[MDEV-30931] UBSAN: negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself in get_interval_value on SELECT - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL)
Fix Version/s: 10.5.26, 10.6.19, 10.11.9, 11.1.6, 11.2.5, 11.4.3, 11.5.2
Component/s: Data types
Labels:
- UBSAN
- affects-tests

Description

SELECT DATE_ADD('01-01-23',INTERVAL '9223372036854775808-02' WEEK);

Leads to:

11.0.2 a79abb6517f2fa68b48e61aa3354a0631e3a63f7 (Debug)
/test/11.0_dbg_san/sql/item_timefunc.cc:1354:12: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself
/test/11.0_dbg_san/sql/item_timefunc.cc:1388:33: runtime error: signed integer overflow: -9223372036854775808 * 7 cannot be represented in type 'long long int'
/test/11.0_dbg_san/sql/sql_time.cc:1005:19: runtime error: signed integer overflow: -1 * -9223372036854775808 cannot be represented in type 'long int'

11.0.2 a79abb6517f2fa68b48e61aa3354a0631e3a63f7 (Debug)
/test/11.0_dbg_san/sql/item_timefunc.cc:1354:12: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself
#0 0x56538fd7e5c7 in get_interval_value(THD, Item, interval_type, INTERVAL*) /test/11.0_dbg_san/sql/item_timefunc.cc:1354
#1 0x56538fe494e8 in Func_handler_date_add_interval::add(THD, Item, interval_type, bool, st_mysql_time*) const /test/11.0_dbg_san/sql/item_timefunc.h:1697
#2 0x56538fe494e8 in Func_handler_date_add_interval_string::get_date(THD, Item_handled_func, st_mysql_time*, date_mode_t) const /test/11.0_dbg_san/sql/item_timefunc.h:1814
#3 0x56538e931a1a in Item_handled_func::get_date(THD, st_mysql_time, date_mode_t) /test/11.0_dbg_san/sql/item_func.h:790
#4 0x56538e8cb840 in Temporal_hybrid::Temporal_hybrid(THD, Item, date_mode_t) /test/11.0_dbg_san/sql/sql_type.cc:361
#5 0x56538fe338bc in Temporal_hybrid::Temporal_hybrid(THD, Item) /test/11.0_dbg_san/sql/sql_type.h:1232
#6 0x56538fe338bc in Temporal_hybrid::Temporal_hybrid(Item*) /test/11.0_dbg_san/sql/sql_type.h:1235
#7 0x56538fe338bc in Item_handled_func::Handler_temporal_string::val_str_ascii(Item_handled_func, String) const /test/11.0_dbg_san/sql/item_func.h:572
#8 0x56538e93118a in Item_handled_func::val_str_ascii(String*) /test/11.0_dbg_san/sql/item_func.h:774
#9 0x56538f9f8422 in Item_func::val_str_from_val_str_ascii(String, String) /test/11.0_dbg_san/sql/item_strfunc.cc:103
#10 0x56538fe31dbd in Item_handled_func::Handler_temporal::val_str(Item_handled_func, String) const /test/11.0_dbg_san/sql/item_func.h:537
#11 0x56538e930f6a in Item_handled_func::val_str(String*) /test/11.0_dbg_san/sql/item_func.h:770
#12 0x56538e90d5a1 in Type_handler::Item_send_str(Item, Protocol, st_value*) const /test/11.0_dbg_san/sql/sql_type.cc:7446
#13 0x56538e35baa2 in Type_handler_string_result::Item_send(Item, Protocol, st_value*) const /test/11.0_dbg_san/sql/sql_type.h:5455
#14 0x56538d0ff59c in Item::send(Protocol, st_value) /test/11.0_dbg_san/sql/item.h:1235
#15 0x56538d2bb05c in Protocol::send_result_set_row(List<Item>*) /test/11.0_dbg_san/sql/protocol.cc:1332
#16 0x56538d6849ca in select_send::send_data(List<Item>&) /test/11.0_dbg_san/sql/sql_class.cc:3102
#17 0x56538ddfbb03 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_dbg_san/sql/sql_class.h:5748
#18 0x56538ddfbb03 in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4761
#19 0x56538de0257a in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4672
#20 0x56538ddf0d38 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/11.0_dbg_san/sql/sql_select.cc:5153
#21 0x56538ddf5193 in handle_select(THD, LEX, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:611
#22 0x56538d974973 in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6267
#23 0x56538d9d5cce in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949
#24 0x56538da055e6 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:7999
#25 0x56538da1537a in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
#26 0x56538da2317f in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
#27 0x56538e3e7459 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
#28 0x56538e3e8974 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
#29 0x14b1b9951b42 in start_thread nptl/pthread_create.c:442
#30 0x14b1b99e39ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

/test/11.0_dbg_san/sql/item_timefunc.cc:1388:33: runtime error: signed integer overflow: -9223372036854775808 * 7 cannot be represented in type 'long long int'
#0 0x56538fd7ec0b in get_interval_value(THD, Item, interval_type, INTERVAL*) /test/11.0_dbg_san/sql/item_timefunc.cc:1388
#1 0x56538fe494e8 in Func_handler_date_add_interval::add(THD, Item, interval_type, bool, st_mysql_time*) const /test/11.0_dbg_san/sql/item_timefunc.h:1697
#2 0x56538fe494e8 in Func_handler_date_add_interval_string::get_date(THD, Item_handled_func, st_mysql_time*, date_mode_t) const /test/11.0_dbg_san/sql/item_timefunc.h:1814
#3 0x56538e931a1a in Item_handled_func::get_date(THD, st_mysql_time, date_mode_t) /test/11.0_dbg_san/sql/item_func.h:790
#4 0x56538e8cb840 in Temporal_hybrid::Temporal_hybrid(THD, Item, date_mode_t) /test/11.0_dbg_san/sql/sql_type.cc:361
#5 0x56538fe338bc in Temporal_hybrid::Temporal_hybrid(THD, Item) /test/11.0_dbg_san/sql/sql_type.h:1232
#6 0x56538fe338bc in Temporal_hybrid::Temporal_hybrid(Item*) /test/11.0_dbg_san/sql/sql_type.h:1235
#7 0x56538fe338bc in Item_handled_func::Handler_temporal_string::val_str_ascii(Item_handled_func, String) const /test/11.0_dbg_san/sql/item_func.h:572
#8 0x56538e93118a in Item_handled_func::val_str_ascii(String*) /test/11.0_dbg_san/sql/item_func.h:774
#9 0x56538f9f8422 in Item_func::val_str_from_val_str_ascii(String, String) /test/11.0_dbg_san/sql/item_strfunc.cc:103
#10 0x56538fe31dbd in Item_handled_func::Handler_temporal::val_str(Item_handled_func, String) const /test/11.0_dbg_san/sql/item_func.h:537
#11 0x56538e930f6a in Item_handled_func::val_str(String*) /test/11.0_dbg_san/sql/item_func.h:770
#12 0x56538e90d5a1 in Type_handler::Item_send_str(Item, Protocol, st_value*) const /test/11.0_dbg_san/sql/sql_type.cc:7446
#13 0x56538e35baa2 in Type_handler_string_result::Item_send(Item, Protocol, st_value*) const /test/11.0_dbg_san/sql/sql_type.h:5455
#14 0x56538d0ff59c in Item::send(Protocol, st_value) /test/11.0_dbg_san/sql/item.h:1235
#15 0x56538d2bb05c in Protocol::send_result_set_row(List<Item>*) /test/11.0_dbg_san/sql/protocol.cc:1332
#16 0x56538d6849ca in select_send::send_data(List<Item>&) /test/11.0_dbg_san/sql/sql_class.cc:3102
#17 0x56538ddfbb03 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_dbg_san/sql/sql_class.h:5748
#18 0x56538ddfbb03 in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4761
#19 0x56538de0257a in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4672
#20 0x56538ddf0d38 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/11.0_dbg_san/sql/sql_select.cc:5153
#21 0x56538ddf5193 in handle_select(THD, LEX, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:611
#22 0x56538d974973 in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6267
#23 0x56538d9d5cce in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949
#24 0x56538da055e6 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:7999
#25 0x56538da1537a in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
#26 0x56538da2317f in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
#27 0x56538e3e7459 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
#28 0x56538e3e8974 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
#29 0x14b1b9951b42 in start_thread nptl/pthread_create.c:442
#30 0x14b1b99e39ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

/test/11.0_dbg_san/sql/sql_time.cc:1005:19: runtime error: signed integer overflow: -1 * -9223372036854775808 cannot be represented in type 'long int'
#0 0x56538e2a429e in date_add_interval(THD, st_mysql_time, interval_type, INTERVAL const&, bool) /test/11.0_dbg_san/sql/sql_time.cc:1005
#1 0x56538fe49572 in Func_handler_date_add_interval::add(THD, Item, interval_type, bool, st_mysql_time*) const /test/11.0_dbg_san/sql/item_timefunc.h:1701
#2 0x56538fe49572 in Func_handler_date_add_interval_string::get_date(THD, Item_handled_func, st_mysql_time*, date_mode_t) const /test/11.0_dbg_san/sql/item_timefunc.h:1814
#3 0x56538e931a1a in Item_handled_func::get_date(THD, st_mysql_time, date_mode_t) /test/11.0_dbg_san/sql/item_func.h:790
#4 0x56538e8cb840 in Temporal_hybrid::Temporal_hybrid(THD, Item, date_mode_t) /test/11.0_dbg_san/sql/sql_type.cc:361
#5 0x56538fe338bc in Temporal_hybrid::Temporal_hybrid(THD, Item) /test/11.0_dbg_san/sql/sql_type.h:1232
#6 0x56538fe338bc in Temporal_hybrid::Temporal_hybrid(Item*) /test/11.0_dbg_san/sql/sql_type.h:1235
#7 0x56538fe338bc in Item_handled_func::Handler_temporal_string::val_str_ascii(Item_handled_func, String) const /test/11.0_dbg_san/sql/item_func.h:572
#8 0x56538e93118a in Item_handled_func::val_str_ascii(String*) /test/11.0_dbg_san/sql/item_func.h:774
#9 0x56538f9f8422 in Item_func::val_str_from_val_str_ascii(String, String) /test/11.0_dbg_san/sql/item_strfunc.cc:103
#10 0x56538fe31dbd in Item_handled_func::Handler_temporal::val_str(Item_handled_func, String) const /test/11.0_dbg_san/sql/item_func.h:537
#11 0x56538e930f6a in Item_handled_func::val_str(String*) /test/11.0_dbg_san/sql/item_func.h:770
#12 0x56538e90d5a1 in Type_handler::Item_send_str(Item, Protocol, st_value*) const /test/11.0_dbg_san/sql/sql_type.cc:7446
#13 0x56538e35baa2 in Type_handler_string_result::Item_send(Item, Protocol, st_value*) const /test/11.0_dbg_san/sql/sql_type.h:5455
#14 0x56538d0ff59c in Item::send(Protocol, st_value) /test/11.0_dbg_san/sql/item.h:1235
#15 0x56538d2bb05c in Protocol::send_result_set_row(List<Item>*) /test/11.0_dbg_san/sql/protocol.cc:1332
#16 0x56538d6849ca in select_send::send_data(List<Item>&) /test/11.0_dbg_san/sql/sql_class.cc:3102
#17 0x56538ddfbb03 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_dbg_san/sql/sql_class.h:5748
#18 0x56538ddfbb03 in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4761
#19 0x56538de0257a in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4672
#20 0x56538ddf0d38 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/11.0_dbg_san/sql/sql_select.cc:5153
#21 0x56538ddf5193 in handle_select(THD, LEX, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:611
#22 0x56538d974973 in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6267
#23 0x56538d9d5cce in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949
#24 0x56538da055e6 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:7999
#25 0x56538da1537a in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
#26 0x56538da2317f in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
#27 0x56538e3e7459 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
#28 0x56538e3e8974 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
#29 0x14b1b9951b42 in start_thread nptl/pthread_create.c:442
#30 0x14b1b99e39ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

Setup:

Compiled with GCC >=7.5.0 (I use GCC 11.3.0) and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1

