[MDEV-30997] SIGSEGV in __strlen_avx2 | make_date_time | Item_func_date_format::val_str - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.11, 11.0(EOL), 11.1(EOL)
Fix Version/s: 11.1.1, 10.11.3, 11.0.2
Component/s: Locale Settings
Labels:
- not-10.10
- not-10.3
- not-10.4
- not-10.5
- not-10.6
- not-10.8
- not-10.9
- regression-10.11

Description

SET lc_time_names=111;

SELECT DATE_FORMAT('1-12-01','%c %b %M');

Leads to

11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Optimized)
Core was generated by `/test/MD040423-mariadb-11.1.0-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
[Current thread is 1 (Thread 0x14beb406a700 (LWP 945967))]
(gdb) bt
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
#1 0x00005570d464b769 in make_date_time (str=0x14beb4068130, locale=0x5570d5494280 <my_locale_ka_GE>, type=MYSQL_TIMESTAMP_DATE, l_time=0x14beb4067fc0, format=<optimized out>) at /test/11.1_opt/sql/item_timefunc.cc:502
#2 Item_func_date_format::val_str (this=0x14be40010e18, str=0x14beb4068130) at /test/11.1_opt/sql/item_timefunc.cc:1915
#3 0x00005570d44a6d48 in Type_handler::Item_send_str (this=<optimized out>, item=<optimized out>, protocol=0x14be400011e0, buf=<optimized out>) at /test/11.1_opt/sql/sql_type.cc:7446
#4 0x00005570d4229fa6 in Protocol::send_result_set_row (this=this@entry=0x14be400011e0, row_items=row_items@entry=0x14be40010ae0) at /test/11.1_opt/sql/protocol.cc:1332
#5 0x00005570d42a6d27 in select_send::send_data (this=0x14be40011850, items=@0x14be40010ae0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14be40010f00, last = 0x14be40010f00, elements = 1}, <No data fields>}) at /test/11.1_opt/sql/sql_class.cc:3102
#6 0x00005570d43799f7 in select_result_sink::send_data_with_check (u=<optimized out>, sent=0, items=<optimized out>, this=<optimized out>) at /test/11.1_opt/sql/sql_class.h:5748
#7 select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.1_opt/sql/sql_class.h:5738
#8 JOIN::exec_inner (this=0x14be40011878) at /test/11.1_opt/sql/sql_select.cc:4763
#9 0x00005570d4379ede in JOIN::exec (this=this@entry=0x14be40011878) at /test/11.1_opt/sql/sql_select.cc:4674
#10 0x00005570d437802c in mysql_select (thd=0x14be40000c58, tables=0x0, fields=<optimized out>, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14be40011850, unit=0x14be40004ce0, select_lex=0x14be40010820) at /test/11.1_opt/sql/sql_select.cc:5155
#11 0x00005570d4378777 in handle_select (thd=thd@entry=0x14be40000c58, lex=lex@entry=0x14be40004c08, result=result@entry=0x14be40011850, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_opt/sql/sql_select.cc:611
#12 0x00005570d42f804e in execute_sqlcom_select (thd=0x14be40000c58, all_tables=0x0) at /test/11.1_opt/sql/sql_parse.cc:6024
#13 0x00005570d43058e2 in mysql_execute_command (thd=0x14be40000c58, is_called_from_prepared_stmt=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:3944
#14 0x00005570d42f2f25 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14be40000c58) at /test/11.1_opt/sql/sql_parse.cc:7760
#15 mysql_parse (thd=0x14be40000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:7682
#16 0x00005570d42fefc2 in dispatch_command (command=COM_QUERY, thd=0x14be40000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.1_opt/sql/sql_class.h:1370
#17 0x00005570d4300dce in do_command (thd=0x14be40000c58, blocking=blocking@entry=true) at /test/11.1_opt/sql/sql_parse.cc:1405
#18 0x00005570d441e1ef in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5570d7c6eab8, put_in_cache=put_in_cache@entry=true) at /test/11.1_opt/sql/sql_connect.cc:1416
#19 0x00005570d441e4dd in handle_one_connection (arg=0x5570d7c6eab8) at /test/11.1_opt/sql/sql_connect.cc:1318
#20 0x000014becc508609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#21 0x000014becc0f4133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Debug)
Core was generated by `/test/MD040423-mariadb-11.1.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000560d45546e36 in make_date_time (str=0x154700055010,
locale=0x560d466a8ba0 <my_locale_ka_GE>, type=MYSQL_TIMESTAMP_DATE,
l_time=0x154700054e70, format=<optimized out>)
at /test/11.1_dbg/sql/item_timefunc.cc:502
502 str->append(locale->month_names->type_names[l_time->month-1],
[Current thread is 1 (Thread 0x154700057700 (LWP 668414))]
(gdb) bt
#0 0x0000560d45546e36 in make_date_time (str=0x154700055010, locale=0x560d466a8ba0 <my_locale_ka_GE>, type=MYSQL_TIMESTAMP_DATE, l_time=0x154700054e70, format=<optimized out>) at /test/11.1_dbg/sql/item_timefunc.cc:502
#1 Item_func_date_format::val_str (this=0x1546b8013818, str=0x154700055010) at /test/11.1_dbg/sql/item_timefunc.cc:1915
#2 0x0000560d45333dd6 in Type_handler::Item_send_str (this=<optimized out>, item=0x1546b8013818, protocol=0x1546b8001358, buf=<optimized out>) at /test/11.1_dbg/sql/sql_type.cc:7446
#3 0x0000560d4526e59b in Type_handler_string_result::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/11.1_dbg/sql/sql_type.h:5455
#4 0x0000560d44ff7c48 in Item::send (this=0x1546b8013818, protocol=0x1546b8001358, buffer=0x154700054fe0) at /test/11.1_dbg/sql/item.h:1235
#5 0x0000560d4502ef71 in Protocol::send_result_set_row (this=this@entry=0x1546b8001358, row_items=row_items@entry=0x1546b80134e0) at /test/11.1_dbg/sql/protocol.cc:1332
#6 0x0000560d450b7441 in select_send::send_data (this=0x1546b8014250, items=@0x1546b80134e0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1546b8013900, last = 0x1546b8013900, elements = 1}, <No data fields>}) at /test/11.1_dbg/sql/sql_class.cc:3102
#7 0x0000560d451adfbe in select_result_sink::send_data_with_check (sent=0, u=<optimized out>, items=<optimized out>, this=<optimized out>) at /test/11.1_dbg/sql/sql_class.h:5748
#8 JOIN::exec_inner (this=this@entry=0x1546b8014278) at /test/11.1_dbg/sql/sql_select.cc:4763
#9 0x0000560d451aefae in JOIN::exec (this=this@entry=0x1546b8014278) at /test/11.1_dbg/sql/sql_select.cc:4674
#10 0x0000560d451acebb in mysql_select (thd=thd@entry=0x1546b8000d48, tables=<optimized out>, fields=@0x1546b80134e0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1546b8013900, last = 0x1546b8013900, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x1546b8014250, unit=0x1546b8004f90, select_lex=0x1546b8013220) at /test/11.1_dbg/sql/sql_select.cc:5155
#11 0x0000560d451ad641 in handle_select (thd=thd@entry=0x1546b8000d48, lex=lex@entry=0x1546b8004eb8, result=result@entry=0x1546b8014250, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_dbg/sql/sql_select.cc:611
#12 0x0000560d45114cc5 in execute_sqlcom_select (thd=thd@entry=0x1546b8000d48, all_tables=0x0) at /test/11.1_dbg/sql/sql_parse.cc:6024
#13 0x0000560d45120efe in mysql_execute_command (thd=thd@entry=0x1546b8000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.1_dbg/sql/sql_parse.cc:3944
#14 0x0000560d4510f17c in mysql_parse (thd=thd@entry=0x1546b8000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1547000562f0) at /test/11.1_dbg/sql/sql_parse.cc:7760
#15 0x0000560d4511c718 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1546b8000d48, packet=packet@entry=0x1546b800ae39 "", packet_length=packet_length@entry=40, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_class.h:1370
#16 0x0000560d4511eb54 in do_command (thd=0x1546b8000d48, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_parse.cc:1405
#17 0x0000560d452819c1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x560d483971d8, put_in_cache=put_in_cache@entry=true) at /test/11.1_dbg/sql/sql_connect.cc:1416
#18 0x0000560d45281e90 in handle_one_connection (arg=0x560d483971d8) at /test/11.1_dbg/sql/sql_connect.cc:1318
#19 0x000015471850e609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#20 0x00001547180fa133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Attachments

Issue Links

relates to

MDEV-31019 SIGSEGV in Item_func_monthname::val_str and UBSAN: null pointer passed as argument 1, which is declared to never be null in Item_func_monthname::val_str in sql/item_timefunc.cc on SELECT MONTHNAME

Closed

SIGSEGV in __strlen_avx2 | make_date_time | Item_func_date_format::val_str

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration