[MDEV-30981] Spider UBSAN: null pointer passed as argument 2, which is declared to never be null in spider_create_trx_alter_table on ALTER - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL)
Fix Version/s: 10.5.22, 10.6.15, 10.9.8, 10.10.6, 10.11.5, 11.0.3, 11.1.2
Component/s: Storage Engine - Spider
Labels:

Description

INSTALL PLUGIN Spider SONAME 'ha_spider.so';

CREATE TABLE t (c INT) ENGINE=Spider PARTITION BY LIST (c) (PARTITION p VALUES IN (1,2));

ALTER TABLE t ENGINE=InnoDB;

Leads to:

11.0.2 a79abb6517f2fa68b48e61aa3354a0631e3a63f7 (Debug)
/test/11.0_dbg_san/storage/spider/spd_trx.cc:760:11: runtime error: null pointer passed as argument 2, which is declared to never be null
/test/11.0_dbg_san/storage/spider/spd_trx.cc:766:11: runtime error: null pointer passed as argument 2, which is declared to never be null
/test/11.0_dbg_san/storage/spider/spd_trx.cc:772:11: runtime error: null pointer passed as argument 2, which is declared to never be null

11.0.2 a79abb6517f2fa68b48e61aa3354a0631e3a63f7 (Debug)
/test/11.0_dbg_san/storage/spider/spd_trx.cc:760:11: runtime error: null pointer passed as argument 2, which is declared to never be null
#0 0x1535919f83f2 in spider_create_trx_alter_table(st_spider_transaction, st_spider_share, bool) /test/11.0_dbg_san/storage/spider/spd_trx.cc:760
#1 0x153591ccf8f7 in ha_spider::update_create_info(HA_CREATE_INFO*) /test/11.0_dbg_san/storage/spider/ha_spider.cc:8804
#2 0x557f7467b6ca in ha_partition::update_create_info(HA_CREATE_INFO*) /test/11.0_dbg_san/sql/ha_partition.cc:2378
#3 0x557f72114579 in mysql_prepare_alter_table(THD, TABLE, Table_specification_st, Alter_info, Alter_table_ctx*) /test/11.0_dbg_san/sql/sql_table.cc:9014
#4 0x557f72165f0f in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, Table_specification_st, TABLE_LIST, Recreate_info, Alter_info, unsigned int, st_order, bool, bool) /test/11.0_dbg_san/sql/sql_table.cc:10479
#5 0x557f724e5595 in Sql_cmd_alter_table::execute(THD*) /test/11.0_dbg_san/sql/sql_alter.cc:558
#6 0x557f71ac8cc7 in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:6003
#7 0x557f71ad25e6 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:7999
#8 0x557f71ae237a in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
#9 0x557f71af017f in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
#10 0x557f724b4459 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
#11 0x557f724b5974 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
#12 0x1535b5b42b42 in start_thread nptl/pthread_create.c:442
#13 0x1535b5bd49ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

/test/11.0_dbg_san/storage/spider/spd_trx.cc:766:11: runtime error: null pointer passed as argument 2, which is declared to never be null
#0 0x1535919f8685 in spider_create_trx_alter_table(st_spider_transaction, st_spider_share, bool) /test/11.0_dbg_san/storage/spider/spd_trx.cc:766
#1 0x153591ccf8f7 in ha_spider::update_create_info(HA_CREATE_INFO*) /test/11.0_dbg_san/storage/spider/ha_spider.cc:8804
#2 0x557f7467b6ca in ha_partition::update_create_info(HA_CREATE_INFO*) /test/11.0_dbg_san/sql/ha_partition.cc:2378
#3 0x557f72114579 in mysql_prepare_alter_table(THD, TABLE, Table_specification_st, Alter_info, Alter_table_ctx*) /test/11.0_dbg_san/sql/sql_table.cc:9014
#4 0x557f72165f0f in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, Table_specification_st, TABLE_LIST, Recreate_info, Alter_info, unsigned int, st_order, bool, bool) /test/11.0_dbg_san/sql/sql_table.cc:10479
#5 0x557f724e5595 in Sql_cmd_alter_table::execute(THD*) /test/11.0_dbg_san/sql/sql_alter.cc:558
#6 0x557f71ac8cc7 in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:6003
#7 0x557f71ad25e6 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:7999
#8 0x557f71ae237a in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
#9 0x557f71af017f in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
#10 0x557f724b4459 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
#11 0x557f724b5974 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
#12 0x1535b5b42b42 in start_thread nptl/pthread_create.c:442
#13 0x1535b5bd49ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

/test/11.0_dbg_san/storage/spider/spd_trx.cc:772:11: runtime error: null pointer passed as argument 2, which is declared to never be null
#0 0x1535919f8912 in spider_create_trx_alter_table(st_spider_transaction, st_spider_share, bool) /test/11.0_dbg_san/storage/spider/spd_trx.cc:772
#1 0x153591ccf8f7 in ha_spider::update_create_info(HA_CREATE_INFO*) /test/11.0_dbg_san/storage/spider/ha_spider.cc:8804
#2 0x557f7467b6ca in ha_partition::update_create_info(HA_CREATE_INFO*) /test/11.0_dbg_san/sql/ha_partition.cc:2378
#3 0x557f72114579 in mysql_prepare_alter_table(THD, TABLE, Table_specification_st, Alter_info, Alter_table_ctx*) /test/11.0_dbg_san/sql/sql_table.cc:9014
#4 0x557f72165f0f in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, Table_specification_st, TABLE_LIST, Recreate_info, Alter_info, unsigned int, st_order, bool, bool) /test/11.0_dbg_san/sql/sql_table.cc:10479
#5 0x557f724e5595 in Sql_cmd_alter_table::execute(THD*) /test/11.0_dbg_san/sql/sql_alter.cc:558
#6 0x557f71ac8cc7 in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:6003
#7 0x557f71ad25e6 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:7999
#8 0x557f71ae237a in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
#9 0x557f71af017f in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
#10 0x557f724b4459 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
#11 0x557f724b5974 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
#12 0x1535b5b42b42 in start_thread nptl/pthread_create.c:442
#13 0x1535b5bd49ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

Setup:

Compiled with GCC >=7.5.0 (I use GCC 11.3.0) and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export ASAN_OPTIONS=quarantine_size_mb=512:atexit=0:detect_invalid_pointer_pairs=3:dump_instruction_bytes=1:abort_on_error=1:allocator_may_return_null=1

Bug confirmed present in:
MariaDB: 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.3 (dbg), 10.11.3 (opt), 11.0.2 (dbg), 11.0.2 (opt)

Attachments

Issue Links

is blocked by

MDEV-30435 Fix code duplication w.r.t. memcpy in spd_trx.cc

Closed

MariaDB Server

Spider UBSAN: null pointer passed as argument 2, which is declared to never be null in spider_create_trx_alter_table on ALTER

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration