[MDEV-27164] UBSAN: runtime error: null pointer passed as argument 2, which is declared to never be null in my_strnxfrm_tis620 - Jira

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL), 11.3(EOL), 11.4, 11.5(EOL), 11.7(EOL), 11.8
Fix Version/s: 10.5, 10.6, 10.11, 11.4
Component/s: Character Sets
Labels:
- UBSAN
- invalid-null-argument

Description

SET NAMES tis620;

DO CHAR((WEIGHT_STRING (EXTRACTVALUE ((0),('t')) LEVEL 7 DESC)) USING cp852);

Leads to:

10.8.0 5566cbadb03856aba9c236b131f544490cd2bee4 (Debug)
/test/10.8_dbg_san/strings/ctype-tis620.c:613:3: runtime error: null pointer passed as argument 2, which is declared to never be null

10.8.0 5566cbadb03856aba9c236b131f544490cd2bee4 (Debug)
#0 0x55d20db82193 in my_strnxfrm_tis620 /test/10.8_dbg_san/strings/ctype-tis620.c:613
#1 0x55d20b4df5d7 in charset_info_st::strnxfrm(char, unsigned long, unsigned int, char const, unsigned long, unsigned int) const /test/10.8_dbg_san/include/m_ctype.h:816
#2 0x55d20b4df5d7 in Item_func_weight_string::val_str(String*) /test/10.8_dbg_san/sql/item_strfunc.cc:3859
#3 0x55d20b50dc22 in Item_str_func::val_int() /test/10.8_dbg_san/sql/item_strfunc.cc:160
#4 0x55d20b525e2c in Item_func_char::val_str(String*) /test/10.8_dbg_san/sql/item_strfunc.cc:3095
#5 0x55d20a2c6328 in Type_handler_string_result::Item_update_null_value(Item*) const /test/10.8_dbg_san/sql/sql_type.cc:4269
#6 0x55d20899e69b in Item::update_null_value() /test/10.8_dbg_san/sql/item.h:2055
#7 0x55d208b00328 in Item_func::is_null() /test/10.8_dbg_san/sql/item_func.h:176
#8 0x55d20bd2b902 in mysql_do(THD*, List<Item>&) /test/10.8_dbg_san/sql/sql_do.cc:35
#9 0x55d20939966b in mysql_execute_command(THD*, bool) /test/10.8_dbg_san/sql/sql_parse.cc:3973
#10 0x55d2092fb9f6 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/10.8_dbg_san/sql/sql_parse.cc:8028
#11 0x55d209370fd8 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/10.8_dbg_san/sql/sql_parse.cc:1894
#12 0x55d209387a3c in do_command(THD*, bool) /test/10.8_dbg_san/sql/sql_parse.cc:1402
#13 0x55d209e424f5 in do_handle_one_connection(CONNECT*, bool) /test/10.8_dbg_san/sql/sql_connect.cc:1418
#14 0x55d209e4538f in handle_one_connection /test/10.8_dbg_san/sql/sql_connect.cc:1312
#15 0x55d20c331990 in pfs_spawn_thread /test/10.8_dbg_san/storage/perfschema/pfs.cc:2201
#16 0x147aa4d65608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
#17 0x147aa3fdb292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

10.8.0 5566cbadb03856aba9c236b131f544490cd2bee4 (Optimized, UBASAN)
/test/10.8_opt_san/strings/ctype-tis620.c:613:3: runtime error: null pointer passed as argument 2, which is declared to never be null

10.8.0 5566cbadb03856aba9c236b131f544490cd2bee4 (Optimized)
#0 0x558d8e653c6a in my_strnxfrm_tis620 /test/10.8_opt_san/strings/ctype-tis620.c:613
#1 0x558d90dae166 in charset_info_st::strnxfrm(char, unsigned long, unsigned int, char const, unsigned long, unsigned int) const /test/10.8_opt_san/include/m_ctype.h:816
#2 0x558d90dae166 in Item_func_weight_string::val_str(String*) /test/10.8_opt_san/sql/item_strfunc.cc:3859
#3 0x558d90d94a75 in Item_str_func::val_int() /test/10.8_opt_san/sql/item_strfunc.cc:160
#4 0x558d90dc2560 in Item_func_char::val_str(String*) /test/10.8_opt_san/sql/item_strfunc.cc:3095
#5 0x558d8fe278b3 in Type_handler_string_result::Item_update_null_value(Item*) const /test/10.8_opt_san/sql/sql_type.cc:4269
#6 0x558d8ea810a2 in Item_func::is_null() /test/10.8_opt_san/sql/item_func.h:176
#7 0x558d9149d81a in mysql_do(THD*, List<Item>&) /test/10.8_opt_san/sql/sql_do.cc:35
#8 0x558d8f19b579 in mysql_execute_command(THD*, bool) /test/10.8_opt_san/sql/sql_parse.cc:3973
#9 0x558d8f120e28 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/10.8_opt_san/sql/sql_parse.cc:8028
#10 0x558d8f176bb9 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/10.8_opt_san/sql/sql_parse.cc:1894
#11 0x558d8f182412 in do_command(THD*, bool) /test/10.8_opt_san/sql/sql_parse.cc:1402
#12 0x558d8fa4e5ed in do_handle_one_connection(CONNECT*, bool) /test/10.8_opt_san/sql/sql_connect.cc:1418
#13 0x558d8fa510e4 in handle_one_connection /test/10.8_opt_san/sql/sql_connect.cc:1312
#14 0x558d91ace461 in pfs_spawn_thread /test/10.8_opt_san/storage/perfschema/pfs.cc:2201
#15 0x14f116fe0608 in start_thread /build/glibc-eX1tMB/glibc-2.31/nptl/pthread_create.c:477
#16 0x14f116256292 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x122292)

Setup:

Compiled with GCC >=7.5.0 (I use GCC 9.3.0) and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1

Bug confirmed present in:
MariaDB: 10.2.42 (dbg), 10.2.42 (opt), 10.3.33 (dbg), 10.3.33 (opt), 10.4.23 (dbg), 10.4.23 (opt), 10.5.14 (dbg), 10.5.14 (opt), 10.6.6 (dbg), 10.6.6 (opt), 10.7.2 (dbg), 10.7.2 (opt), 10.8.0 (dbg), 10.8.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.5.28 (dbg), 10.5.28 (opt), 10.6.21 (dbg), 10.6.21 (opt), 10.11.11 (dbg), 10.11.11 (opt), 11.4.5 (dbg), 11.4.5 (opt), 11.7.1 (dbg), 11.7.1 (opt), 11.8.0 (dbg), 11.8.0 (opt)

Attachments

Issue Links

relates to

MDEV-24901 SIGSEGV in fts_get_table_name, SIGSEGV in ib_vector_size, SIGSEGV in row_merge_fts_doc_tokenize, stack smashing

Closed

MDEV-35621 UBSAN: runtime error: applying zero offset to null pointer in my_strnxfrm_utf8mb3_general_ci, my_uca_scanner_init_any and my_uca_scanner_next_utf8mb3 and in _utf8mb4 functions, and null pointer passed as argument 2, which is declared to never be null

Confirmed

Activity

Ascending order - Click to sort in descending order

Roel Van de Paar added a comment - 2022-09-28 09:21 - edited

Updated versions with additional testcase:

SET collation_connection='tis620_thai_ci';

DO CHAR((WEIGHT_STRING (EXTRACTVALUE ((0),('tX')) LEVEL 7)) USING cp852);

Leads to:

UBSAN|null pointer passed as argument 2, which is declared to never be null|strings/ctype-tis620.c|my_strnxfrm_tis620|Item_func_weight_string::val_str|Item_str_func::val_int|Item_func_char::val_str

UBSAN|null pointer passed as argument 2, which is declared to never be null|strings/ctype-tis620.c|my_strnxfrm_tis620|charset_info_st::strnxfrm|Item_func_weight_string::val_str|Item_str_func::val_int

Bug confirmed present in:
MariaDB: 10.3.37 (dbg), 10.3.37 (opt), 10.4.27 (dbg), 10.4.27 (opt), 10.5.18 (dbg), 10.5.18 (opt), 10.6.10 (dbg), 10.6.10 (opt), 10.7.6 (dbg), 10.7.6 (opt), 10.8.5 (dbg), 10.8.5 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.2 (dbg), 10.10.2 (opt), 10.11.0 (dbg), 10.11.0 (opt)

Roel Van de Paar added a comment - 2022-09-28 09:21 - edited Updated versions with additional testcase: SET collation_connection= 'tis620_thai_ci' ; DO CHAR ((WEIGHT_STRING (EXTRACTVALUE ((0),( 'tX' )) LEVEL 7)) USING cp852); Leads to: UBSAN|null pointer passed as argument 2, which is declared to never be null|strings/ctype-tis620.c|my_strnxfrm_tis620|Item_func_weight_string::val_str|Item_str_func::val_int|Item_func_char::val_str UBSAN|null pointer passed as argument 2, which is declared to never be null|strings/ctype-tis620.c|my_strnxfrm_tis620|charset_info_st::strnxfrm|Item_func_weight_string::val_str|Item_str_func::val_int Bug confirmed present in: MariaDB: 10.3.37 (dbg), 10.3.37 (opt), 10.4.27 (dbg), 10.4.27 (opt), 10.5.18 (dbg), 10.5.18 (opt), 10.6.10 (dbg), 10.6.10 (opt), 10.7.6 (dbg), 10.7.6 (opt), 10.8.5 (dbg), 10.8.5 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.2 (dbg), 10.10.2 (opt), 10.11.0 (dbg), 10.11.0 (opt)

Roel Van de Paar added a comment - 2024-02-27 22:21 - edited

Additional stacks with:

SET collation_connection=tis620_thai_ci;

DO WEIGHT_STRING (EXTRACTVALUE (0,'a') LEVEL 1 REVERSE);

Leads to (across versions and build types):

UBSAN|null pointer passed as argument 2, which is declared to never be null|strings/ctype-tis620.c|my_strnxfrm_tis620|Item_func_weight_string::val_str|Type_handler_string_result::Item_update_null_value|Item::update_null_value

UBSAN|null pointer passed as argument 2, which is declared to never be null|strings/ctype-tis620.c|my_strnxfrm_tis620|Item_func_weight_string::val_str|Type_handler_string_result::Item_update_null_value|Item_func::is_null

UBSAN|null pointer passed as argument 2, which is declared to never be null|strings/ctype-tis620.c|my_strnxfrm_tis620|charset_info_st::strnxfrm|Item_func_weight_string::val_str|Type_handler_string_result::Item_update_null_value

Roel Van de Paar added a comment - 2024-02-27 22:21 - edited Additional stacks with: SET collation_connection=tis620_thai_ci; DO WEIGHT_STRING (EXTRACTVALUE (0, 'a' ) LEVEL 1 REVERSE); Leads to (across versions and build types): UBSAN|null pointer passed as argument 2, which is declared to never be null|strings/ctype-tis620.c|my_strnxfrm_tis620|Item_func_weight_string::val_str|Type_handler_string_result::Item_update_null_value|Item::update_null_value UBSAN|null pointer passed as argument 2, which is declared to never be null|strings/ctype-tis620.c|my_strnxfrm_tis620|Item_func_weight_string::val_str|Type_handler_string_result::Item_update_null_value|Item_func::is_null UBSAN|null pointer passed as argument 2, which is declared to never be null|strings/ctype-tis620.c|my_strnxfrm_tis620|charset_info_st::strnxfrm|Item_func_weight_string::val_str|Type_handler_string_result::Item_update_null_value

Roel Van de Paar added a comment - 2024-12-27 20:39

The same testcase, using Clang:

SET NAMES tis620;

DO CHAR((WEIGHT_STRING (EXTRACTVALUE ((0),('t')) LEVEL 7 DESC)) USING cp852);

Leads to:

