[MDEV-26862] ASAN failures upon inserting default value into geometry column of temporary table - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Won't Fix
Affects Version/s: 10.2
Fix Version/s: N/A
Component/s: Data Definition - Temporary, GIS
Labels:
- not-10.3
- not-10.4
- not-10.5
- not-10.6
- not-10.7

Description

Something has changed in 10.3+ (even in early versions of 10.3, checked 10.3.7), so it's not happening there anymore. There is no much point in fixing it in 10.2 now, but let's have JIRA record to refer to until 10.2 goes EOL in a few months

CREATE TEMPORARY TABLE t (b POINT DEFAULT POINT(1,1));

INSERT INTO t () VALUES (),();

ALTER TABLE t FORCE;

UPDATE t SET b = DEFAULT;

INSERT INTO t () VALUES ();

Fails on 10.2 ASAN build with all of InnoDB, MyISAM, Aria, naturally with different stack traces.

10.2 1a54cf62 with MyISAM
==2182429==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e0000752f0 at pc 0x7fef03ce1480 bp 0x7feef87f6fe0 sp 0x7feef87f6788
READ of size 25 at 0x60e0000752f0 thread T5
#0 0x7fef03ce147f (/lib/x86_64-linux-gnu/libasan.so.5+0x9b47f)
#1 0x5641c546d090 in _mi_rec_pack /data/src/10.2/storage/myisam/mi_dynrec.c:998
#2 0x5641c54648de in _mi_write_blob_record /data/src/10.2/storage/myisam/mi_dynrec.c:290
#3 0x5641c54d786f in mi_write /data/src/10.2/storage/myisam/mi_write.c:146
#4 0x5641c540f163 in ha_myisam::write_row(unsigned char*) /data/src/10.2/storage/myisam/ha_myisam.cc:922
#5 0x5641c450c196 in handler::ha_write_row(unsigned char*) /data/src/10.2/sql/handler.cc:6118
#6 0x5641c3e44619 in write_record(THD, TABLE, st_copy_info*) /data/src/10.2/sql/sql_insert.cc:1951
#7 0x5641c3e3e074 in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.2/sql/sql_insert.cc:1066
#8 0x5641c3ea5494 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4217
#9 0x5641c3ebdd6f in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7793
#10 0x5641c3e96f74 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1827
#11 0x5641c3e93d3f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1381
#12 0x5641c421f759 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
#13 0x5641c421f01c in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
#14 0x5641c55c064b in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
#15 0x7fef036a1608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
#16 0x7fef0327a292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

10.2 1a54cf62 with Aria
==2183323==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e000075ad0 at pc 0x7f32b6351480 bp 0x7f32aae6f4f0 sp 0x7f32aae6ec98
READ of size 25 at 0x60e000075ad0 thread T5
#0 0x7f32b635147f (/lib/x86_64-linux-gnu/libasan.so.5+0x9b47f)
#1 0x5647b91f4d5d in write_block_record /data/src/10.2/storage/maria/ma_blockrec.c:2836
#2 0x5647b91f9c67 in allocate_and_write_block_record /data/src/10.2/storage/maria/ma_blockrec.c:3563
#3 0x5647b91f9fea in _ma_write_init_block_record /data/src/10.2/storage/maria/ma_blockrec.c:3603
#4 0x5647b922b5b0 in maria_write /data/src/10.2/storage/maria/ma_write.c:157
#5 0x5647b90e1e65 in ha_maria::write_row(unsigned char*) /data/src/10.2/storage/maria/ha_maria.cc:1293
#6 0x5647b83fb196 in handler::ha_write_row(unsigned char*) /data/src/10.2/sql/handler.cc:6118
#7 0x5647b7d33619 in write_record(THD, TABLE, st_copy_info*) /data/src/10.2/sql/sql_insert.cc:1951
#8 0x5647b7d2d074 in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.2/sql/sql_insert.cc:1066
#9 0x5647b7d94494 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4217
#10 0x5647b7dacd6f in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7793
#11 0x5647b7d85f74 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1827
#12 0x5647b7d82d3f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1381
#13 0x5647b810e759 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
#14 0x5647b810e01c in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
#15 0x5647b94af64b in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
#16 0x7f32b5d11608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
#17 0x7f32b58ea292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

10.2 1a54cf62 with InnoDB
==2183565==ERROR: AddressSanitizer: heap-use-after-free on address 0x60e000093430 at pc 0x7f017b589480 bp 0x7f01641d2e90 sp 0x7f01641d2638
READ of size 25 at 0x60e000093430 thread T27
#0 0x7f017b58947f (/lib/x86_64-linux-gnu/libasan.so.5+0x9b47f)
#1 0x55eb8e0d852b in rec_convert_dtuple_to_rec_comp /data/src/10.2/storage/innobase/rem/rem0rec.cc:1310
#2 0x55eb8e0d873f in rec_convert_dtuple_to_rec_new /data/src/10.2/storage/innobase/rem/rem0rec.cc:1338
#3 0x55eb8e0d8924 in rec_convert_dtuple_to_rec(unsigned char, dict_index_t const, dtuple_t const*, unsigned long) /data/src/10.2/storage/innobase/rem/rem0rec.cc:1370
#4 0x55eb8e377365 in page_cur_tuple_insert /data/src/10.2/storage/innobase/include/page0cur.ic:280
#5 0x55eb8e3882d3 in btr_cur_optimistic_insert(unsigned long, btr_cur_t, unsigned short, mem_block_info_t, dtuple_t, unsigned char, big_rec_t, unsigned long, que_thr_t, mtr_t) /data/src/10.2/storage/innobase/btr/btr0cur.cc:3253
#6 0x55eb8e122d83 in row_ins_clust_index_entry_low(unsigned long, unsigned long, dict_index_t, unsigned long, dtuple_t, unsigned long, que_thr_t*) /data/src/10.2/storage/innobase/row/row0ins.cc:2689
#7 0x55eb8e125371 in row_ins_clust_index_entry(dict_index_t, dtuple_t, que_thr_t*, unsigned long) /data/src/10.2/storage/innobase/row/row0ins.cc:3141
#8 0x55eb8e125b22 in row_ins_index_entry /data/src/10.2/storage/innobase/row/row0ins.cc:3260
#9 0x55eb8e12662e in row_ins_index_entry_step /data/src/10.2/storage/innobase/row/row0ins.cc:3411
#10 0x55eb8e126f16 in row_ins /data/src/10.2/storage/innobase/row/row0ins.cc:3548
#11 0x55eb8e1278ca in row_ins_step(que_thr_t*) /data/src/10.2/storage/innobase/row/row0ins.cc:3672
#12 0x55eb8e168f87 in row_insert_for_mysql(unsigned char const, row_prebuilt_t) /data/src/10.2/storage/innobase/row/row0mysql.cc:1408
#13 0x55eb8dea4bb1 in ha_innobase::write_row(unsigned char*) /data/src/10.2/storage/innobase/handler/ha_innodb.cc:8229
#14 0x55eb8d992196 in handler::ha_write_row(unsigned char*) /data/src/10.2/sql/handler.cc:6118
#15 0x55eb8d2ca619 in write_record(THD, TABLE, st_copy_info*) /data/src/10.2/sql/sql_insert.cc:1951
#16 0x55eb8d2c4074 in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.2/sql/sql_insert.cc:1066
#17 0x55eb8d32b494 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:4217
#18 0x55eb8d343d6f in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7793
#19 0x55eb8d31cf74 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1827
#20 0x55eb8d319d3f in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1381
#21 0x55eb8d6a5759 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
#22 0x55eb8d6a501c in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
#23 0x55eb8ea4664b in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
#24 0x7f017af49608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
#25 0x7f017ab22292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

Not reproducible on 10.3+.
Couldn't reproduce with a non-temporary table.

ASAN failures upon inserting default value into geometry column of temporary table

Details

Description

Attachments

Activity

People

Dates

Git Integration