Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-24524

Assertion `ls->length < 0xFFFFFFFFL && ((ls->length == 0 && !ls->str) || ls->length == strlen(ls->str))' failed in String::append on SELECT from I_S

    XMLWordPrintable

    Details

      Description

      SET character_set_connection=utf16;
      INSERT INTO mysql.proc (db, name, type, specific_name, language, sql_data_access, is_deterministic, security_type, param_list, returns, body, definer, CREATEd, modified, sql_mode, COMMENT, character_set_client, collation_connection, db_collation, body_utf8) VALUES ('test', 'bug14233_1', 'FUNCTION', 'bug14233_1', 'SQL', 'reads_sql_data', 'NO', 'DEFINER', '', 'INT (10)', 'SELECT COUNT (*) FROM mysql.user', 'root@localhost', NOW(), '0000-00-00 00:00:00', '', '', '', '', '', 'SELECT COUNT (*) FROM mysql.user'), ('test', 'bug14233_2', 'FUNCTION', 'bug14233_2', 'SQL', 'reads_sql_data', 'NO', 'DEFINER', '', 'INT (10)', 'BEGIN declare x INT; SELECT COUNT (*) INTO x FROM mysql.user; END', 'root@localhost', NOW(), '0000-00-00 00:00:00', '', '', '', '', '', 'BEGIN declare x INT; SELECT COUNT (*) INTO x FROM mysql.user; END'), ('test', 'bug14233_3', 'PROCEDURE', 'bug14233_3', 'SQL', 'reads_sql_data','NO', 'DEFINER', '', '', 'alksj wpsj sa ^#!@ ', 'root@localhost', NOW(), '0000-00-00 00:00:00', '', '', '', '', '', 'alksj wpsj sa ^#!@ ');
      SELECT * FROM information_schema.parameters WHERE specific_schema='test';
      

      Leads to:

      10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug)

      mysqld: /test/10.6_dbg/sql/sql_string.h:923: bool String::append(const LEX_CSTRING*): Assertion `ls->length < 0xFFFFFFFFL && ((ls->length == 0 && !ls->str) || ls->length == strlen(ls->str))' failed.
      

      10.6.0 9118fd360a3da0bba521caf2a35c424968235ac4 (Debug)

