Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.6, 10.9, 10.10, 10.11, 11.0, 11.1, 11.2, 11.3
Description
CREATE TABLE t (c SET(''),c2 INT,c3 INT,KEY(c)) ENGINE=InnoDB; |
CREATE TABLE t2 (c BLOB,c2 BLOB,c3 BINARY) ENGINE=InnoDB; |
INSERT INTO t VALUES (0,1,1); |
INSERT INTO t2 VALUES (1,1,1); |
SELECT * FROM t2 WHERE (c) IN (SELECT c FROM t WHERE c<1); |
Leads to:
|
11.0.3 f2b4972bd4f9d3f0131f156a6cbc3e0317571944 (Optimized, UBASAN) |
/test/11.0_opt_san/strings/ctype-bin.c:89:12: runtime error: null pointer passed as argument 2, which is declared to never be null
|
|
11.0.3 f2b4972bd4f9d3f0131f156a6cbc3e0317571944 (Optimized, UBASAN) |
#0 0x55a9a76e444c in my_strnncoll_binary /test/11.0_opt_san/strings/ctype-bin.c:89 #1 0x55a9a76e444c in my_strnncollsp_binary /test/11.0_opt_san/strings/ctype-bin.c:128
|
#2 0x55a9a997d632 in Arg_comparator::compare() /test/11.0_opt_san/sql/item_cmpfunc.h:103 #3 0x55a9a997d632 in Item_func_eq::val_int() /test/11.0_opt_san/sql/item_cmpfunc.cc:1780
|
#4 0x55a9a8cfaa3c in SQL_SELECT::skip_record(THD*) /test/11.0_opt_san/sql/opt_range.h:1914 #5 0x55a9a8cfaa3c in JOIN_CACHE::check_match(unsigned char*) /test/11.0_opt_san/sql/sql_join_cache.cc:2560 #6 0x55a9a8cfaa3c in JOIN_CACHE::generate_full_extensions(unsigned char*) /test/11.0_opt_san/sql/sql_join_cache.cc:2503
|
#7 0x55a9a8cfd854 in JOIN_CACHE::join_matching_records(bool) /test/11.0_opt_san/sql/sql_join_cache.cc:2403 #8 0x55a9a8cf851d in JOIN_CACHE::join_records(bool) /test/11.0_opt_san/sql/sql_join_cache.cc:2158 #9 0x55a9a848aab9 in sub_select_cache(JOIN*, st_join_table*, bool) /test/11.0_opt_san/sql/sql_select.cc:23121 #10 0x55a9a866c2d6 in do_select /test/11.0_opt_san/sql/sql_select.cc:22892
|
#11 0x55a9a866c2d6 in JOIN::exec_inner() /test/11.0_opt_san/sql/sql_select.cc:4924 #12 0x55a9a8671bd3 in JOIN::exec() /test/11.0_opt_san/sql/sql_select.cc:4701
|
#13 0x55a9a865f960 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.0_opt_san/sql/sql_select.cc:5182 #14 0x55a9a86634f0 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.0_opt_san/sql/sql_select.cc:626 #15 0x55a9a81e04c0 in execute_sqlcom_select /test/11.0_opt_san/sql/sql_parse.cc:6279
|
#16 0x55a9a8245393 in mysql_execute_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:3949 #17 0x55a9a8255fa2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_opt_san/sql/sql_parse.cc:8019 #18 0x55a9a82615f5 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_opt_san/sql/sql_parse.cc:1894 #19 0x55a9a826d208 in do_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:1407 #20 0x55a9a8b7e34c in do_handle_one_connection(CONNECT*, bool) /test/11.0_opt_san/sql/sql_connect.cc:1416
|
#21 0x55a9a8b8094c in handle_one_connection /test/11.0_opt_san/sql/sql_connect.cc:1318
|
#22 0x14886d694b42 in start_thread nptl/pthread_create.c:442
|
#23 0x14886d7269ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)
|
|
11.0.3 f2b4972bd4f9d3f0131f156a6cbc3e0317571944 (Debug) |
/test/11.0_dbg_san/strings/ctype-bin.c:89:12: runtime error: null pointer passed as argument 2, which is declared to never be null
|
|
11.0.3 f2b4972bd4f9d3f0131f156a6cbc3e0317571944 (Debug) |
#0 0x55f9ecdd2d9c in my_strnncoll_binary /test/11.0_dbg_san/strings/ctype-bin.c:89
|
#1 0x55f9ecdd2dd7 in my_strnncollsp_binary /test/11.0_dbg_san/strings/ctype-bin.c:128
|
#2 0x55f9e9575a03 in charset_info_st::strnncollsp(char const*, unsigned long, char const*, unsigned long) const /test/11.0_dbg_san/include/m_ctype.h:1020
|
#3 0x55f9e9575a03 in sortcmp(Binary_string const*, Binary_string const*, charset_info_st const*) /test/11.0_dbg_san/sql/sql_string.cc:868
|
#4 0x55f9ea929fa1 in Arg_comparator::compare_string() /test/11.0_dbg_san/sql/item_cmpfunc.cc:777
|
#5 0x55f9ea937c7e in Arg_comparator::compare() /test/11.0_dbg_san/sql/item_cmpfunc.h:103
|
#6 0x55f9ea937c7e in Item_func_eq::val_int() /test/11.0_dbg_san/sql/item_cmpfunc.cc:1780
|
#7 0x55f9e9b473e2 in SQL_SELECT::skip_record(THD*) /test/11.0_dbg_san/sql/opt_range.h:1914
|
#8 0x55f9e9b473e2 in JOIN_CACHE::check_match(unsigned char*) /test/11.0_dbg_san/sql/sql_join_cache.cc:2560
|
#9 0x55f9e9b473e2 in JOIN_CACHE::generate_full_extensions(unsigned char*) /test/11.0_dbg_san/sql/sql_join_cache.cc:2503
|
#10 0x55f9e9b4b965 in JOIN_CACHE::join_matching_records(bool) /test/11.0_dbg_san/sql/sql_join_cache.cc:2403
|
#11 0x55f9e9b45350 in JOIN_CACHE::join_records(bool) /test/11.0_dbg_san/sql/sql_join_cache.cc:2158
|
#12 0x55f9e91ebd2d in sub_select_cache(JOIN*, st_join_table*, bool) /test/11.0_dbg_san/sql/sql_select.cc:23121
|
#13 0x55f9e91e97d4 in sub_select(JOIN*, st_join_table*, bool) /test/11.0_dbg_san/sql/sql_select.cc:23307
|
#14 0x55f9e939956b in do_select /test/11.0_dbg_san/sql/sql_select.cc:22892
|
#15 0x55f9e939956b in JOIN::exec_inner() /test/11.0_dbg_san/sql/sql_select.cc:4924
|
#16 0x55f9e939ab9c in JOIN::exec() /test/11.0_dbg_san/sql/sql_select.cc:4701
|
#17 0x55f9e9389701 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.0_dbg_san/sql/sql_select.cc:5182
|
#18 0x55f9e938db5c in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.0_dbg_san/sql/sql_select.cc:626
|
#19 0x55f9e8efcd0b in execute_sqlcom_select /test/11.0_dbg_san/sql/sql_parse.cc:6279
|
#20 0x55f9e8f5d0ff in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:3949
|
#21 0x55f9e8f8cb5e in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:8019
|
#22 0x55f9e8f9c906 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
|
#23 0x55f9e8faa84d in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
|
#24 0x55f9e997e92f in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
|
#25 0x55f9e997fe4a in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
|
#26 0x14ca63294b42 in start_thread nptl/pthread_create.c:442
|
#27 0x14ca633269ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)
|
Setup:
Compiled with GCC >=7.5.0 (I use GCC 11.3.0) and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1
|
Bug confirmed present in:
MariaDB: 10.6.15 (dbg), 10.6.15 (opt), 10.9.8 (dbg), 10.9.8 (opt), 10.10.6 (dbg), 10.10.6 (opt), 10.11.5 (dbg), 10.11.5 (opt), 11.0.3 (dbg), 11.0.3 (opt), 11.1.2 (dbg), 11.1.2 (opt), 11.2.0 (dbg), 11.2.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.31 (dbg), 10.4.31 (opt), 10.5.22 (dbg), 10.5.22 (opt)
UniqueID's
UBSAN|null pointer passed as argument 2, which is declared to never be null|strings/ctype-bin.c|my_strnncoll_binary|my_strnncollsp_binary|Arg_comparator::compare|Item_func_eq::val_int
|
UBSAN|null pointer passed as argument 2, which is declared to never be null|strings/ctype-bin.c|my_strnncoll_binary|my_strnncollsp_binary|charset_info_st::strnncollsp|sortcmp
|
Attachments
Issue Links
- relates to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Open
-