[MDEV-25454] Make MariaDB server UBSAN safe - Jira

XML

Word

Printable

Details

Type: Task
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Fix Version/s: 10.6
Component/s: Server, Tests
Labels:
- affects-tests
- contribution

Description

The task to fix that we can run all mtr tests with a MariaDB server compiled with
UBSAN (UndefinedBehaviorSanitizer) and TSAN (ThreadSanitizer) and fix all run time errors (if possible).

gcc --fsanitize=undefined works at least with gcc 7.5.0 and up.

Attachments

Issue Links

includes

CONC-711 UBSAN: client_mpvio_write_packet through pointer to incorrect function

Closed

CONC-730 Reference ed25519 implementation contained undefined behaviour

Closed

MDEV-31379 Undefined behavior in the reference Ed25519 implementation

Closed

MDEV-34507 UBSAN: mysys/hash.c:197:20: runtime error: call to function get_sys_var_length

Closed

MDEV-34508 UBSAN: mf_keycache.c:5950:11: runtime error: call to function init_simple_key_cache

Closed

MDEV-34509 UBSAN: call to function option_cmp(my_option*, my_option*) through pointer to incorrect function type

Closed

MDEV-34510 UBSAN: crc32 x86 - integer overflow

Closed

MDEV-34511 UBSAN: qsort based function argument mismatch

Closed

MDEV-34512 UBSAN system variable type mismatches for ha_myisam.cc and ha_maria.cc

Closed

MDEV-34607 UBSAN downcast of address X which does not point to an object of type 'Field_num' in Type_handler_long::make_conversion_table_field

Open

MDEV-35538 UBSAN: nullptr-with-offset: runtime error: applying zero offset to null pointer in check_rules and in init_weight_level

Closed

MDEV-35541 UBSAN: runtime error: addition of unsigned offset to X overflowed to Y in my_b_flush_io_cache

Open

MDEV-35545 UBSAN: runtime error: applying non-zero offset 1 to null pointer in Gis_geometry_collection::init_from_opresult

Open

MDEV-35548 UBSAN: runtime error: index -1 out of bounds for type 'json_path_step_t[32]' (aka 'struct st_json_path_step_t[32]')

Open

MDEV-35595 UBSAN: runtime error: load of value 3, which is not a valid value for type 'wkbByteOrder' in various functions on SELECT ST_GEOMFROMWKB

Open

MDEV-35688 UBSAN: SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset in my_casedn_utf8mb3

Closed

MDEV-35714 UBSAN: runtime error: downcast of address 0x1549d2b0ba50 with insufficient space for an object of type 'my_decimal' in Item_dyncol_get::get_date

Confirmed

MDEV-35723 UBSAN: applying non-zero offset to null pointer in my_charpos_mb/my_uca_scanner_next_utf8mb4, applying zero offset to null pointer in my_strnncollsp_simple, my_uca_strnncollsp_onelevel_utf8mb4/my_uca_scanner_init_any/my_uca_scanner_next_utf8mb4 on INSERT

Closed

MDEV-35864 UBSAN: "applying zero offset to null pointer" when using a Field_set with empty values

Closed

MDEV-36341 UBSAN: runtime error: applying non-zero offset 138116761973048 to null pointer (FederatedX)

Closed

MDEV-36343 UBSAN: Index_statistics - runtime error: -nan is outside the range of representable values of type 'unsigned long long'

Closed

MDEV-36344 UBSAN: lifo buffer (optimizer) - runtime error: applying non-zero offset 12 to null pointer

Confirmed

MDEV-36346 UBSAN: runtime error: inf is outside the range of representable values of type 'unsigned long long'

Confirmed

MDEV-36347 UBSAN: plugins.auth_v0100 - runtime error: call to function do_auth_0x0100 through pointer to incorrect function type

Closed

MDEV-36353 EXPLAIN FOR CONNECTION (subquery) causes crash

Confirmed

MDEV-36375 sql/sql_show.cc:9154:52: runtime error: load of value 885455934, which is not a valid value for type 'enum enum_schema_tables'

Open

MDEV-36451 UBSAN: float-cast-overflow /source/sql/sql_select.cc:8618:48 (main.blackhole)

Open

MDEV-36467 UBSAN: _ma_unique_hash on NULL BLOB results in strings/ctype-uca-scanner_next.inl:84:23: runtime error: applying non-zero offset 1 to null pointer (main.type_blob)