      Core was generated by `/test/MD010121-mariadb-10.6.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      Program terminated with signal SIGABRT, Aborted.
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      [Current thread is 1 (Thread 0x1479446e3700 (LWP 2621708))]
      (gdb) bt
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      #1  0x000055e2ded170d7 in my_write_core (sig=sig@entry=6) at /test/10.6_dbg/mysys/stacktrace.c:424
      #2  0x000055e2de4abab1 in handle_fatal_signal (sig=6) at /test/10.6_dbg/sql/signal_handler.cc:330
      #3  <signal handler called>
      #4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
      #5  0x00001479472a1859 in __GI_abort () at abort.c:79
      #6  0x00001479472a1729 in __assert_fail_base (fmt=0x147947437588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55e2dee5cf18 "ls->length < 0xFFFFFFFFL && ((ls->length == 0 && !ls->str) || ls->length == strlen(ls->str))", file=0x55e2dee5c848 "/test/10.6_dbg/sql/sql_string.h", line=923, function=<optimized out>) at assert.c:92
      #7  0x00001479472b2f36 in __GI___assert_fail (assertion=assertion@entry=0x55e2dee5cf18 "ls->length < 0xFFFFFFFFL && ((ls->length == 0 && !ls->str) || ls->length == strlen(ls->str))", file=file@entry=0x55e2dee5c848 "/test/10.6_dbg/sql/sql_string.h", line=line@entry=923, function=function@entry=0x55e2dee5e328 "bool String::append(const LEX_CSTRING*)") at assert.c:101
      #8  0x000055e2de68b141 in String::append (ls=0x1479446ded90, this=0x1479446dd0b0) at /test/10.6_dbg/sql/sql_string.h:923
      #9  Sp_handler::show_create_sp (this=this@entry=0x55e2df7166a8 <sp_handler_function>, thd=thd@entry=0x1478e8000db8, buf=buf@entry=0x1479446dd0b0, db=@0x1479446dd110: {str = 0x1478e8042098 "test", length = 4}, name=@0x1479446dd120: {str = 0x1478e80420a0 "bug14233_1", length = 10}, params=@0x1479446ded80: {str = 0x55e2df03bd3e "", length = 0}, returns=@0x1479446ded90: {str = 0x1478e80420c0 "", length = 16}, body=@0x1479446dd0a0: {str = 0x55e2df039ca4 "RETURN NULL", length = 11}, chistics=@0x1479446dd0f0: {comment = {str = 0x0, length = 0}, suid = SP_IS_DEFAULT_SUID, detistic = false, daccess = SP_DEFAULT_ACCESS, agg_type = DEFAULT_AGGREGATE}, definer=@0x1479446dd0d0: {user = {str = 0x55e2df03bd3e "", length = 0}, host = {str = 0x55e2df03bd3e "", length = 0}}, ddl_options={m_options = DDL_options_st::OPT_NONE}, sql_mode=0) at /test/10.6_dbg/sql/sp.cc:2991
      #10 0x000055e2de6917f0 in Sp_handler::sp_load_for_information_schema (this=this@entry=0x55e2df7166a8 <sp_handler_function>, thd=thd@entry=0x1478e8000db8, proc_table=proc_table@entry=0x1478e8022a58, db=@0x1479446deda0: {str = 0x1478e8042098 "test", length = 4}, name=@0x1479446dedb0: {str = 0x1478e80420a0 "bug14233_1", length = 10}, params=@0x1479446ded80: {str = 0x55e2df03bd3e "", length = 0}, returns=@0x1479446ded90: {str = 0x1478e80420c0 "", length = 16}, sql_mode=0, free_sp_head=0x1479446ded6f) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:71
      #11 0x000055e2de28f9c5 in store_schema_params (thd=thd@entry=0x1478e8000db8, table=table@entry=0x1478e801d520, proc_table=proc_table@entry=0x1478e8022a58, wild=wild@entry=0x0, full_access=<optimized out>, full_access@entry=true, sp_user=sp_user@entry=0x1479446dfb60 "root@localhost") at /test/10.6_dbg/sql/sql_show.cc:6321
      #12 0x000055e2de291cb0 in fill_schema_proc (thd=0x1478e8000db8, tables=<optimized out>, cond=<optimized out>) at /test/10.6_dbg/sql/sql_show.cc:6578
      #13 0x000055e2de294a31 in get_schema_tables_result (join=join@entry=0x1478e8014a40, executed_place=executed_place@entry=PROCESSED_BY_JOIN_EXEC) at /test/10.6_dbg/sql/sql_show.cc:8686
      #14 0x000055e2de268cb9 in JOIN::exec_inner (this=this@entry=0x1478e8014a40) at /test/10.6_dbg/sql/sql_select.cc:4449
      #15 0x000055e2de2697ad in JOIN::exec (this=this@entry=0x1478e8014a40) at /test/10.6_dbg/sql/sql_select.cc:4252
      #16 0x000055e2de267a09 in mysql_select (thd=thd@entry=0x1478e8000db8, tables=0x1478e8012dd0, fields=@0x1478e8012908: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1478e8012d60, last = 0x1478e8016868, elements = 16}, <No data fields>}, conds=0x1478e80136d0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x1478e8014a18, unit=0x1478e8004f80, select_lex=0x1478e80127b8) at /test/10.6_dbg/sql/sql_select.cc:4668
      #17 0x000055e2de267cd0 in handle_select (thd=thd@entry=0x1478e8000db8, lex=lex@entry=0x1478e8004eb8, result=result@entry=0x1478e8014a18, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.6_dbg/sql/sql_select.cc:417
      #18 0x000055e2de1da19d in execute_sqlcom_select (thd=thd@entry=0x1478e8000db8, all_tables=0x1478e8012dd0) at /test/10.6_dbg/sql/sql_parse.cc:6116
      #19 0x000055e2de1e6c7c in mysql_execute_command (thd=thd@entry=0x1478e8000db8) at /test/10.6_dbg/sql/sql_parse.cc:3820
      #20 0x000055e2de1d3072 in mysql_parse (thd=thd@entry=0x1478e8000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1479446e23d0) at /test/10.6_dbg/sql/sql_parse.cc:7881
      #21 0x000055e2de1e11ec in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1478e8000db8, packet=packet@entry=0x1478e8008d39 "SELECT * FROM information_schema.parameters WHERE specific_schema='test'", packet_length=packet_length@entry=72) at /test/10.6_dbg/sql/sql_class.h:1293
      #22 0x000055e2de1e452d in do_command (thd=0x1478e8000db8) at /test/10.6_dbg/sql/sql_parse.cc:1348
      #23 0x000055e2de3407fc in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e2e22a6c28, put_in_cache=put_in_cache@entry=true) at /test/10.6_dbg/sql/sql_connect.cc:1410
      #24 0x000055e2de340f03 in handle_one_connection (arg=arg@entry=0x55e2e22a6c28) at /test/10.6_dbg/sql/sql_connect.cc:1312
      #25 0x000055e2de7f688f in pfs_spawn_thread (arg=0x55e2e21adf58) at /test/10.6_dbg/storage/perfschema/pfs.cc:2201
      #26 0x00001479477af609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #27 0x000014794739e293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      Bug confirmed present in:
      MariaDB: 10.3.28 (dbg), 10.4.18 (dbg), 10.5.9 (dbg), 10.6.0 (dbg)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.2.37 (dbg), 10.2.37 (opt), 10.3.28 (opt), 10.4.18 (opt), 10.5.9 (opt), 10.6.0 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.50 (dbg), 5.6.50 (opt), 5.7.32 (dbg), 5.7.32 (opt), 8.0.22 (dbg), 8.0.22 (opt)

