[MDEV-28588] SIGSEGV in __memmove_avx_unaligned_erms, strmake_root - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.3, 10.4, 10.5, 10.6, 10.7, 10.8
Fix Version/s: 10.3.35, 10.4.25, 10.5.16, 10.6.8, 10.7.4, 10.8.3, 10.9.1
Component/s: Parser, Stored routines
Labels:
- not-10.2

Description

CREATE TABLE t1 (c1 INT) ENGINE=INNODB;

SET SESSION range_alloc_block_size=4294967295;

SET sql_mode=ORACLE;

BEGIN END;

Leads to:

10.8.3 5bfd9e51b35b5e538254860c425e9759c2e1f5fa (Optimized)
Core was generated by `/test/MD160522-mariadb-10.8.3-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __memmove_avx_unaligned_erms ()
at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:532
[Current thread is 1 (Thread 0x1459a2c07700 (LWP 2114488))]
(gdb) bt
#0 __memmove_avx_unaligned_erms () at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:532
#1 0x000055b970fead76 in memcpy (__len=18446744073709551613, __src=0x145970010729, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
#2 strmake_root (root=<optimized out>, str=0x145970010729 "\001pY\024", len=18446744073709551613) at /test/10.8_opt/mysys/my_alloc.c:587
#3 0x000055b970854897 in Query_arena::strmake (this=0x145970000c70, size=<optimized out>, str=<optimized out>) at /test/10.8_opt/sql/sql_class.h:1222
#4 sp_head::set_stmt_end (this=0x14597001f740, thd=thd@entry=0x145970000c58) at /test/10.8_opt/sql/sp_head.cc:849
#5 0x000055b9708dfca9 in LEX::sp_body_finalize_routine (thd=0x145970000c58, this=0x145970004bd0) at /test/10.8_opt/sql/sql_lex.cc:7446
#6 LEX::sp_body_finalize_routine (this=0x145970004bd0, thd=0x145970000c58) at /test/10.8_opt/sql/sql_lex.cc:7442
#7 0x000055b970b11c51 in ORAparse (thd=thd@entry=0x145970000c58) at /test/10.8_opt/sql/sql_yacc.yy:17416
#8 0x000055b9708fc1dc in parse_sql (thd=thd@entry=0x145970000c58, parser_state=parser_state@entry=0x1459a2c06470, creation_ctx=creation_ctx@entry=0x0, do_pfs_digest=do_pfs_digest@entry=true) at /test/10.8_opt/sql/sql_parse.cc:10433
#9 0x000055b9708f7ad7 in mysql_parse (rawbuf=<optimized out>, length=9, parser_state=0x1459a2c06470, thd=0x145970000c58) at /test/10.8_opt/sql/sql_parse.cc:7995
#10 mysql_parse (thd=0x145970000c58, rawbuf=<optimized out>, length=9, parser_state=0x1459a2c06470) at /test/10.8_opt/sql/sql_parse.cc:7965
#11 0x000055b9709039f2 in dispatch_command (command=COM_QUERY, thd=0x145970000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.8_opt/sql/sql_class.h:1362
#12 0x000055b970905948 in do_command (thd=0x145970000c58, blocking=blocking@entry=true) at /test/10.8_opt/sql/sql_parse.cc:1407
#13 0x000055b970a1af3f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55b973b9fb08, put_in_cache=put_in_cache@entry=true) at /test/10.8_opt/sql/sql_connect.cc:1418
#14 0x000055b970a1b22d in handle_one_connection (arg=0x55b973b9fb08) at /test/10.8_opt/sql/sql_connect.cc:1312
#15 0x00001459bfaa0609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#16 0x00001459bf68e293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (opt), 10.7.4 (opt), 10.8.3 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.2.44 (opt)

Attachments

Issue Links

relates to

MDEV-6899 extra semicolon in show create event syntax

Closed

Activity

People

Assignee:: Alexander Barkov

Reporter:: Ramesh Sivaraman

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2022-05-17 06:53

Updated:: 2022-05-17 13:46

Resolved:: 2022-05-17 13:46

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.