b2a7734482f |
/test/10.6_dbg_asan/sql/sql_type_int.h:91:42: runtime error: shift exponent 255 is too large for 64-bit type 'long long unsigned int'
|
|
10.6.0 c498250888ec126fddda2867d1239b2a7734482f (Debug) |
#1 0x55fe03aa5302 in Func_handler_shift_right_decimal_to_ulonglong::to_longlong_null(Item_handled_func*) const /test/10.6_dbg_asan/sql/item_func.cc:2196
|
#2 0x55fe036c3cf9 in Item_handled_func::Handler_int::val_int(Item_handled_func*) const /test/10.6_dbg_asan/sql/item_func.h:704
|
#3 0x55fe02b81b27 in Item_handled_func::val_int() /test/10.6_dbg_asan/sql/item_func.h:791
|
#4 0x55fe02b60a78 in Type_handler::Item_send_longlong(Item*, Protocol*, st_value*) const /test/10.6_dbg_asan/sql/sql_type.cc:7383
|
#5 0x55fe02bd0c62 in Type_handler_longlong::Item_send(Item*, Protocol*, st_value*) const /test/10.6_dbg_asan/sql/sql_type.h:5638
|
#6 0x55fe015732e5 in Item::send(Protocol*, st_value*) /test/10.6_dbg_asan/sql/item.h:1059
|
#7 0x55fe01559d8b in Protocol::send_result_set_row(List<Item>*) /test/10.6_dbg_asan/sql/protocol.cc:1082
|
#8 0x55fe019acda7 in select_send::send_data(List<Item>&) /test/10.6_dbg_asan/sql/sql_class.cc:3025
|
#9 0x55fe020f542d in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/10.6_dbg_asan/sql/sql_class.h:5325
|
#10 0x55fe020f542d in JOIN::exec_inner() /test/10.6_dbg_asan/sql/sql_select.cc:4337
|
#11 0x55fe020fc19a in JOIN::exec() /test/10.6_dbg_asan/sql/sql_select.cc:4250
|
#12 0x55fe020ed2c5 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.6_dbg_asan/sql/sql_select.cc:4665
|
#13 0x55fe020eec99 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.6_dbg_asan/sql/sql_select.cc:417
|
#14 0x55fe01d036a2 in execute_sqlcom_select /test/10.6_dbg_asan/sql/sql_parse.cc:6118
|
#15 0x55fe01d63f0a in mysql_execute_command(THD*) /test/10.6_dbg_asan/sql/sql_parse.cc:3820
|
#16 0x55fe01cc7eda in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.6_dbg_asan/sql/sql_parse.cc:7883
|
#17 0x55fe01d3694c in dispatch_command(enum_server_command, THD*, char*, unsigned int) /test/10.6_dbg_asan/sql/sql_parse.cc:1816
|
#18 0x55fe01d4bd14 in do_command(THD*) /test/10.6_dbg_asan/sql/sql_parse.cc:1348
|
#19 0x55fe0272a0ee in do_handle_one_connection(CONNECT*, bool) /test/10.6_dbg_asan/sql/sql_connect.cc:1410
|
#20 0x55fe0272d371 in handle_one_connection /test/10.6_dbg_asan/sql/sql_connect.cc:1312
|
#21 0x55fe04c27923 in pfs_spawn_thread /test/10.6_dbg_asan/storage/perfschema/pfs.cc:2201
|
#22 0x14595360d608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
|
#23 0x145952761292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
|
|
10.6.0 c498250888ec126fddda2867d1239b2a7734482f (Optimized) |
#1 0x561951cf8b59 in Longlong_null::operator>>(Longlong_null const&) const /test/10.6_opt_asan/sql/sql_type_int.h:86
|
#2 0x561951cf8b59 in Func_handler_shift_right_decimal_to_ulonglong::to_longlong_null(Item_handled_func*) const /test/10.6_opt_asan/sql/item_func.cc:2196
|
#3 0x561951a8e377 in Item_handled_func::Handler_int::val_int(Item_handled_func*) const /test/10.6_opt_asan/sql/item_func.h:704
|
#4 0x5619510db690 in Type_handler::Item_send_longlong(Item*, Protocol*, st_value*) const /test/10.6_opt_asan/sql/sql_type.cc:7383
|
#5 0x56194fedfd29 in Protocol::send_result_set_row(List<Item>*) /test/10.6_opt_asan/sql/protocol.cc:1082
|
#6 0x56195025bb29 in select_send::send_data(List<Item>&) /test/10.6_opt_asan/sql/sql_class.cc:3025
|
#7 0x56195086ac9e in JOIN::exec_inner() /test/10.6_opt_asan/sql/sql_select.cc:4337
|
#8 0x56195086da29 in JOIN::exec() /test/10.6_opt_asan/sql/sql_select.cc:4250
|
#9 0x56195085e5bd in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.6_opt_asan/sql/sql_select.cc:4665
|
#10 0x561950863853 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.6_opt_asan/sql/sql_select.cc:417
|
#11 0x5619505265d1 in execute_sqlcom_select /test/10.6_opt_asan/sql/sql_parse.cc:6118
|
#12 0x56195056855e in mysql_execute_command(THD*) /test/10.6_opt_asan/sql/sql_parse.cc:3820
|
#13 0x5619504f3dcd in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.6_opt_asan/sql/sql_parse.cc:7883
|
#14 0x56195054ce0d in dispatch_command(enum_server_command, THD*, char*, unsigned int) /test/10.6_opt_asan/sql/sql_parse.cc:1816
|
#15 0x561950558c82 in do_command(THD*) /test/10.6_opt_asan/sql/sql_parse.cc:1348
|
#16 0x561950d47a1c in do_handle_one_connection(CONNECT*, bool) /test/10.6_opt_asan/sql/sql_connect.cc:1410
|
#17 0x561950d4a754 in handle_one_connection /test/10.6_opt_asan/sql/sql_connect.cc:1312
|
#18 0x561952d4ceaa in pfs_spawn_thread /test/10.6_opt_asan/storage/perfschema/pfs.cc:2201
|
#19 0x14ee863b4608 in start_thread /build/glibc-ZN95T4/glibc-2.31/nptl/pthread_create.c:477
|
#20 0x14ee85508292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)
|
Setup:
Compiled with GCC >=7.5.0 (I use GCC 9.3.0) and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1
|
Bug confirmed present in:
MariaDB: 10.1.49 (dbg), 10.1.49 (opt), 10.2.36 (dbg), 10.2.36 (opt), 10.3.27 (dbg), 10.3.27 (opt), 10.4.17 (dbg), 10.4.17 (opt), 10.5.8 (dbg), 10.5.8 (opt), 10.6.0 (dbg), 10.6.0 (opt)
Attachments
Issue Links
- relates to
-
MDEV-25454 Make MariaDB server UBSAN safe
-
- Confirmed
-