      10.2 Gives a really odd error:

      10.2.37 (Debug)

      10.2.37>SET character_set_connection=utf16;
      Query OK, 0 rows affected (0.00 sec)
       
      10.2.37>INSERT INTO mysql.proc (db, name, type, specific_name, language, sql_data_access, is_deterministic, security_type, param_list, returns, body, definer, CREATEd, modified, sql_mode, COMMENT, character_set_client, collation_connection, db_collation, body_utf8) VALUES ('test', 'bug14233_1', 'FUNCTION', 'bug14233_1', 'SQL', 'reads_sql_data', 'NO', 'DEFINER', '', 'INT (10)', 'SELECT COUNT (*) FROM mysql.user', 'root@localhost', NOW(), '0000-00-00 00:00:00', '', '', '', '', '', 'SELECT COUNT (*) FROM mysql.user'), ('test', 'bug14233_2', 'FUNCTION', 'bug14233_2', 'SQL', 'reads_sql_data', 'NO', 'DEFINER', '', 'INT (10)', 'BEGIN declare x INT; SELECT COUNT (*) INTO x FROM mysql.user; END', 'root@localhost', NOW(), '0000-00-00 00:00:00', '', '', '', '', '', 'BEGIN declare x INT; SELECT COUNT (*) INTO x FROM mysql.user; END'), ('test', 'bug14233_3', 'PROCEDURE', 'bug14233_3', 'SQL', 'reads_sql_data','NO', 'DEFINER', '', '', 'alksj wpsj sa ^#!@ ', 'root@localhost', NOW(), '0000-00-00 00:00:00', '', '', '', '', '', 'alksj wpsj sa ^#!@ ');
      Query OK, 3 rows affected (0.00 sec)
      Records: 3  Duplicates: 0  Warnings: 0
       
      10.2.37>SELECT * FROM information_schema.parameters WHERE specific_schema='test';
      ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'RETURN NULL' at line 2
      

      The text 'RETURN NULL' also appears in the stack from 10.6 above, so 10.2 looks to be affected by this bug also, but in a different way.

      See also: https://bugs.mysql.com/bug.php?id=14233

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              serg Sergei Golubchik
              Reporter:
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: