[MDEV-30932] UBSAN: negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself in Item_func_mul::int_op and Item_func_round::int_op - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.11, 11.1(EOL), 10.3(EOL), 10.4(EOL), 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 11.0(EOL)
Fix Version/s: 10.8.8, 10.4.31, 10.5.22, 10.6.15, 10.9.8, 10.10.6, 10.11.5
Component/s: Data types
Labels:
- UBSAN
- affects-tests

Description

Similar to ~~MDEV-30931~~ but in a different function

SELECT (1 DIV(-1/POW(807,14))*1);

Leads to:

11.0.2 a79abb6517f2fa68b48e61aa3354a0631e3a63f7 (Debug)

/test/11.0_dbg_san/sql/item_func.cc:1413:6: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself

/test/11.0_dbg_san/sql/item_func.cc:1444:8: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself

11.0.2 a79abb6517f2fa68b48e61aa3354a0631e3a63f7 (Debug)
Version: '11.0.2-MariaDB-debug' socket: '/test/UBASAN_MD250323-mariadb-11.0.2-linux-x86_64-dbg/socket.sock' port: 11466 MariaDB Server
2023-03-27 17:40:58 0 [Note] InnoDB: Buffer pool(s) load completed at 230327 17:40:58
/test/11.0_dbg_san/sql/item_func.cc:1413:6: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself
#0 0x5558202d2602 in Item_func_mul::int_op() /test/11.0_dbg_san/sql/item_func.cc:1413
#1 0x55581f470eb8 in Item_func_hybrid_field_type::val_int_from_int_op() /test/11.0_dbg_san/sql/item_func.h:849
#2 0x55581f470eb8 in Type_handler_int_result::Item_func_hybrid_field_type_val_int(Item_func_hybrid_field_type*) const /test/11.0_dbg_san/sql/sql_type.cc:5406
#3 0x55581e531687 in Item_func_hybrid_field_type::val_int() /test/11.0_dbg_san/sql/item_func.h:905
#4 0x55581f522764 in Type_handler::Item_send_long(Item, Protocol, st_value*) const /test/11.0_dbg_san/sql/sql_type.cc:7479
#5 0x55581f58a9a2 in Type_handler_long::Item_send(Item, Protocol, st_value*) const /test/11.0_dbg_san/sql/sql_type.h:5696
#6 0x55581dd1359c in Item::send(Protocol, st_value) /test/11.0_dbg_san/sql/item.h:1235
#7 0x55581decf05c in Protocol::send_result_set_row(List<Item>*) /test/11.0_dbg_san/sql/protocol.cc:1332
#8 0x55581e2989ca in select_send::send_data(List<Item>&) /test/11.0_dbg_san/sql/sql_class.cc:3102
#9 0x55581ea0fb03 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_dbg_san/sql/sql_class.h:5748
#10 0x55581ea0fb03 in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4761
#11 0x55581ea1657a in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4672
#12 0x55581ea04d38 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/11.0_dbg_san/sql/sql_select.cc:5153
#13 0x55581ea09193 in handle_select(THD, LEX, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:611
#14 0x55581e588973 in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6267
#15 0x55581e5e9cce in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949
#16 0x55581e6195e6 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:7999
#17 0x55581e62937a in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
#18 0x55581e63717f in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
#19 0x55581effb459 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
#20 0x55581effc974 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
#21 0x14e883c42b42 in start_thread nptl/pthread_create.c:442
#22 0x14e883cd49ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

/test/11.0_dbg_san/sql/item_func.cc:1444:8: runtime error: negation of -9223372036854775808 cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself
#0 0x5558202d269d in Item_func_mul::int_op() /test/11.0_dbg_san/sql/item_func.cc:1444
#1 0x55581f470eb8 in Item_func_hybrid_field_type::val_int_from_int_op() /test/11.0_dbg_san/sql/item_func.h:849
#2 0x55581f470eb8 in Type_handler_int_result::Item_func_hybrid_field_type_val_int(Item_func_hybrid_field_type*) const /test/11.0_dbg_san/sql/sql_type.cc:5406
#3 0x55581e531687 in Item_func_hybrid_field_type::val_int() /test/11.0_dbg_san/sql/item_func.h:905
#4 0x55581f522764 in Type_handler::Item_send_long(Item, Protocol, st_value*) const /test/11.0_dbg_san/sql/sql_type.cc:7479
#5 0x55581f58a9a2 in Type_handler_long::Item_send(Item, Protocol, st_value*) const /test/11.0_dbg_san/sql/sql_type.h:5696
#6 0x55581dd1359c in Item::send(Protocol, st_value) /test/11.0_dbg_san/sql/item.h:1235
#7 0x55581decf05c in Protocol::send_result_set_row(List<Item>*) /test/11.0_dbg_san/sql/protocol.cc:1332
#8 0x55581e2989ca in select_send::send_data(List<Item>&) /test/11.0_dbg_san/sql/sql_class.cc:3102
#9 0x55581ea0fb03 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_dbg_san/sql/sql_class.h:5748
#10 0x55581ea0fb03 in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4761
#11 0x55581ea1657a in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4672
#12 0x55581ea04d38 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/11.0_dbg_san/sql/sql_select.cc:5153
#13 0x55581ea09193 in handle_select(THD, LEX, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:611
#14 0x55581e588973 in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6267
#15 0x55581e5e9cce in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949
#16 0x55581e6195e6 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:7999
#17 0x55581e62937a in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
#18 0x55581e63717f in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
#19 0x55581effb459 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
#20 0x55581effc974 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
#21 0x14e883c42b42 in start_thread nptl/pthread_create.c:442
#22 0x14e883cd49ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

Setup:

Compiled with GCC >=7.5.0 (I use GCC 11.3.0) and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1

Bug confirmed present in:
MariaDB: 10.3.39 (dbg), 10.3.39 (opt), 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.3 (dbg), 10.11.3 (opt), 11.0.2 (dbg), 11.0.2 (opt)

Attachments

Issue Links

relates to

MDEV-30931 UBSAN: negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself in get_interval_value on SELECT

Closed

UBSAN: negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself in Item_func_mul::int_op and Item_func_round::int_op

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration