[MDEV-28386] UBSAN: runtime error: negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself in my_strntoull_8bit on SELECT ... OCT - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.11, 11.0(EOL), 11.1(EOL), 11.2, 11.3(EOL), 11.4, 11.5(EOL)
Fix Version/s: 10.5.27, 10.6.20, 10.11.10, 11.2.6, 11.4.4, 11.6.2, 11.7.0
Component/s: Data types
Labels:
- UBSAN

Description

SET SESSION sql_buffer_result=1;

CREATE TABLE t (c BLOB) ENGINE=InnoDB;

INSERT INTO t VALUES ('-9223372036854775808.5');

SELECT OCT(c) FROM t;

Leads to:

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized)
/test/10.9_opt_san/strings/ctype-simple.c:761:22: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized)
#0 0x55b2f28347e2 in my_strntoull_8bit /test/10.9_opt_san/strings/ctype-simple.c:761
#1 0x55b2f01e4a31 in charset_info_st::strntoull(char const, unsigned long, int, char, int) const /test/10.9_opt_san/include/m_ctype.h:782
#2 0x55b2f01e4a31 in Item_func_conv::val_str(String*) /test/10.9_opt_san/sql/item_strfunc.cc:3652
#3 0x55b2efb805f9 in Item::save_str_in_field(Field*, bool) /test/10.9_opt_san/sql/item.cc:6779
#4 0x55b2efadad9c in Item::save_in_field(Field*, bool) /test/10.9_opt_san/sql/item.cc:6827
#5 0x55b2ee834457 in copy_funcs(Item*, THD const) /test/10.9_opt_san/sql/sql_select.cc:26302
#6 0x55b2ee834ce4 in end_write /test/10.9_opt_san/sql/sql_select.cc:22580
#7 0x55b2ee744ca9 in evaluate_join_record /test/10.9_opt_san/sql/sql_select.cc:21325
#8 0x55b2ee791933 in sub_select(JOIN, st_join_table, bool) /test/10.9_opt_san/sql/sql_select.cc:21095
#9 0x55b2ee93d123 in do_select /test/10.9_opt_san/sql/sql_select.cc:20640
#10 0x55b2ee93d123 in JOIN::exec_inner() /test/10.9_opt_san/sql/sql_select.cc:4749
#11 0x55b2ee9419f9 in JOIN::exec() /test/10.9_opt_san/sql/sql_select.cc:4527
#12 0x55b2ee92fb61 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.9_opt_san/sql/sql_select.cc:5007
#13 0x55b2ee933a73 in handle_select(THD, LEX, select_result*, unsigned long) /test/10.9_opt_san/sql/sql_select.cc:543
#14 0x55b2ee54acdf in execute_sqlcom_select /test/10.9_opt_san/sql/sql_parse.cc:6268
#15 0x55b2ee58a88b in mysql_execute_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:3959
#16 0x55b2ee51a0a8 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/10.9_opt_san/sql/sql_parse.cc:8043
#17 0x55b2ee570439 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/10.9_opt_san/sql/sql_parse.cc:1910
#18 0x55b2ee57bc92 in do_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:1407
#19 0x55b2eee66d3d in do_handle_one_connection(CONNECT*, bool) /test/10.9_opt_san/sql/sql_connect.cc:1418
#20 0x55b2eee69834 in handle_one_connection /test/10.9_opt_san/sql/sql_connect.cc:1312
#21 0x55b2f0f671f9 in pfs_spawn_thread /test/10.9_opt_san/storage/perfschema/pfs.cc:2201
#22 0x14a1eb49d608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
#23 0x14a1ea712162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug)
/test/10.9_dbg_san/strings/ctype-simple.c:761:22: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug)
#0 0x55885bc6b2b9 in my_strntoull_8bit /test/10.9_dbg_san/strings/ctype-simple.c:761
#1 0x5588595b68c4 in charset_info_st::strntoull(char const, unsigned long, int, char, int) const /test/10.9_dbg_san/include/m_ctype.h:782
#2 0x5588595b68c4 in Item_func_conv::val_str(String*) /test/10.9_dbg_san/sql/item_strfunc.cc:3652
#3 0x558858dfb0fd in Item::save_str_in_field(Field*, bool) /test/10.9_dbg_san/sql/item.cc:6779
#4 0x55885835852a in Type_handler_string_result::Item_save_in_field(Item, Field, bool) const /test/10.9_dbg_san/sql/sql_type.cc:4339
#5 0x558858d2d78c in Item::save_in_field(Field*, bool) /test/10.9_dbg_san/sql/item.cc:6827
#6 0x558856b55b90 in Item_result_field::save_in_result_field(bool) /test/10.9_dbg_san/sql/item.h:3435
#7 0x5588577399e5 in copy_funcs(Item*, THD const) /test/10.9_dbg_san/sql/sql_select.cc:26302
#8 0x558857739d36 in end_write /test/10.9_dbg_san/sql/sql_select.cc:22580
#9 0x5588577a80e7 in AGGR_OP::put_record(bool) /test/10.9_dbg_san/sql/sql_select.cc:29475
#10 0x5588577ab96b in AGGR_OP::put_record() /test/10.9_dbg_san/sql/sql_select.h:1056
#11 0x5588577ab96b in sub_select_postjoin_aggr(JOIN, st_join_table, bool) /test/10.9_dbg_san/sql/sql_select.cc:20811
#12 0x5588575c6e43 in evaluate_join_record /test/10.9_dbg_san/sql/sql_select.cc:21325
#13 0x558857669ffe in sub_select(JOIN, st_join_table, bool) /test/10.9_dbg_san/sql/sql_select.cc:21095
#14 0x55885783c362 in do_select /test/10.9_dbg_san/sql/sql_select.cc:20640
#15 0x55885783c362 in JOIN::exec_inner() /test/10.9_dbg_san/sql/sql_select.cc:4749
#16 0x55885783dc94 in JOIN::exec() /test/10.9_dbg_san/sql/sql_select.cc:4527
#17 0x55885782d58b in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.9_dbg_san/sql/sql_select.cc:5007
#18 0x55885782eef0 in handle_select(THD, LEX, select_result*, unsigned long) /test/10.9_dbg_san/sql/sql_select.cc:543
#19 0x55885739bfc2 in execute_sqlcom_select /test/10.9_dbg_san/sql/sql_parse.cc:6268
#20 0x558857401216 in mysql_execute_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:3959
#21 0x558857363728 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/10.9_dbg_san/sql/sql_parse.cc:8043
#22 0x5588573d944e in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1910
#23 0x5588573effa9 in do_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1407
#24 0x558857ebcc4b in do_handle_one_connection(CONNECT*, bool) /test/10.9_dbg_san/sql/sql_connect.cc:1418
#25 0x558857ebfae5 in handle_one_connection /test/10.9_dbg_san/sql/sql_connect.cc:1312
#26 0x55885a418c62 in pfs_spawn_thread /test/10.9_dbg_san/storage/perfschema/pfs.cc:2201
#27 0x154efcd44608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
#28 0x154efbfb9162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)

Setup:

Compiled with GCC >=7.5.0 (I use GCC 9.4.0) and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1

Bug confirmed present in:
MariaDB: 10.2.44 (dbg), 10.2.44 (opt), 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)

Attachments

Issue Links

relates to

MDEV-28387 UBSAN: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself in my_strtoll10 on SELECT

Closed

MDEV-31221 UBSAN runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int' in my_strtoll10_utf32

Closed

Activity

People

Assignee:: Alexander Barkov

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2022-04-22 05:21

Updated:: 2024-09-20 07:41

Resolved:: 2024-09-20 07:41

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.