Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-31782

ASAN heap-use-after-free in MyISAM bulk insert with indexed virtual column

    XMLWordPrintable

Details

    Description

      SET sql_mode='';
      CREATE TABLE t (a INT GENERATED ALWAYS AS (1) VIRTUAL,KEY(a)) ENGINE=MyISAM;
      INSERT INTO t SELECT * FROM seq_1_to_10;
      CREATE TABLE t1 (a CHAR(1),KEY(a)) ENGINE=InnoDB;
      INSERT INTO t1 VALUES (1);
      INSERT INTO t SELECT * FROM seq_1_to_10;
      

      Leads to

      10.6.15 f7b8a2c953e21d7a1c8e7ef3b7107c13a1402967 (Debug)

      mariadbd: /test/10.6_dbg/storage/innobase/include/sux_lock.h:85: void sux_lock<ssux>::free() [with ssux = ssux_lock_impl<true>]: Assertion `r->empty()' failed.
      

      10.6.15 f7b8a2c953e21d7a1c8e7ef3b7107c13a1402967 (Debug)

      Core was generated by `/test/MD050723-mariadb-10.6.15-linux-x86_64-dbg/bin/mariadbd --no-defaults --co'.
      Program terminated with signal SIGABRT, Aborted.
      #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
      [Current thread is 1 (Thread 0x153567da3940 (LWP 1233784))]
      (gdb) bt
      #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
      #1  0x0000153567f7c859 in __GI_abort () at abort.c:79
      #2  0x0000153567f7c729 in __assert_fail_base (fmt=0x153568112588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x56502ba6d5d0 "r->empty()", file=0x56502ba5cd68 "/test/10.6_dbg/storage/innobase/include/sux_lock.h", line=85, function=<optimized out>) at assert.c:92
      #3  0x0000153567f8dfd6 in __GI___assert_fail (assertion=assertion@entry=0x56502ba6d5d0 "r->empty()", file=file@entry=0x56502ba5cd68 "/test/10.6_dbg/storage/innobase/include/sux_lock.h", line=line@entry=85, function=function@entry=0x56502bac0318 "void sux_lock<ssux>::free() [with ssux = ssux_lock_impl<true>]") at assert.c:101
      #4  0x000056502b52dd27 in sux_lock<ssux_lock_impl<true> >::free (this=0x1535517687e8) at /usr/include/c++/9/bits/hashtable.h:564
      #5  buf_pool_t::close (this=<optimized out>) at /test/10.6_dbg/storage/innobase/buf/buf0buf.cc:1152
      #6  0x000056502b4727ad in innodb_shutdown () at /test/10.6_dbg/storage/innobase/srv/srv0start.cc:2064
      #7  0x000056502b268acc in innobase_end () at /test/10.6_dbg/storage/innobase/handler/ha_innodb.cc:4370
      #8  0x000056502af4f70c in ha_finalize_handlerton (plugin=0x56502e517650) at /test/10.6_dbg/sql/handler.cc:595
      #9  0x000056502ac9bacf in plugin_deinitialize (plugin=0x56502e517650, ref_check=ref_check@entry=true) at /test/10.6_dbg/sql/sql_plugin.cc:1269
      #10 0x000056502ac9c3d5 in reap_plugins () at /test/10.6_dbg/sql/sql_plugin.cc:1345
      #11 0x000056502ac9e747 in plugin_shutdown () at /test/10.6_dbg/sql/sql_plugin.cc:2053
      #12 0x000056502ab9923e in clean_up (print_message=print_message@entry=true) at /test/10.6_dbg/sql/mysqld.cc:1971
      #13 0x000056502aba4359 in mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.6_dbg/sql/mysqld.cc:5913
      #14 0x000056502ab98b46 in main (argc=<optimized out>, argv=<optimized out>) at /test/10.6_dbg/sql/main.cc:34
      

      Bug confirmed present in:
      MariaDB: 10.6.15 (dbg), 10.9.8 (dbg), 10.10.6 (dbg), 10.11.4 (dbg), 11.0.2 (dbg), 11.1.2 (dbg)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.4.31 (dbg), 10.4.31 (opt), 10.5.22 (dbg), 10.5.22 (opt), 10.6.15 (opt), 10.9.8 (opt), 10.10.6 (opt), 10.11.4 (opt), 10.11.5 (dbg), 10.11.5 (opt), 11.0.2 (opt), 11.1.2 (opt), 11.2.0 (opt)

      Attachments

        Issue Links

          Activity

            People

              midenok Aleksey Midenkov
              ramesh Ramesh Sivaraman
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.