Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28497

SIGSEGV's in charset_info_st::strnncoll, parse_option_list, my_scan_weight_utf8_general_ci, my_scan_weight_utf8mb3_general_ci, my_strcoll_ascii_4bytes_found

    XMLWordPrintable

Details

    Description

      SET innodb_default_encryption_key_id=99;
      		 
      PREPARE s FROM 'CREATE TABLE t (c INT) nonexistingoption="N" ENGINE=InnoDB';
      		 
      EXECUTE s;
      		 
      EXECUTE s;

      Leads to:

      10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug)

      		 
      Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000055c152865fc2 in charset_info_st::strnncoll (b_is_prefix=0 '\000', 
          blen=<error reading variable: Cannot access memory at address 0x8f8f8f8f8f8f8f97>, 
          b=<error reading variable: Cannot access memory at address 0x8f8f8f8f8f8f8f8f>, alen=15, a=0x55c1534b369c "PAGE_COMPRESSED", 
          this=0x55c153b78ca0 <my_charset_utf8mb3_general_ci>)
      		 
          at /test/10.9_dbg/include/m_ctype.h:851
      		 
      851	    return (coll->strnncoll)(this,
      		 
      [Current thread is 1 (Thread 0x14b02c9c9700 (LWP 2262377))]
      		 
      (gdb) bt
      		 
      #0  0x000055c152865fc2 in charset_info_st::strnncoll (b_is_prefix=0 '\000', blen=<error reading variable: Cannot access memory at address 0x8f8f8f8f8f8f8f97>, b=<error reading variable: Cannot access memory at address 0x8f8f8f8f8f8f8f8f>, alen=15, a=0x55c1534b369c "PAGE_COMPRESSED", this=0x55c153b78ca0 <my_charset_utf8mb3_general_ci>) at /test/10.9_dbg/include/m_ctype.h:851
      		 
      #1  parse_option_list (thd=thd@entry=0x14afec000db8, hton=0x55c155df3c18, option_struct_arg=option_struct_arg@entry=0x14b02c9c76a8, option_list=option_list@entry=0x14b02c9c7690, rules=rules@entry=0x55c153af3080 <innodb_table_option_list>, suppress_warning=suppress_warning@entry=false, root=0x14afec006ae8) at /test/10.9_dbg/sql/create_options.cc:284
      		 
      #2  0x000055c152799b73 in mysql_prepare_create_table (thd=thd@entry=0x14afec000db8, create_info=create_info@entry=0x14b02c9c7580, alter_info=alter_info@entry=0x14b02c9c7490, db_options=db_options@entry=0x14b02c9c67e8, file=file@entry=0x14afec013f58, key_info_buffer=key_info_buffer@entry=0x14b02c9c7078, key_count=0x14b02c9c7074, create_table_mode=0, db=<optimized out>, table_name=<optimized out>) at /test/10.9_dbg/sql/sql_table.cc:3804
      		 
      #3  0x000055c15279abf5 in mysql_create_frm_image (thd=thd@entry=0x14afec000db8, db=@0x14afec020268: {str = 0x14afec020930 "test", length = 4}, table_name=@0x14afec020278: {str = 0x14afec020218 "t", length = 1}, create_info=create_info@entry=0x14b02c9c7580, alter_info=alter_info@entry=0x14b02c9c7490, create_table_mode=create_table_mode@entry=0, key_info=0x14b02c9c7078, key_count=0x14b02c9c7074, frm=0x14b02c9c7090) at /test/10.9_dbg/sql/sql_table.cc:4291
      		 
      #4  0x000055c15279b94e in create_table_impl (thd=thd@entry=0x14afec000db8, ddl_log_state_create=ddl_log_state_create@entry=0x14b02c9c7330, ddl_log_state_rm=<optimized out>, ddl_log_state_rm@entry=0x14b02c9c7350, orig_db=@0x14afec020268: {str = 0x14afec020930 "test", length = 4}, orig_table_name=@0x14afec020278: {str = 0x14afec020218 "t", length = 1}, db=@0x14afec020268: {str = 0x14afec020930 "test", length = 4}, table_name=@0x14afec020278: {str = 0x14afec020218 "t", length = 1}, path=@0x14b02c9c7080: {str = 0x14b02c9c70a0 "./test/t", length = 8}, options=<optimized out>, create_info=0x14b02c9c7580, alter_info=0x14b02c9c7490, create_table_mode=0, is_trans=0x14b02c9c732f, key_info=0x14b02c9c7078, key_count=0x14b02c9c7074, frm=0x14b02c9c7090) at /test/10.9_dbg/sql/sql_table.cc:4603
      		 
      #5  0x000055c15279c593 in mysql_create_table_no_lock (thd=thd@entry=0x14afec000db8, ddl_log_state_create=ddl_log_state_create@entry=0x14b02c9c7330, ddl_log_state_rm=ddl_log_state_rm@entry=0x14b02c9c7350, db=db@entry=0x14afec020268, table_name=table_name@entry=0x14afec020278, create_info=create_info@entry=0x14b02c9c7580, alter_info=0x14b02c9c7490, is_trans=0x14b02c9c732f, create_table_mode=0, table_list=0x14afec020250) at /test/10.9_dbg/sql/sql_table.cc:4726
      		 
      #6  0x000055c15279c98a in mysql_create_table (thd=thd@entry=0x14afec000db8, create_table=create_table@entry=0x14afec020250, create_info=create_info@entry=0x14b02c9c7580, alter_info=alter_info@entry=0x14b02c9c7490) at /test/10.9_dbg/sql/sql_table.cc:4838
      		 
      #7  0x000055c15279e715 in Sql_cmd_create_table_like::execute (this=<optimized out>, thd=0x14afec000db8) at /test/10.9_dbg/sql/sql_table.cc:12342
      		 
      #8  0x000055c1526c903a in mysql_execute_command (thd=0x14afec000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:6006
      		 
      #9  0x000055c1526ec992 in Prepared_statement::execute (this=this@entry=0x14afec01a948, expanded_query=expanded_query@entry=0x14b02c9c7eb0, open_cursor=open_cursor@entry=false) at /test/10.9_dbg/sql/sql_prepare.cc:5221
      		 
      #10 0x000055c1526ecd2b in Prepared_statement::execute_loop (this=this@entry=0x14afec01a948, expanded_query=expanded_query@entry=0x14b02c9c7eb0, open_cursor=open_cursor@entry=false, packet=packet@entry=0x0, packet_end=packet_end@entry=0x0) at /test/10.9_dbg/sql/sql_prepare.cc:4644
      		 
      #11 0x000055c1526ed3d6 in mysql_sql_stmt_execute (thd=thd@entry=0x14afec000db8) at /test/10.9_dbg/sql/sql_prepare.cc:3688
      		 
      #12 0x000055c1526c3992 in mysql_execute_command (thd=thd@entry=0x14afec000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:3977
      		 
      #13 0x000055c1526b167b in mysql_parse (thd=thd@entry=0x14afec000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14b02c9c8470) at /test/10.9_dbg/sql/sql_parse.cc:8046
      		 
      #14 0x000055c1526bef79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14afec000db8, packet=packet@entry=0x14afec00b699 "EXECUTE s", packet_length=packet_length@entry=9, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364
      		 
      #15 0x000055c1526c1686 in do_command (thd=0x14afec000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408
      		 
      #16 0x000055c15281ed02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55c156189af8, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418
      		 
      #17 0x000055c15281f20b in handle_one_connection (arg=0x55c156189af8) at /test/10.9_dbg/sql/sql_connect.cc:1312
      		 
      #18 0x000014b045a3a609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #19 0x000014b045626163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      10.2 to 10.4 give a different stack:

      10.4.25 9c6135e81f29b3e3286d6b864c0fdafc2fea16ce (Debug)

      		 
      Core was generated by `/test/MD160322-mariadb-10.4.25-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000055a770900df6 in parse_option_list (thd=thd@entry=0x14f414000d90, 
          hton=0x55a77367aa70, 
          option_struct_arg=option_struct_arg@entry=0x14f478123ee8, 
          option_list=option_list@entry=0x14f478123ed0, 
          rules=rules@entry=0x55a771caa720 <innodb_table_option_list>, 
          suppress_warning=suppress_warning@entry=false, root=0x14f414006768)
      		 
          at /test/10.4_dbg/sql/create_options.cc:297
      		 
      [Current thread is 1 (Thread 0x14f478128700 (LWP 2262767))]
      		 
      (gdb) bt
      		 
      #0  0x000055a770900df6 in parse_option_list (thd=thd@entry=0x14f414000d90, hton=0x55a77367aa70, option_struct_arg=option_struct_arg@entry=0x14f478123ee8, option_list=option_list@entry=0x14f478123ed0, rules=rules@entry=0x55a771caa720 <innodb_table_option_list>, suppress_warning=suppress_warning@entry=false, root=0x14f414006768) at /test/10.4_dbg/sql/create_options.cc:297
      		 
      #1  0x000055a770832568 in mysql_prepare_create_table (thd=thd@entry=0x14f414000d90, create_info=create_info@entry=0x14f478123df0, alter_info=alter_info@entry=0x14f478123d30, db_options=db_options@entry=0x14f4781230e8, file=file@entry=0x14f4140135a0, key_info_buffer=key_info_buffer@entry=0x14f4781239b8, key_count=0x14f4781239b4, create_table_mode=0, db=<optimized out>, table_name=<optimized out>) at /test/10.4_dbg/sql/sql_table.cc:4442
      		 
      #2  0x000055a7708333cf in mysql_create_frm_image (thd=thd@entry=0x14f414000d90, db=@0x14f414020510: {str = 0x14f414020bc0 "test", length = 4}, table_name=@0x14f414020520: {str = 0x14f4140204c0 "t", length = 1}, create_info=create_info@entry=0x14f478123df0, alter_info=alter_info@entry=0x14f478123d30, create_table_mode=create_table_mode@entry=0, key_info=0x14f4781239b8, key_count=0x14f4781239b4, frm=0x14f4781239c0) at /test/10.4_dbg/sql/sql_table.cc:4911
      		 
      #3  0x000055a77083d542 in create_table_impl (thd=thd@entry=0x14f414000d90, orig_db=@0x14f414020510: {str = 0x14f414020bc0 "test", length = 4}, orig_table_name=@0x14f414020520: {str = 0x14f4140204c0 "t", length = 1}, db=@0x14f414020510: {str = 0x14f414020bc0 "test", length = 4}, table_name=@0x14f414020520: {str = 0x14f4140204c0 "t", length = 1}, path=path@entry=0x14f4781239d0 "./test/t", options={m_options = DDL_options_st::OPT_NONE}, create_info=0x14f478123df0, alter_info=0x14f478123d30, create_table_mode=0, is_trans=0x14f478123c57, key_info=0x14f4781239b8, key_count=0x14f4781239b4, frm=0x14f4781239c0) at /test/10.4_dbg/sql/sql_table.cc:5156
      		 
      #4  0x000055a77083db1d in mysql_create_table_no_lock (thd=thd@entry=0x14f414000d90, db=db@entry=0x14f414020510, table_name=table_name@entry=0x14f414020520, create_info=create_info@entry=0x14f478123df0, alter_info=alter_info@entry=0x14f478123d30, is_trans=is_trans@entry=0x14f478123c57, create_table_mode=0, table_list=0x14f4140204f8) at /test/10.4_dbg/sql/sql_table.cc:5259
      		 
      #5  0x000055a77083de69 in mysql_create_table (thd=thd@entry=0x14f414000d90, create_table=create_table@entry=0x14f4140204f8, create_info=create_info@entry=0x14f478123df0, alter_info=alter_info@entry=0x14f478123d30) at /test/10.4_dbg/sql/sql_table.cc:5354
      		 
      #6  0x000055a77083f82d in Sql_cmd_create_table_like::execute (this=<optimized out>, thd=0x14f414000d90) at /test/10.4_dbg/sql/sql_table.cc:11657
      		 
      #7  0x000055a770771396 in mysql_execute_command (thd=0x14f414000d90) at /test/10.4_dbg/sql/sql_parse.cc:6192
      		 
      #8  0x000055a77078e087 in Prepared_statement::execute (this=this@entry=0x14f41401e3f0, expanded_query=expanded_query@entry=0x14f478125a70, open_cursor=open_cursor@entry=false) at /test/10.4_dbg/sql/sql_prepare.cc:5014
      		 
      #9  0x000055a77078e3e3 in Prepared_statement::execute_loop (this=this@entry=0x14f41401e3f0, expanded_query=expanded_query@entry=0x14f478125a70, open_cursor=open_cursor@entry=false, packet=packet@entry=0x0, packet_end=packet_end@entry=0x0) at /test/10.4_dbg/sql/sql_prepare.cc:4483
      		 
      #10 0x000055a77078eb0c in mysql_sql_stmt_execute (thd=thd@entry=0x14f414000d90) at /test/10.4_dbg/sql/sql_prepare.cc:3573
      		 
      #11 0x000055a770768d16 in mysql_execute_command (thd=thd@entry=0x14f414000d90) at /test/10.4_dbg/sql/sql_parse.cc:3979
      		 
      #12 0x000055a770773d01 in mysql_parse (thd=thd@entry=0x14f414000d90, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14f478127490, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_parse.cc:7995
      		 
      #13 0x000055a77077675d in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14f414000d90, packet=packet@entry=0x14f41401a361 "EXECUTE s", packet_length=packet_length@entry=9, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.4_dbg/sql/sql_class.h:1201
      		 
      #14 0x000055a77077a050 in do_command (thd=0x14f414000d90) at /test/10.4_dbg/sql/sql_parse.cc:1373
      		 
      #15 0x000055a7708b9457 in do_handle_one_connection (connect=connect@entry=0x55a77432d150) at /test/10.4_dbg/sql/sql_connect.cc:1420
      		 
      #16 0x000055a7708b9576 in handle_one_connection (arg=0x55a77432d150) at /test/10.4_dbg/sql/sql_connect.cc:1316
      		 
      #17 0x000014f47b7b4609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #18 0x000014f47b3a0163 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Optimized builds show expected outcome:

      10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Optimized)

      		 
      10.9.0-opt>EXECUTE s;
      		 
      ERROR 1911 (HY000): Unknown option 'nonexistingoption'
      		 
      10.9.0-opt>EXECUTE s;
      		 
      ERROR 1911 (HY000): Unknown option 'nonexistingoption'

      Bug confirmed present in:
      MariaDB: 10.2.44 (dbg), 10.3.35 (dbg), 10.4.25 (dbg), 10.5.16 (dbg), 10.6.8 (dbg), 10.7.4 (dbg), 10.9.0 (dbg)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.2.44 (opt), 10.3.35 (opt), 10.4.25 (opt), 10.5.16 (opt), 10.6.8 (opt), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)

      Attachments

        Activity

          People

            shulga Dmitry Shulga
            Roel Roel Van de Paar
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.