Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-26457

REPAIR TABLE on MyISAM fails with SIGSEGV's in Item_func_concat::append_value, Item_func_concat::val_str, and ha_maria::drop_table and UBSAN: member access within null pointer in Item_func_concat::append_value

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL)
    • N/A
    • Storage Engine - MyISAM

    Description

      SET sql_mode='', myisam_repair_threads=2;
      		 
      CREATE TABLE t (id INT,a VARCHAR(1),b VARCHAR(1),c VARCHAR(1) GENERATED ALWAYS AS (CONCAT (a,b)),KEY(c)) ENGINE=MyISAM;
      		 
      INSERT INTO t VALUES (0,0,9687,0);
      		 
      REPAIR TABLE t QUICK;

      Leads to (note the different stacks):

      10.7.0 52505bf20de0ce77a5c0b0a74af021051987bb0d (Debug)

      		 
      Core was generated by `/test/MD160821-mariadb-10.7.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000055f10f57baff in Item_func_concat::append_value (
      		 
          this=this@entry=0x1483cc026178, thd=thd@entry=0x0, 
          res=res@entry=0x1483cc0261a0, app=0x1483cc026088)
      		 
          at /test/10.7_dbg/sql/sql_string.h:274
      		 
      [Current thread is 1 (Thread 0x1483eedfe700 (LWP 2336320))]
      		 
      (gdb) bt
      		 
      #0  0x000055f10f57baff in Item_func_concat::append_value (this=this@entry=0x1483cc026178, thd=thd@entry=0x0, res=res@entry=0x1483cc0261a0, app=0x1483cc026088) at /test/10.7_dbg/sql/sql_string.h:274
      		 
      #1  0x000055f10f57bea8 in Item_func_concat::val_str (this=0x1483cc026178, str=0x1483cc0261a0) at /test/10.7_dbg/sql/item_strfunc.cc:628
      		 
      #2  0x000055f10f4ca49b in Item::save_str_in_field (this=0x1483cc026178, field=0x1483cc025440, no_conversions=<optimized out>) at /test/10.7_dbg/sql/item.cc:6664
      		 
      #3  0x000055f10f3a3b08 in Type_handler_string_result::Item_save_in_field (this=<optimized out>, item=<optimized out>, field=<optimized out>, no_conversions=<optimized out>) at /test/10.7_dbg/sql/sql_type.cc:4330
      		 
      #4  0x000055f10f4b0847 in Item::save_in_field (this=0x1483cc026178, field=0x1483cc025440, no_conversions=<optimized out>) at /test/10.7_dbg/sql/item.cc:6712
      		 
      #5  0x000055f10f2cb9eb in TABLE::update_virtual_field (this=this@entry=0x1483cc0242d8, vf=0x1483cc025440) at /test/10.7_dbg/sql/table.cc:8770
      		 
      #6  0x000055f10fc1f36b in compute_vcols (info=0x1483cc0271f8, record=<optimized out>, keynum=<optimized out>) at /test/10.7_dbg/storage/myisam/ha_myisam.cc:710
      		 
      #7  0x000055f10fc25b49 in sort_get_next_record (sort_param=sort_param@entry=0x1483cc0b6038) at /test/10.7_dbg/storage/myisam/mi_check.c:3672
      		 
      #8  0x000055f10fc2afec in sort_key_read (sort_param=0x1483cc0b6038, key=0x1483c0000dd0) at /test/10.7_dbg/storage/myisam/mi_check.c:3135
      		 
      #9  0x000055f10fc60342 in thr_find_all_keys_exec (sort_param=0x1483cc0b6038) at /test/10.7_dbg/storage/myisam/sort.c:451
      		 
      #10 thr_find_all_keys (arg=0x1483cc0b6038) at /test/10.7_dbg/storage/myisam/sort.c:510
      		 
      #11 0x00001484134e4609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #12 0x00001484130d2293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      10.7.0 52505bf20de0ce77a5c0b0a74af021051987bb0d (Optimized)

      		 
      Core was generated by `/test/MD160821-mariadb-10.7.0-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x00005620e730915b in Item_func_concat::append_value (this=0x15126c01cf08, 
          thd=0x0, res=0x15126c01cf30, app=0x15126c01ce18)
      		 
          at /test/10.7_opt/sql/sql_string.h:274
      		 
      [Current thread is 1 (Thread 0x1512999fc700 (LWP 2388670))]
      		 
      (gdb) bt
      		 
      #0  0x00005620e730915b in Item_func_concat::append_value (this=0x15126c01cf08, thd=0x0, res=0x15126c01cf30, app=0x15126c01ce18) at /test/10.7_opt/sql/sql_string.h:274
      		 
      #1  0x00005620e73092fe in Item_func_concat::val_str (this=0x15126c01cf08, str=0x15126c01cf30) at /test/10.7_opt/sql/item_strfunc.cc:626
      		 
      #2  0x00005620e7282425 in Item::save_str_in_field (this=0x15126c01cf08, field=0x15126c017e20, no_conversions=<optimized out>) at /test/10.7_opt/sql/item.cc:6664
      		 
      #3  0x00005620e72721d7 in Item::save_in_field (this=0x15126c01cf08, field=0x15126c017e20, no_conversions=<optimized out>) at /test/10.7_opt/sql/item.cc:6712
      		 
      #4  0x00005620e710dc31 in TABLE::update_virtual_field (this=this@entry=0x15126c01b6d8, vf=0x15126c017e20) at /test/10.7_opt/sql/table.cc:8770
      		 
      #5  0x00005620e772bcb7 in compute_vcols (info=0x15126c01dda8, record=<optimized out>, keynum=<optimized out>) at /test/10.7_opt/storage/myisam/ha_myisam.cc:710
      		 
      #6  0x00005620e77328a4 in sort_get_next_record (sort_param=sort_param@entry=0x15126c083928) at /test/10.7_opt/storage/myisam/mi_check.c:3672
      		 
      #7  0x00005620e7738ac5 in sort_key_read (sort_param=0x15126c083928, key=0x151270000c70) at /test/10.7_opt/storage/myisam/mi_check.c:3135
      		 
      #8  0x00005620e7769b0f in thr_find_all_keys_exec (sort_param=0x15126c083928) at /test/10.7_opt/storage/myisam/sort.c:451
      		 
      #9  thr_find_all_keys (arg=0x15126c083928) at /test/10.7_opt/storage/myisam/sort.c:510
      		 
      #10 0x00001512be3e1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #11 0x00001512bdfcf293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      10.6.5 9ac1ac006197c8979db1dc73f4e983f623e831e8 (Debug)

      		 
      Core was generated by `/test/MD160821-mariadb-10.6.5-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000056280e8c9637 in Item_func_concat::append_value (
      		 
          this=this@entry=0x15106c0270c8, thd=thd@entry=0x0, 
          res=res@entry=0x15106c0270f0, app=0x15106c026fd8)
      		 
          at /test/10.6_dbg/sql/sql_string.h:274
      		 
      [Current thread is 1 (Thread 0x15108e7fb700 (LWP 2388769))]
      		 
      (gdb) bt
      		 
      #0  0x000056280e8c9637 in Item_func_concat::append_value (this=this@entry=0x15106c0270c8, thd=thd@entry=0x0, res=res@entry=0x15106c0270f0, app=0x15106c026fd8) at /test/10.6_dbg/sql/sql_string.h:274
      		 
      #1  0x000056280e8c99e0 in Item_func_concat::val_str (this=0x15106c0270c8, str=0x15106c0270f0) at /test/10.6_dbg/sql/item_strfunc.cc:628
      		 
      #2  0x000056280e81760b in Item::save_str_in_field (this=0x15106c0270c8, field=0x15106c0263b0, no_conversions=<optimized out>) at /test/10.6_dbg/sql/item.cc:6664
      		 
      #3  0x000056280e6f1412 in Type_handler_string_result::Item_save_in_field (this=<optimized out>, item=<optimized out>, field=<optimized out>, no_conversions=<optimized out>) at /test/10.6_dbg/sql/sql_type.cc:4330
      		 
      #4  0x000056280e7fd9b5 in Item::save_in_field (this=0x15106c0270c8, field=0x15106c0263b0, no_conversions=<optimized out>) at /test/10.6_dbg/sql/item.cc:6712
      		 
