[MDEV-28387] UBSAN: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself in my_strtoll10 on SELECT - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9
Fix Version/s: 10.4, 10.5, 10.6
Component/s: Data types
Labels:
- UBSAN

Description

SET @a='-9223372036854775808';  # Quite specific value; considerably varying it will not work

CREATE TABLE t (c1 INT,c2 CHAR) ENGINE=InnoDB;

SELECT SUBSTR(0,@a) FROM t;

Leads to:

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized)
/test/10.9_opt_san/strings/my_strtoll10.c:246:11: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Optimized)
#0 0x5583cfccc4e0 in my_strtoll10 /test/10.9_opt_san/strings/my_strtoll10.c:246
#1 0x5583cd293541 in user_var_entry::val_int(bool*) const /test/10.9_opt_san/sql/item_func.cc:4995
#2 0x5583cd501b56 in Item_func_substr::fix_length_and_dec(THD*) /test/10.9_opt_san/sql/item_strfunc.cc:1900
#3 0x5583cd224a88 in Item_func::fix_fields(THD, Item*) /test/10.9_opt_san/sql/item_func.cc:359
#4 0x5583cd4dfe0e in Item_str_func::fix_fields(THD, Item*) /test/10.9_opt_san/sql/item_strfunc.cc:127
#5 0x5583cb498824 in Item::fix_fields_if_needed(THD, Item*) /test/10.9_opt_san/sql/item.h:1144
#6 0x5583cb498824 in Item::fix_fields_if_needed_for_scalar(THD, Item*) /test/10.9_opt_san/sql/item.h:1148
#7 0x5583cb498824 in setup_fields(THD, Bounds_checked_array<Item>, List<Item>&, enum_column_usage, List<Item>, List<Item>, bool) /test/10.9_opt_san/sql/sql_base.cc:7722
#8 0x5583cbc2b5c4 in JOIN::prepare(TABLE_LIST, Item, unsigned int, st_order, bool, st_order, Item, st_order, st_select_lex, st_select_lex_unit) /test/10.9_opt_san/sql/sql_select.cc:1395
#9 0x5583cbc3b89e in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.9_opt_san/sql/sql_select.cc:4982
#10 0x5583cbc3da73 in handle_select(THD, LEX, select_result*, unsigned long) /test/10.9_opt_san/sql/sql_select.cc:543
#11 0x5583cb854cdf in execute_sqlcom_select /test/10.9_opt_san/sql/sql_parse.cc:6268
#12 0x5583cb89488b in mysql_execute_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:3959
#13 0x5583cb8240a8 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/10.9_opt_san/sql/sql_parse.cc:8043
#14 0x5583cb87a439 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/10.9_opt_san/sql/sql_parse.cc:1910
#15 0x5583cb885c92 in do_command(THD*, bool) /test/10.9_opt_san/sql/sql_parse.cc:1407
#16 0x5583cc170d3d in do_handle_one_connection(CONNECT*, bool) /test/10.9_opt_san/sql/sql_connect.cc:1418
#17 0x5583cc173834 in handle_one_connection /test/10.9_opt_san/sql/sql_connect.cc:1312
#18 0x5583ce2711f9 in pfs_spawn_thread /test/10.9_opt_san/storage/perfschema/pfs.cc:2201
#19 0x147e6808c608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
#20 0x147e67301162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug)
/test/10.9_dbg_san/strings/my_strtoll10.c:246:11: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself

10.9.0 161fd2d29cc2f8390fa3bf7e739c52bc8d5c39df (Debug)
#0 0x5649fc5b4fe1 in my_strtoll10 /test/10.9_dbg_san/strings/my_strtoll10.c:246
#1 0x5649f9b26a11 in user_var_entry::val_int(bool*) const /test/10.9_dbg_san/sql/item_func.cc:4995
#2 0x5649f9b26c4e in Item_func_get_user_var::val_int() /test/10.9_dbg_san/sql/item_func.cc:5485
#3 0x5649f9e64932 in Item_func_substr::get_position() /test/10.9_dbg_san/sql/item_strfunc.h:592
#4 0x5649f9dff181 in Item_func_substr::fix_length_and_dec(THD*) /test/10.9_dbg_san/sql/item_strfunc.cc:1900
#5 0x5649f9a9855e in Item_func::fix_fields(THD, Item*) /test/10.9_dbg_san/sql/item_func.cc:359
#6 0x5649f9dc8650 in Item_str_func::fix_fields(THD, Item*) /test/10.9_dbg_san/sql/item_strfunc.cc:127
#7 0x5649f77753b1 in Item::fix_fields_if_needed(THD, Item*) /test/10.9_dbg_san/sql/item.h:1144
#8 0x5649f77753b1 in Item::fix_fields_if_needed_for_scalar(THD, Item*) /test/10.9_dbg_san/sql/item.h:1148
#9 0x5649f77753b1 in setup_fields(THD, Bounds_checked_array<Item>, List<Item>&, enum_column_usage, List<Item>, List<Item>, bool) /test/10.9_dbg_san/sql/sql_base.cc:7722
#10 0x5649f7f8e7ea in JOIN::prepare(TABLE_LIST, Item, unsigned int, st_order, bool, st_order, Item, st_order, st_select_lex, st_select_lex_unit) /test/10.9_dbg_san/sql/sql_select.cc:1395
#11 0x5649f806d032 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.9_dbg_san/sql/sql_select.cc:4982
#12 0x5649f806eef0 in handle_select(THD, LEX, select_result*, unsigned long) /test/10.9_dbg_san/sql/sql_select.cc:543
#13 0x5649f7bdbfc2 in execute_sqlcom_select /test/10.9_dbg_san/sql/sql_parse.cc:6268
#14 0x5649f7c41216 in mysql_execute_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:3959
#15 0x5649f7ba3728 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/10.9_dbg_san/sql/sql_parse.cc:8043
#16 0x5649f7c1944e in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1910
#17 0x5649f7c2ffa9 in do_command(THD*, bool) /test/10.9_dbg_san/sql/sql_parse.cc:1407
#18 0x5649f86fcc4b in do_handle_one_connection(CONNECT*, bool) /test/10.9_dbg_san/sql/sql_connect.cc:1418
#19 0x5649f86ffae5 in handle_one_connection /test/10.9_dbg_san/sql/sql_connect.cc:1312
#20 0x5649fac58c62 in pfs_spawn_thread /test/10.9_dbg_san/storage/perfschema/pfs.cc:2201
#21 0x1462d2512608 in start_thread /build/glibc-sMfBJT/glibc-2.31/nptl/pthread_create.c:477
#22 0x1462d1787162 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f162)

Setup:

Compiled with GCC >=7.5.0 (I use GCC 9.4.0) and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1

Bug confirmed present in:
MariaDB: 10.2.44 (dbg), 10.2.44 (opt), 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt)

Attachments

Issue Links

relates to

MDEV-28386 UBSAN: runtime error: negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself in my_strntoull_8bit on SELECT ... OCT

Confirmed

Activity

People

Assignee:: Alexander Barkov

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2022-04-22 06:12

Updated:: 2023-04-27 13:53

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.