Details
Description
Possibly related to MDEV-18414 or MDEV-25439 though there are significant differences.
CREATE TABLE t (c BLOB) ENGINE=InnoDB; |
INSERT INTO t VALUES ('0.0e'),('0.0e+0'); |
SELECT * FROM t WHERE COALESCE(c)=0.0; |
Leads to:
10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized) |
==2353529==ERROR: AddressSanitizer: use-after-poison on address 0x6290000a528e at pc 0x557084c2e7f0 bp 0x145fcffbb450 sp 0x145fcffbb440
|
SUMMARY: AddressSanitizer: use-after-poison /test/10.9_opt_san/strings/dtoa.c:1476 in my_strtod_int
|
Setup:
Compiled with GCC >=7.5.0 (I use GCC 9.4.0) and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export ASAN_OPTIONS=quarantine_size_mb=512:atexit=1:detect_invalid_pointer_pairs=3:dump_instruction_bytes=1:abort_on_error=1
|
Bug confirmed present in:
MariaDB: 10.2.44 (dbg), 10.2.44 (opt), 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)
Attachments
Issue Links
- is duplicated by
-
MDEV-32759 Heap-Use-After-Free at /mariadb-11.3.0/strings/dtoa.c:1378
- Closed
- relates to
-
MDEV-28374 UBSAN: runtime error: signed integer overflow: 10000000000000 * 10000000000000 cannot be represented in type 'long long int' in sql/sql_analyse.cc
- Confirmed