[MDEV-27081] UBSAN: runtime error: null pointer passed as argument 2, which is declared to never be null in sql/filesort.cc - Jira

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.11, 11.1(EOL), 11.2(EOL), 11.4, 11.5(EOL), 11.6(EOL)
Fix Version/s: 10.5, 10.6, 10.11, 11.4
Component/s: Authentication and Privilege System
Labels:

Description

SELECT HOST,USER,PASSWORD FROM mysql.user ORDER BY HOST,USER,PASSWORD;

Leads to:

10.8.0 5566cbadb03856aba9c236b131f544490cd2bee4 (Debug)
/test/10.8_dbg_san/sql/filesort.cc:2992:9: runtime error: null pointer passed as argument 2, which is declared to never be null

10.8.0 5566cbadb03856aba9c236b131f544490cd2bee4 (Debug)
#0 0x5584fd7c9b20 in SORT_FIELD_ATTR::pack_sort_string(unsigned char, Binary_string const, charset_info_st const*) const /test/10.8_dbg_san/sql/filesort.cc:2992
#1 0x5584fd7cada7 in Type_handler_string_result::make_packed_sort_key_part(unsigned char, Item, SORT_FIELD_ATTR const, Sort_param) const /test/10.8_dbg_san/sql/filesort.cc:2610
#2 0x5584fd7bf3c4 in make_packed_sortkey /test/10.8_dbg_san/sql/filesort.cc:3089
#3 0x5584fd7bf3c4 in make_sortkey /test/10.8_dbg_san/sql/filesort.cc:1362
#4 0x5584fd7d54d2 in find_all_keys /test/10.8_dbg_san/sql/filesort.cc:978
#5 0x5584fd7d54d2 in filesort(THD, TABLE, Filesort, Filesort_tracker, JOIN*, unsigned long long) /test/10.8_dbg_san/sql/filesort.cc:357
#6 0x5584fc349deb in create_sort_index(THD, JOIN, st_join_table, Filesort) /test/10.8_dbg_san/sql/sql_select.cc:24403
#7 0x5584fc34b7f2 in st_join_table::sort_table() /test/10.8_dbg_san/sql/sql_select.cc:22077
#8 0x5584fc34c2a2 in join_init_read_record(st_join_table*) /test/10.8_dbg_san/sql/sql_select.cc:22016
#9 0x5584fc28cdb0 in sub_select(JOIN, st_join_table, bool) /test/10.8_dbg_san/sql/sql_select.cc:21062
#10 0x5584fc45d98f in do_select /test/10.8_dbg_san/sql/sql_select.cc:20612
#11 0x5584fc45d98f in JOIN::exec_inner() /test/10.8_dbg_san/sql/sql_select.cc:4735
#12 0x5584fc45f2c0 in JOIN::exec() /test/10.8_dbg_san/sql/sql_select.cc:4513
#13 0x5584fc44ee4f in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.8_dbg_san/sql/sql_select.cc:4993
#14 0x5584fc4507b4 in handle_select(THD, LEX, select_result*, unsigned long) /test/10.8_dbg_san/sql/sql_select.cc:545
#15 0x5584fbfc0b4c in execute_sqlcom_select /test/10.8_dbg_san/sql/sql_parse.cc:6253
#16 0x5584fc02615e in mysql_execute_command(THD*, bool) /test/10.8_dbg_san/sql/sql_parse.cc:3944
#17 0x5584fbf889f6 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/10.8_dbg_san/sql/sql_parse.cc:8028
#18 0x5584fbffdfd8 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/10.8_dbg_san/sql/sql_parse.cc:1894
#19 0x5584fc014a3c in do_command(THD*, bool) /test/10.8_dbg_san/sql/sql_parse.cc:1402
#20 0x5584fcacf4f5 in do_handle_one_connection(CONNECT*, bool) /test/10.8_dbg_san/sql/sql_connect.cc:1418
#21 0x5584fcad238f in handle_one_connection /test/10.8_dbg_san/sql/sql_connect.cc:1312
#22 0x5584fefbe990 in pfs_spawn_thread /test/10.8_dbg_san/storage/perfschema/pfs.cc:2201
#23 0x154d59572608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
#24 0x154d587e8292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

10.8.0 5566cbadb03856aba9c236b131f544490cd2bee4 (Optimized)
#0 0x55d3a951f964 in SORT_FIELD_ATTR::pack_sort_string(unsigned char, Binary_string const, charset_info_st const*) const /test/10.8_opt_san/sql/filesort.cc:2992
#1 0x55d3ab5ecd9b in make_packed_sortkey /test/10.8_opt_san/sql/filesort.cc:3089
#2 0x55d3ab5ecd9b in make_sortkey /test/10.8_opt_san/sql/filesort.cc:1362
#3 0x55d3ab5fa517 in find_all_keys /test/10.8_opt_san/sql/filesort.cc:978
#4 0x55d3ab5fa517 in filesort(THD, TABLE, Filesort, Filesort_tracker, JOIN*, unsigned long long) /test/10.8_opt_san/sql/filesort.cc:357
#5 0x55d3aa498f69 in create_sort_index(THD, JOIN, st_join_table, Filesort) /test/10.8_opt_san/sql/sql_select.cc:24403
#6 0x55d3aa49ab1f in st_join_table::sort_table() /test/10.8_opt_san/sql/sql_select.cc:22077
#7 0x55d3aa49b16c in join_init_read_record(st_join_table*) /test/10.8_opt_san/sql/sql_select.cc:22016
#8 0x55d3aa4076c5 in sub_select(JOIN, st_join_table, bool) /test/10.8_opt_san/sql/sql_select.cc:21062
#9 0x55d3aa5aa289 in do_select /test/10.8_opt_san/sql/sql_select.cc:20612
#10 0x55d3aa5aa289 in JOIN::exec_inner() /test/10.8_opt_san/sql/sql_select.cc:4735
#11 0x55d3aa5ae999 in JOIN::exec() /test/10.8_opt_san/sql/sql_select.cc:4513
#12 0x55d3aa59d351 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.8_opt_san/sql/sql_select.cc:4993
#13 0x55d3aa5a1263 in handle_select(THD, LEX, select_result*, unsigned long) /test/10.8_opt_san/sql/sql_select.cc:545
#14 0x55d3aa1c345f in execute_sqlcom_select /test/10.8_opt_san/sql/sql_parse.cc:6253
#15 0x55d3aa2036ab in mysql_execute_command(THD*, bool) /test/10.8_opt_san/sql/sql_parse.cc:3944
#16 0x55d3aa192e28 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/10.8_opt_san/sql/sql_parse.cc:8028
#17 0x55d3aa1e8bb9 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/10.8_opt_san/sql/sql_parse.cc:1894
#18 0x55d3aa1f4412 in do_command(THD*, bool) /test/10.8_opt_san/sql/sql_parse.cc:1402
#19 0x55d3aaac05ed in do_handle_one_connection(CONNECT*, bool) /test/10.8_opt_san/sql/sql_connect.cc:1418
#20 0x55d3aaac30e4 in handle_one_connection /test/10.8_opt_san/sql/sql_connect.cc:1312
#21 0x55d3acb40461 in pfs_spawn_thread /test/10.8_opt_san/storage/perfschema/pfs.cc:2201
#22 0x148b0abe2608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
#23 0x148b09e58292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

Setup:

Compiled with GCC >=7.5.0 (I use GCC 9.3.0) and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1

Bug confirmed present in:
MariaDB: 10.5.14 (dbg), 10.5.14 (opt), 10.6.6 (dbg), 10.6.6 (opt), 10.7.2 (dbg), 10.7.2 (opt), 10.8.0 (dbg), 10.8.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.42 (dbg), 10.2.42 (opt), 10.3.33 (dbg), 10.3.33 (opt), 10.4.23 (dbg), 10.4.23 (opt)

Attachments

Issue Links

relates to

MDEV-36046 UBSAN: runtime error: applying zero offset to null pointer in my_strnxfrm_unicode_full_bin on SELECT when using sql_select_limit

Open

Activity

Ascending order - Click to sort in descending order

Sergei Golubchik added a comment - 2021-11-18 09:30 - edited

The reported line is

  // length stored in lowendian form
  store_key_part_length(data_length + suffix_length, to, length_bytes);
  to+= length_bytes;
  // copying data length bytes to the buffer
  memcpy(to, (uchar*)str->ptr(), data_length);
  to+= data_length;

Apparently, str->ptr() is NULL here. It is an argument to

2974	uint
2975	SORT_FIELD_ATTR::pack_sort_string(uchar to, const Binary_string str,
2976	CHARSET_INFO *cs) const
2977	{

which is invoked as

2609	}
2610	return sort_field->pack_sort_string(to, res, cs);

from

uint
Type_handler_string_result::make_packed_sort_key_part(uchar *to, Item *item,
                                            const SORT_FIELD_ATTR *sort_field,
                                            Sort_param *param) const
{
  CHARSET_INFO *cs= item->collation.collation;
  bool maybe_null= item->maybe_null();
 
  if (maybe_null)
    *to++= 1;
 
  Binary_string *res= item->str_result(&param->tmp_buffer);
  if (!res)
  {

That is here, res != NULL, but res->ptr() is NULL. As far as I understand, this isn't normal, val_str() and str_result() are expected to return either NULL or a non-NULL string.

Sergei Golubchik added a comment - 2021-11-18 09:30 - edited The reported line is 2988 // length stored in lowendian form 2989 store_key_part_length(data_length + suffix_length, to , length_bytes); 2990 to += length_bytes; 2991 // copying data length bytes to the buffer 2992 memcpy( to , (uchar*)str->ptr(), data_length); 2993 to += data_length; Apparently, str->ptr() is NULL here. It is an argument to 2974 uint 2975 SORT_FIELD_ATTR::pack_sort_string(uchar * to , const Binary_string *str, 2976 CHARSET_INFO *cs) const 2977 { which is invoked as 2609 } 2610 return sort_field->pack_sort_string( to , res, cs); from 2575 uint 2576 Type_handler_string_result::make_packed_sort_key_part(uchar * to , Item *item, 2577 const SORT_FIELD_ATTR *sort_field, 2578 Sort_param *param) const 2579 { 2580 CHARSET_INFO *cs= item->collation.collation; 2581 bool maybe_null= item->maybe_null(); 2582 2583 if (maybe_null) 2584 * to ++= 1; 2585 2586 Binary_string *res= item->str_result(&param->tmp_buffer); 2587 if (!res) 2588 { That is here, res != NULL , but res->ptr() is NULL. As far as I understand, this isn't normal, val_str() and str_result() are expected to return either NULL or a non-NULL string.

Roel Van de Paar added a comment - 2022-04-22 06:58 - edited

Improved testcase, updated test report:

SELECT * FROM mysql.user ORDER BY authentication_string;

Leads to:

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized, UBASAN)
/test/10.9_opt_san/sql/filesort.cc:2997:9: runtime error: null pointer passed as argument 2, which is declared to never be null

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized, UBASAN)
#0 0x558329b466c0 in SORT_FIELD_ATTR::pack_sort_string(unsigned char, Binary_string const, charset_info_st const*) const /test/10.9_opt_san/sql/filesort.cc:2997
#1 0x55832bd2bbfb in make_packed_sortkey /test/10.9_opt_san/sql/filesort.cc:3094
#2 0x55832bd2bbfb in make_sortkey /test/10.9_opt_san/sql/filesort.cc:1362
#3 0x55832bd39387 in find_all_keys /test/10.9_opt_san/sql/filesort.cc:978
#4 0x55832bd39387 in filesort(THD, TABLE, Filesort, Filesort_tracker, JOIN*, unsigned long long) /test/10.9_opt_san/sql/filesort.cc:357
#5 0x55832ab58099 in create_sort_index(THD, JOIN, st_join_table, Filesort) /test/10.9_opt_san/sql/sql_select.cc:24425
#6 0x55832ab59c4f in st_join_table::sort_table() /test/10.9_opt_san/sql/sql_select.cc:22106
#7 0x55832ab5a29c in join_init_read_record(st_join_table*) /test/10.9_opt_san/sql/sql_select.cc:22045
#8 0x55832aac67a5 in sub_select(JOIN, st_join_table, bool) /test/10.9_opt_san/sql/sql_select.cc:21092
#9 0x55832ac72123 in do_select /test/10.9_opt_san/sql/sql_select.cc:20640
#10 0x55832ac72123 in JOIN::exec_inner() /test/10.9_opt_san/sql/sql_select.cc:4749
#11 0x55832ac769f9 in JOIN::exec() /test/10.9_opt_san/sql/sql_select.cc:4527
#12 0x55832ac64b61 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.9_opt_san/sql/sql_select.cc:5007
#13 0x55832ac68a73 in handle_select(THD, LEX, select_result*, unsigned long) /test/10.9_opt_san/sql/sql_select.cc:543
#14 0x55832a87fcdf in execute_sqlcom_select /test/10.9_opt_san/sql/sql_parse.cc:6268
#15 0x55832a8bf88b in mysql_execute_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:3959
#16 0x55832a84f0a8 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/10.9_opt_san/sql/sql_parse.cc:8043
#17 0x55832a8a5439 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/10.9_opt_san/sql/sql_parse.cc:1910
#18 0x55832a8b0c92 in do_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:1407
#19 0x55832b19bd3d in do_handle_one_connection(CONNECT*, bool) /test/10.9_opt_san/sql/sql_connect.cc:1418
#20 0x55832b19e834 in handle_one_connection /test/10.9_opt_san/sql/sql_connect.cc:1312
#21 0x55832d29c1f9 in pfs_spawn_thread /test/10.9_opt_san/storage/perfschema/pfs.cc:2201
#22 0x1464cbeee608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
#23 0x1464cb163162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug, UBASAN)
/test/10.9_dbg_san/sql/filesort.cc:2997:9: runtime error: null pointer passed as argument 2, which is declared to never be null

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug, UBASAN)
#0 0x564c17191fc0 in SORT_FIELD_ATTR::pack_sort_string(unsigned char, Binary_string const, charset_info_st const*) const /test/10.9_dbg_san/sql/filesort.cc:2997
#1 0x564c17193247 in Type_handler_string_result::make_packed_sort_key_part(unsigned char, Item, SORT_FIELD_ATTR const, Sort_param) const /test/10.9_dbg_san/sql/filesort.cc:2615
#2 0x564c171877f0 in make_packed_sortkey /test/10.9_dbg_san/sql/filesort.cc:3094
#3 0x564c171877f0 in make_sortkey /test/10.9_dbg_san/sql/filesort.cc:1362
#4 0x564c1719d972 in find_all_keys /test/10.9_dbg_san/sql/filesort.cc:978
#5 0x564c1719d972 in filesort(THD, TABLE, Filesort, Filesort_tracker, JOIN*, unsigned long long) /test/10.9_dbg_san/sql/filesort.cc:357
#6 0x564c15ca6a0d in create_sort_index(THD, JOIN, st_join_table, Filesort) /test/10.9_dbg_san/sql/sql_select.cc:24425
#7 0x564c15ca8414 in st_join_table::sort_table() /test/10.9_dbg_san/sql/sql_select.cc:22106
#8 0x564c15ca8ec4 in join_init_read_record(st_join_table*) /test/10.9_dbg_san/sql/sql_select.cc:22045
#9 0x564c15be8c16 in sub_select(JOIN, st_join_table, bool) /test/10.9_dbg_san/sql/sql_select.cc:21092
#10 0x564c15dbb362 in do_select /test/10.9_dbg_san/sql/sql_select.cc:20640
#11 0x564c15dbb362 in JOIN::exec_inner() /test/10.9_dbg_san/sql/sql_select.cc:4749
#12 0x564c15dbcc94 in JOIN::exec() /test/10.9_dbg_san/sql/sql_select.cc:4527
#13 0x564c15dac58b in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.9_dbg_san/sql/sql_select.cc:5007
#14 0x564c15dadef0 in handle_select(THD, LEX, select_result*, unsigned long) /test/10.9_dbg_san/sql/sql_select.cc:543
#15 0x564c1591afc2 in execute_sqlcom_select /test/10.9_dbg_san/sql/sql_parse.cc:6268
#16 0x564c15980216 in mysql_execute_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:3959
#17 0x564c158e2728 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/10.9_dbg_san/sql/sql_parse.cc:8043
#18 0x564c1595844e in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1910
#19 0x564c1596efa9 in do_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1407
#20 0x564c1643bc4b in do_handle_one_connection(CONNECT*, bool) /test/10.9_dbg_san/sql/sql_connect.cc:1418
#21 0x564c1643eae5 in handle_one_connection /test/10.9_dbg_san/sql/sql_connect.cc:1312
#22 0x564c18997c62 in pfs_spawn_thread /test/10.9_dbg_san/storage/perfschema/pfs.cc:2201
#23 0x148a6f19c608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
#24 0x148a6e411162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)

Setup:

Compiled with GCC >=7.5.0 (I use GCC 9.4.0) and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1

Bug confirmed present in:
MariaDB: 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.44 (dbg), 10.2.44 (opt), 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt)

UniqueID's seen:

UBSAN|null pointer passed as argument 2, which is declared to never be null|sql/filesort.cc|SORT_FIELD_ATTR::pack_sort_string|Type_handler_string_result::make_packed_sort_key_part|make_packed_sortkey|make_sortkey

UBSAN|null pointer passed as argument 2, which is declared to never be null|sql/filesort.cc|SORT_FIELD_ATTR::pack_sort_string|make_packed_sortkey|make_sortkey|find_all_keys

Roel Van de Paar added a comment - 2022-04-22 06:58 - edited Improved testcase, updated test report: SELECT * FROM mysql. user ORDER BY authentication_string; Leads to: 10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized, UBASAN) /test/10.9_opt_san/sql/filesort.cc:2997:9: runtime error: null pointer passed as argument 2, which is declared to never be null 10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized, UBASAN) #0 0x558329b466c0 in SORT_FIELD_ATTR::pack_sort_string(unsigned char*, Binary_string const*, charset_info_st const*) const /test/10.9_opt_san/sql/filesort.cc:2997 #1 0x55832bd2bbfb in make_packed_sortkey /test/10.9_opt_san/sql/filesort.cc:3094 #2 0x55832bd2bbfb in make_sortkey /test/10.9_opt_san/sql/filesort.cc:1362 #3 0x55832bd39387 in find_all_keys /test/10.9_opt_san/sql/filesort.cc:978 #4 0x55832bd39387 in filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) /test/10.9_opt_san/sql/filesort.cc:357 #5 0x55832ab58099 in create_sort_index(THD*, JOIN*, st_join_table*, Filesort*) /test/10.9_opt_san/sql/sql_select.cc:24425 #6 0x55832ab59c4f in st_join_table::sort_table() /test/10.9_opt_san/sql/sql_select.cc:22106 #7 0x55832ab5a29c in join_init_read_record(st_join_table*) /test/10.9_opt_san/sql/sql_select.cc:22045 #8 0x55832aac67a5 in sub_select(JOIN*, st_join_table*, bool) /test/10.9_opt_san/sql/sql_select.cc:21092 #9 0x55832ac72123 in do_select /test/10.9_opt_san/sql/sql_select.cc:20640 #10 0x55832ac72123 in JOIN::exec_inner() /test/10.9_opt_san/sql/sql_select.cc:4749 #11 0x55832ac769f9 in JOIN::exec() /test/10.9_opt_san/sql/sql_select.cc:4527 #12 0x55832ac64b61 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.9_opt_san/sql/sql_select.cc:5007 #13 0x55832ac68a73 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.9_opt_san/sql/sql_select.cc:543 #14 0x55832a87fcdf in execute_sqlcom_select /test/10.9_opt_san/sql/sql_parse.cc:6268 #15 0x55832a8bf88b in mysql_execute_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:3959 #16 0x55832a84f0a8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.9_opt_san/sql/sql_parse.cc:8043 #17 0x55832a8a5439 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.9_opt_san/sql/sql_parse.cc:1910 #18 0x55832a8b0c92 in do_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:1407 #19 0x55832b19bd3d in do_handle_one_connection(CONNECT*, bool) /test/10.9_opt_san/sql/sql_connect.cc:1418 #20 0x55832b19e834 in handle_one_connection /test/10.9_opt_san/sql/sql_connect.cc:1312 #21 0x55832d29c1f9 in pfs_spawn_thread /test/10.9_opt_san/storage/perfschema/pfs.cc:2201 #22 0x1464cbeee608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477 #23 0x1464cb163162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162) 10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug, UBASAN) /test/10.9_dbg_san/sql/filesort.cc:2997:9: runtime error: null pointer passed as argument 2, which is declared to never be null 10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug, UBASAN) #0 0x564c17191fc0 in SORT_FIELD_ATTR::pack_sort_string(unsigned char*, Binary_string const*, charset_info_st const*) const /test/10.9_dbg_san/sql/filesort.cc:2997 #1 0x564c17193247 in Type_handler_string_result::make_packed_sort_key_part(unsigned char*, Item*, SORT_FIELD_ATTR const*, Sort_param*) const /test/10.9_dbg_san/sql/filesort.cc:2615 #2 0x564c171877f0 in make_packed_sortkey /test/10.9_dbg_san/sql/filesort.cc:3094 #3 0x564c171877f0 in make_sortkey /test/10.9_dbg_san/sql/filesort.cc:1362 #4 0x564c1719d972 in find_all_keys /test/10.9_dbg_san/sql/filesort.cc:978 #5 0x564c1719d972 in filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) /test/10.9_dbg_san/sql/filesort.cc:357 #6 0x564c15ca6a0d in create_sort_index(THD*, JOIN*, st_join_table*, Filesort*) /test/10.9_dbg_san/sql/sql_select.cc:24425 #7 0x564c15ca8414 in st_join_table::sort_table() /test/10.9_dbg_san/sql/sql_select.cc:22106 #8 0x564c15ca8ec4 in join_init_read_record(st_join_table*) /test/10.9_dbg_san/sql/sql_select.cc:22045 #9 0x564c15be8c16 in sub_select(JOIN*, st_join_table*, bool) /test/10.9_dbg_san/sql/sql_select.cc:21092 #10 0x564c15dbb362 in do_select /test/10.9_dbg_san/sql/sql_select.cc:20640 #11 0x564c15dbb362 in JOIN::exec_inner() /test/10.9_dbg_san/sql/sql_select.cc:4749 #12 0x564c15dbcc94 in JOIN::exec() /test/10.9_dbg_san/sql/sql_select.cc:4527 #13 0x564c15dac58b in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.9_dbg_san/sql/sql_select.cc:5007 #14 0x564c15dadef0 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.9_dbg_san/sql/sql_select.cc:543 #15 0x564c1591afc2 in execute_sqlcom_select /test/10.9_dbg_san/sql/sql_parse.cc:6268 #16 0x564c15980216 in mysql_execute_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:3959 #17 0x564c158e2728 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.9_dbg_san/sql/sql_parse.cc:8043 #18 0x564c1595844e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1910 #19 0x564c1596efa9 in do_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1407 #20 0x564c1643bc4b in do_handle_one_connection(CONNECT*, bool) /test/10.9_dbg_san/sql/sql_connect.cc:1418 #21 0x564c1643eae5 in handle_one_connection /test/10.9_dbg_san/sql/sql_connect.cc:1312 #22 0x564c18997c62 in pfs_spawn_thread /test/10.9_dbg_san/storage/perfschema/pfs.cc:2201 #23 0x148a6f19c608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477 #24 0x148a6e411162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162) Setup: Compiled with GCC >=7.5.0 (I use GCC 9.4.0) and: -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON Set before execution: export UBSAN_OPTIONS=print_stacktrace=1 Bug confirmed present in: MariaDB: 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt) Bug (or feature/syntax) confirmed not present in: MariaDB: 10.2.44 (dbg), 10.2.44 (opt), 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt) UniqueID's seen: UBSAN|null pointer passed as argument 2, which is declared to never be null|sql/filesort.cc|SORT_FIELD_ATTR::pack_sort_string|Type_handler_string_result::make_packed_sort_key_part|make_packed_sortkey|make_sortkey UBSAN|null pointer passed as argument 2, which is declared to never be null|sql/filesort.cc|SORT_FIELD_ATTR::pack_sort_string|make_packed_sortkey|make_sortkey|find_all_keys

People

Assignee:: Oleksandr Byelkin

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021-11-18 08:48

Updated:: 2025-02-08 03:03

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server