Details
Description
INSTALL PLUGIN Spider SONAME 'ha_spider.so'; |
CREATE TABLE t (c INT) ENGINE=Spider COMMENT='abc'; |
Leads to:
|
11.0.2 8e55d7ea4a2f94ae3f38fdd8785778612d4b1203 (Debug) |
/test/11.0_dbg_san/storage/spider/spd_table.h:290:9: runtime error: applying non-zero offset 18446744073709551615 to null pointer
|
|
11.0.2 8e55d7ea4a2f94ae3f38fdd8785778612d4b1203 (Debug) |
#0 0x14bb722376e9 in st_spider_param_string_parse::restore_delims() /test/11.0_dbg_san/storage/spider/spd_table.h:290
|
#1 0x14bb722376e9 in st_spider_param_string_parse::print_param_error() /test/11.0_dbg_san/storage/spider/spd_table.cc:1681
|
#2 0x14bb722b12cc in st_spider_param_string_parse::get_next_parameter_head(char*, char**) /test/11.0_dbg_san/storage/spider/spd_table.h:190
|
#3 0x14bb72252a8a in spider_parse_connect_info(st_spider_share*, TABLE_SHARE*, partition_info*, unsigned int) /test/11.0_dbg_san/storage/spider/spd_table.cc:2203
|
#4 0x14bb723264b3 in ha_spider::create(char const*, TABLE*, HA_CREATE_INFO*) /test/11.0_dbg_san/storage/spider/ha_spider.cc:8666
|
#5 0x556d0faa3214 in handler::ha_create(char const*, TABLE*, HA_CREATE_INFO*) /test/11.0_dbg_san/sql/handler.cc:5656
|
#6 0x556d0faa8a0a in ha_create_table(THD*, char const*, char const*, char const*, HA_CREATE_INFO*, st_mysql_const_unsigned_lex_string*, bool) /test/11.0_dbg_san/sql/handler.cc:6125
|
#7 0x556d0ea04861 in create_table_impl /test/11.0_dbg_san/sql/sql_table.cc:4671
|
#8 0x556d0ea05ce3 in mysql_create_table_no_lock(THD*, st_ddl_log_state*, st_ddl_log_state*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /test/11.0_dbg_san/sql/sql_table.cc:4772
|
#9 0x556d0ea11551 in mysql_create_table /test/11.0_dbg_san/sql/sql_table.cc:4888
|
#10 0x556d0ea11551 in Sql_cmd_create_table_like::execute(THD*) /test/11.0_dbg_san/sql/sql_table.cc:12479
|
#11 0x556d0e38f189 in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:6003
|
#12 0x556d0e398aa8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:7999
|
#13 0x556d0e3a883c in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
|
#14 0x556d0e3b6641 in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
|
#15 0x556d0ed7a91b in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
|
#16 0x556d0ed7be36 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
|
#17 0x14bb957fbb42 in start_thread nptl/pthread_create.c:442
|
#18 0x14bb9588d9ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)
|
Setup:
Compiled with GCC >=7.5.0 (I use GCC 11.3.0) and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1
|
Bug confirmed present in:
MariaDB: 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.3 (dbg), 10.11.3 (opt), 11.0.2 (dbg), 11.0.2 (opt), 11.1.0 (dbg), 11.1.0 (opt)
Attachments
Issue Links
- blocks
-
MDEV-28856 Spider: Implement more engine-defined options
-
- Closed
-
- relates to
-
-
- Open
-
Activity
An additional testcase with a different stack
SET sql_mode=''; |
INSTALL PLUGIN Spider SONAME 'ha_spider.so'; |
SET SESSION enforce_storage_engine=Spider; |
CREATE TABLE t (c BINARY KEY) COMMENT='ENGINE "Spider"'; |
Leads to UniqueID/stack:
UBSAN|applying non-zero offset X to null pointer|storage/spider/spd_table.h|st_spider_param_string_parse::restore_delims|st_spider_param_string_parse::print_param_error|spider_parse_connect_info|ha_spider::create
|
Hi holyfoot, ptal thanks:
https://github.com/MariaDB/server/commit/1c997a3d07fda1a81baf39df89ef011436a71740
The parsing logic that caused the issue in this ticket was a mess. So my fix involves a cleanup of the parser. In the future we may remove the spider parsing mechanism altogether in favour of engine-defined options (MDEV-28856 etc.), but it will probably be a long time before that happens, and it will probably be for higher versions rather than 10.4+ in this ticket.
This above commit is based on 11.0. I also have a commit based on 10.4[1] which is not qualitatively different, and a review of the 11.0 version should be sufficient.
Thanks for the review.
Pushed e9f3ca612528c5f917e27ef6113fd1deda2aef26 to 10.4
before pushing: tested on 10.4-6,10.10-11.2,ES-10.4,10.6,23.06
after merge changes:
- 10.4->10.5 bcb5c31f0c7ee0b83b712f55c208f768e4ee6dac
- 10.4->ES-10.4 e5952cf057c7712df0587121f977b1529d086d3a
- 10.6->10.10 dc5be8988afa88ca39a36cd9d2219e0eac9e63f3
So the invalid connection string "help topics" comes from the comment
of the system table mysql.help_topic, which is created in a bootstrap
script scripts/mysql_system_tables.sql, as are other system
tables. Just shows you how confusing having the options in the comment
can be... A reason why we need something like MDEV-31146