CS 11.8.0 7734c85c31c9e292ef1133115fba2f7edd71dd51 (Optimized, UBASAN, Clang)
/test/11.8_opt_san/strings/ctype-tis620.c:626:15: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:44:28: note: nonnull attribute specified here
#0 0x55e80194a610 in my_strnxfrm_tis620 /test/11.8_opt_san/strings/ctype-tis620.c:626:3
#1 0x55e8002c4c49 in charset_info_st::strnxfrm(char, unsigned long, unsigned int, char const, unsigned long, unsigned int) const /test/11.8_opt_san/include/m_ctype.h:1119:12
#2 0x55e8002c4c49 in Item_func_weight_string::val_str(String*) /test/11.8_opt_san/sql/item_strfunc.cc:4201:19
#3 0x55e80026924d in Item_str_func::val_int() /test/11.8_opt_san/sql/item_strfunc.cc:169:16
#4 0x55e8002b2e18 in Item_func_char::val_str(String*) /test/11.8_opt_san/sql/item_strfunc.cc:3405:32
#5 0x55e7ff8e29e1 in Type_handler_string_result::Item_update_null_value(Item*) const /test/11.8_opt_san/sql/sql_type.cc:4345:16
#6 0x55e7fe7a0632 in Item_func::is_null() /test/11.8_opt_san/sql/item_func.h:243:5
#7 0x55e80079c24b in mysql_do(THD*, List<Item>&) /test/11.8_opt_san/sql/sql_do.cc:36:19
#8 0x55e7fed6278c in mysql_execute_command(THD*, bool) /test/11.8_opt_san/sql/sql_parse.cc:3995:10
#9 0x55e7fed30c92 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.8_opt_san/sql/sql_parse.cc:7901:18
#10 0x55e7fed25b9e in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.8_opt_san/sql/sql_parse.cc:1903:7
#11 0x55e7fed33a6e in do_command(THD*, bool) /test/11.8_opt_san/sql/sql_parse.cc:1416:17
#12 0x55e7ff514e38 in do_handle_one_connection(CONNECT*, bool) /test/11.8_opt_san/sql/sql_connect.cc:1415:11
#13 0x55e7ff514280 in handle_one_connection /test/11.8_opt_san/sql/sql_connect.cc:1327:5
#14 0x55e7fe65cb0c in asan_thread_start(void*) asan_interceptors.cpp.o
#15 0x14f18229ca93 in start_thread nptl/pthread_create.c:447:8
#16 0x14f182329c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: invalid-null-argument /test/11.8_opt_san/strings/ctype-tis620.c:626:15

CS 11.8.0 7734c85c31c9e292ef1133115fba2f7edd71dd51 (Debug, UBASAN, Clang))
/test/11.8_dbg_san/strings/ctype-tis620.c:626:15: runtime error: null pointer passed as argument 2, which is declared to never be null
/usr/include/string.h:44:28: note: nonnull attribute specified here
#0 0x5584e2bc5fc8 in my_strnxfrm_tis620 /test/11.8_dbg_san/strings/ctype-tis620.c:626:3
#1 0x5584df5f6446 in charset_info_st::strnxfrm(char, unsigned long, unsigned int, char const, unsigned long, unsigned int) const /test/11.8_dbg_san/include/m_ctype.h:1119:12
#2 0x5584df5f5d87 in Item_func_weight_string::val_str(String*) /test/11.8_dbg_san/sql/item_strfunc.cc:4201:19
#3 0x5584df55a2a4 in Item_str_func::val_int() /test/11.8_dbg_san/sql/item_strfunc.cc:169:16
#4 0x5584df5d531b in Item_func_char::val_str(String*) /test/11.8_dbg_san/sql/item_strfunc.cc:3405:32
#5 0x5584de1616a2 in Type_handler_string_result::Item_update_null_value(Item*) const /test/11.8_dbg_san/sql/sql_type.cc:4345:16
#6 0x5584dbabf904 in Item::update_null_value() /test/11.8_dbg_san/sql/item.h:2152:28
#7 0x5584dbc7cb06 in Item_func::is_null() /test/11.8_dbg_san/sql/item_func.h:243:5
#8 0x5584dff68359 in mysql_do(THD*, List<Item>&) /test/11.8_dbg_san/sql/sql_do.cc:36:19
#9 0x5584dc8bf1f5 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:3995:10
#10 0x5584dc864ef9 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7901:18
#11 0x5584dc845db8 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
#12 0x5584dc86ee56 in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
#13 0x5584dd9d1556 in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
#14 0x5584dd9cfd19 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
#15 0x5584dba185fc in asan_thread_start(void*) asan_interceptors.cpp.o
#16 0x148f77e9ca93 in start_thread nptl/pthread_create.c:447:8
#17 0x148f77f29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: invalid-null-argument /test/11.8_dbg_san/strings/ctype-tis620.c:626:15

Setup:

Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18. Ubuntu instructions:

     # Note: llvm-17-linker-tools installs /usr/lib/llvm-17/lib/LLVMgold.so, which is needed for compilation, and LLVMgold.so is no longer included in LLVM 18

     sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev llvm-17-linker-tools

     sudo ln -s /usr/lib/llvm-17/lib/LLVMgold.so /usr/lib/llvm-18/lib/LLVMgold.so

Compiled with: '-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++' and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1   # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter'. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter

Bug confirmed present in:
MariaDB: 10.5.28 (dbg), 10.5.28 (opt), 10.6.21 (dbg), 10.6.21 (opt), 10.11.11 (dbg), 10.11.11 (opt), 11.4.5 (dbg), 11.4.5 (opt), 11.7.1 (dbg), 11.7.1 (opt), 11.8.0 (dbg), 11.8.0 (opt)

Roel Van de Paar added a comment - 2024-12-27 20:39 The same testcase, using Clang: SET NAMES tis620; DO CHAR ((WEIGHT_STRING (EXTRACTVALUE ((0),( 't' )) LEVEL 7 DESC )) USING cp852); Leads to: CS 11.8.0 7734c85c31c9e292ef1133115fba2f7edd71dd51 (Optimized, UBASAN, Clang) /test/11.8_opt_san/strings/ctype-tis620.c:626:15: runtime error: null pointer passed as argument 2, which is declared to never be null /usr/include/string.h:44:28: note: nonnull attribute specified here #0 0x55e80194a610 in my_strnxfrm_tis620 /test/11.8_opt_san/strings/ctype-tis620.c:626:3 #1 0x55e8002c4c49 in charset_info_st::strnxfrm(char*, unsigned long, unsigned int, char const*, unsigned long, unsigned int) const /test/11.8_opt_san/include/m_ctype.h:1119:12 #2 0x55e8002c4c49 in Item_func_weight_string::val_str(String*) /test/11.8_opt_san/sql/item_strfunc.cc:4201:19 #3 0x55e80026924d in Item_str_func::val_int() /test/11.8_opt_san/sql/item_strfunc.cc:169:16 #4 0x55e8002b2e18 in Item_func_char::val_str(String*) /test/11.8_opt_san/sql/item_strfunc.cc:3405:32 #5 0x55e7ff8e29e1 in Type_handler_string_result::Item_update_null_value(Item*) const /test/11.8_opt_san/sql/sql_type.cc:4345:16 #6 0x55e7fe7a0632 in Item_func::is_null() /test/11.8_opt_san/sql/item_func.h:243:5 #7 0x55e80079c24b in mysql_do(THD*, List<Item>&) /test/11.8_opt_san/sql/sql_do.cc:36:19 #8 0x55e7fed6278c in mysql_execute_command(THD*, bool) /test/11.8_opt_san/sql/sql_parse.cc:3995:10 #9 0x55e7fed30c92 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_opt_san/sql/sql_parse.cc:7901:18 #10 0x55e7fed25b9e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_opt_san/sql/sql_parse.cc:1903:7 #11 0x55e7fed33a6e in do_command(THD*, bool) /test/11.8_opt_san/sql/sql_parse.cc:1416:17 #12 0x55e7ff514e38 in do_handle_one_connection(CONNECT*, bool) /test/11.8_opt_san/sql/sql_connect.cc:1415:11 #13 0x55e7ff514280 in handle_one_connection /test/11.8_opt_san/sql/sql_connect.cc:1327:5 #14 0x55e7fe65cb0c in asan_thread_start(void*) asan_interceptors.cpp.o #15 0x14f18229ca93 in start_thread nptl/pthread_create.c:447:8 #16 0x14f182329c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78 SUMMARY: UndefinedBehaviorSanitizer: invalid-null-argument /test/11.8_opt_san/strings/ctype-tis620.c:626:15 CS 11.8.0 7734c85c31c9e292ef1133115fba2f7edd71dd51 (Debug, UBASAN, Clang)) /test/11.8_dbg_san/strings/ctype-tis620.c:626:15: runtime error: null pointer passed as argument 2, which is declared to never be null /usr/include/string.h:44:28: note: nonnull attribute specified here #0 0x5584e2bc5fc8 in my_strnxfrm_tis620 /test/11.8_dbg_san/strings/ctype-tis620.c:626:3 #1 0x5584df5f6446 in charset_info_st::strnxfrm(char*, unsigned long, unsigned int, char const*, unsigned long, unsigned int) const /test/11.8_dbg_san/include/m_ctype.h:1119:12 #2 0x5584df5f5d87 in Item_func_weight_string::val_str(String*) /test/11.8_dbg_san/sql/item_strfunc.cc:4201:19 #3 0x5584df55a2a4 in Item_str_func::val_int() /test/11.8_dbg_san/sql/item_strfunc.cc:169:16 #4 0x5584df5d531b in Item_func_char::val_str(String*) /test/11.8_dbg_san/sql/item_strfunc.cc:3405:32 #5 0x5584de1616a2 in Type_handler_string_result::Item_update_null_value(Item*) const /test/11.8_dbg_san/sql/sql_type.cc:4345:16 #6 0x5584dbabf904 in Item::update_null_value() /test/11.8_dbg_san/sql/item.h:2152:28 #7 0x5584dbc7cb06 in Item_func::is_null() /test/11.8_dbg_san/sql/item_func.h:243:5 #8 0x5584dff68359 in mysql_do(THD*, List<Item>&) /test/11.8_dbg_san/sql/sql_do.cc:36:19 #9 0x5584dc8bf1f5 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:3995:10 #10 0x5584dc864ef9 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7901:18 #11 0x5584dc845db8 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7 #12 0x5584dc86ee56 in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17 #13 0x5584dd9d1556 in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11 #14 0x5584dd9cfd19 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5 #15 0x5584dba185fc in asan_thread_start(void*) asan_interceptors.cpp.o #16 0x148f77e9ca93 in start_thread nptl/pthread_create.c:447:8 #17 0x148f77f29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78 SUMMARY: UndefinedBehaviorSanitizer: invalid-null-argument /test/11.8_dbg_san/strings/ctype-tis620.c:626:15 Setup: Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18. Ubuntu instructions: # Note: llvm-17-linker-tools installs /usr/lib/llvm-17/lib/LLVMgold.so, which is needed for compilation, and LLVMgold.so is no longer included in LLVM 18 sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev llvm-17-linker-tools sudo ln -s /usr/lib/llvm-17/lib/LLVMgold.so /usr/lib/llvm-18/lib/LLVMgold.so Compiled with: '-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++' and: -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON Set before execution: export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter'. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter Bug confirmed present in: MariaDB: 10.5.28 (dbg), 10.5.28 (opt), 10.6.21 (dbg), 10.6.21 (opt), 10.11.11 (dbg), 10.11.11 (opt), 11.4.5 (dbg), 11.4.5 (opt), 11.7.1 (dbg), 11.7.1 (opt), 11.8.0 (dbg), 11.8.0 (opt)

Roel Van de Paar added a comment - 2024-12-27 20:40

Also see MDEV-35621, similar testcase but different issue (applying zero offset to null pointer)

Roel Van de Paar added a comment - 2024-12-27 20:40 Also see MDEV-35621 , similar testcase but different issue (applying zero offset to null pointer)

People

Assignee:: Alexander Barkov

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021-12-03 13:34

Updated:: 2025-02-14 11:39

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration