Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.5, 10.6, 11.1(EOL), 10.3(EOL), 10.4(EOL), 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL)
Description
NOTE: The same test case but without primary key on t3_spider causes a syntax error.
--source plugin/spider/spider/include/init_spider.inc
|
|
SET spider_same_server_link= on; |
eval create server s foreign data wrapper mysql options (host "127.0.0.1", database "test", user "root", port $MASTER_MYPORT); |
|
CREATE TABLE t1 (a INT); |
CREATE TABLE t2 (b INT); |
CREATE TABLE t3 (c INT, PRIMARY KEY(c)); |
|
CREATE TABLE t1_spider (a INT) ENGINE=SPIDER COMMENT = "wrapper 'mysql', srv 's', table 't1'"; |
CREATE TABLE t2_spider (b INT) ENGINE=SPIDER COMMENT = "wrapper 'mysql', srv 's', table 't2'"; |
CREATE TABLE t3_spider (c INT, PRIMARY KEY(c)) ENGINE=SPIDER COMMENT = "wrapper 'mysql', srv 's', table 't3'"; |
|
SELECT t1_spider.* FROM t1_spider LEFT JOIN t2_spider LEFT JOIN t3_spider ON b = c ON a = b; |
|
# Cleanup
|
DROP TABLE t1_spider, t2_spider, t3_spider, t1, t2, t3; |
|
--source plugin/spider/spider/include/deinit_spider.inc |
10.3 d6e80c21 |
#2 0x000055d328afb26a in handle_fatal_signal (sig=11) at /data/src/10.3/sql/signal_handler.cc:365
|
curr_time = 1657238605
|
tm = {tm_sec = 25, tm_min = 3, tm_hour = 3, tm_mday = 8, tm_mon = 6, tm_year = 122, tm_wday = 5, tm_yday = 188, tm_isdst = 1, tm_gmtoff = 10800, tm_zone = 0x55d32a909fe0 "EEST"}
|
thd = 0x7fc4b0000d90
|
print_invalid_query_pointer = false
|
#3 <signal handler called>
|
No locals.
|
#4 0x00007fc4c15c62ae in spider_db_mbase_util::append_table (this=0x7fc4c16564d0 <spider_db_mysql_utility>, spider=0x7fc4b00bb4a8, fields=0x7fc4b01059b0, str=0x7fc4b00c9188, table_list=0x7fc4b0013af8, used_table_list=0x7fc4c169f360, current_pos=0x7fc4c169f3bc, cond_table_list_ptr=0x7fc4c169f3d0, top_down=true, first=true) at /data/src/10.3/storage/spider/spd_db_mysql.cc:5569
|
on_expr = 0x55d329392da5 <code_state+167>
|
error_num = 32708
|
use_cond_table_list = false
|
db_share = 0x55d3286c526a <String::q_append(char const*, unsigned long)+66>
|
dbton_hdl = 0x7fc4c1615f1e
|
table_holder = 0x0
|
cond_table_list = 0x0
|
spd = 0x7fc4c169f050
|
_db_stack_frame_ = {func = 0x7fc4c161e050 "spider_db_mbase_util::append_tables_top_down", file = 0x7fc4c161b2d8 "/data/src/10.3/storage/spider/spd_db_mysql.cc", level = 2147483664, line = -1, prev = 0x7fc4c169f130}
|
#5 0x00007fc4c15c6b63 in spider_db_mbase_util::append_tables_top_down (this=0x7fc4c16564d0 <spider_db_mysql_utility>, spider=0x7fc4b00bb4a8, fields=0x7fc4b01059b0, str=0x7fc4b00c9188, table_list=0x7fc4b0014568, used_table_list=0x7fc4c169f360, current_pos=0x7fc4c169f3bc, cond_table_list_ptr=0x7fc4c169f3d0) at /data/src/10.3/storage/spider/spd_db_mysql.cc:5732
|
error_num = 691468691
|
outer_join_backup = 21971
|
cur_table_list = 0x7fc4b0013af8
|
prev_table_list = 0x0
|
cond_table_list = 0x7fc4b0014568
|
first = true
|
_db_stack_frame_ = {func = 0x7fc4c161e160 "spider_db_mbase_util::append_embedding_tables", file = 0x7fc4c161b2d8 "/data/src/10.3/storage/spider/spd_db_mysql.cc", level = 2147483663, line = -1, prev = 0x7fc4c169f200}
|
__PRETTY_FUNCTION__ = "int spider_db_mbase_util::append_tables_top_down(ha_spider*, spider_fields*, spider_string*, TABLE_LIST*, TABLE_LIST**, uint*, TABLE_LIST**)"
|
it1 = {<base_list_iterator> = {list = 0x7fc4b0014bc8, el = 0x7fc4b0014c38, prev = 0x0, current = 0x0}, <No data fields>}
|
#6 0x00007fc4c15c753a in spider_db_mbase_util::append_embedding_tables (this=0x7fc4c16564d0 <spider_db_mysql_utility>, spider=0x7fc4b00bb4a8, fields=0x7fc4b01059b0, str=0x7fc4b00c9188, table_list=0x7fc4b0014568, used_table_list=0x7fc4c169f360, current_pos=0x7fc4c169f3bc, cond_table_list_ptr=0x7fc4c169f3d0) at /data/src/10.3/storage/spider/spd_db_mysql.cc:5885
|
error_num = 32708
|
embedding = 0x0
|
_db_stack_frame_ = {func = 0x7fc4c161df18 "spider_db_mbase_util::append_table", file = 0x7fc4c161b2d8 "/data/src/10.3/storage/spider/spd_db_mysql.cc", level = 2147483662, line = -1, prev = 0x7fc4c169f2e0}
|
__PRETTY_FUNCTION__ = "int spider_db_mbase_util::append_embedding_tables(ha_spider*, spider_fields*, spider_string*, TABLE_LIST*, TABLE_LIST**, uint*, TABLE_LIST**)"
|
#7 0x00007fc4c15c5e6b in spider_db_mbase_util::append_table (this=0x7fc4c16564d0 <spider_db_mysql_utility>, spider=0x7fc4b00bb4a8, fields=0x7fc4b01059b0, str=0x7fc4b00c9188, table_list=0x7fc4b0013438, used_table_list=0x7fc4c169f360, current_pos=0x7fc4c169f3bc, cond_table_list_ptr=0x7fc4c169f3d0, top_down=false, first=false) at /data/src/10.3/storage/spider/spd_db_mysql.cc:5475
|
error_num = 0
|
use_cond_table_list = false
|
db_share = 0x7fc4b00c0aa0
|
dbton_hdl = 0x7fc4b00c9130
|
table_holder = 0x7fc4b01a8a20
|
cond_table_list = 0x0
|
spd = 0x7fc4b00bb4a8
|
_db_stack_frame_ = {func = 0x7fc4c161e2c0 "spider_db_mbase_util::append_from_and_tables", file = 0x7fc4c161b2d8 "/data/src/10.3/storage/spider/spd_db_mysql.cc", level = 2147483661, line = -1, prev = 0x7fc4c169f3f0}
|
#8 0x00007fc4c15c77a7 in spider_db_mbase_util::append_from_and_tables (this=0x7fc4c16564d0 <spider_db_mysql_utility>, spider=0x7fc4b00bb4a8, fields=0x7fc4b01059b0, str=0x7fc4b00c9188, table_list=0x7fc4b0013438, table_count=2) at /data/src/10.3/storage/spider/spd_db_mysql.cc:5939
|
error_num = 0
|
current_pos = 1
|
roop_count = 1
|
backup_pos = 1
|
outer_join_backup = 32708
|
table = 0x7fc4b0100970
|
used_table_list = 0x7fc4c169f360
|
prev_table_list = 0x0
|
cond_table_list = 0x0
|
_db_stack_frame_ = {func = 0x7fc4c1622830 "spider_mbase_handler::append_from_and_tables_part", file = 0x7fc4c161b2d8 "/data/src/10.3/storage/spider/spd_db_mysql.cc", level = 2147483660, line = -1, prev = 0x7fc4c169f480}
|
#9 0x00007fc4c15f2b1b in spider_mbase_handler::append_from_and_tables_part (this=0x7fc4b00c9130, fields=0x7fc4b01059b0, sql_type=1) at /data/src/10.3/storage/spider/spd_db_mysql.cc:14247
|
error_num = 0
|
str = 0x7fc4b00c9188
|
table_holder = 0x7fc4b01a8a20
|
table_list = 0x7fc4b0012d78
|
_db_stack_frame_ = {func = 0x7fc4c1623da0 "spider_group_by_handler::init_scan", file = 0x7fc4c1623198 "/data/src/10.3/storage/spider/spd_group_by_handler.cc", level = 2147483659, line = -1, prev = 0x7fc4c169f530}
|
#10 0x00007fc4c15fbc45 in spider_group_by_handler::init_scan (this=0x7fc4b01a8eb0) at /data/src/10.3/storage/spider/spd_group_by_handler.cc:1321
|
error_num = 0
|
link_idx = 1
|
dbton_id = 0
|
dbton_hdl = 0x7fc4b00c9130
|
select_lex = 0x7fc4b00053d8
|
select_limit = 9223372036854775807
|
direct_order_limit = 9223372036854775807
|
share = 0x7fc4b00bd1a0
|
conn = 0x55d3293951dc <_db_enter_+282>
|
result_list = 0x7fc4b00bb9f8
|
link_idx_chain = 0x7fc4c169f560
|
link_idx_holder = 0x7fc4c169f5c0
|
_db_stack_frame_ = {func = 0x55d329429907 "Pushdown_query::execute", file = 0x55d3294298e0 "/data/src/10.3/sql/group_by_handler.cc", level = 2147483658, line = -1, prev = 0x7fc4c169f5c0}
