[MDEV-31274] LSAN: 32 bytes leaked in 1 allocation in mariadb_dyncol_json - Jira

Roel Van de Paar created issue - 2023-05-15 09:47

Roel Van de Paar made changes - 2023-05-15 09:50

Field	Original Value	New Value
Labels		LSAN Memory_leak

Roel Van de Paar made changes - 2023-05-15 09:51

Description

{code:sql}
CREATE TABLE t (c INT,INDEX (c)) TRANSACTIONAL=1;
INSERT INTO t VALUES (1);
SELECT COLUMN_JSON(c) FROM t;
SHUTDOWN;
{code}

{noformat:title=11.0.2 368dd22a816f3b437bccd0b9ff28b9de9b1abf0a (Debug)}
==1050686==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x562f3ac93337 in __interceptor_malloc (/test/UBASAN_MD120523-mariadb-11.0.2-linux-x86_64-dbg/bin/mariadbd+0x7964337)
    #1 0x562f3f3aa703 in my_malloc /test/11.0_dbg_san/mysys/my_malloc.c:91
    #2 0x562f3f3b79bb in init_dynamic_string /test/11.0_dbg_san/mysys/string.c:39
    #3 0x562f3f3f548b in mariadb_dyncol_json /test/11.0_dbg_san/mysys/ma_dyncol.c:4266
    #4 0x562f3d5e7343 in Item_func_dyncol_json::val_str(String*) /test/11.0_dbg_san/sql/item_strfunc.cc:4964
    #5 0x562f3c52c7af in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.cc:7446
    #6 0x562f3bf75cf2 in Type_handler_string_result::Item_send(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.h:5455
    #7 0x562f3ad07888 in Item::send(Protocol*, st_value*) /test/11.0_dbg_san/sql/item.h:1235
    #8 0x562f3aec3e96 in Protocol::send_result_set_row(List<Item>*) /test/11.0_dbg_san/sql/protocol.cc:1332
    #9 0x562f3b28f4a8 in select_send::send_data(List<Item>&) /test/11.0_dbg_san/sql/sql_class.cc:3102
    #10 0x562f3b948c34 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_dbg_san/sql/sql_class.h:5748
    #11 0x562f3b948c34 in end_send /test/11.0_dbg_san/sql/sql_select.cc:24518
    #12 0x562f3b7a23ef in evaluate_join_record /test/11.0_dbg_san/sql/sql_select.cc:23485
    #13 0x562f3b869299 in sub_select(JOIN*, st_join_table*, bool) /test/11.0_dbg_san/sql/sql_select.cc:23252
    #14 0x562f3ba17164 in do_select /test/11.0_dbg_san/sql/sql_select.cc:22780
    #15 0x562f3ba17164 in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4900
    #16 0x562f3ba18916 in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4677
    #17 0x562f3ba070c1 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.0_dbg_san/sql/sql_select.cc:5158
    #18 0x562f3ba0b51c in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:616
    #19 0x562f3b57da01 in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6279
    #20 0x562f3b5deef5 in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949
    #21 0x562f3b60e973 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:8014
    #22 0x562f3b61e707 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
    #23 0x562f3b62c542 in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
    #24 0x562f3c0018b5 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
    #25 0x562f3c002dd0 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
    #26 0x14ae4b094b42 in start_thread nptl/pthread_create.c:442

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
230515 19:44:15 [ERROR] mysqld got signal 6 ;
{noformat}

Setup:

{noformat}
Compiled with GCC >=7.5.0 (I use GCC 11.3.0) and:
{noformat}

Bug confirmed present in:
MariaDB: 10.4.30 (dbg), 10.4.30 (opt), 10.5.21 (dbg), 10.5.21 (opt), 10.6.14 (dbg), 10.6.14 (opt), 10.9.7 (dbg), 10.9.7 (opt), 10.10.5 (dbg), 10.10.5 (opt), 10.11.4 (dbg), 10.11.4 (opt), 11.0.2 (dbg), 11.0.2 (opt), 11.1.0 (dbg), 11.1.0 (opt)

Also note:
{noformat:title=11.0.2 368dd22a816f3b437bccd0b9ff28b9de9b1abf0a (Debug)}
11.0.2-dbg>SELECT COLUMN_JSON(c) FROM t;
ERROR 1919 (HY000): Encountered illegal format of dynamic column string
{noformat}

{code:sql}
CREATE TABLE t (c INT,INDEX (c)) TRANSACTIONAL=1;
INSERT INTO t VALUES (1);
SELECT COLUMN_JSON(c) FROM t;
SHUTDOWN;
{code}
{noformat:title=11.0.2 368dd22a816f3b437bccd0b9ff28b9de9b1abf0a (Optimized, UBASAN)}
==577810==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x55a3f7e85b17 in malloc (/test/UBASAN_MD120523-mariadb-11.0.2-linux-x86_64-opt/bin/mariadbd+0x7a1eb17)
    #1 0x55a3fc28f394 in my_malloc /test/11.0_opt_san/mysys/my_malloc.c:91
    #2 0x55a3fc29d025 in init_dynamic_string /test/11.0_opt_san/mysys/string.c:39
    #3 0x55a3fc2ed493 in mariadb_dyncol_json /test/11.0_opt_san/mysys/ma_dyncol.c:4266
    #4 0x55a3fa402903 in Item_func_dyncol_json::val_str(String*) /test/11.0_opt_san/sql/item_strfunc.cc:4964
    #5 0x55a3f9528646 in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/11.0_opt_san/sql/sql_type.cc:7446
    #6 0x55a3f8080c4c in Protocol::send_result_set_row(List<Item>*) /test/11.0_opt_san/sql/protocol.cc:1332
    #7 0x55a3f84046da in select_send::send_data(List<Item>&) /test/11.0_opt_san/sql/sql_class.cc:3102
    #8 0x55a3f8a5f413 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_opt_san/sql/sql_class.h:5748
    #9 0x55a3f8a5f413 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_opt_san/sql/sql_class.h:5738
    #10 0x55a3f8a5f413 in end_send /test/11.0_opt_san/sql/sql_select.cc:24518
    #11 0x55a3f88fc4b9 in evaluate_join_record /test/11.0_opt_san/sql/sql_select.cc:23485
    #12 0x55a3f898f956 in sub_select(JOIN*, st_join_table*, bool) /test/11.0_opt_san/sql/sql_select.cc:23252
    #13 0x55a3f8b712e3 in do_select /test/11.0_opt_san/sql/sql_select.cc:22780
    #14 0x55a3f8b712e3 in JOIN::exec_inner() /test/11.0_opt_san/sql/sql_select.cc:4900
    #15 0x55a3f8b76743 in JOIN::exec() /test/11.0_opt_san/sql/sql_select.cc:4677
    #16 0x55a3f8b641f0 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.0_opt_san/sql/sql_select.cc:5158
    #17 0x55a3f8b67d80 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.0_opt_san/sql/sql_select.cc:616
    #18 0x55a3f86e8b80 in execute_sqlcom_select /test/11.0_opt_san/sql/sql_parse.cc:6279
    #19 0x55a3f874e5f6 in mysql_execute_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:3949
    #20 0x55a3f875f4d2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_opt_san/sql/sql_parse.cc:8014
    #21 0x55a3f876cf5d in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_opt_san/sql/sql_parse.cc:1894
    #22 0x55a3f8776728 in do_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:1407
    #23 0x55a3f908580c in do_handle_one_connection(CONNECT*, bool) /test/11.0_opt_san/sql/sql_connect.cc:1416
    #24 0x55a3f9087e0c in handle_one_connection /test/11.0_opt_san/sql/sql_connect.cc:1318
    #25 0x1539dd494b42 in start_thread nptl/pthread_create.c:442

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
230515 19:40:05 [ERROR] mysqld got signal 6 ;
{noformat}

{noformat:title=11.0.2 368dd22a816f3b437bccd0b9ff28b9de9b1abf0a (Debug)}
==1050686==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x562f3ac93337 in __interceptor_malloc (/test/UBASAN_MD120523-mariadb-11.0.2-linux-x86_64-dbg/bin/mariadbd+0x7964337)
    #1 0x562f3f3aa703 in my_malloc /test/11.0_dbg_san/mysys/my_malloc.c:91
    #2 0x562f3f3b79bb in init_dynamic_string /test/11.0_dbg_san/mysys/string.c:39
    #3 0x562f3f3f548b in mariadb_dyncol_json /test/11.0_dbg_san/mysys/ma_dyncol.c:4266
    #4 0x562f3d5e7343 in Item_func_dyncol_json::val_str(String*) /test/11.0_dbg_san/sql/item_strfunc.cc:4964
    #5 0x562f3c52c7af in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.cc:7446
    #6 0x562f3bf75cf2 in Type_handler_string_result::Item_send(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.h:5455
    #7 0x562f3ad07888 in Item::send(Protocol*, st_value*) /test/11.0_dbg_san/sql/item.h:1235
    #8 0x562f3aec3e96 in Protocol::send_result_set_row(List<Item>*) /test/11.0_dbg_san/sql/protocol.cc:1332
    #9 0x562f3b28f4a8 in select_send::send_data(List<Item>&) /test/11.0_dbg_san/sql/sql_class.cc:3102
    #10 0x562f3b948c34 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_dbg_san/sql/sql_class.h:5748
    #11 0x562f3b948c34 in end_send /test/11.0_dbg_san/sql/sql_select.cc:24518
    #12 0x562f3b7a23ef in evaluate_join_record /test/11.0_dbg_san/sql/sql_select.cc:23485
    #13 0x562f3b869299 in sub_select(JOIN*, st_join_table*, bool) /test/11.0_dbg_san/sql/sql_select.cc:23252
    #14 0x562f3ba17164 in do_select /test/11.0_dbg_san/sql/sql_select.cc:22780
    #15 0x562f3ba17164 in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4900
    #16 0x562f3ba18916 in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4677
    #17 0x562f3ba070c1 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.0_dbg_san/sql/sql_select.cc:5158
    #18 0x562f3ba0b51c in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:616
    #19 0x562f3b57da01 in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6279
    #20 0x562f3b5deef5 in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949
    #21 0x562f3b60e973 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:8014
    #22 0x562f3b61e707 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
    #23 0x562f3b62c542 in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
    #24 0x562f3c0018b5 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
    #25 0x562f3c002dd0 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
    #26 0x14ae4b094b42 in start_thread nptl/pthread_create.c:442

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
230515 19:44:15 [ERROR] mysqld got signal 6 ;
{noformat}

Setup:

{noformat}
Compiled with GCC >=7.5.0 (I use GCC 11.3.0) and:
{noformat}

Bug confirmed present in:
MariaDB: 10.4.30 (dbg), 10.4.30 (opt), 10.5.21 (dbg), 10.5.21 (opt), 10.6.14 (dbg), 10.6.14 (opt), 10.9.7 (dbg), 10.9.7 (opt), 10.10.5 (dbg), 10.10.5 (opt), 10.11.4 (dbg), 10.11.4 (opt), 11.0.2 (dbg), 11.0.2 (opt), 11.1.0 (dbg), 11.1.0 (opt)

Also note:
{noformat:title=11.0.2 368dd22a816f3b437bccd0b9ff28b9de9b1abf0a (Debug)}
11.0.2-dbg>SELECT COLUMN_JSON(c) FROM t;
ERROR 1919 (HY000): Encountered illegal format of dynamic column string
{noformat}

Roel Van de Paar made changes - 2023-05-15 09:52

Description

{code:sql}
CREATE TABLE t (c INT,INDEX (c)) TRANSACTIONAL=1;
INSERT INTO t VALUES (1);
SELECT COLUMN_JSON(c) FROM t;
SHUTDOWN;
{code}
{noformat:title=11.0.2 368dd22a816f3b437bccd0b9ff28b9de9b1abf0a (Optimized, UBASAN)}
==577810==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x55a3f7e85b17 in malloc (/test/UBASAN_MD120523-mariadb-11.0.2-linux-x86_64-opt/bin/mariadbd+0x7a1eb17)
    #1 0x55a3fc28f394 in my_malloc /test/11.0_opt_san/mysys/my_malloc.c:91
    #2 0x55a3fc29d025 in init_dynamic_string /test/11.0_opt_san/mysys/string.c:39
    #3 0x55a3fc2ed493 in mariadb_dyncol_json /test/11.0_opt_san/mysys/ma_dyncol.c:4266
    #4 0x55a3fa402903 in Item_func_dyncol_json::val_str(String*) /test/11.0_opt_san/sql/item_strfunc.cc:4964
    #5 0x55a3f9528646 in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/11.0_opt_san/sql/sql_type.cc:7446
    #6 0x55a3f8080c4c in Protocol::send_result_set_row(List<Item>*) /test/11.0_opt_san/sql/protocol.cc:1332
    #7 0x55a3f84046da in select_send::send_data(List<Item>&) /test/11.0_opt_san/sql/sql_class.cc:3102
    #8 0x55a3f8a5f413 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_opt_san/sql/sql_class.h:5748
    #9 0x55a3f8a5f413 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_opt_san/sql/sql_class.h:5738
    #10 0x55a3f8a5f413 in end_send /test/11.0_opt_san/sql/sql_select.cc:24518
    #11 0x55a3f88fc4b9 in evaluate_join_record /test/11.0_opt_san/sql/sql_select.cc:23485
    #12 0x55a3f898f956 in sub_select(JOIN*, st_join_table*, bool) /test/11.0_opt_san/sql/sql_select.cc:23252
    #13 0x55a3f8b712e3 in do_select /test/11.0_opt_san/sql/sql_select.cc:22780
    #14 0x55a3f8b712e3 in JOIN::exec_inner() /test/11.0_opt_san/sql/sql_select.cc:4900
    #15 0x55a3f8b76743 in JOIN::exec() /test/11.0_opt_san/sql/sql_select.cc:4677
    #16 0x55a3f8b641f0 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.0_opt_san/sql/sql_select.cc:5158
    #17 0x55a3f8b67d80 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.0_opt_san/sql/sql_select.cc:616
    #18 0x55a3f86e8b80 in execute_sqlcom_select /test/11.0_opt_san/sql/sql_parse.cc:6279
    #19 0x55a3f874e5f6 in mysql_execute_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:3949
    #20 0x55a3f875f4d2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_opt_san/sql/sql_parse.cc:8014
    #21 0x55a3f876cf5d in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_opt_san/sql/sql_parse.cc:1894
    #22 0x55a3f8776728 in do_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:1407
    #23 0x55a3f908580c in do_handle_one_connection(CONNECT*, bool) /test/11.0_opt_san/sql/sql_connect.cc:1416
    #24 0x55a3f9087e0c in handle_one_connection /test/11.0_opt_san/sql/sql_connect.cc:1318
    #25 0x1539dd494b42 in start_thread nptl/pthread_create.c:442

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
230515 19:40:05 [ERROR] mysqld got signal 6 ;
{noformat}

{noformat:title=11.0.2 368dd22a816f3b437bccd0b9ff28b9de9b1abf0a (Debug)}
==1050686==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x562f3ac93337 in __interceptor_malloc (/test/UBASAN_MD120523-mariadb-11.0.2-linux-x86_64-dbg/bin/mariadbd+0x7964337)
    #1 0x562f3f3aa703 in my_malloc /test/11.0_dbg_san/mysys/my_malloc.c:91
    #2 0x562f3f3b79bb in init_dynamic_string /test/11.0_dbg_san/mysys/string.c:39
    #3 0x562f3f3f548b in mariadb_dyncol_json /test/11.0_dbg_san/mysys/ma_dyncol.c:4266
    #4 0x562f3d5e7343 in Item_func_dyncol_json::val_str(String*) /test/11.0_dbg_san/sql/item_strfunc.cc:4964
    #5 0x562f3c52c7af in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.cc:7446
    #6 0x562f3bf75cf2 in Type_handler_string_result::Item_send(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.h:5455
    #7 0x562f3ad07888 in Item::send(Protocol*, st_value*) /test/11.0_dbg_san/sql/item.h:1235
    #8 0x562f3aec3e96 in Protocol::send_result_set_row(List<Item>*) /test/11.0_dbg_san/sql/protocol.cc:1332
    #9 0x562f3b28f4a8 in select_send::send_data(List<Item>&) /test/11.0_dbg_san/sql/sql_class.cc:3102
    #10 0x562f3b948c34 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_dbg_san/sql/sql_class.h:5748
    #11 0x562f3b948c34 in end_send /test/11.0_dbg_san/sql/sql_select.cc:24518
    #12 0x562f3b7a23ef in evaluate_join_record /test/11.0_dbg_san/sql/sql_select.cc:23485
    #13 0x562f3b869299 in sub_select(JOIN*, st_join_table*, bool) /test/11.0_dbg_san/sql/sql_select.cc:23252
    #14 0x562f3ba17164 in do_select /test/11.0_dbg_san/sql/sql_select.cc:22780
    #15 0x562f3ba17164 in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4900
    #16 0x562f3ba18916 in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4677
    #17 0x562f3ba070c1 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.0_dbg_san/sql/sql_select.cc:5158
    #18 0x562f3ba0b51c in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:616
    #19 0x562f3b57da01 in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6279
    #20 0x562f3b5deef5 in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949
    #21 0x562f3b60e973 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:8014
    #22 0x562f3b61e707 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
    #23 0x562f3b62c542 in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
    #24 0x562f3c0018b5 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
    #25 0x562f3c002dd0 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
    #26 0x14ae4b094b42 in start_thread nptl/pthread_create.c:442

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
230515 19:44:15 [ERROR] mysqld got signal 6 ;
{noformat}

Setup:

{noformat}
Compiled with GCC >=7.5.0 (I use GCC 11.3.0) and:
{noformat}

Bug confirmed present in:
MariaDB: 10.4.30 (dbg), 10.4.30 (opt), 10.5.21 (dbg), 10.5.21 (opt), 10.6.14 (dbg), 10.6.14 (opt), 10.9.7 (dbg), 10.9.7 (opt), 10.10.5 (dbg), 10.10.5 (opt), 10.11.4 (dbg), 10.11.4 (opt), 11.0.2 (dbg), 11.0.2 (opt), 11.1.0 (dbg), 11.1.0 (opt)

Also note:
{noformat:title=11.0.2 368dd22a816f3b437bccd0b9ff28b9de9b1abf0a (Debug)}
11.0.2-dbg>SELECT COLUMN_JSON(c) FROM t;
ERROR 1919 (HY000): Encountered illegal format of dynamic column string
{noformat}

{code:sql}
CREATE TABLE t (c INT,INDEX (c)) TRANSACTIONAL=1;
INSERT INTO t VALUES (1);
SELECT COLUMN_JSON(c) FROM t;
SHUTDOWN;
{code}
{noformat:title=11.0.2 368dd22a816f3b437bccd0b9ff28b9de9b1abf0a (Optimized, UBASAN)}
==577810==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x55a3f7e85b17 in malloc (/test/UBASAN_MD120523-mariadb-11.0.2-linux-x86_64-opt/bin/mariadbd+0x7a1eb17)
    #1 0x55a3fc28f394 in my_malloc /test/11.0_opt_san/mysys/my_malloc.c:91
    #2 0x55a3fc29d025 in init_dynamic_string /test/11.0_opt_san/mysys/string.c:39
    #3 0x55a3fc2ed493 in mariadb_dyncol_json /test/11.0_opt_san/mysys/ma_dyncol.c:4266
    #4 0x55a3fa402903 in Item_func_dyncol_json::val_str(String*) /test/11.0_opt_san/sql/item_strfunc.cc:4964
    #5 0x55a3f9528646 in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/11.0_opt_san/sql/sql_type.cc:7446
    #6 0x55a3f8080c4c in Protocol::send_result_set_row(List<Item>*) /test/11.0_opt_san/sql/protocol.cc:1332
    #7 0x55a3f84046da in select_send::send_data(List<Item>&) /test/11.0_opt_san/sql/sql_class.cc:3102
    #8 0x55a3f8a5f413 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_opt_san/sql/sql_class.h:5748
    #9 0x55a3f8a5f413 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_opt_san/sql/sql_class.h:5738
    #10 0x55a3f8a5f413 in end_send /test/11.0_opt_san/sql/sql_select.cc:24518
    #11 0x55a3f88fc4b9 in evaluate_join_record /test/11.0_opt_san/sql/sql_select.cc:23485
    #12 0x55a3f898f956 in sub_select(JOIN*, st_join_table*, bool) /test/11.0_opt_san/sql/sql_select.cc:23252
    #13 0x55a3f8b712e3 in do_select /test/11.0_opt_san/sql/sql_select.cc:22780
    #14 0x55a3f8b712e3 in JOIN::exec_inner() /test/11.0_opt_san/sql/sql_select.cc:4900
    #15 0x55a3f8b76743 in JOIN::exec() /test/11.0_opt_san/sql/sql_select.cc:4677
    #16 0x55a3f8b641f0 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.0_opt_san/sql/sql_select.cc:5158
    #17 0x55a3f8b67d80 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.0_opt_san/sql/sql_select.cc:616
    #18 0x55a3f86e8b80 in execute_sqlcom_select /test/11.0_opt_san/sql/sql_parse.cc:6279
    #19 0x55a3f874e5f6 in mysql_execute_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:3949
    #20 0x55a3f875f4d2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_opt_san/sql/sql_parse.cc:8014
    #21 0x55a3f876cf5d in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_opt_san/sql/sql_parse.cc:1894
    #22 0x55a3f8776728 in do_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:1407
    #23 0x55a3f908580c in do_handle_one_connection(CONNECT*, bool) /test/11.0_opt_san/sql/sql_connect.cc:1416
    #24 0x55a3f9087e0c in handle_one_connection /test/11.0_opt_san/sql/sql_connect.cc:1318
    #25 0x1539dd494b42 in start_thread nptl/pthread_create.c:442

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
230515 19:40:05 [ERROR] mysqld got signal 6 ;
{noformat}

{noformat:title=11.0.2 368dd22a816f3b437bccd0b9ff28b9de9b1abf0a (Debug)}
==1050686==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
    #0 0x562f3ac93337 in __interceptor_malloc (/test/UBASAN_MD120523-mariadb-11.0.2-linux-x86_64-dbg/bin/mariadbd+0x7964337)
    #1 0x562f3f3aa703 in my_malloc /test/11.0_dbg_san/mysys/my_malloc.c:91
    #2 0x562f3f3b79bb in init_dynamic_string /test/11.0_dbg_san/mysys/string.c:39
    #3 0x562f3f3f548b in mariadb_dyncol_json /test/11.0_dbg_san/mysys/ma_dyncol.c:4266
    #4 0x562f3d5e7343 in Item_func_dyncol_json::val_str(String*) /test/11.0_dbg_san/sql/item_strfunc.cc:4964
    #5 0x562f3c52c7af in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.cc:7446
    #6 0x562f3bf75cf2 in Type_handler_string_result::Item_send(Item*, Protocol*, st_value*) const /test/11.0_dbg_san/sql/sql_type.h:5455
    #7 0x562f3ad07888 in Item::send(Protocol*, st_value*) /test/11.0_dbg_san/sql/item.h:1235
    #8 0x562f3aec3e96 in Protocol::send_result_set_row(List<Item>*) /test/11.0_dbg_san/sql/protocol.cc:1332
    #9 0x562f3b28f4a8 in select_send::send_data(List<Item>&) /test/11.0_dbg_san/sql/sql_class.cc:3102
    #10 0x562f3b948c34 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/11.0_dbg_san/sql/sql_class.h:5748
    #11 0x562f3b948c34 in end_send /test/11.0_dbg_san/sql/sql_select.cc:24518
    #12 0x562f3b7a23ef in evaluate_join_record /test/11.0_dbg_san/sql/sql_select.cc:23485
    #13 0x562f3b869299 in sub_select(JOIN*, st_join_table*, bool) /test/11.0_dbg_san/sql/sql_select.cc:23252
    #14 0x562f3ba17164 in do_select /test/11.0_dbg_san/sql/sql_select.cc:22780
    #15 0x562f3ba17164 in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4900
    #16 0x562f3ba18916 in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4677
    #17 0x562f3ba070c1 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.0_dbg_san/sql/sql_select.cc:5158
    #18 0x562f3ba0b51c in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:616
    #19 0x562f3b57da01 in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6279
    #20 0x562f3b5deef5 in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949
    #21 0x562f3b60e973 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:8014
    #22 0x562f3b61e707 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
    #23 0x562f3b62c542 in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
    #24 0x562f3c0018b5 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
    #25 0x562f3c002dd0 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
    #26 0x14ae4b094b42 in start_thread nptl/pthread_create.c:442

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
230515 19:44:15 [ERROR] mysqld got signal 6 ;
{noformat}

Setup:

{noformat}
Compiled with GCC >=7.5.0 (I use GCC 11.3.0) and:
    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
Set before execution:
    export UBSAN_OPTIONS=print_stacktrace=1
{noformat}

Bug confirmed present in:
MariaDB: 10.4.30 (dbg), 10.4.30 (opt), 10.5.21 (dbg), 10.5.21 (opt), 10.6.14 (dbg), 10.6.14 (opt), 10.9.7 (dbg), 10.9.7 (opt), 10.10.5 (dbg), 10.10.5 (opt), 10.11.4 (dbg), 10.11.4 (opt), 11.0.2 (dbg), 11.0.2 (opt), 11.1.0 (dbg), 11.1.0 (opt)

Also note:
{noformat:title=11.0.2 368dd22a816f3b437bccd0b9ff28b9de9b1abf0a (Debug)}
11.0.2-dbg>SELECT COLUMN_JSON(c) FROM t;
ERROR 1919 (HY000): Encountered illegal format of dynamic column string
{noformat}

Roel Van de Paar made changes - 2023-08-09 02:52

Affects Version/s

11.2 [ 28603 ]

Roel Van de Paar made changes - 2023-08-09 02:52

Fix Version/s

11.2 [ 28603 ]

Roel Van de Paar made changes - 2023-08-09 02:52

Status

Open [ 1 ]

Confirmed [ 10101 ]

Roel Van de Paar added a comment - 2023-08-09 02:55 - edited

Alternative testcase

CREATE TABLE t (a INT,b INT) ENGINE=InnoDB;

INSERT INTO t VALUES (0,0);

SELECT COLUMN_JSON(b) FROM t;

SHUTDOWN;

LSAN|memory leak|mysys/my_malloc.c|__interceptor_malloc|my_malloc|init_dynamic_string|mariadb_dyncol_json

LSAN|memory leak|mysys/my_malloc.c|malloc|my_malloc|init_dynamic_string|mariadb_dyncol_json

Julien Fritsch made changes - 2023-11-28 10:22

Fix Version/s

10.9 [ 26905 ]

Julien Fritsch made changes - 2023-11-28 10:28

Fix Version/s

10.10 [ 27530 ]

Julien Fritsch made changes - 2024-05-03 14:39

Fix Version/s

11.0 [ 28320 ]

Julien Fritsch made changes - 2024-09-10 15:00

Fix Version/s

10.4 [ 22408 ]

Julien Fritsch made changes - 2024-09-10 15:29

Fix Version/s

11.1 [ 28549 ]

Julien Fritsch made changes - 2024-11-22 17:13

Fix Version/s

11.2(EOL) [ 28603 ]

Roel Van de Paar made changes - 2025-02-07 23:52

Fix Version/s		11.4 [ 29301 ]
Fix Version/s		11.7 [ 29815 ]
Affects Version/s		11.4 [ 29301 ]
Affects Version/s		11.7 [ 29815 ]
Affects Version/s		11.8 [ 29921 ]

Roel Van de Paar added a comment - 2025-02-07 23:53 - edited

Please also test with

CREATE TABLE t (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=InnoDB;

INSERT INTO t VALUES (0,1,0);

SELECT COLUMN_JSON(c) FROM t;

SHUTDOWN;

CS 10.5.28 df602ff7fa5ed9424a1d7ebaba67b665e2f6d1f6 (Debug, UBASAN, Clang)
==1253168==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x5638d12ea553 in malloc (/test/UBASAN_MD170125-mariadb-10.5.28-linux-x86_64-dbg/bin/mariadbd+0x22ce553) (BuildId: 733bd1dfa88759a165ee95adbb110395ce787119)
#1 0x5638d3f8eb64 in my_malloc /test/10.5_dbg_san/mysys/my_malloc.c:91:29
#2 0x5638d3f9ca4a in init_dynamic_string /test/10.5_dbg_san/mysys/string.c:39:26
#3 0x5638d3fdab42 in mariadb_dyncol_json /test/10.5_dbg_san/mysys/ma_dyncol.c:4274:7
#4 0x5638d28a875e in Item_func_dyncol_json::val_str(String*) /test/10.5_dbg_san/sql/item_strfunc.cc:4731:12
#5 0x5638d207361a in Type_handler::Item_send_str(Item, Protocol, st_value*) const /test/10.5_dbg_san/sql/sql_type.cc:7563:19
#6 0x5638d13685fe in Protocol::send_result_set_row(List<Item>*) /test/10.5_dbg_san/sql/protocol.cc:1086:15
#7 0x5638d15ff090 in select_send::send_data(List<Item>&) /test/10.5_dbg_san/sql/sql_class.cc:3162:17
#8 0x5638d1958beb in end_send(JOIN, st_join_table, bool) /test/10.5_dbg_san/sql/sql_select.cc:22522:11
#9 0x5638d19f7a2d in evaluate_join_record(JOIN, st_join_table, int) /test/10.5_dbg_san/sql/sql_select.cc:21540:11
#10 0x5638d19f443b in sub_select(JOIN, st_join_table, bool) /test/10.5_dbg_san/sql/sql_select.cc:21310:9
#11 0x5638d1972158 in do_select(JOIN, Procedure) /test/10.5_dbg_san/sql/sql_select.cc:20827:14
#12 0x5638d196e9db in JOIN::exec_inner() /test/10.5_dbg_san/sql/sql_select.cc:4664:50
#13 0x5638d196c4c3 in JOIN::exec() /test/10.5_dbg_san/sql/sql_select.cc:4444:3
#14 0x5638d18ed996 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.5_dbg_san/sql/sql_select.cc:4921:9
#15 0x5638d18ec3c2 in handle_select(THD, LEX, select_result*, unsigned long) /test/10.5_dbg_san/sql/sql_select.cc:449:10
#16 0x5638d181b1e3 in execute_sqlcom_select(THD, TABLE_LIST) /test/10.5_dbg_san/sql/sql_parse.cc:6451:12
#17 0x5638d1803104 in mysql_execute_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:4043:12
#18 0x5638d17d31c7 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:8251:18
#19 0x5638d17c7119 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:1891:7
#20 0x5638d17d531e in do_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:1375:17
#21 0x5638d1ddda07 in do_handle_one_connection(CONNECT*, bool) /test/10.5_dbg_san/sql/sql_connect.cc:1386:11
#22 0x5638d1ddd2cb in handle_one_connection /test/10.5_dbg_san/sql/sql_connect.cc:1298:5
#23 0x5638d12e803c in asan_thread_start(void*) asan_interceptors.cpp.o

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).

CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Debug, UBASAN, Clang)
==1667791==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x55ee5d911073 in malloc (/test/UBASAN_MD170125-mariadb-11.8.0-linux-x86_64-dbg/bin/mariadbd+0x24f5073) (BuildId: 46732527bc451b37e9a3dba99b5c507ce7d53cc5)
#1 0x55ee606d736d in my_malloc /test/11.8_dbg_san/mysys/my_malloc.c:93:29
#2 0x55ee606e538a in init_dynamic_string /test/11.8_dbg_san/mysys/string.c:39:26
#3 0x55ee60721782 in mariadb_dyncol_json /test/11.8_dbg_san/mysys/ma_dyncol.c:4274:7
#4 0x55ee5f1ad64b in Item_func_dyncol_json::val_str(String*) /test/11.8_dbg_san/sql/item_strfunc.cc:5205:12
#5 0x55ee5e92a35a in Type_handler::Item_send_str(Item, Protocol, st_value*) const /test/11.8_dbg_san/sql/sql_type.cc:7664:19
#6 0x55ee5da8b878 in Protocol::send_result_set_row(List<Item>*) /test/11.8_dbg_san/sql/protocol.cc:1353:15
#7 0x55ee5dd008c3 in select_send::send_data(List<Item>&) /test/11.8_dbg_san/sql/sql_class.cc:3282:17
#8 0x55ee5e0ebbb6 in end_send(JOIN, st_join_table, bool) /test/11.8_dbg_san/sql/sql_select.cc:25440:9
#9 0x55ee5e1a39bf in evaluate_join_record(JOIN, st_join_table, int) /test/11.8_dbg_san/sql/sql_select.cc:24342:11
#10 0x55ee5e0763bf in sub_select(JOIN, st_join_table, bool) /test/11.8_dbg_san/sql/sql_select.cc:24109:9
#11 0x55ee5e10679c in do_select(JOIN, Procedure) /test/11.8_dbg_san/sql/sql_select.cc:23620:14
#12 0x55ee5e1030f1 in JOIN::exec_inner() /test/11.8_dbg_san/sql/sql_select.cc:5040:50
#13 0x55ee5e100a12 in JOIN::exec() /test/11.8_dbg_san/sql/sql_select.cc:4823:8
#14 0x55ee5e07a634 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/11.8_dbg_san/sql/sql_select.cc:5356:21
#15 0x55ee5e078f12 in handle_select(THD, LEX, select_result*, unsigned long long) /test/11.8_dbg_san/sql/sql_select.cc:633:10
#16 0x55ee5df4e167 in execute_sqlcom_select(THD, TABLE_LIST) /test/11.8_dbg_san/sql/sql_parse.cc:6191:12
#17 0x55ee5df39d39 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:3980:12
#18 0x55ee5df09588 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18
#19 0x55ee5defd64b in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
#20 0x55ee5df0bfad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
#21 0x55ee5e5cf76c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
#22 0x55ee5e5cf027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
#23 0x55ee5d90eb5c in asan_thread_start(void*) asan_interceptors.cpp.o

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s).
250208 10:50:13 [ERROR] /test/UBASAN_MD170125-mariadb-11.8.0-linux-x86_64-dbg/bin/mariadbd got signal 6 ;

Roel Van de Paar added a comment - 2025-02-07 23:53 - edited Please also test with CREATE TABLE t (c INT KEY ,c1 BLOB,c2 TEXT) ENGINE=InnoDB; INSERT INTO t VALUES (0,1,0); SELECT COLUMN_JSON(c) FROM t; SHUTDOWN; CS 10.5.28 df602ff7fa5ed9424a1d7ebaba67b665e2f6d1f6 (Debug, UBASAN, Clang) ==1253168==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x5638d12ea553 in malloc (/test/UBASAN_MD170125-mariadb-10.5.28-linux-x86_64-dbg/bin/mariadbd+0x22ce553) (BuildId: 733bd1dfa88759a165ee95adbb110395ce787119) #1 0x5638d3f8eb64 in my_malloc /test/10.5_dbg_san/mysys/my_malloc.c:91:29 #2 0x5638d3f9ca4a in init_dynamic_string /test/10.5_dbg_san/mysys/string.c:39:26 #3 0x5638d3fdab42 in mariadb_dyncol_json /test/10.5_dbg_san/mysys/ma_dyncol.c:4274:7 #4 0x5638d28a875e in Item_func_dyncol_json::val_str(String*) /test/10.5_dbg_san/sql/item_strfunc.cc:4731:12 #5 0x5638d207361a in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/10.5_dbg_san/sql/sql_type.cc:7563:19 #6 0x5638d13685fe in Protocol::send_result_set_row(List<Item>*) /test/10.5_dbg_san/sql/protocol.cc:1086:15 #7 0x5638d15ff090 in select_send::send_data(List<Item>&) /test/10.5_dbg_san/sql/sql_class.cc:3162:17 #8 0x5638d1958beb in end_send(JOIN*, st_join_table*, bool) /test/10.5_dbg_san/sql/sql_select.cc:22522:11 #9 0x5638d19f7a2d in evaluate_join_record(JOIN*, st_join_table*, int) /test/10.5_dbg_san/sql/sql_select.cc:21540:11 #10 0x5638d19f443b in sub_select(JOIN*, st_join_table*, bool) /test/10.5_dbg_san/sql/sql_select.cc:21310:9 #11 0x5638d1972158 in do_select(JOIN*, Procedure*) /test/10.5_dbg_san/sql/sql_select.cc:20827:14 #12 0x5638d196e9db in JOIN::exec_inner() /test/10.5_dbg_san/sql/sql_select.cc:4664:50 #13 0x5638d196c4c3 in JOIN::exec() /test/10.5_dbg_san/sql/sql_select.cc:4444:3 #14 0x5638d18ed996 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.5_dbg_san/sql/sql_select.cc:4921:9 #15 0x5638d18ec3c2 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.5_dbg_san/sql/sql_select.cc:449:10 #16 0x5638d181b1e3 in execute_sqlcom_select(THD*, TABLE_LIST*) /test/10.5_dbg_san/sql/sql_parse.cc:6451:12 #17 0x5638d1803104 in mysql_execute_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:4043:12 #18 0x5638d17d31c7 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:8251:18 #19 0x5638d17c7119 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:1891:7 #20 0x5638d17d531e in do_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:1375:17 #21 0x5638d1ddda07 in do_handle_one_connection(CONNECT*, bool) /test/10.5_dbg_san/sql/sql_connect.cc:1386:11 #22 0x5638d1ddd2cb in handle_one_connection /test/10.5_dbg_san/sql/sql_connect.cc:1298:5 #23 0x5638d12e803c in asan_thread_start(void*) asan_interceptors.cpp.o SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s). CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Debug, UBASAN, Clang) ==1667791==ERROR: LeakSanitizer: detected memory leaks Direct leak of 32 byte(s) in 1 object(s) allocated from: #0 0x55ee5d911073 in malloc (/test/UBASAN_MD170125-mariadb-11.8.0-linux-x86_64-dbg/bin/mariadbd+0x24f5073) (BuildId: 46732527bc451b37e9a3dba99b5c507ce7d53cc5) #1 0x55ee606d736d in my_malloc /test/11.8_dbg_san/mysys/my_malloc.c:93:29 #2 0x55ee606e538a in init_dynamic_string /test/11.8_dbg_san/mysys/string.c:39:26 #3 0x55ee60721782 in mariadb_dyncol_json /test/11.8_dbg_san/mysys/ma_dyncol.c:4274:7 #4 0x55ee5f1ad64b in Item_func_dyncol_json::val_str(String*) /test/11.8_dbg_san/sql/item_strfunc.cc:5205:12 #5 0x55ee5e92a35a in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/11.8_dbg_san/sql/sql_type.cc:7664:19 #6 0x55ee5da8b878 in Protocol::send_result_set_row(List<Item>*) /test/11.8_dbg_san/sql/protocol.cc:1353:15 #7 0x55ee5dd008c3 in select_send::send_data(List<Item>&) /test/11.8_dbg_san/sql/sql_class.cc:3282:17 #8 0x55ee5e0ebbb6 in end_send(JOIN*, st_join_table*, bool) /test/11.8_dbg_san/sql/sql_select.cc:25440:9 #9 0x55ee5e1a39bf in evaluate_join_record(JOIN*, st_join_table*, int) /test/11.8_dbg_san/sql/sql_select.cc:24342:11 #10 0x55ee5e0763bf in sub_select(JOIN*, st_join_table*, bool) /test/11.8_dbg_san/sql/sql_select.cc:24109:9 #11 0x55ee5e10679c in do_select(JOIN*, Procedure*) /test/11.8_dbg_san/sql/sql_select.cc:23620:14 #12 0x55ee5e1030f1 in JOIN::exec_inner() /test/11.8_dbg_san/sql/sql_select.cc:5040:50 #13 0x55ee5e100a12 in JOIN::exec() /test/11.8_dbg_san/sql/sql_select.cc:4823:8 #14 0x55ee5e07a634 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.8_dbg_san/sql/sql_select.cc:5356:21 #15 0x55ee5e078f12 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.8_dbg_san/sql/sql_select.cc:633:10 #16 0x55ee5df4e167 in execute_sqlcom_select(THD*, TABLE_LIST*) /test/11.8_dbg_san/sql/sql_parse.cc:6191:12 #17 0x55ee5df39d39 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:3980:12 #18 0x55ee5df09588 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18 #19 0x55ee5defd64b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7 #20 0x55ee5df0bfad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17 #21 0x55ee5e5cf76c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11 #22 0x55ee5e5cf027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5 #23 0x55ee5d90eb5c in asan_thread_start(void*) asan_interceptors.cpp.o SUMMARY: AddressSanitizer: 32 byte(s) leaked in 1 allocation(s). 250208 10:50:13 [ERROR] /test/UBASAN_MD170125-mariadb-11.8.0-linux-x86_64-dbg/bin/mariadbd got signal 6 ;

Julien Fritsch made changes - 2025-02-14 11:39

Fix Version/s

11.7(EOL) [ 29815 ]

MariaDB Server

LSAN: 32 bytes leaked in 1 allocation in mariadb_dyncol_json

Details

Description

Attachments

Activity

People

Dates

Git Integration