[MDEV-25109] Server crashes in sp_name::sp_name upon invalid data in mysql.proc - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 10.3, 10.4, 10.5, 10.6
Fix Version/s: 10.3.29, 10.4.19, 10.5.10
Component/s: Stored routines
Labels:
None

Description

I'm setting it to Minor because it has no practical importance, but it's better to have it filed as it may one day help to investigate some obscure issue caused by corruption of system tables.

Run with --lower-case-table-names=1 (or --mysqld=--lower-case-table-names=1 via MTR)

INSERT IGNORE INTO mysql.proc () VALUES ();

SHOW FUNCTION STATUS;

10.3 75f781f0
#3 <signal handler called>
#4 0x000055a334e51699 in my_casedn_str_utf8 (cs=0x55a33587e120 <my_charset_utf8_general_ci>, src=0x55a334ea2d5b "") at /data/src/10.3/strings/ctype-utf8.c:5272
#5 0x000055a33423ab15 in sp_name::sp_name (this=0x7f6d9f57c130, db=0x7f6d9f57d970, name=0x7f6d9f57d980, use_explicit_name=true) at /data/src/10.3/sql/sp_head.h:115
#6 0x000055a334724736 in Sp_handler::sp_load_for_information_schema (this=0x55a3356aac78 <sp_handler_function>, thd=0x7f6d88000d90, proc_table=0x7f6d88029ee0, db=..., name=..., params=..., returns=..., sql_mode=0, free_sp_head=0x7f6d9f57d943) at /data/src/10.3/sql/sp.cc:3012
#7 0x000055a3343032e1 in store_schema_proc (thd=0x7f6d88000d90, table=0x7f6d880a9e18, proc_table=0x7f6d88029ee0, wild=0x0, full_access=true, sp_user=0x7f6d9f57ed90 "root@localhost") at /data/src/10.3/sql/sql_show.cc:6480
#8 0x000055a334303bdc in fill_schema_proc (thd=0x7f6d88000d90, tables=0x7f6d880138c8, cond=0x0) at /data/src/10.3/sql/sql_show.cc:6600
#9 0x000055a33430e6d9 in get_schema_tables_result (join=0x7f6d880164e8, executed_place=PROCESSED_BY_JOIN_EXEC) at /data/src/10.3/sql/sql_show.cc:8901
#10 0x000055a3342a16ee in JOIN::exec_inner (this=0x7f6d880164e8) at /data/src/10.3/sql/sql_select.cc:4088
#11 0x000055a3342a0cf6 in JOIN::exec (this=0x7f6d880164e8) at /data/src/10.3/sql/sql_select.cc:3919
#12 0x000055a3342a202b in mysql_select (thd=0x7f6d88000d90, tables=0x7f6d880138c8, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x7f6d880164c0, unit=0x7f6d88004c58, select_lex=0x7f6d880053e0) at /data/src/10.3/sql/sql_select.cc:4327
#13 0x000055a3342935a6 in handle_select (thd=0x7f6d88000d90, lex=0x7f6d88004b98, result=0x7f6d880164c0, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:370
#14 0x000055a3342599c5 in execute_sqlcom_select (thd=0x7f6d88000d90, all_tables=0x7f6d880138c8) at /data/src/10.3/sql/sql_parse.cc:6343
#15 0x000055a334250397 in mysql_execute_command (thd=0x7f6d88000d90) at /data/src/10.3/sql/sql_parse.cc:3874
#16 0x000055a33425dd48 in mysql_parse (thd=0x7f6d88000d90, rawbuf=0x7f6d88012ad8 "SHOW FUNCTION STATUS", length=20, parser_state=0x7f6d9f5805c0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7867
#17 0x000055a33424a3f0 in dispatch_command (command=COM_QUERY, thd=0x7f6d88000d90, packet=0x7f6d88008f31 "SHOW FUNCTION STATUS", packet_length=20, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1852
#18 0x000055a334248d90 in do_command (thd=0x7f6d88000d90) at /data/src/10.3/sql/sql_parse.cc:1398
#19 0x000055a3343c7d57 in do_handle_one_connection (connect=0x55a3366f3390) at /data/src/10.3/sql/sql_connect.cc:1403
#20 0x000055a3343c7ab3 in handle_one_connection (arg=0x55a3366f3390) at /data/src/10.3/sql/sql_connect.cc:1308
#21 0x000055a334d9607f in pfs_spawn_thread (arg=0x55a3366d63a0) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#22 0x00007f6da9a95609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#23 0x00007f6da966f293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.5 baddbaa0
#3 <signal handler called>
#4 0x000055a56d0cee90 in my_casedn_str_utf8mb3 (cs=0x55a56dd2a080 <my_charset_utf8mb3_general_ci>, src=0x55a56d179649 "") at /data/src/10.5/strings/ctype-utf8.c:5083
#5 0x000055a56c3923ec in sp_name::sp_name (this=0x7fb6f5db7240, db=0x7fb6f5db8eb0, name=0x7fb6f5db8ec0, use_explicit_name=true) at /data/src/10.5/sql/sp_head.h:121
#6 0x000055a56c8ec1ec in Sp_handler::sp_load_for_information_schema (this=0x55a56db631e8 <sp_handler_function>, thd=0x7fb6e4000db8, proc_table=0x7fb6e402b278, db=..., name=..., params=..., returns=..., sql_mode=0, free_sp_head=0x7fb6f5db8e83) at /data/src/10.5/sql/sp.cc:3051
#7 0x000055a56c467b0c in store_schema_proc (thd=0x7fb6e4000db8, table=0x7fb6e40f8d40, proc_table=0x7fb6e402b278, wild=0x0, full_access=true, sp_user=0x7fb6f5db9af0 "root@localhost") at /data/src/10.5/sql/sql_show.cc:6467
#8 0x000055a56c4683f6 in fill_schema_proc (thd=0x7fb6e4000db8, tables=0x7fb6e40162f0, cond=0x0) at /data/src/10.5/sql/sql_show.cc:6587
#9 0x000055a56c472376 in get_schema_tables_result (join=0x7fb6e4017ad8, executed_place=PROCESSED_BY_JOIN_EXEC) at /data/src/10.5/sql/sql_show.cc:8716
#10 0x000055a56c3ff393 in JOIN::exec_inner (this=0x7fb6e4017ad8) at /data/src/10.5/sql/sql_select.cc:4424
#11 0x000055a56c3fe795 in JOIN::exec (this=0x7fb6e4017ad8) at /data/src/10.5/sql/sql_select.cc:4247
#12 0x000055a56c3fffe1 in mysql_select (thd=0x7fb6e4000db8, tables=0x7fb6e40162f0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684619520, result=0x7fb6e4017ab0, unit=0x7fb6e4004f60, select_lex=0x7fb6e4005760) at /data/src/10.5/sql/sql_select.cc:4723
#13 0x000055a56c3efa47 in handle_select (thd=0x7fb6e4000db8, lex=0x7fb6e4004e98, result=0x7fb6e4017ab0, setup_tables_done_option=0) at /data/src/10.5/sql/sql_select.cc:417
#14 0x000055a56c3b23ac in execute_sqlcom_select (thd=0x7fb6e4000db8, all_tables=0x7fb6e40162f0) at /data/src/10.5/sql/sql_parse.cc:6308
#15 0x000055a56c3a9610 in mysql_execute_command (thd=0x7fb6e4000db8) at /data/src/10.5/sql/sql_parse.cc:4004
#16 0x000055a56c3b7252 in mysql_parse (thd=0x7fb6e4000db8, rawbuf=0x7fb6e40152f0 "SHOW FUNCTION STATUS", length=20, parser_state=0x7fb6f5dbc510, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:8089
#17 0x000055a56c3a312d in dispatch_command (command=COM_QUERY, thd=0x7fb6e4000db8, packet=0x7fb6e400b5a9 "SHOW FUNCTION STATUS", packet_length=20, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:1889
#18 0x000055a56c3a1921 in do_command (thd=0x7fb6e4000db8) at /data/src/10.5/sql/sql_parse.cc:1370
#19 0x000055a56c54feab in do_handle_one_connection (connect=0x55a56f3f6d48, put_in_cache=true) at /data/src/10.5/sql/sql_connect.cc:1410
#20 0x000055a56c54fc0e in handle_one_connection (arg=0x55a56f300768) at /data/src/10.5/sql/sql_connect.cc:1312
#21 0x000055a56cab0bf7 in pfs_spawn_thread (arg=0x55a56f3f6978) at /data/src/10.5/storage/perfschema/pfs.cc:2201
#22 0x00007fb6fb918609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#23 0x00007fb6fb4ec293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Reproducible on 10.3-10.6, debug and non-debug alike.
Not reproducible on 10.2
Not reproducible with lower-case-table-names=0.

Attachments

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021-03-10 13:17

Updated:: 2021-04-28 07:59

Resolved:: 2021-04-28 07:59

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.