|
field = 0x7fc4b01aa0d8
|
__PRETTY_FUNCTION__ = "virtual int spider_group_by_handler::init_scan()"
|
#11 0x000055d32889bcdf in Pushdown_query::execute (this=0x7fc4b01a6bf8, join=0x7fc4b0015a90) at /data/src/10.3/sql/group_by_handler.cc:49
|
err = -1342174000
|
max_limit = 140482743196304
|
reset_limit = 0x0
|
reset_item = 0x0
|
thd = 0x7fc4b0000d90
|
table = 0x7fc4b01a8fd8
|
_db_stack_frame_ = {func = 0x55d329421220 "do_select", file = 0x55d32941e5c0 "/data/src/10.3/sql/sql_select.cc", level = 2147483657, line = -1, prev = 0x7fc4c169f660}
|
#12 0x000055d328853f35 in do_select (join=0x7fc4b0015a90, procedure=0x0) at /data/src/10.3/sql/sql_select.cc:19331
|
res = 21971
|
rc = 0
|
error = NESTED_LOOP_OK
|
_db_stack_frame_ = {func = 0x55d32941f2e1 "JOIN::exec_inner", file = 0x55d32941e5c0 "/data/src/10.3/sql/sql_select.cc", level = 2147483656, line = -1, prev = 0x7fc4c169f6c0}
|
__PRETTY_FUNCTION__ = "int do_select(JOIN*, Procedure*)"
|
#13 0x000055d32882b14b in JOIN::exec_inner (this=0x7fc4b0015a90) at /data/src/10.3/sql/sql_select.cc:4151
|
columns_list = 0x7fc4b0005500
|
_db_stack_frame_ = {func = 0x55d32941f396 "mysql_select", file = 0x55d32941e5c0 "/data/src/10.3/sql/sql_select.cc", level = 2147483655, line = -1, prev = 0x7fc4c169f7a0}
|
__PRETTY_FUNCTION__ = "void JOIN::exec_inner()"
|
#14 0x000055d32882a50e in JOIN::exec (this=0x7fc4b0015a90) at /data/src/10.3/sql/sql_select.cc:3945
|
No locals.
|
#15 0x000055d32882b837 in mysql_select (thd=0x7fc4b0000d90, tables=0x7fc4b0012d78, wild_num=1, fields=@0x7fc4b0005500: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7fc4b0012d20, last = 0x7fc4b0012d20, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fc4b0015a68, unit=0x7fc4b0004c40, select_lex=0x7fc4b00053d8) at /data/src/10.3/sql/sql_select.cc:4354
|
err = 0
|
free_join = true
|
_db_stack_frame_ = {func = 0x55d32941e5fd "handle_select", file = 0x55d32941e5c0 "/data/src/10.3/sql/sql_select.cc", level = 2147483654, line = -1, prev = 0x7fc4c169f860}
|
join = 0x7fc4b0015a90
|
#16 0x000055d32881cdad in handle_select (thd=0x7fc4b0000d90, lex=0x7fc4b0004b80, result=0x7fc4b0015a68, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:372
|
unit = 0x7fc4b0004c40
|
res = false
|
select_lex = 0x7fc4b00053d8
|
_db_stack_frame_ = {func = 0x55d3294132c8 "mysql_execute_command", file = 0x55d3294126a8 "/data/src/10.3/sql/sql_parse.cc", level = 2147483653, line = -1, prev = 0x7fc4c169fed0}
|
#17 0x000055d3287e3d90 in execute_sqlcom_select (thd=0x7fc4b0000d90, all_tables=0x7fc4b0012d78) at /data/src/10.3/sql/sql_parse.cc:6339
|
save_protocol = 0x0
|
lex = 0x7fc4b0004b80
|
result = 0x7fc4b0015a68
|
res = false
|
__PRETTY_FUNCTION__ = "bool execute_sqlcom_select(THD*, TABLE_LIST*)"
|
#18 0x000055d3287da798 in mysql_execute_command (thd=0x7fc4b0000d90) at /data/src/10.3/sql/sql_parse.cc:3870
|
privileges_requested = 1
|
res = 0
|
up_result = 0
|
lex = 0x7fc4b0004b80
|
select_lex = 0x7fc4b00053d8
|
first_table = 0x7fc4b0012d78
|
all_tables = 0x7fc4b0012d78
|
unit = 0x7fc4b0004c40
|
have_table_map_for_update = false
|
rpl_filter = 0x388293951dc
|
_db_stack_frame_ = {func = 0x55d3294145a0 "mysql_parse", file = 0x55d3294126a8 "/data/src/10.3/sql/sql_parse.cc", level = 2147483652, line = -1, prev = 0x7fc4c16a0400}
|
__PRETTY_FUNCTION__ = "int mysql_execute_command(THD*)"
|
orig_binlog_format = BINLOG_FORMAT_MIXED
|
orig_current_stmt_binlog_format = BINLOG_FORMAT_STMT
|
#19 0x000055d3287e8090 in mysql_parse (thd=0x7fc4b0000d90, rawbuf=0x7fc4b0012ad8 "SELECT t1_spider.* FROM t1_spider LEFT JOIN t2_spider LEFT JOIN t3_spider ON b = c ON a = b", length=91, parser_state=0x7fc4c16a05b0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7870
|
found_semicolon = 0x0
|
error = 32708
|
lex = 0x7fc4b0004b80
|
err = false
|
_db_stack_frame_ = {func = 0x55d329412b32 "dispatch_command", file = 0x55d3294126a8 "/data/src/10.3/sql/sql_parse.cc", level = 2147483651, line = -1, prev = 0x7fc4c16a0590}
|
__PRETTY_FUNCTION__ = "void mysql_parse(THD*, char*, uint, Parser_state*, bool, bool)"
|
#20 0x000055d3287d48c5 in dispatch_command (command=COM_QUERY, thd=0x7fc4b0000d90, packet=0x7fc4b0008f31 "", packet_length=91, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1852
|
packet_end = 0x7fc4b0012b33 ""
|
parser_state = {m_lip = {lookahead_token = -1, lookahead_yylval = 0x0, m_thd = 0x7fc4b0000d90, m_ptr = 0x7fc4b0012b34 "\004", m_tok_start = 0x7fc4b0012b34 "\004", m_tok_end = 0x7fc4b0012b34 "\004", m_end_of_query = 0x7fc4b0012b33 "", m_tok_start_prev = 0x7fc4b0012b33 "", m_buf = 0x7fc4b0012ad8 "SELECT t1_spider.* FROM t1_spider LEFT JOIN t2_spider LEFT JOIN t3_spider ON b = c ON a = b", m_buf_length = 91, m_echo = true, m_echo_saved = 12, m_cpp_buf = 0x7fc4b0012b90 "SELECT t1_spider.* FROM t1_spider LEFT JOIN t2_spider LEFT JOIN t3_spider ON b = c ON a = b", m_cpp_ptr = 0x7fc4b0012beb "", m_cpp_tok_start = 0x7fc4b0012beb "", m_cpp_tok_start_prev = 0x7fc4b0012beb "", m_cpp_tok_end = 0x7fc4b0012beb "", m_body_utf8 = 0x0, m_body_utf8_ptr = 0x100002936f993 <error: Cannot access memory at address 0x100002936f993>, m_cpp_utf8_processed_ptr = 0x0, next_state = MY_LEX_END, found_semicolon = 0x0, ignore_space = false, stmt_prepare_mode = false, multi_statements = true, yylineno = 1, m_digest = 0x0, in_comment = NO_COMMENT, in_comment_saved = PRESERVE_COMMENT, m_cpp_text_start = 0x7fc4b0012bea "b", m_cpp_text_end = 0x7fc4b0012beb "", m_underscore_cs = 0x0}, m_yacc = {yacc_yyss = 0x0, yacc_yyvs = 0x0, m_set_signal_info = {m_item = {0x0 <repeats 12 times>}}, m_lock_type = TL_READ_DEFAULT, m_mdl_type = MDL_SHARED_READ}, m_digest_psi = 0x7fc4b0004658}
|
net = 0x7fc4b0001098
|
error = false
|
do_end_of_statement = true
|
_db_stack_frame_ = {func = 0x55d3294128bd "do_command", file = 0x55d3294126a8 "/data/src/10.3/sql/sql_parse.cc", level = 2147483650, line = -1, prev = 0x7fc4c16a0df0}
|
drop_more_results = false
|
__PRETTY_FUNCTION__ = "bool dispatch_command(enum_server_command, THD*, char*, uint, bool, bool)"
|
res = <optimized out>
|
#21 0x000055d3287d3283 in do_command (thd=0x7fc4b0000d90) at /data/src/10.3/sql/sql_parse.cc:1398
|
return_value = false
|
packet = 0x7fc4b0008f30 "\001"
|
packet_length = 92
|
net = 0x7fc4b0001098
|
command = COM_QUERY
|
_db_stack_frame_ = {func = 0x55d3297947d0 "?func", file = 0x55d3297947d6 "?file", level = 2147483649, line = -1, prev = 0x0}
|
__PRETTY_FUNCTION__ = "bool do_command(THD*)"
|
#22 0x000055d328950878 in do_handle_one_connection (connect=0x55d32aadc170) at /data/src/10.3/sql/sql_connect.cc:1403
|
create_user = true
|
thr_create_utime = 3660717642552
|
thd = 0x7fc4b0000d90
|
#23 0x000055d3289505e3 in handle_one_connection (arg=0x55d32aadc170) at /data/src/10.3/sql/sql_connect.cc:1308
|
connect = 0x55d32aadc170
|
#24 0x000055d3292ffb62 in pfs_spawn_thread (arg=0x55d32abdca40) at /data/src/10.3/storage/perfschema/pfs.cc:1869
|
typed_arg = 0x55d32abdca40
|
user_arg = 0x55d32aadc170
|
user_start_routine = 0x55d3289505b3 <handle_one_connection(void*)>
|
pfs = 0x7fc4c59706c0
|
klass = 0x55d32a8cf280
|
#25 0x00007fc4c7812ea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
ret = <optimized out>
|
pd = <optimized out>
|
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140483035272960, -5235067572857094810, 140727913514734, 140727913514735, 140483035271104, 311296, 5246921248254967142, 5246907717992693094}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
|
not_first_call = 0
|
#26 0x00007fc4c7742def in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
dynamic-stack-buffer-overflow with ASAN build:
10.3 95989e82 |
==1903137==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7f54cd4180b0 at pc 0x7f54ccde385f bp 0x7f54cd417b40 sp 0x7f54cd417b30
|
WRITE of size 8 at 0x7f54cd4180b0 thread T28
|
#0 0x7f54ccde385e in spider_db_mbase_util::append_table(ha_spider*, spider_fields*, spider_string*, TABLE_LIST*, TABLE_LIST**, unsigned int*, TABLE_LIST**, bool, bool) /home/nayuta_mariadb/repo/mariadb-server/10.3/storage/spider/spd_db_mysql.cc:5595
|
#1 0x7f54ccde43e1 in spider_db_mbase_util::append_tables_top_down(ha_spider*, spider_fields*, spider_string*, TABLE_LIST*, TABLE_LIST**, unsigned int*, TABLE_LIST**) /home/nayuta_mariadb/repo/mariadb-server/10.3/storage/spider/spd_db_mysql.cc:5732
|
#2 0x7f54ccde535a in spider_db_mbase_util::append_embedding_tables(ha_spider*, spider_fields*, spider_string*, TABLE_LIST*, TABLE_LIST**, unsigned int*, TABLE_LIST**) /home/nayuta_mariadb/repo/mariadb-server/10.3/storage/spider/spd_db_mysql.cc:5885
|
#3 0x7f54ccde2cfc in spider_db_mbase_util::append_table(ha_spider*, spider_fields*, spider_string*, TABLE_LIST*, TABLE_LIST**, unsigned int*, TABLE_LIST**, bool, bool) /home/nayuta_mariadb/repo/mariadb-server/10.3/storage/spider/spd_db_mysql.cc:5475
|
#4 0x7f54ccde582b in spider_db_mbase_util::append_from_and_tables(ha_spider*, spider_fields*, spider_string*, TABLE_LIST*, unsigned int) /home/nayuta_mariadb/repo/mariadb-server/10.3/storage/spider/spd_db_mysql.cc:5939
|
#5 0x7f54cce4f2f7 in spider_create_group_by_handler(THD*, Query*) /home/nayuta_mariadb/repo/mariadb-server/10.3/storage/spider/spd_group_by_handler.cc:1813
|
#6 0x564ca27f513b in JOIN::make_aggr_tables_info() /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/sql_select.cc:2924
|
#7 0x564ca27f2bb8 in JOIN::optimize_stage2() /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/sql_select.cc:2694
|
#8 0x564ca27ec168 in JOIN::optimize_inner() /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/sql_select.cc:2000
|
#9 0x564ca27e7a16 in JOIN::optimize() /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/sql_select.cc:1519
|
#10 0x564ca2801ed0 in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/sql_select.cc:4337
|
#11 0x564ca27dc41d in handle_select(THD*, LEX*, select_result*, unsigned long) /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/sql_select.cc:372
|
#12 0x564ca2761a6e in execute_sqlcom_select /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/sql_parse.cc:6339
|
#13 0x564ca274fb65 in mysql_execute_command(THD*) /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/sql_parse.cc:3870
|
#14 0x564ca276a786 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/sql_parse.cc:7870
|
#15 0x564ca274313e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/sql_parse.cc:1852
|
#16 0x564ca2740411 in do_command(THD*) /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/sql_parse.cc:1398
|
#17 0x564ca2ab7adc in do_handle_one_connection(CONNECT*) /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/sql_connect.cc:1403
|
#18 0x564ca2ab73ca in handle_one_connection /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/sql_connect.cc:1308
|
#19 0x7f54e4a24b42 (/lib/x86_64-linux-gnu/libc.so.6+0x94b42)
|
#20 0x7f54e4ab5bb3 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x125bb3)
|
 |
Address 0x7f54cd4180b0 is located in stack of thread T28 at offset 288 in frame
|
#0 0x7f54ccde2957 in spider_db_mbase_util::append_table(ha_spider*, spider_fields*, spider_string*, TABLE_LIST*, TABLE_LIST**, unsigned int*, TABLE_LIST**, bool, bool) /home/nayuta_mariadb/repo/mariadb-server/10.3/storage/spider/spd_db_mysql.cc:5455
|
 |
This frame has 1 object(s):
|
[32, 64) 'it2' (line 5614) <== Memory access at offset 288 overflows this variable
|
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
|
(longjmp and C++ exceptions *are* supported)
|
Thread T28 created by T0 here:
|
#0 0x7f54e5128685 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:216
|
#1 0x564ca24cc7df in create_thread_to_handle_connection(CONNECT*) /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/mysqld.cc:6668
|
#2 0x564ca24ccdae in create_new_thread /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/mysqld.cc:6738
|
#3 0x564ca24cde14 in handle_connections_sockets() /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/mysqld.cc:6996
|
#4 0x564ca24cbf92 in mysqld_main(int, char**) /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/mysqld.cc:6290
|
#5 0x564ca24b9d9c in main /home/nayuta_mariadb/repo/mariadb-server/10.3/sql/main.cc:25
|
#6 0x7f54e49b9d8f (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
|
 |
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow /home/nayuta_mariadb/repo/mariadb-server/10.3/storage/spider/spd_db_mysql.cc:5595 in spider_db_mbase_util::append_table(ha_spider*, spider_fields*, spider_string*, TABLE_LIST*, TABLE_LIST**, unsigned int*, TABLE_LIST**, bool, bool)
|
Shadow bytes around the buggy address:
|
0x0feb19a7afc0: f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0feb19a7afd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0feb19a7afe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0feb19a7aff0: 00 00 f1 f1 f1 f1 00 00 00 00 f3 f3 f3 f3 00 00
|
0x0feb19a7b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x0feb19a7b010: ca ca ca ca 00 00[cb]cb cb cb cb cb 00 00 00 00
|
0x0feb19a7b020: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1
|
0x0feb19a7b030: 04 f2 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00
|
0x0feb19a7b040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0feb19a7b050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0feb19a7b060: 00 00 00 00 f1 f1 f1 f1 f1 f1 00 00 00 00 f2 f2
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
Shadow gap: cc
|
==1903137==ABORTING
|
Attachments
Issue Links
- is blocked by
-
MDEV-26247 Spider: Valid LEFT JOIN results in ERROR 1064
- Closed
- is part of
-
MDEV-26247 Spider: Valid LEFT JOIN results in ERROR 1064
- Closed
- relates to
-
MDEV-32238 Add a switch to disable spider group by handler
- Closed