[MDEV-28384] UBSAN: null pointer passed as argument 1, which is declared to never be null in my_strnncoll_binary on SELECT ... COUNT or GROUP_CONCAT - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL)
Fix Version/s: 10.8.8, 10.4.31, 10.5.22, 10.6.15, 10.9.8, 10.10.6, 10.11.5, 10.11.6, 11.0.3, 11.2.1
Component/s: Character Sets, Data types
Labels:

Description

CREATE TABLE t (c BLOB NOT NULL) ENGINE=InnoDB;

INSERT IGNORE INTO t VALUES (0);

SELECT COUNT(*) FROM t WHERE EXTRACTVALUE(c,'a')='a';

Leads to:

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized)
/test/10.9_opt_san/strings/ctype-bin.c:89:12: runtime error: null pointer passed as argument 1, which is declared to never be null

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized)
#0 0x5633c2674f25 in my_strnncoll_binary /test/10.9_opt_san/strings/ctype-bin.c:89
#1 0x5633c2674f25 in my_strnncollsp_binary /test/10.9_opt_san/strings/ctype-bin.c:128
#2 0x5633c493f6fb in Arg_comparator::compare() /test/10.9_opt_san/sql/item_cmpfunc.h:103
#3 0x5633c493f6fb in Item_func_eq::val_int() /test/10.9_opt_san/sql/item_cmpfunc.cc:1762
#4 0x5633c340c414 in evaluate_join_record /test/10.9_opt_san/sql/sql_select.cc:21193
#5 0x5633c3459933 in sub_select(JOIN, st_join_table, bool) /test/10.9_opt_san/sql/sql_select.cc:21095
#6 0x5633c3605123 in do_select /test/10.9_opt_san/sql/sql_select.cc:20640
#7 0x5633c3605123 in JOIN::exec_inner() /test/10.9_opt_san/sql/sql_select.cc:4749
#8 0x5633c36099f9 in JOIN::exec() /test/10.9_opt_san/sql/sql_select.cc:4527
#9 0x5633c35f7b61 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.9_opt_san/sql/sql_select.cc:5007
#10 0x5633c35fba73 in handle_select(THD, LEX, select_result*, unsigned long) /test/10.9_opt_san/sql/sql_select.cc:543
#11 0x5633c3212cdf in execute_sqlcom_select /test/10.9_opt_san/sql/sql_parse.cc:6268
#12 0x5633c325288b in mysql_execute_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:3959
#13 0x5633c31e20a8 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/10.9_opt_san/sql/sql_parse.cc:8043
#14 0x5633c3238439 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/10.9_opt_san/sql/sql_parse.cc:1910
#15 0x5633c3243c92 in do_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:1407
#16 0x5633c3b2ed3d in do_handle_one_connection(CONNECT*, bool) /test/10.9_opt_san/sql/sql_connect.cc:1418
#17 0x5633c3b31834 in handle_one_connection /test/10.9_opt_san/sql/sql_connect.cc:1312
#18 0x5633c5c2f1f9 in pfs_spawn_thread /test/10.9_opt_san/storage/perfschema/pfs.cc:2201
#19 0x14edd0d6b608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
#20 0x14edcffe0162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug)
/test/10.9_dbg_san/strings/ctype-bin.c:89:12: runtime error: null pointer passed as argument 1, which is declared to never be null

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug)
#0 0x55f42cc16597 in my_strnncoll_binary /test/10.9_dbg_san/strings/ctype-bin.c:89
#1 0x55f42cc165dd in my_strnncollsp_binary /test/10.9_dbg_san/strings/ctype-bin.c:128
#2 0x55f428a406c5 in charset_info_st::strnncollsp(char const, unsigned long, char const, unsigned long) const /test/10.9_dbg_san/include/m_ctype.h:864
#3 0x55f428a406c5 in sortcmp(Binary_string const, Binary_string const, charset_info_st const*) /test/10.9_dbg_san/sql/sql_string.cc:853
#4 0x55f429f237bf in Arg_comparator::compare_string() /test/10.9_dbg_san/sql/item_cmpfunc.cc:765
#5 0x55f429f040f3 in Arg_comparator::compare() /test/10.9_dbg_san/sql/item_cmpfunc.h:103
#6 0x55f429f040f3 in Item_func_eq::val_int() /test/10.9_dbg_san/sql/item_cmpfunc.cc:1762
#7 0x55f4285b7d23 in evaluate_join_record /test/10.9_dbg_san/sql/sql_select.cc:21193
#8 0x55f42865bffe in sub_select(JOIN, st_join_table, bool) /test/10.9_dbg_san/sql/sql_select.cc:21095
#9 0x55f42882e362 in do_select /test/10.9_dbg_san/sql/sql_select.cc:20640
#10 0x55f42882e362 in JOIN::exec_inner() /test/10.9_dbg_san/sql/sql_select.cc:4749
#11 0x55f42882fc94 in JOIN::exec() /test/10.9_dbg_san/sql/sql_select.cc:4527
#12 0x55f42881f58b in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.9_dbg_san/sql/sql_select.cc:5007
#13 0x55f428820ef0 in handle_select(THD, LEX, select_result*, unsigned long) /test/10.9_dbg_san/sql/sql_select.cc:543
#14 0x55f42838dfc2 in execute_sqlcom_select /test/10.9_dbg_san/sql/sql_parse.cc:6268
#15 0x55f4283f3216 in mysql_execute_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:3959
#16 0x55f428355728 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/10.9_dbg_san/sql/sql_parse.cc:8043
#17 0x55f4283cb44e in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1910
#18 0x55f4283e1fa9 in do_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1407
#19 0x55f428eaec4b in do_handle_one_connection(CONNECT*, bool) /test/10.9_dbg_san/sql/sql_connect.cc:1418
#20 0x55f428eb1ae5 in handle_one_connection /test/10.9_dbg_san/sql/sql_connect.cc:1312
#21 0x55f42b40ac62 in pfs_spawn_thread /test/10.9_dbg_san/storage/perfschema/pfs.cc:2201
#22 0x15066de74608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
#23 0x15066d0e9162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)

Setup:

Compiled with GCC >=7.5.0 (I use GCC 9.4.0) and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1

Bug confirmed present in:
MariaDB: 10.2.44 (dbg), 10.2.44 (opt), 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)

Attachments

Issue Links

is duplicated by

MDEV-30982 UBSAN: runtime error: null pointer passed as argument 2, which is declared to never be null in my_strnncoll_binary on DELETE

Closed

relates to

MDEV-30982 UBSAN: runtime error: null pointer passed as argument 2, which is declared to never be null in my_strnncoll_binary on DELETE

Closed

MDEV-20619 AddressSanitizer: heap-use-after-free in my_strnncollsp_simple or my_strnncoll_binary upon SELECT with partitions and virtual columns

Closed

MDEV-31845 UBSAN: runtime error: null pointer passed as argument 2, which is declared to never be null in my_strnncoll_binary on SELECT

Confirmed

Activity

Ascending order - Click to sort in descending order

Roel Van de Paar created issue - 2022-04-22 03:29

Roel Van de Paar made changes - 2022-04-22 03:29

Field	Original Value	New Value
Link		This issue relates to ~~MDEV-20619~~ [ ~~MDEV-20619~~ ]

Roel Van de Paar made changes - 2022-04-22 03:30

Description

{code:sql}
CREATE TABLE t (c BLOB NOT NULL) ENGINE=InnoDB;
INSERT IGNORE INTO t VALUES (0);
SELECT COUNT(*) FROM t WHERE EXTRACTVALUE(c,'a')='a';
{code}

Leads to:
{noformat:title=10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized)}
/test/10.9_opt_san/strings/ctype-bin.c:89:12: runtime error: null pointer passed as argument 1, which is declared to never be null
{noformat}

{noformat:title=10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized)}
    #0 0x5633c2674f25 in my_strnncoll_binary /test/10.9_opt_san/strings/ctype-bin.c:89
    #1 0x5633c2674f25 in my_strnncollsp_binary /test/10.9_opt_san/strings/ctype-bin.c:128
    #2 0x5633c493f6fb in Arg_comparator::compare() /test/10.9_opt_san/sql/item_cmpfunc.h:103
    #3 0x5633c493f6fb in Item_func_eq::val_int() /test/10.9_opt_san/sql/item_cmpfunc.cc:1762
    #4 0x5633c340c414 in evaluate_join_record /test/10.9_opt_san/sql/sql_select.cc:21193
    #5 0x5633c3459933 in sub_select(JOIN*, st_join_table*, bool) /test/10.9_opt_san/sql/sql_select.cc:21095
    #6 0x5633c3605123 in do_select /test/10.9_opt_san/sql/sql_select.cc:20640
    #7 0x5633c3605123 in JOIN::exec_inner() /test/10.9_opt_san/sql/sql_select.cc:4749
    #8 0x5633c36099f9 in JOIN::exec() /test/10.9_opt_san/sql/sql_select.cc:4527
    #9 0x5633c35f7b61 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.9_opt_san/sql/sql_select.cc:5007
    #10 0x5633c35fba73 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.9_opt_san/sql/sql_select.cc:543
    #11 0x5633c3212cdf in execute_sqlcom_select /test/10.9_opt_san/sql/sql_parse.cc:6268
    #12 0x5633c325288b in mysql_execute_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:3959
    #13 0x5633c31e20a8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.9_opt_san/sql/sql_parse.cc:8043
    #14 0x5633c3238439 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.9_opt_san/sql/sql_parse.cc:1910
    #15 0x5633c3243c92 in do_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:1407
    #16 0x5633c3b2ed3d in do_handle_one_connection(CONNECT*, bool) /test/10.9_opt_san/sql/sql_connect.cc:1418
    #17 0x5633c3b31834 in handle_one_connection /test/10.9_opt_san/sql/sql_connect.cc:1312
    #18 0x5633c5c2f1f9 in pfs_spawn_thread /test/10.9_opt_san/storage/perfschema/pfs.cc:2201
    #19 0x14edd0d6b608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
    #20 0x14edcffe0162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)
{noformat}

{noformat:title=10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug)}
    #0 0x55f42cc16597 in my_strnncoll_binary /test/10.9_dbg_san/strings/ctype-bin.c:89
    #1 0x55f42cc165dd in my_strnncollsp_binary /test/10.9_dbg_san/strings/ctype-bin.c:128
    #2 0x55f428a406c5 in charset_info_st::strnncollsp(char const*, unsigned long, char const*, unsigned long) const /test/10.9_dbg_san/include/m_ctype.h:864
    #3 0x55f428a406c5 in sortcmp(Binary_string const*, Binary_string const*, charset_info_st const*) /test/10.9_dbg_san/sql/sql_string.cc:853
    #4 0x55f429f237bf in Arg_comparator::compare_string() /test/10.9_dbg_san/sql/item_cmpfunc.cc:765
    #5 0x55f429f040f3 in Arg_comparator::compare() /test/10.9_dbg_san/sql/item_cmpfunc.h:103
    #6 0x55f429f040f3 in Item_func_eq::val_int() /test/10.9_dbg_san/sql/item_cmpfunc.cc:1762
    #7 0x55f4285b7d23 in evaluate_join_record /test/10.9_dbg_san/sql/sql_select.cc:21193
    #8 0x55f42865bffe in sub_select(JOIN*, st_join_table*, bool) /test/10.9_dbg_san/sql/sql_select.cc:21095
    #9 0x55f42882e362 in do_select /test/10.9_dbg_san/sql/sql_select.cc:20640
    #10 0x55f42882e362 in JOIN::exec_inner() /test/10.9_dbg_san/sql/sql_select.cc:4749
    #11 0x55f42882fc94 in JOIN::exec() /test/10.9_dbg_san/sql/sql_select.cc:4527
    #12 0x55f42881f58b in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.9_dbg_san/sql/sql_select.cc:5007
    #13 0x55f428820ef0 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.9_dbg_san/sql/sql_select.cc:543
    #14 0x55f42838dfc2 in execute_sqlcom_select /test/10.9_dbg_san/sql/sql_parse.cc:6268
    #15 0x55f4283f3216 in mysql_execute_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:3959
    #16 0x55f428355728 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.9_dbg_san/sql/sql_parse.cc:8043
    #17 0x55f4283cb44e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1910
    #18 0x55f4283e1fa9 in do_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1407
    #19 0x55f428eaec4b in do_handle_one_connection(CONNECT*, bool) /test/10.9_dbg_san/sql/sql_connect.cc:1418
    #20 0x55f428eb1ae5 in handle_one_connection /test/10.9_dbg_san/sql/sql_connect.cc:1312
    #21 0x55f42b40ac62 in pfs_spawn_thread /test/10.9_dbg_san/storage/perfschema/pfs.cc:2201
    #22 0x15066de74608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
    #23 0x15066d0e9162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)
{noformat}

Setup:

{noformat}
Compiled with GCC >=7.5.0 (I use GCC 9.4.0) and:
    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
Set before execution:
    export UBSAN_OPTIONS=print_stacktrace=1
{noformat}

Bug confirmed present in:
MariaDB: 10.2.44 (dbg), 10.2.44 (opt), 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)

{code:sql}
CREATE TABLE t (c BLOB NOT NULL) ENGINE=InnoDB;
INSERT IGNORE INTO t VALUES (0);
SELECT COUNT(*) FROM t WHERE EXTRACTVALUE(c,'a')='a';
{code}

Leads to:
{noformat:title=10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized)}
/test/10.9_opt_san/strings/ctype-bin.c:89:12: runtime error: null pointer passed as argument 1, which is declared to never be null
{noformat}

{noformat:title=10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized)}
    #0 0x5633c2674f25 in my_strnncoll_binary /test/10.9_opt_san/strings/ctype-bin.c:89
    #1 0x5633c2674f25 in my_strnncollsp_binary /test/10.9_opt_san/strings/ctype-bin.c:128
    #2 0x5633c493f6fb in Arg_comparator::compare() /test/10.9_opt_san/sql/item_cmpfunc.h:103
    #3 0x5633c493f6fb in Item_func_eq::val_int() /test/10.9_opt_san/sql/item_cmpfunc.cc:1762
    #4 0x5633c340c414 in evaluate_join_record /test/10.9_opt_san/sql/sql_select.cc:21193
    #5 0x5633c3459933 in sub_select(JOIN*, st_join_table*, bool) /test/10.9_opt_san/sql/sql_select.cc:21095
    #6 0x5633c3605123 in do_select /test/10.9_opt_san/sql/sql_select.cc:20640
    #7 0x5633c3605123 in JOIN::exec_inner() /test/10.9_opt_san/sql/sql_select.cc:4749
    #8 0x5633c36099f9 in JOIN::exec() /test/10.9_opt_san/sql/sql_select.cc:4527
    #9 0x5633c35f7b61 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.9_opt_san/sql/sql_select.cc:5007
    #10 0x5633c35fba73 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.9_opt_san/sql/sql_select.cc:543
    #11 0x5633c3212cdf in execute_sqlcom_select /test/10.9_opt_san/sql/sql_parse.cc:6268
    #12 0x5633c325288b in mysql_execute_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:3959
    #13 0x5633c31e20a8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.9_opt_san/sql/sql_parse.cc:8043
    #14 0x5633c3238439 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.9_opt_san/sql/sql_parse.cc:1910
    #15 0x5633c3243c92 in do_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:1407
    #16 0x5633c3b2ed3d in do_handle_one_connection(CONNECT*, bool) /test/10.9_opt_san/sql/sql_connect.cc:1418
    #17 0x5633c3b31834 in handle_one_connection /test/10.9_opt_san/sql/sql_connect.cc:1312
    #18 0x5633c5c2f1f9 in pfs_spawn_thread /test/10.9_opt_san/storage/perfschema/pfs.cc:2201
    #19 0x14edd0d6b608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
    #20 0x14edcffe0162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)
{noformat}
{noformat:title=10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug)}
/test/10.9_dbg_san/strings/ctype-bin.c:89:12: runtime error: null pointer passed as argument 1, which is declared to never be null
{noformat}
