Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-25627

Unexpected warning ER_TRUNCATED_WRONG_VALUE or server crash in get_prefix upon using DEFAULT() on blob

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 10.4, 10.5, 10.6
    • Fix Version/s: 10.4, 10.5
    • Component/s: Server
    • Labels:
      None

      Description

      CREATE TABLE t (a TEXT NOT NULL DEFAULT '2000-01-01', b DATE);
      INSERT INTO t (b) VALUES ('2021-01-01'),('2022-02-02'); # Optional, fails either way
      SELECT * FROM t WHERE b IN ( DEFAULT( a ), '1914-09-11' );
       
      # Cleanup
      DROP TABLE t;
      

      10.4 583b72ad non-debug

      SELECT * FROM t WHERE b IN ( DEFAULT( a ), '1914-09-11' );
      a	b
      Warnings:
      Warning	1292	Truncated incorrect datetime value: ''
      

      10.4 583b72ad debug

      #3  <signal handler called>
      #4  0x000055cfc2235cf9 in get_prefix (str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, length=42405, endptr=0x7feae8579690) at /data/src/10.4/sql-common/my_time.c:328
      #5  0x000055cfc2235de1 in find_body (neg=0x7feae8579703 "\350\352\177", str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, length=42405, to=0x7feae8579e50, warn=0x7feae8579dc0, new_str=0x7feae85796f8, new_length=0x7feae85796f0) at /data/src/10.4/sql-common/my_time.c:357
      #6  0x000055cfc2237054 in str_to_datetime_or_date (str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, length=42405, l_time=0x7feae8579e50, flags=33554432, status=0x7feae8579dc0) at /data/src/10.4/sql-common/my_time.c:880
      #7  0x000055cfc173d184 in Temporal::ascii_to_datetime_or_date (this=0x7feae8579e50, status=0x7feae8579dc0, str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, length=42405, fuzzydate=...) at /data/src/10.4/sql/sql_type.h:922
      #8  0x000055cfc173ce00 in Temporal::ascii_to_temporal (this=0x7feae8579e50, st=0x7feae8579dc0, str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, length=42405, mode=...) at /data/src/10.4/sql/sql_type.h:887
      #9  0x000055cfc173927d in Temporal::str_to_temporal (this=0x7feae8579e50, thd=0x7fead8000d90, status=0x7feae8579dc0, str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, length=42405, cs=0x55cfc2c64920 <my_charset_latin1>, flags=...) at /data/src/10.4/sql/sql_time.cc:403
      #10 0x000055cfc180dfe9 in Temporal::make_from_str (this=0x7feae8579e50, thd=0x7fead8000d90, warn=0x7feae8579bc0, str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, length=42405, cs=0x55cfc2c64920 <my_charset_latin1>, fuzzydate=...) at /data/src/10.4/sql/sql_type.cc:246
      #11 0x000055cfc1828932 in Temporal_hybrid::Temporal_hybrid (this=0x7feae8579e50, thd=0x7fead8000d90, warn=0x7feae8579bc0, str=0x7feae8579b70, mode=...) at /data/src/10.4/sql/sql_type.h:1087
      #12 0x000055cfc1923691 in Field::get_date (this=0x7fead8016d10, to=0x7feae8579e50, mode=...) at /data/src/10.4/sql/field.cc:2322
      #13 0x000055cfc1923787 in Field::val_datetime_packed (this=0x7fead8016d10, thd=0x7fead8000d90) at /data/src/10.4/sql/field.cc:2330
      #14 0x000055cfc1985cfd in Item_field::val_datetime_packed (this=0x7fead8015750, thd=0x7fead8000d90) at /data/src/10.4/sql/item.cc:3245
      #15 0x000055cfc19b4c6c in in_datetime::set (this=0x7fead8016e48, pos=0, item=0x7fead8015750) at /data/src/10.4/sql/item_cmpfunc.cc:3822
      #16 0x000055cfc19b7216 in Item_func_in::fix_in_vector (this=0x7fead8015970) at /data/src/10.4/sql/item_cmpfunc.cc:4427
      #17 0x000055cfc1833bae in Item_func_in::fix_for_scalar_comparison_using_bisection (this=0x7fead8015970, thd=0x7fead8000d90) at /data/src/10.4/sql/item_cmpfunc.h:2399
      #18 0x000055cfc181c6a6 in Type_handler_temporal_result::Item_func_in_fix_comparator_compatible_types (this=0x55cfc2b9ac40 <type_handler_newdate>, thd=0x7fead8000d90, func=0x7fead8015970) at /data/src/10.4/sql/sql_type.cc:5424
      #19 0x000055cfc19b6fd6 in Item_func_in::fix_length_and_dec (this=0x7fead8015970) at /data/src/10.4/sql/item_cmpfunc.cc:4394
      #20 0x000055cfc19ecebc in Item_func::fix_fields (this=0x7fead8015970, thd=0x7fead8000d90, ref=0x7fead8016800) at /data/src/10.4/sql/item_func.cc:370
      #21 0x000055cfc19b6beb in Item_func_in::fix_fields (this=0x7fead8015970, thd=0x7fead8000d90, ref=0x7fead8016800) at /data/src/10.4/sql/item_cmpfunc.cc:4319
      #22 0x000055cfc14d3745 in Item::fix_fields_if_needed (this=0x7fead8015970, thd=0x7fead8000d90, ref=0x7fead8016800) at /data/src/10.4/sql/item.h:964
      #23 0x000055cfc14d377f in Item::fix_fields_if_needed_for_scalar (this=0x7fead8015970, thd=0x7fead8000d90, ref=0x7fead8016800) at /data/src/10.4/sql/item.h:968
      #24 0x000055cfc155b05f in Item::fix_fields_if_needed_for_bool (this=0x7fead8015970, thd=0x7fead8000d90, ref=0x7fead8016800) at /data/src/10.4/sql/item.h:972
      #25 0x000055cfc155731b in setup_conds (thd=0x7fead8000d90, tables=0x7fead8014e48, leaves=..., conds=0x7fead8016800) at /data/src/10.4/sql/sql_base.cc:8456
      #26 0x000055cfc163511f in setup_without_group (thd=0x7fead8000d90, ref_pointer_array=..., tables=0x7fead8014e48, leaves=..., fields=..., all_fields=..., conds=0x7fead8016800, order=0x0, group=0x0, win_specs=..., win_funcs=..., hidden_group_fields=0x7fead80166df, reserved=0x7fead8014b6c) at /data/src/10.4/sql/sql_select.cc:724
      #27 0x000055cfc1638019 in JOIN::prepare (this=0x7fead80163f8, tables_init=0x7fead8014e48, wild_num=1, conds_init=0x7fead8015970, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fead8014868, unit_arg=0x7fead8004cd0) at /data/src/10.4/sql/sql_select.cc:1280
      #28 0x000055cfc1644d0f in mysql_select (thd=0x7fead8000d90, tables=0x7fead8014e48, wild_num=1, fields=..., conds=0x7fead8015970, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fead80163d0, unit=0x7fead8004cd0, select_lex=0x7fead8014868) at /data/src/10.4/sql/sql_select.cc:4708
      #29 0x000055cfc16346f6 in handle_select (thd=0x7fead8000d90, lex=0x7fead8004c10, result=0x7fead80163d0, setup_tables_done_option=0) at /data/src/10.4/sql/sql_select.cc:436
      #30 0x000055cfc15f93f2 in execute_sqlcom_select (thd=0x7fead8000d90, all_tables=0x7fead8014e48) at /data/src/10.4/sql/sql_parse.cc:6449
      #31 0x000055cfc15efc02 in mysql_execute_command (thd=0x7fead8000d90) at /data/src/10.4/sql/sql_parse.cc:3968
      #32 0x000055cfc15fd423 in mysql_parse (thd=0x7fead8000d90, rawbuf=0x7fead8014798 "SELECT * FROM t WHERE b IN ( DEFAULT( a ), '1914-09-11' )", length=57, parser_state=0x7feae857b4d0, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7995
      #33 0x000055cfc15e9731 in dispatch_command (command=COM_QUERY, thd=0x7fead8000d90, packet=0x7fead800abf1 "SELECT * FROM t WHERE b IN ( DEFAULT( a ), '1914-09-11' )", packet_length=57, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1857
      #34 0x000055cfc15e7f97 in do_command (thd=0x7fead8000d90) at /data/src/10.4/sql/sql_parse.cc:1373
      #35 0x000055cfc17790cb in do_handle_one_connection (connect=0x55cfc3f3ef20) at /data/src/10.4/sql/sql_connect.cc:1412
      #36 0x000055cfc1778e14 in handle_one_connection (arg=0x55cfc3f3ef20) at /data/src/10.4/sql/sql_connect.cc:1316
      #37 0x000055cfc21a69e8 in pfs_spawn_thread (arg=0x55cfc3f17d20) at /data/src/10.4/storage/perfschema/pfs.cc:1869
      #38 0x00007feaeec11609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #39 0x00007feaee7e5293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      same revision, Valgrind

      ==783360== Conditional jump or move depends on uninitialised value(s)
      ==783360==    at 0xCA340A: Field_blob::val_str(String*, String*) (field.cc:8597)
      ==783360==    by 0x8178B2: Field::val_str(String*) (field.h:854)
      ==783360==    by 0xC8B70E: Field::get_date(st_mysql_time*, date_mode_t) (field.cc:2322)
      ==783360==    by 0xC8B850: Field::val_datetime_packed(THD*) (field.cc:2330)
      ==783360==    by 0xCEF3E0: Item_field::val_datetime_packed(THD*) (item.cc:3245)
      ==783360==    by 0xD1EA73: in_datetime::set(unsigned int, Item*) (item_cmpfunc.cc:3822)
      ==783360==    by 0xD2101D: Item_func_in::fix_in_vector() (item_cmpfunc.cc:4427)
      ==783360==    by 0xB96C89: Item_func_in::fix_for_scalar_comparison_using_bisection(THD*) (item_cmpfunc.h:2399)
      ==783360==    by 0xB7F711: Type_handler_temporal_result::Item_func_in_fix_comparator_compatible_types(THD*, Item_func_in*) const (sql_type.cc:5424)
      ==783360==    by 0xD20DDD: Item_func_in::fix_length_and_dec() (item_cmpfunc.cc:4394)
      ==783360==    by 0xD572BD: Item_func::fix_fields(THD*, Item**) (item_func.cc:370)
      ==783360==    by 0xD209F2: Item_func_in::fix_fields(THD*, Item**) (item_cmpfunc.cc:4319)
      ==783360==    by 0x827F2C: Item::fix_fields_if_needed(THD*, Item**) (item.h:964)
      ==783360==    by 0x827F66: Item::fix_fields_if_needed_for_scalar(THD*, Item**) (item.h:968)
      ==783360==    by 0x8B0CB6: Item::fix_fields_if_needed_for_bool(THD*, Item**) (item.h:972)
      ==783360==    by 0x8ACEAC: setup_conds(THD*, TABLE_LIST*, List<TABLE_LIST>&, Item**) (sql_base.cc:8456)
      

      It looks like the crash started happening after this merge (since it's SIGSEGV, it's not 100% guarantee, maybe the builds just became less lucky):

      commit e841957416e9287d1e9b2e32c952d6d0c1a2e2ed
      Merge: 34fcd726a6d 640f42311a7
      Author: Sergei Golubchik
      Date:   Tue Feb 23 00:56:14 2021 +0100
       
          Merge branch '10.3' into 10.4
      

      apparently, related to this commit in the merge:

      Author: Monty
      Date:   Sun Feb 21 20:38:32 2021 +0200
       
          MDEV-22703 DEFAULT() on a BLOB column can overwrite the default record
      

      However, the bogus warning happened on 10.4 even before that.

      Neither the crash nor the warning are reproducible on 10.3. Possibly it's due to different default configuration in 10.3 comparing to 10.4, but I couldn't reconcile them to make it reproducible on 10.3 or to make it go away on 10.4.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              monty Michael Widenius
              Reporter:
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated: