Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11, 11.0
Description
CREATE TABLE t (c BLOB NOT NULL) ENGINE=InnoDB; |
INSERT IGNORE INTO t VALUES (0); |
SELECT COUNT(*) FROM t WHERE EXTRACTVALUE(c,'a')='a'; |
Leads to:
|
10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized) |
/test/10.9_opt_san/strings/ctype-bin.c:89:12: runtime error: null pointer passed as argument 1, which is declared to never be null
|
|
10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized) |
#0 0x5633c2674f25 in my_strnncoll_binary /test/10.9_opt_san/strings/ctype-bin.c:89
|
#1 0x5633c2674f25 in my_strnncollsp_binary /test/10.9_opt_san/strings/ctype-bin.c:128
|
#2 0x5633c493f6fb in Arg_comparator::compare() /test/10.9_opt_san/sql/item_cmpfunc.h:103
|
#3 0x5633c493f6fb in Item_func_eq::val_int() /test/10.9_opt_san/sql/item_cmpfunc.cc:1762
|
#4 0x5633c340c414 in evaluate_join_record /test/10.9_opt_san/sql/sql_select.cc:21193
|
#5 0x5633c3459933 in sub_select(JOIN*, st_join_table*, bool) /test/10.9_opt_san/sql/sql_select.cc:21095
|
#6 0x5633c3605123 in do_select /test/10.9_opt_san/sql/sql_select.cc:20640
|
#7 0x5633c3605123 in JOIN::exec_inner() /test/10.9_opt_san/sql/sql_select.cc:4749
|
#8 0x5633c36099f9 in JOIN::exec() /test/10.9_opt_san/sql/sql_select.cc:4527
|
#9 0x5633c35f7b61 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.9_opt_san/sql/sql_select.cc:5007
|
#10 0x5633c35fba73 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.9_opt_san/sql/sql_select.cc:543
|
#11 0x5633c3212cdf in execute_sqlcom_select /test/10.9_opt_san/sql/sql_parse.cc:6268
|
#12 0x5633c325288b in mysql_execute_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:3959
|
#13 0x5633c31e20a8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.9_opt_san/sql/sql_parse.cc:8043
|
#14 0x5633c3238439 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.9_opt_san/sql/sql_parse.cc:1910
|
#15 0x5633c3243c92 in do_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:1407
|
#16 0x5633c3b2ed3d in do_handle_one_connection(CONNECT*, bool) /test/10.9_opt_san/sql/sql_connect.cc:1418
|
#17 0x5633c3b31834 in handle_one_connection /test/10.9_opt_san/sql/sql_connect.cc:1312
|
#18 0x5633c5c2f1f9 in pfs_spawn_thread /test/10.9_opt_san/storage/perfschema/pfs.cc:2201
|
#19 0x14edd0d6b608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
|
#20 0x14edcffe0162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)
|
|
10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug) |
/test/10.9_dbg_san/strings/ctype-bin.c:89:12: runtime error: null pointer passed as argument 1, which is declared to never be null
|
|
10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug) |
#0 0x55f42cc16597 in my_strnncoll_binary /test/10.9_dbg_san/strings/ctype-bin.c:89
|
#1 0x55f42cc165dd in my_strnncollsp_binary /test/10.9_dbg_san/strings/ctype-bin.c:128
|
#2 0x55f428a406c5 in charset_info_st::strnncollsp(char const*, unsigned long, char const*, unsigned long) const /test/10.9_dbg_san/include/m_ctype.h:864
|
#3 0x55f428a406c5 in sortcmp(Binary_string const*, Binary_string const*, charset_info_st const*) /test/10.9_dbg_san/sql/sql_string.cc:853
|
#4 0x55f429f237bf in Arg_comparator::compare_string() /test/10.9_dbg_san/sql/item_cmpfunc.cc:765
|
#5 0x55f429f040f3 in Arg_comparator::compare() /test/10.9_dbg_san/sql/item_cmpfunc.h:103
|
#6 0x55f429f040f3 in Item_func_eq::val_int() /test/10.9_dbg_san/sql/item_cmpfunc.cc:1762
|
#7 0x55f4285b7d23 in evaluate_join_record /test/10.9_dbg_san/sql/sql_select.cc:21193
|
#8 0x55f42865bffe in sub_select(JOIN*, st_join_table*, bool) /test/10.9_dbg_san/sql/sql_select.cc:21095
|
#9 0x55f42882e362 in do_select /test/10.9_dbg_san/sql/sql_select.cc:20640
|
#10 0x55f42882e362 in JOIN::exec_inner() /test/10.9_dbg_san/sql/sql_select.cc:4749
|
#11 0x55f42882fc94 in JOIN::exec() /test/10.9_dbg_san/sql/sql_select.cc:4527
|
#12 0x55f42881f58b in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.9_dbg_san/sql/sql_select.cc:5007
|
#13 0x55f428820ef0 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.9_dbg_san/sql/sql_select.cc:543
|
#14 0x55f42838dfc2 in execute_sqlcom_select /test/10.9_dbg_san/sql/sql_parse.cc:6268
|
#15 0x55f4283f3216 in mysql_execute_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:3959
|
#16 0x55f428355728 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.9_dbg_san/sql/sql_parse.cc:8043
|
#17 0x55f4283cb44e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1910
|
#18 0x55f4283e1fa9 in do_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1407
|
#19 0x55f428eaec4b in do_handle_one_connection(CONNECT*, bool) /test/10.9_dbg_san/sql/sql_connect.cc:1418
|
#20 0x55f428eb1ae5 in handle_one_connection /test/10.9_dbg_san/sql/sql_connect.cc:1312
|
#21 0x55f42b40ac62 in pfs_spawn_thread /test/10.9_dbg_san/storage/perfschema/pfs.cc:2201
|
#22 0x15066de74608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
|
#23 0x15066d0e9162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)
|
Setup:
Compiled with GCC >=7.5.0 (I use GCC 9.4.0) and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1
|
Bug confirmed present in:
MariaDB: 10.2.44 (dbg), 10.2.44 (opt), 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Confirmed
-