[MDEV-31782] ASAN heap-use-after-free in MyISAM bulk insert with indexed virtual column - Jira

XML

Word

Printable

Details

Type: Bug
Status: Stalled (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.9, 10.10, 10.11, 11.0, 11.1, 11.2
Fix Version/s: 10.6, 10.11, 11.0, 11.1
Component/s: Storage Engine - MyISAM, Virtual Columns
Labels:

Description

SET sql_mode='';

CREATE TABLE t (a INT GENERATED ALWAYS AS (1) VIRTUAL,KEY(a)) ENGINE=MyISAM;

INSERT INTO t SELECT * FROM seq_1_to_10;

CREATE TABLE t1 (a CHAR(1),KEY(a)) ENGINE=InnoDB;

INSERT INTO t1 VALUES (1);

INSERT INTO t SELECT * FROM seq_1_to_10;

Leads to

10.6.15 f7b8a2c953e21d7a1c8e7ef3b7107c13a1402967 (Debug)
mariadbd: /test/10.6_dbg/storage/innobase/include/sux_lock.h:85: void sux_lock<ssux>::free() [with ssux = ssux_lock_impl<true>]: Assertion `r->empty()' failed.

10.6.15 f7b8a2c953e21d7a1c8e7ef3b7107c13a1402967 (Debug)
Core was generated by `/test/MD050723-mariadb-10.6.15-linux-x86_64-dbg/bin/mariadbd --no-defaults --co'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
[Current thread is 1 (Thread 0x153567da3940 (LWP 1233784))]
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x0000153567f7c859 in __GI_abort () at abort.c:79
#2 0x0000153567f7c729 in __assert_fail_base (fmt=0x153568112588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x56502ba6d5d0 "r->empty()", file=0x56502ba5cd68 "/test/10.6_dbg/storage/innobase/include/sux_lock.h", line=85, function=<optimized out>) at assert.c:92
#3 0x0000153567f8dfd6 in __GI___assert_fail (assertion=assertion@entry=0x56502ba6d5d0 "r->empty()", file=file@entry=0x56502ba5cd68 "/test/10.6_dbg/storage/innobase/include/sux_lock.h", line=line@entry=85, function=function@entry=0x56502bac0318 "void sux_lock<ssux>::free() [with ssux = ssux_lock_impl<true>]") at assert.c:101
#4 0x000056502b52dd27 in sux_lock<ssux_lock_impl<true> >::free (this=0x1535517687e8) at /usr/include/c++/9/bits/hashtable.h:564
#5 buf_pool_t::close (this=<optimized out>) at /test/10.6_dbg/storage/innobase/buf/buf0buf.cc:1152
#6 0x000056502b4727ad in innodb_shutdown () at /test/10.6_dbg/storage/innobase/srv/srv0start.cc:2064
#7 0x000056502b268acc in innobase_end () at /test/10.6_dbg/storage/innobase/handler/ha_innodb.cc:4370
#8 0x000056502af4f70c in ha_finalize_handlerton (plugin=0x56502e517650) at /test/10.6_dbg/sql/handler.cc:595
#9 0x000056502ac9bacf in plugin_deinitialize (plugin=0x56502e517650, ref_check=ref_check@entry=true) at /test/10.6_dbg/sql/sql_plugin.cc:1269
#10 0x000056502ac9c3d5 in reap_plugins () at /test/10.6_dbg/sql/sql_plugin.cc:1345
#11 0x000056502ac9e747 in plugin_shutdown () at /test/10.6_dbg/sql/sql_plugin.cc:2053
#12 0x000056502ab9923e in clean_up (print_message=print_message@entry=true) at /test/10.6_dbg/sql/mysqld.cc:1971
#13 0x000056502aba4359 in mysqld_main (argc=<optimized out>, argv=<optimized out>) at /test/10.6_dbg/sql/mysqld.cc:5913
#14 0x000056502ab98b46 in main (argc=<optimized out>, argv=<optimized out>) at /test/10.6_dbg/sql/main.cc:34

Bug confirmed present in:
MariaDB: 10.6.15 (dbg), 10.9.8 (dbg), 10.10.6 (dbg), 10.11.4 (dbg), 11.0.2 (dbg), 11.1.2 (dbg)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.31 (dbg), 10.4.31 (opt), 10.5.22 (dbg), 10.5.22 (opt), 10.6.15 (opt), 10.9.8 (opt), 10.10.6 (opt), 10.11.4 (opt), 10.11.5 (dbg), 10.11.5 (opt), 11.0.2 (opt), 11.1.2 (opt), 11.2.0 (opt)

Attachments

Issue Links

duplicates

MDEV-30926 Segfault after MyISAM repair of vcol-indexed table

In Review

Activity

People

Assignee:: Aleksey Midenkov

Reporter:: Ramesh Sivaraman

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2023-07-27 05:22

Updated:: 2023-12-07 10:26

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.