Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28374

UBSAN: runtime error: signed integer overflow: 10000000000000 * 10000000000000 cannot be represented in type 'long long int' in sql/sql_analyse.cc

    XMLWordPrintable

Details

    Description

      CREATE TABLE t (id BIGINT) ENGINE=InnoDB;
      		 
      INSERT INTO t VALUES ('10000000000000');
      		 
      SELECT * FROM t PROCEDURE ANALYSE();

      Leads to:

      10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized)

      		 
      /test/10.9_opt_san/sql/sql_analyse.cc:590:19: runtime error: signed integer overflow: 10000000000000 * 10000000000000 cannot be represented in type 'long long int'
      		 
      /test/10.9_opt_san/sql/sql_analyse.h:270:37: runtime error: signed integer overflow: 10000000000000 * 10000000000000 cannot be represented in type 'long long int'

      Setup:

      Compiled with GCC >=7.5.0 (I use GCC 9.4.0) and:
      		 
          -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
      		 
      Set before execution:
      		 
          export UBSAN_OPTIONS=print_stacktrace=1

      Bug confirmed present in:
      MariaDB: 10.2.44 (dbg), 10.2.44 (opt), 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-25454 Make MariaDB server UBSAN safe

          • Major - Major loss of function.
          • Confirmed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32240 UBSAN: downcast of address X which does not point to an object of type 'Field_num' in field_longlong::get_opt_type | sql/sql_analyse.cc

          • Major - Major loss of function.
          • Confirmed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-36300 ASAN heap-use-after-free in field_str::add on SELECT...PROCEDURE ANALYSE()

          • Major - Major loss of function.
          • Confirmed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28345 ASAN: use-after-poison or unknown-crash in my_strtod_int from charset_info_st::strntod or test_if_number

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-29473 UBSAN: Signed integer overflow: X * Y cannot be represented in type 'int' in strings/dtoa.c

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-34616 ASAN: heap-use-after-free in my_strtod_int

          • Major - Major loss of function.
          • Open

          Activity

            People

              bar Alexander Barkov
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.