Bug confirmed present in:
MariaDB: 10.3.39 (dbg), 10.3.39 (opt), 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.3 (dbg), 10.11.3 (opt), 11.0.2 (dbg), 11.0.2 (opt)

All UBSAN issues seen with this testcase across versions and build types:

UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_timefunc.cc|get_interval_value|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Item_handled_func::get_date

UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_timefunc.cc|get_interval_value|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Temporal_hybrid::Temporal_hybrid

UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_timefunc.cc|get_interval_value|Item_date_add_interval::get_date|Item_temporal_hybrid_func::val_str_ascii|Item_func::val_str_from_val_str_ascii

Attachments

Issue Links

relates to

MDEV-35714 UBSAN: runtime error: downcast of address 0x1549d2b0ba50 with insufficient space for an object of type 'my_decimal' in Item_dyncol_get::get_date

Confirmed

MDEV-30932 UBSAN: negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself in Item_func_mul::int_op and Item_func_round::int_op

Closed

MDEV-31221 UBSAN runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int' in my_strtoll10_utf32

Closed

MDEV-35406 UBSAN runtime error: signed integer overflow on SELECT DATE_ADD/MAKEDATE

Confirmed

Activity

Ascending order - Click to sort in descending order

Roel Van de Paar added a comment - 2023-03-27 06:15

The following additional testcase:

SELECT DATE_ADD('01-01-23',INTERVAL '10000000000000000000-02' WEEK);

Produces these additional UBSAN issues:

UBSAN|signed integer overflow: X * Y cannot be represented in type 'long long int'|sql/item_timefunc.cc|get_interval_value|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Item_handled_func::get_date

UBSAN|signed integer overflow: X * Y cannot be represented in type 'long long int'|sql/item_timefunc.cc|get_interval_value|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Temporal_hybrid::Temporal_hybrid

UBSAN|signed integer overflow: X * Y cannot be represented in type 'long long int'|sql/item_timefunc.cc|get_interval_value|Item_date_add_interval::get_date|Item_temporal_hybrid_func::val_str_ascii|Item_func::val_str_from_val_str_ascii

11.0.2 a79abb6517f2fa68b48e61aa3354a0631e3a63f7 (Debug, UBASAN)
/test/11.0_dbg_san/sql/item_timefunc.cc:1388:33: runtime error: signed integer overflow: 8446744073709551616 * 7 cannot be represented in type 'long long int'
#0 0x55a19a7cbc0b in get_interval_value(THD, Item, interval_type, INTERVAL*) /test/11.0_dbg_san/sql/item_timefunc.cc:1388
#1 0x55a19a8964e8 in Func_handler_date_add_interval::add(THD, Item, interval_type, bool, st_mysql_time*) const /test/11.0_dbg_san/sql/item_timefunc.h:1697
#2 0x55a19a8964e8 in Func_handler_date_add_interval_string::get_date(THD, Item_handled_func, st_mysql_time*, date_mode_t) const /test/11.0_dbg_san/sql/item_timefunc.h:1814
#3 0x55a19937ea1a in Item_handled_func::get_date(THD, st_mysql_time, date_mode_t) /test/11.0_dbg_san/sql/item_func.h:790
#4 0x55a199318840 in Temporal_hybrid::Temporal_hybrid(THD, Item, date_mode_t) /test/11.0_dbg_san/sql/sql_type.cc:361
#5 0x55a19a8808bc in Temporal_hybrid::Temporal_hybrid(THD, Item) /test/11.0_dbg_san/sql/sql_type.h:1232
#6 0x55a19a8808bc in Temporal_hybrid::Temporal_hybrid(Item*) /test/11.0_dbg_san/sql/sql_type.h:1235
#7 0x55a19a8808bc in Item_handled_func::Handler_temporal_string::val_str_ascii(Item_handled_func, String) const /test/11.0_dbg_san/sql/item_func.h:572
#8 0x55a19937e18a in Item_handled_func::val_str_ascii(String*) /test/11.0_dbg_san/sql/item_func.h:774
#9 0x55a19a445422 in Item_func::val_str_from_val_str_ascii(String, String) /test/11.0_dbg_san/sql/item_strfunc.cc:103
#10 0x55a19a87edbd in Item_handled_func::Handler_temporal::val_str(Item_handled_func, String) const /test/11.0_dbg_san/sql/item_func.h:537
#11 0x55a19937df6a in Item_handled_func::val_str(String*) /test/11.0_dbg_san/sql/item_func.h:770
#12 0x55a19935a5a1 in Type_handler::Item_send_str(Item, Protocol, st_value*) const /test/11.0_dbg_san/sql/sql_type.cc:7446
#13 0x55a198da8aa2 in Type_handler_string_result::Item_send(Item, Protocol, st_value*) const /test/11.0_dbg_san/sql/sql_type.h:5455
#14 0x55a197b4c59c in Item::send(Protocol, st_value) /test/11.0_dbg_san/sql/item.h:1235
#15 0x55a197d0805c in Protocol::send_result_set_row(List<Item>*) /test/11.0_dbg_san/sql/protocol.cc:1332
#16 0x55a1980d19ca in select_send::send_data(List<Item>&) /test/11.0_dbg_san/sql/sql_class.cc:3102
#17 0x55a198848b03 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_dbg_san/sql/sql_class.h:5748
#18 0x55a198848b03 in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4761
#19 0x55a19884f57a in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4672
#20 0x55a19883dd38 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/11.0_dbg_san/sql/sql_select.cc:5153
#21 0x55a198842193 in handle_select(THD, LEX, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:611
#22 0x55a1983c1973 in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6267
#23 0x55a198422cce in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949
#24 0x55a1984525e6 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:7999
#25 0x55a19846237a in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
#26 0x55a19847017f in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
#27 0x55a198e34459 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
#28 0x55a198e35974 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
#29 0x14d5b61a6b42 in start_thread nptl/pthread_create.c:442
#30 0x14d5b62389ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

Roel Van de Paar added a comment - 2023-03-27 06:15 The following additional testcase: SELECT DATE_ADD( '01-01-23' ,INTERVAL '10000000000000000000-02' WEEK); Produces these additional UBSAN issues: UBSAN|signed integer overflow: X * Y cannot be represented in type 'long long int'|sql/item_timefunc.cc|get_interval_value|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Item_handled_func::get_date UBSAN|signed integer overflow: X * Y cannot be represented in type 'long long int'|sql/item_timefunc.cc|get_interval_value|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Temporal_hybrid::Temporal_hybrid UBSAN|signed integer overflow: X * Y cannot be represented in type 'long long int'|sql/item_timefunc.cc|get_interval_value|Item_date_add_interval::get_date|Item_temporal_hybrid_func::val_str_ascii|Item_func::val_str_from_val_str_ascii 11.0.2 a79abb6517f2fa68b48e61aa3354a0631e3a63f7 (Debug, UBASAN) /test/11.0_dbg_san/sql/item_timefunc.cc:1388:33: runtime error: signed integer overflow: 8446744073709551616 * 7 cannot be represented in type 'long long int' #0 0x55a19a7cbc0b in get_interval_value(THD*, Item*, interval_type, INTERVAL*) /test/11.0_dbg_san/sql/item_timefunc.cc:1388 #1 0x55a19a8964e8 in Func_handler_date_add_interval::add(THD*, Item*, interval_type, bool, st_mysql_time*) const /test/11.0_dbg_san/sql/item_timefunc.h:1697 #2 0x55a19a8964e8 in Func_handler_date_add_interval_string::get_date(THD*, Item_handled_func*, st_mysql_time*, date_mode_t) const /test/11.0_dbg_san/sql/item_timefunc.h:1814 #3 0x55a19937ea1a in Item_handled_func::get_date(THD*, st_mysql_time*, date_mode_t) /test/11.0_dbg_san/sql/item_func.h:790 #4 0x55a199318840 in Temporal_hybrid::Temporal_hybrid(THD*, Item*, date_mode_t) /test/11.0_dbg_san/sql/sql_type.cc:361 #5 0x55a19a8808bc in Temporal_hybrid::Temporal_hybrid(THD*, Item*) /test/11.0_dbg_san/sql/sql_type.h:1232 #6 0x55a19a8808bc in Temporal_hybrid::Temporal_hybrid(Item*) /test/11.0_dbg_san/sql/sql_type.h:1235 #7 0x55a19a8808bc in Item_handled_func::Handler_temporal_string::val_str_ascii(Item_handled_func*, String*) const /test/11.0_dbg_san/sql/item_func.h:572 #8 0x55a19937e18a in Item_handled_func::val_str_ascii(String*) /test/11.0_dbg_san/sql/item_func.h:774 #9 0x55a19a445422 in Item_func::val_str_from_val_str_ascii(String*, String*) /test/11.0_dbg_san/sql/item_strfunc.cc:103 #10 0x55a19a87edbd in Item_handled_func::Handler_temporal::val_str(Item_handled_func*, String*) const /test/11.0_dbg_san/sql/item_func.h:537 #11 0x55a19937df6a in Item_handled_func::val_str(String*) /test/11.0_dbg_san/sql/item_func.h:770 #12 0x55a19935a5a1 in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.cc:7446 #13 0x55a198da8aa2 in Type_handler_string_result::Item_send(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.h:5455 #14 0x55a197b4c59c in Item::send(Protocol*, st_value*) /test/11.0_dbg_san/sql/item.h:1235 #15 0x55a197d0805c in Protocol::send_result_set_row(List<Item>*) /test/11.0_dbg_san/sql/protocol.cc:1332 #16 0x55a1980d19ca in select_send::send_data(List<Item>&) /test/11.0_dbg_san/sql/sql_class.cc:3102 #17 0x55a198848b03 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_dbg_san/sql/sql_class.h:5748 #18 0x55a198848b03 in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4761 #19 0x55a19884f57a in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4672 #20 0x55a19883dd38 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.0_dbg_san/sql/sql_select.cc:5153 #21 0x55a198842193 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:611 #22 0x55a1983c1973 in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6267 #23 0x55a198422cce in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949 #24 0x55a1984525e6 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:7999 #25 0x55a19846237a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894 #26 0x55a19847017f in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407 #27 0x55a198e34459 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416 #28 0x55a198e35974 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318 #29 0x14d5b61a6b42 in start_thread nptl/pthread_create.c:442 #30 0x14d5b62389ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

Roel Van de Paar added a comment - 2023-05-09 05:00

This additional testcase:

SELECT MAKEDATE(1,1.e+20)%LOG2(0);

Produces these additional stacks/UniqueID's:

UBSAN|signed integer overflow: X + Y cannot be represented in type 'long int'|sql/item_timefunc.cc|Item_func_makedate::get_date|Temporal_with_date::make_from_item|Date::Date|Item_datefunc::val_real

UBSAN|signed integer overflow: X + Y cannot be represented in type 'long int'|sql/item_timefunc.cc|Item_func_makedate::get_date|Temporal_with_date::make_from_item|Temporal_with_date::Temporal_with_date|Date::Date

Roel Van de Paar added a comment - 2023-05-09 05:00 This additional testcase: SELECT MAKEDATE(1,1.e+20)%LOG2(0); Produces these additional stacks/UniqueID's: UBSAN|signed integer overflow: X + Y cannot be represented in type 'long int'|sql/item_timefunc.cc|Item_func_makedate::get_date|Temporal_with_date::make_from_item|Date::Date|Item_datefunc::val_real UBSAN|signed integer overflow: X + Y cannot be represented in type 'long int'|sql/item_timefunc.cc|Item_func_makedate::get_date|Temporal_with_date::make_from_item|Temporal_with_date::Temporal_with_date|Date::Date

Roel Van de Paar added a comment - 2023-07-01 02:42

This additional testcase:

SELECT DATE_ADD('1-1-1',INTERVAL '9223372036854775807-02' YEAR_MONTH);

Produces these additional stacks/UniqueID's:

UBSAN|signed integer overflow: X * Y cannot be represented in type 'long int'|sql/sql_time.cc|date_add_interval|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Item_handled_func::get_date

UBSAN|signed integer overflow: X * Y cannot be represented in type 'long int'|sql/sql_time.cc|date_add_interval|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Temporal_hybrid::Temporal_hybrid

Roel Van de Paar added a comment - 2023-07-01 02:42 This additional testcase: SELECT DATE_ADD( '1-1-1' ,INTERVAL '9223372036854775807-02' YEAR_MONTH); Produces these additional stacks/UniqueID's: UBSAN|signed integer overflow: X * Y cannot be represented in type 'long int'|sql/sql_time.cc|date_add_interval|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Item_handled_func::get_date UBSAN|signed integer overflow: X * Y cannot be represented in type 'long int'|sql/sql_time.cc|date_add_interval|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Temporal_hybrid::Temporal_hybrid

Roel Van de Paar added a comment - 2023-07-01 02:50

This additional testcase:

SELECT MAKEDATE (1,8e+307);

Produces these additional stacks/UniqueID's:

UBSAN|signed integer overflow: X + Y cannot be represented in type 'long int'|sql/item_timefunc.cc|Item_func_makedate::get_date|Type_handler::Item_send_date|Protocol::send_result_set_row|select_send::send_data

UBSAN|signed integer overflow: X + Y cannot be represented in type 'long int'|sql/item_timefunc.cc|Item_func_makedate::get_date|Type_handler::Item_send_date|Type_handler_temporal_with_date::Item_send|Item::send

Roel Van de Paar added a comment - 2023-07-01 02:50 This additional testcase: SELECT MAKEDATE (1,8e+307); Produces these additional stacks/UniqueID's: UBSAN|signed integer overflow: X + Y cannot be represented in type 'long int'|sql/item_timefunc.cc|Item_func_makedate::get_date|Type_handler::Item_send_date|Protocol::send_result_set_row|select_send::send_data UBSAN|signed integer overflow: X + Y cannot be represented in type 'long int'|sql/item_timefunc.cc|Item_func_makedate::get_date|Type_handler::Item_send_date|Type_handler_temporal_with_date::Item_send|Item::send

Roel Van de Paar added a comment - 2023-07-01 04:24

This additional testcase:

CREATE TABLE t (c CHAR(50) DEFAULT'');

INSERT INTO t VALUES('18446744073709551611e');

SELECT ADDDATE('1-01-01',INTERVAL c MONTH) AS DATE FROM t;

Produces these additional stacks/UniqueID's:

UBSAN|signed integer overflow: X + Y cannot be represented in type 'long int'|sql/sql_time.cc|date_add_interval|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Item_handled_func::get_date

UBSAN|signed integer overflow: X + Y cannot be represented in type 'long int'|sql/sql_time.cc|date_add_interval|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Temporal_hybrid::Temporal_hybrid

Roel Van de Paar added a comment - 2023-07-01 04:24 This additional testcase: CREATE TABLE t (c CHAR (50) DEFAULT '' ); INSERT INTO t VALUES ( '18446744073709551611e' ); SELECT ADDDATE( '1-01-01' ,INTERVAL c MONTH ) AS DATE FROM t; Produces these additional stacks/UniqueID's: UBSAN|signed integer overflow: X + Y cannot be represented in type 'long int'|sql/sql_time.cc|date_add_interval|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Item_handled_func::get_date UBSAN|signed integer overflow: X + Y cannot be represented in type 'long int'|sql/sql_time.cc|date_add_interval|Func_handler_date_add_interval::add|Func_handler_date_add_interval_string::get_date|Temporal_hybrid::Temporal_hybrid

Roel Van de Paar added a comment - 2024-05-24 06:24

Thank you bar for the fix of this test-affecting bug

Roel Van de Paar added a comment - 2024-05-24 06:24 Thank you bar for the fix of this test-affecting bug

Roel Van de Paar added a comment - 2024-11-12 21:23

Also see MDEV-35406 UBSAN runtime error: signed integer overflow on SELECT DATE_ADD

Roel Van de Paar added a comment - 2024-11-12 21:23 Also see MDEV-35406 UBSAN runtime error: signed integer overflow on SELECT DATE_ADD

People

Assignee:: Alexander Barkov

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2023-03-27 06:10

Updated:: 2024-12-30 20:13

Resolved:: 2024-05-24 05:09

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration