Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-26840

UBSAN: load of value 3200171710, which is not a valid value for type 'geometry_type' in sql/unireg.cc on ALTER

Details

    Description

      ENGINE Used does not matter.

      CREATE TABLE t (a INT) ENGINE=InnoDB;
      		 
      INSERT INTO t VALUES();
      		 
      ALTER TABLE t ADD b GEOMETRY NOT NULL,ALGORITHM=copy;

      Leads to:

      10.3.32 333d6c30f87a7862a2d6ca379c49e2ea46451ebc (Optimized)

      		 
      /test/10.3_opt_san/sql/unireg.cc:1058:32: runtime error: load of value 3200171710, which is not a valid value for type 'geometry_type'

      10.3.32 333d6c30f87a7862a2d6ca379c49e2ea46451ebc (Optimized)

      		 
          #0 0x55caff91e490 in make_empty_rec /test/10.3_opt_san/sql/unireg.cc:1058
      		 
          #1 0x55caff91e490 in build_frm_image(THD*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, List<Create_field>&, unsigned int, st_key*, handler*) /test/10.3_opt_san/sql/unireg.cc:394
      		 
          #2 0x55cb00486525 in mysql_create_frm_image(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/10.3_opt_san/sql/sql_table.cc:4846
      		 
          #3 0x55cb004ad585 in create_table_impl /test/10.3_opt_san/sql/sql_table.cc:5088
      		 
          #4 0x55cb004c19ff in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /test/10.3_opt_san/sql/sql_table.cc:9923
      		 
          #5 0x55cb006d29d7 in Sql_cmd_alter_table::execute(THD*) /test/10.3_opt_san/sql/sql_alter.cc:512
      		 
          #6 0x55cb000ed7db in mysql_execute_command(THD*) /test/10.3_opt_san/sql/sql_parse.cc:6075
      		 
          #7 0x55cb00108a7b in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /test/10.3_opt_san/sql/sql_parse.cc:7870
      		 
          #8 0x55cb001106a5 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /test/10.3_opt_san/sql/sql_parse.cc:1852
      		 
          #9 0x55cb001197e9 in do_command(THD*) /test/10.3_opt_san/sql/sql_parse.cc:1398
      		 
          #10 0x55cb006c0a7e in do_handle_one_connection(CONNECT*) /test/10.3_opt_san/sql/sql_connect.cc:1403
      		 
          #11 0x55cb006c1dd3 in handle_one_connection /test/10.3_opt_san/sql/sql_connect.cc:1308
      		 
          #12 0x1479b77dd608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
      		 
          #13 0x1479b6d97292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

      10.3.32 333d6c30f87a7862a2d6ca379c49e2ea46451ebc (Debug)

      		 
          #0 0x55e00df46684 in make_empty_rec /test/10.3_dbg_san/sql/unireg.cc:1058
      		 
          #1 0x55e00df46684 in build_frm_image(THD*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, List<Create_field>&, unsigned int, st_key*, handler*) /test/10.3_dbg_san/sql/unireg.cc:394
      		 
          #2 0x55e00dd6e198 in mysql_create_frm_image(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/10.3_dbg_san/sql/sql_table.cc:4846
      		 
          #3 0x55e00dd9919c in create_table_impl /test/10.3_dbg_san/sql/sql_table.cc:5088
      		 
          #4 0x55e00ddb7ca8 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Alter_info*, unsigned int, st_order*, bool) /test/10.3_dbg_san/sql/sql_table.cc:9923
      		 
          #5 0x55e00e043283 in Sql_cmd_alter_table::execute(THD*) /test/10.3_dbg_san/sql/sql_alter.cc:512
      		 
          #6 0x55e00d954209 in mysql_execute_command(THD*) /test/10.3_dbg_san/sql/sql_parse.cc:6075
      		 
          #7 0x55e00d95be2e in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /test/10.3_dbg_san/sql/sql_parse.cc:7870
      		 
          #8 0x55e00d9676f4 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /test/10.3_dbg_san/sql/sql_parse.cc:1852
      		 
          #9 0x55e00d9757d6 in do_command(THD*) /test/10.3_dbg_san/sql/sql_parse.cc:1398
      		 
          #10 0x55e00e02cbc1 in do_handle_one_connection(CONNECT*) /test/10.3_dbg_san/sql/sql_connect.cc:1403
      		 
          #11 0x55e00e02d6d3 in handle_one_connection /test/10.3_dbg_san/sql/sql_connect.cc:1308
      		 
          #12 0x14e6a8d12608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
      		 
          #13 0x14e6a82cc292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

      Setup:

      Compiled with GCC >=7.5.0 (I use GCC 9.3.0) and:
      		 
          -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
      		 
      Set before execution:
      		 
          export UBSAN_OPTIONS=print_stacktrace=1

      Bug confirmed present in:
      MariaDB: 10.2.41 (dbg), 10.2.41 (opt), 10.3.32 (dbg), 10.3.32 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.4.22 (dbg), 10.4.22 (opt), 10.5.13 (dbg), 10.5.13 (opt), 10.6.5 (dbg), 10.6.5 (opt), 10.7.1 (dbg), 10.7.1 (opt)

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-25454 Make MariaDB server UBSAN safe

          • Major - Major loss of function.
          • Confirmed

          Activity

            People

              holyfoot Alexey Botchkov
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.