      #5  0x000056280e619e71 in TABLE::update_virtual_field (this=this@entry=0x15106c025268, vf=0x15106c0263b0) at /test/10.6_dbg/sql/table.cc:8770
      		 
      #6  0x000056280efb7d5b in compute_vcols (info=0x15106c028108, record=<optimized out>, keynum=<optimized out>) at /test/10.6_dbg/storage/myisam/ha_myisam.cc:710
      		 
      #7  0x000056280efbe539 in sort_get_next_record (sort_param=sort_param@entry=0x15106c0b6b88) at /test/10.6_dbg/storage/myisam/mi_check.c:3672
      		 
      #8  0x000056280efc39dc in sort_key_read (sort_param=0x15106c0b6b88, key=0x151060000dd0) at /test/10.6_dbg/storage/myisam/mi_check.c:3135
      		 
      #9  0x000056280eff8d32 in thr_find_all_keys_exec (sort_param=0x15106c0b6b88) at /test/10.6_dbg/storage/myisam/sort.c:451
      		 
      #10 thr_find_all_keys (arg=0x15106c0b6b88) at /test/10.6_dbg/storage/myisam/sort.c:510
      		 
      #11 0x00001510b2f6a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #12 0x00001510b2b58293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      10.2.41 (Optimized)

      		 
      Core was generated by `/test/MD160821-mariadb-10.2.41-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
      		 
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      		 
      [Current thread is 1 (Thread 0x150eb74b0700 (LWP 2388689))]
      		 
      (gdb) bt
      		 
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
      		 
      #1  0x0000563051a3d69f in my_write_core (sig=sig@entry=11) at /test/10.2_opt/mysys/stacktrace.c:382
      		 
      #2  0x00005630514e2628 in handle_fatal_signal (sig=11) at /test/10.2_opt/sql/signal_handler.cc:355
      		 
      #3  <signal handler called>
      		 
      #4  0x000056305157a97f in Item_func_concat::val_str (this=0x150e9001a780, str=0x150e9001a7b0) at /test/10.2_opt/sql/sql_string.h:198
      		 
      #5  0x00005630514f31ca in Item::save_in_field (this=0x150e9001a780, field=0x150e90017998, no_conversions=<optimized out>) at /test/10.2_opt/sql/item.cc:6397
      		 
      #6  0x00005630513efc34 in TABLE::update_virtual_field (this=this@entry=0x150e900194c8, vf=0x150e90017998) at /test/10.2_opt/sql/table.cc:7830
      		 
      #7  0x0000563051940c63 in compute_vcols (info=<optimized out>, record=<optimized out>, keynum=<optimized out>) at /test/10.2_opt/storage/myisam/ha_myisam.cc:683
      		 
      #8  0x0000563051948874 in sort_get_next_record (sort_param=sort_param@entry=0x150e900592a8) at /test/10.2_opt/storage/myisam/mi_check.c:3667
      		 
      #9  0x000056305194e8e5 in sort_key_read (sort_param=0x150e900592a8, key=0x150e88000c60) at /test/10.2_opt/storage/myisam/mi_check.c:3131
      		 
      #10 0x0000563051980172 in thr_find_all_keys_exec (sort_param=0x150e900592a8) at /test/10.2_opt/storage/myisam/sort.c:450
      		 
      #11 thr_find_all_keys (arg=0x150e900592a8) at /test/10.2_opt/storage/myisam/sort.c:509
      		 
      #12 0x0000150eee82e609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #13 0x0000150eee424293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Bug confirmed present in:
      MariaDB: 10.2.41 (dbg), 10.2.41 (opt), 10.3.32 (dbg), 10.3.32 (opt), 10.4.22 (dbg), 10.4.22 (opt), 10.5.13 (dbg), 10.5.13 (opt), 10.6.5 (dbg), 10.6.5 (opt), 10.7.0 (dbg), 10.7.0 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.35 (dbg), 5.7.35 (opt), 8.0.26 (dbg), 8.0.26 (opt)

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-23294 Segfault or assertion upon MyISAM repair

          • Major - Major loss of function.
          • Closed

          Activity

            People

              midenok Aleksey Midenkov
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.