{noformat:title=10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug)}
    #0 0x55f42cc16597 in my_strnncoll_binary /test/10.9_dbg_san/strings/ctype-bin.c:89
    #1 0x55f42cc165dd in my_strnncollsp_binary /test/10.9_dbg_san/strings/ctype-bin.c:128
    #2 0x55f428a406c5 in charset_info_st::strnncollsp(char const*, unsigned long, char const*, unsigned long) const /test/10.9_dbg_san/include/m_ctype.h:864
    #3 0x55f428a406c5 in sortcmp(Binary_string const*, Binary_string const*, charset_info_st const*) /test/10.9_dbg_san/sql/sql_string.cc:853
    #4 0x55f429f237bf in Arg_comparator::compare_string() /test/10.9_dbg_san/sql/item_cmpfunc.cc:765
    #5 0x55f429f040f3 in Arg_comparator::compare() /test/10.9_dbg_san/sql/item_cmpfunc.h:103
    #6 0x55f429f040f3 in Item_func_eq::val_int() /test/10.9_dbg_san/sql/item_cmpfunc.cc:1762
    #7 0x55f4285b7d23 in evaluate_join_record /test/10.9_dbg_san/sql/sql_select.cc:21193
    #8 0x55f42865bffe in sub_select(JOIN*, st_join_table*, bool) /test/10.9_dbg_san/sql/sql_select.cc:21095
    #9 0x55f42882e362 in do_select /test/10.9_dbg_san/sql/sql_select.cc:20640
    #10 0x55f42882e362 in JOIN::exec_inner() /test/10.9_dbg_san/sql/sql_select.cc:4749
    #11 0x55f42882fc94 in JOIN::exec() /test/10.9_dbg_san/sql/sql_select.cc:4527
    #12 0x55f42881f58b in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.9_dbg_san/sql/sql_select.cc:5007
    #13 0x55f428820ef0 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.9_dbg_san/sql/sql_select.cc:543
    #14 0x55f42838dfc2 in execute_sqlcom_select /test/10.9_dbg_san/sql/sql_parse.cc:6268
    #15 0x55f4283f3216 in mysql_execute_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:3959
    #16 0x55f428355728 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.9_dbg_san/sql/sql_parse.cc:8043
    #17 0x55f4283cb44e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1910
    #18 0x55f4283e1fa9 in do_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1407
    #19 0x55f428eaec4b in do_handle_one_connection(CONNECT*, bool) /test/10.9_dbg_san/sql/sql_connect.cc:1418
    #20 0x55f428eb1ae5 in handle_one_connection /test/10.9_dbg_san/sql/sql_connect.cc:1312
    #21 0x55f42b40ac62 in pfs_spawn_thread /test/10.9_dbg_san/storage/perfschema/pfs.cc:2201
    #22 0x15066de74608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
    #23 0x15066d0e9162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)
{noformat}

Setup:

{noformat}
Compiled with GCC >=7.5.0 (I use GCC 9.4.0) and:
    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
Set before execution:
    export UBSAN_OPTIONS=print_stacktrace=1
{noformat}

Bug confirmed present in:
MariaDB: 10.2.44 (dbg), 10.2.44 (opt), 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)

Roel Van de Paar made changes - 2022-04-22 05:20

Component/s		Data types [ 13906 ]
Component/s	Optimizer [ 10200 ]
Component/s	Server [ 13907 ]

Roel Van de Paar made changes - 2022-04-22 05:20

Assignee

Sergei Petrunia [ psergey ]

Alexander Barkov [ bar ]