Open

MDEV-36468 UBSAN: null blob in Field_blob::cmp resuting in my_uca_scanner_next_utf8mb4 overflow

Open

MDEV-36479 Passing null pointer to low level character set functions result in undefined behaviour

Open

MDEV-36480 USAN: checking identifier names for 0 length names

Closed

MDEV-37626 UBSAN: nullptr-with-nonzero-offset/pointer-overflow in row_log_apply_ops

Closed

MDEV-37717 UBSAN: runtime error: store to misaligned address for type 'uint32' (aka 'unsigned int'), which requires 4 byte alignment in extra/comp_err

Open

is blocked by

MDEV-37148 Unaligned access in strings/ctype.c, crashes with upcoming GCC 16 (or UBSAN)

Open

is part of

MDEV-33073 always green buildbot

Stalled

relates to

MDEV-21341 Fix UBSAN failures

Closed

MDEV-22742 UBSAN: Many overflow issues in strings/decimal.c - runtime error: signed integer overflow: x * y cannot be represented in type 'long long int' (on optimized builds)

Closed

MDEV-24193 UBSAN: sql/sql_acl.cc:9985:29: runtime error: member access within null pointer of type 'struct TABLE' , ASAN: use-after-poison in handle_grant_table

Closed

MDEV-24198 UBSAN: sql/sql_type_int.h:91:42: runtime error: shift exponent 255 is too large for 64-bit type 'long long unsigned int' (on optimized builds)

Closed

MDEV-24510 Assertion `tmp != ((long long) 0x8000000000000000LL)' failed in TIME_from_longlong_datetime_packed & UBSAN: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'

Closed

MDEV-26272 The macro MASTER_INFO_VAR invokes undefined behaviour

Closed

MDEV-26814 UBSAN: runtime error: applying non-zero offset 18446744073709551584 to null pointer on JSON_ARRAY_INSERT, runtime error: pointer index expression with base 0x000000000001 overflowed to 0xffffffffffffffe1

Confirmed

MDEV-26817 runtime error: index 24320 out of bounds for type 'json_string_char_classes [128] *and* ASAN: global-buffer-overflow on address ... READ of size 4 on SELECT JSON_VALID

Closed

MDEV-26839 UBSAN: runtime error: null pointer passed as argument 2, which is declared to never be null in maria/ma_key.c on ALTER, and applying zero offset to null pointer in _ma_unique_hash, my_hash_sort_bin and _ma_unique_comp

Confirmed

MDEV-26840 UBSAN: load of value 3200171710, which is not a valid value for type 'geometry_type' in sql/unireg.cc on ALTER

Closed

MDEV-33157 runtime error: call to function wsrep_plugin_init(void*) through pointer to incorrect function type

Closed

MDEV-33158 The macro MYSQL_THDVAR_ULONG leads to undefined behaviour, calling mysql_sys_var_long

Closed

MDEV-33159 The macro my_offsetof() invokes undefined behaviour

Confirmed

MDEV-33160 show_status_array() calls various functions via incompatible pointer

Closed

MDEV-36729 Undefined behaviour: ha_example plugin show_func_example via show_status_array for SHOW_SIMPLE_FUNC has wrong function defination

Closed

MDBF-741 Remove the gcc UBSAN builder to use the clang based UBSAN

Closed

MDEV-28374 UBSAN: runtime error: signed integer overflow: 10000000000000 * 10000000000000 cannot be represented in type 'long long int' in sql/sql_analyse.cc

Confirmed

MDEV-29473 UBSAN: Signed integer overflow: X * Y cannot be represented in type 'int' in strings/dtoa.c

Closed

MDEV-34348 MariaDB is violating clang-16 -Wcast-function-type-strict

Closed

MDEV-34770 UBSAN: runtime error: load of address 0x... with insufficient space for an object of type 'uchar' in sys_vars.inl

Closed

MDEV-36337 runtime error: call to function (udf_example) netaphon through pointer to incorrect function type 'char *(*)(st_udf_init *, st_udf_args *, char *, unsigned long *, unsigned char *, unsigned char *)

Closed

split to

MDEV-37224 Remove UBSAN limitation from MTR tests

Open

(28 includes, 1 is blocked by, 1 is part of, 21 relates to, 1 split to)

Activity

People

Assignee:: Unassigned

Reporter:: Michael Widenius

Votes:: 2 Vote for this issue

Watchers:: 12 Start watching this issue

Dates

Created:: 2021-04-19 16:50

Updated:: 2025-09-24 03:34