[MDEV-30434] ASAN errrors in Item_trigger_field::setup_field / find_field_in_table upon 2nd execution of PS with CREATE TRIGGER - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.7, 10.8, 10.9, 10.10, 10.11
Fix Version/s: 10.6, 10.11, 11.0, 11.1, 11.2, 11.3, 11.4
Component/s: Prepared Statements, Triggers
Labels:
None

Description

CREATE TABLE t (a INT);

PREPARE stmt FROM 'CREATE TRIGGER IF NOT EXISTS tr BEFORE INSERT ON t FOR EACH ROW SET NEW.a = NULL';

EXECUTE stmt;

EXECUTE stmt;

# Cleanup

DROP TABLE t;

10.6 a8c5635c
==1460363==ERROR: AddressSanitizer: heap-use-after-free on address 0x619000088059 at pc 0x55ff5e0f4a8b bp 0x7f92593556c0 sp 0x7f92593556b8
READ of size 1 at 0x619000088059 thread T5
#0 0x55ff5e0f4a8a in my_strcasecmp_utf8mb3 /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/strings/ctype-utf8.c:5110
#1 0x55ff5c237bc1 in find_field_in_table(THD, TABLE, char const, unsigned long, bool, unsigned short) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_base.cc:6028
#2 0x55ff5cca9db1 in Item_trigger_field::setup_field(THD, TABLE, st_grant_info*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/item.cc:9873
#3 0x55ff5c68c405 in Table_triggers_list::create_trigger(THD, TABLE_LIST, String, st_ddl_log_state, st_ddl_log_state*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_trigger.cc:949
#4 0x55ff5c68a58c in mysql_create_or_drop_trigger(THD, TABLE_LIST, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_trigger.cc:661
#5 0x55ff5c3d0135 in mysql_execute_command(THD*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:5822
#6 0x55ff5c432464 in Prepared_statement::execute(String*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:5207
#7 0x55ff5c42d7f4 in Prepared_statement::execute_loop(String, bool, unsigned char, unsigned char*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:4635
#8 0x55ff5c427108 in mysql_sql_stmt_execute(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:3686
#9 0x55ff5c3c2110 in mysql_execute_command(THD*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:3965
#10 0x55ff5c3de269 in mysql_parse(THD, char, unsigned int, Parser_state*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:8019
#11 0x55ff5c3b4ba1 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1896
#12 0x55ff5c3b1968 in do_command(THD*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1409
#13 0x55ff5c80b7f0 in do_handle_one_connection(CONNECT*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1416
#14 0x55ff5c80b186 in handle_one_connection /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1318
#15 0x55ff5d43599f in pfs_spawn_thread /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/perfschema/pfs.cc:2201
#16 0x7f9262e13ea6 in start_thread nptl/pthread_create.c:477
#17 0x7f9262a00aee in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xfcaee)

0x619000088059 is located 217 bytes inside of 1008-byte region [0x619000087f80,0x619000088370)
freed by thread T5 here:
#0 0x7f9263460b6f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:123
#1 0x55ff5dfefdbf in my_free /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/mysys/my_malloc.c:213
#2 0x55ff5dfccd0a in free_root /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/mysys/my_alloc.c:416
#3 0x55ff5c70eaf3 in TABLE_SHARE::destroy() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/table.cc:514
#4 0x55ff5c70ed3e in free_table_share(TABLE_SHARE*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/table.cc:530
#5 0x55ff5ca49ed3 in tdc_delete_share_from_hash /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/table_cache.cc:529
#6 0x55ff5ca4db45 in tdc_release_share(TABLE_SHARE*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/table_cache.cc:991
#7 0x55ff5ca47a44 in intern_close_table /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/table_cache.cc:226
#8 0x55ff5ca47c54 in tc_remove_table /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/table_cache.cc:263
#9 0x55ff5ca48ff5 in tc_release_table(TABLE*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/table_cache.cc:454
#10 0x55ff5c21c98b in close_thread_table(THD, TABLE*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_base.cc:1010
#11 0x55ff5c21b13f in close_all_tables_for_name(THD, TABLE_SHARE, ha_extra_function, TABLE*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_base.cc:770
#12 0x55ff5c68adca in mysql_create_or_drop_trigger(THD, TABLE_LIST, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_trigger.cc:717
#13 0x55ff5c3d0135 in mysql_execute_command(THD*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:5822
#14 0x55ff5c432464 in Prepared_statement::execute(String*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:5207
#15 0x55ff5c42d7f4 in Prepared_statement::execute_loop(String, bool, unsigned char, unsigned char*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:4635
#16 0x55ff5c427108 in mysql_sql_stmt_execute(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:3686
#17 0x55ff5c3c2110 in mysql_execute_command(THD*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:3965
#18 0x55ff5c3de269 in mysql_parse(THD, char, unsigned int, Parser_state*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:8019
#19 0x55ff5c3b4ba1 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1896
#20 0x55ff5c3b1968 in do_command(THD*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1409
#21 0x55ff5c80b7f0 in do_handle_one_connection(CONNECT*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1416
#22 0x55ff5c80b186 in handle_one_connection /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1318
#23 0x55ff5d43599f in pfs_spawn_thread /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/perfschema/pfs.cc:2201
#24 0x7f9262e13ea6 in start_thread nptl/pthread_create.c:477

previously allocated by thread T5 here:
#0 0x7f9263460e8f in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x55ff5dfeefe4 in my_malloc /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/mysys/my_malloc.c:91
#2 0x55ff5dfcbcdb in alloc_root /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/mysys/my_alloc.c:244
#3 0x55ff5dfcd348 in memdup_root /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/mysys/my_alloc.c:479
#4 0x55ff5c71767b in TABLE_SHARE::init_from_binary_frm_image(THD, bool, unsigned char const, unsigned long, unsigned char const*, unsigned long) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/table.cc:1835
#5 0x55ff5c70fa9d in open_table_def(THD, TABLE_SHARE, unsigned int) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/table.cc:719
#6 0x55ff5ca4c0dc in tdc_acquire_share(THD, TABLE_LIST, unsigned int, TABLE**) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/table_cache.cc:836
#7 0x55ff5c220bdd in open_table(THD, TABLE_LIST, Open_table_context*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_base.cc:1886
#8 0x55ff5c22b471 in open_and_process_table /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_base.cc:3847
#9 0x55ff5c22e083 in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_base.cc:4330
#10 0x55ff5c2330c6 in open_and_lock_tables(THD, DDL_options_st const&, TABLE_LIST, bool, unsigned int, Prelocking_strategy*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_base.cc:5303
#11 0x55ff5c21797f in open_and_lock_tables /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_base.h:278
#12 0x55ff5c232027 in open_n_lock_single_table(THD, TABLE_LIST, thr_lock_type, unsigned int, Prelocking_strategy*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_base.cc:5146
#13 0x55ff5c69a340 in open_n_lock_single_table(THD, TABLE_LIST, thr_lock_type, unsigned int) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_base.h:488
#14 0x55ff5c68a009 in mysql_create_or_drop_trigger(THD, TABLE_LIST, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_trigger.cc:608
#15 0x55ff5c3d0135 in mysql_execute_command(THD*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:5822
#16 0x55ff5c432464 in Prepared_statement::execute(String*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:5207
#17 0x55ff5c42d7f4 in Prepared_statement::execute_loop(String, bool, unsigned char, unsigned char*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:4635
#18 0x55ff5c427108 in mysql_sql_stmt_execute(THD*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_prepare.cc:3686
#19 0x55ff5c3c2110 in mysql_execute_command(THD*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:3965
#20 0x55ff5c3de269 in mysql_parse(THD, char, unsigned int, Parser_state*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:8019
#21 0x55ff5c3b4ba1 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1896
#22 0x55ff5c3b1968 in do_command(THD*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_parse.cc:1409
#23 0x55ff5c80b7f0 in do_handle_one_connection(CONNECT*, bool) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1416
#24 0x55ff5c80b186 in handle_one_connection /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/sql_connect.cc:1318
#25 0x55ff5d43599f in pfs_spawn_thread /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/perfschema/pfs.cc:2201
#26 0x7f9262e13ea6 in start_thread nptl/pthread_create.c:477

Thread T5 created by T0 here:
#0 0x7f926340c2a2 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:214
#1 0x55ff5d431708 in my_thread_create /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/perfschema/my_thread.h:52
#2 0x55ff5d435d8e in pfs_spawn_thread_v1 /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/storage/perfschema/pfs.cc:2252
#3 0x55ff5c0ac66f in inline_mysql_thread_create /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/include/mysql/psi/mysql_thread.h:1139
#4 0x55ff5c0c36ec in create_thread_to_handle_connection(CONNECT*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/mysqld.cc:5987
#5 0x55ff5c0c3d32 in create_new_thread(CONNECT*) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/mysqld.cc:6046
#6 0x55ff5c0c4074 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/mysqld.cc:6108
#7 0x55ff5c0c4a32 in handle_connections_sockets() /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/mysqld.cc:6232
#8 0x55ff5c0c2f4a in mysqld_main(int, char**) /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/mysqld.cc:5882
#9 0x55ff5c0ab904 in main /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/sql/main.cc:34
#10 0x7f9262927d09 in __libc_start_main ../csu/libc-start.c:308

SUMMARY: AddressSanitizer: heap-use-after-free /home/jenkins/workspace/sandbox-elenst/Nightly-Build-CS/src/strings/ctype-utf8.c:5110 in my_strcasecmp_utf8mb3
Shadow bytes around the buggy address:
0x0c3280008fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3280008fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa fa
0x0c3280008fd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3280008fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3280008ff0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
=>0x0c3280009000: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd
0x0c3280009010: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3280009020: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3280009030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3280009040: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c3280009050: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==1460363==ABORTING

Reproducible on 10.6+.
Could not reproduce on 10.3-10.5.

Attachments

Activity

People

Assignee:: Dmitry Shulga

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2023-01-19 18:50

Updated:: 2024-02-07 09:13

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.