Alice Sherepa made changes - 2022-07-18 12:03

Fix Version/s		10.8 [ 26121 ]
Fix Version/s		10.9 [ 26905 ]
Fix Version/s	10.2 [ 14601 ]

Alice Sherepa made changes - 2022-07-18 12:03

Status

Open [ 1 ]

Confirmed [ 10101 ]

Julien Fritsch made changes - 2023-03-03 17:27

Fix Version/s

10.7 [ 24805 ]

Roel Van de Paar made changes - 2023-03-31 21:38

Labels

UBSAN

ASAN UBSAN affects-tests

Roel Van de Paar made changes - 2023-03-31 22:00

Affects Version/s		10.10 [ 27530 ]
Affects Version/s		10.11 [ 27614 ]
Affects Version/s		11.0 [ 28320 ]

Roel Van de Paar made changes - 2023-03-31 22:00

Fix Version/s		10.10 [ 27530 ]
Fix Version/s		10.11 [ 27614 ]
Fix Version/s		11.0 [ 28320 ]

Roel Van de Paar made changes - 2023-04-01 04:15

Summary

UBSAN: null pointer passed as argument 1, which is declared to never be null in my_strnncoll_binary from

UBSAN: null pointer passed as argument 1, which is declared to never be null in my_strnncoll_binary

Roel Van de Paar made changes - 2023-04-01 04:27

Summary

UBSAN: null pointer passed as argument 1, which is declared to never be null in my_strnncoll_binary

UBSAN: null pointer passed as argument 1, which is declared to never be null in my_strnncoll_binary on SELECT ... COUNT or GROUP_CONCAT

Roel Van de Paar made changes - 2023-04-01 04:30

Link

This issue relates to ~~MDEV-30982~~ [ ~~MDEV-30982~~ ]

Julien Fritsch made changes - 2023-04-27 13:52

Fix Version/s

10.3 [ 22126 ]

Julien Fritsch made changes - 2023-04-27 14:57

Fix Version/s

10.8 [ 26121 ]

Roel Van de Paar made changes - 2023-06-14 05:29

Labels

ASAN UBSAN affects-tests

ASAN UBSAN affects-tests regression-10.6

Alexander Barkov made changes - 2023-07-20 08:22

issue.field.resolutiondate

2023-07-20 08:22:20.0

2023-07-20 08:22:20.757

Alexander Barkov made changes - 2023-07-20 08:22

Component/s		Character Sets [ 10801 ]
Fix Version/s		10.4.31 [ 29010 ]
Fix Version/s		10.5.22 [ 29011 ]
Fix Version/s		10.6.15 [ 29013 ]
Fix Version/s		10.9.8 [ 29015 ]
Fix Version/s		10.10.6 [ 29017 ]
Fix Version/s		10.11.5 [ 29019 ]
Fix Version/s		10.11.6 [ 29020 ]
Fix Version/s		11.0.3 [ 28920 ]
Fix Version/s		11.2.1 [ 29034 ]
Fix Version/s		10.8.8 [ 28518 ]
Fix Version/s	10.4 [ 22408 ]
Fix Version/s	10.5 [ 23123 ]
Fix Version/s	10.6 [ 24028 ]
Fix Version/s	10.9 [ 26905 ]
Fix Version/s	10.10 [ 27530 ]
Fix Version/s	10.11 [ 27614 ]
Fix Version/s	11.0 [ 28320 ]
Resolution		Fixed [ 1 ]
Status	Confirmed [ 10101 ]	Closed [ 6 ]

Alexander Barkov made changes - 2023-07-20 08:23

Link

This issue is duplicated by ~~MDEV-30982~~ [ ~~MDEV-30982~~ ]

Roel Van de Paar made changes - 2023-08-04 22:02

Link

This issue relates to MDEV-31845 [ MDEV-31845 ]

People

Assignee:: Alexander Barkov

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2022-04-22 03:29

Updated:: 2023-08-04 22:02

Resolved:: 2023-07-20 08:22

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration