ASAN errors in grn_normalizer_normalize upon inserting into Mroonga table with multi-part index

INSTALL SONAME 'ha_mroonga';

CREATE TABLE t (a DECIMAL(30,2), b VARCHAR(8), KEY(a,b)) ENGINE=Mroonga;

INSERT INTO t VALUES (0.63,NULL),(0.61,'foo');

# Cleanup

DROP TABLE t;

UNINSTALL SONAME 'ha_mroonga';

==3694460==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x621000106500 at pc 0x7f80e7a8c4a6 bp 0x7f80e89dff20 sp 0x7f80e89dff18

READ of size 1 at 0x621000106500 thread T5

    #0 0x7f80e7a8c4a5 in latin1_normalize /data/src/10.4/storage/mroonga/vendor/groonga/lib/normalizer.c:897

    #1 0x7f80e7a8e970 in auto_next /data/src/10.4/storage/mroonga/vendor/groonga/lib/normalizer.c:1136

    #2 0x7f80e774a49e in grn_proc_call /data/src/10.4/storage/mroonga/vendor/groonga/lib/expr.c:1487

    #3 0x7f80e7a8ea49 in grn_normalizer_normalize /data/src/10.4/storage/mroonga/vendor/groonga/lib/normalizer.c:1166

    #4 0x7f80e7cffd0f in grn_string_open_ /data/src/10.4/storage/mroonga/vendor/groonga/lib/string.c:179

    #5 0x7f80e7cffdf8 in grn_string_open /data/src/10.4/storage/mroonga/vendor/groonga/lib/string.c:196

    #6 0x7f80e761b43c in mrn::FieldNormalizer::normalize(char const*, unsigned int) /data/src/10.4/storage/mroonga/lib/mrn_field_normalizer.cpp:98

    #7 0x7f80e76198c2 in mrn::MultipleColumnKeyCodec::encode_blob(unsigned char const*, unsigned int*, Field*, unsigned char*) /data/src/10.4/storage/mroonga/lib/mrn_multiple_column_key_codec.cpp:668

    #8 0x7f80e76137b1 in mrn::MultipleColumnKeyCodec::encode(unsigned char const*, unsigned int, unsigned char*, unsigned int*) /data/src/10.4/storage/mroonga/lib/mrn_multiple_column_key_codec.cpp:189

    #9 0x7f80e7596cdc in ha_mroonga::storage_encode_multiple_column_key(st_key*, unsigned char const*, unsigned int, unsigned char*, unsigned int*) /data/src/10.4/storage/mroonga/ha_mroonga.cpp:12105

    #10 0x7f80e754397d in ha_mroonga::storage_write_row_multiple_column_index(unsigned char const*, unsigned int, st_key*, _grn_obj*) /data/src/10.4/storage/mroonga/ha_mroonga.cpp:6249

    #11 0x7f80e75441a9 in ha_mroonga::storage_write_row_multiple_column_indexes(unsigned char const*, unsigned int) /data/src/10.4/storage/mroonga/ha_mroonga.cpp:6294

    #12 0x7f80e7542130 in ha_mroonga::storage_write_row(unsigned char const*) /data/src/10.4/storage/mroonga/ha_mroonga.cpp:6177

    #13 0x7f80e75463d0 in ha_mroonga::write_row(unsigned char const*) /data/src/10.4/storage/mroonga/ha_mroonga.cpp:6451

    #14 0x56198f353ae2 in handler::ha_write_row(unsigned char const*) /data/src/10.4/sql/handler.cc:6850

    #15 0x56198ead15e9 in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.4/sql/sql_insert.cc:2085

    #16 0x56198eac93d0 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.4/sql/sql_insert.cc:1084

    #17 0x56198eb84750 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4613

    #18 0x56198eb9c726 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8010

    #19 0x56198eb729f1 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1857

    #20 0x56198eb6f560 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1378

    #21 0x56198ef6eabf in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1420

    #22 0x56198ef6e3d6 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1324

    #23 0x56198fbde3cd in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869

    #24 0x7f80f07c8fd3 in start_thread nptl/pthread_create.c:442

    #25 0x7f80f08495bb in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

0x621000106500 is located 0 bytes to the right of 4096-byte region [0x621000105500,0x621000106500)

allocated by thread T5 here:

    #0 0x7f80f0eb89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69

    #1 0x7f80e7dc5a4d in grn_malloc_default /data/src/10.4/storage/mroonga/vendor/groonga/lib/alloc.c:780

    #2 0x7f80e7cea1bf in grn_bulk_resize /data/src/10.4/storage/mroonga/vendor/groonga/lib/str.c:1939

    #3 0x7f80e7ceaede in grn_bulk_reserve /data/src/10.4/storage/mroonga/vendor/groonga/lib/str.c:1986

    #4 0x7f80e7ceaf1a in grn_bulk_space /data/src/10.4/storage/mroonga/vendor/groonga/lib/str.c:1994

    #5 0x7f80e7543374 in ha_mroonga::storage_write_row_multiple_column_index(unsigned char const*, unsigned int, st_key*, _grn_obj*) /data/src/10.4/storage/mroonga/ha_mroonga.cpp:6241

    #6 0x7f80e75441a9 in ha_mroonga::storage_write_row_multiple_column_indexes(unsigned char const*, unsigned int) /data/src/10.4/storage/mroonga/ha_mroonga.cpp:6294

    #7 0x7f80e7542130 in ha_mroonga::storage_write_row(unsigned char const*) /data/src/10.4/storage/mroonga/ha_mroonga.cpp:6177

    #8 0x7f80e75463d0 in ha_mroonga::write_row(unsigned char const*) /data/src/10.4/storage/mroonga/ha_mroonga.cpp:6451

    #9 0x56198f353ae2 in handler::ha_write_row(unsigned char const*) /data/src/10.4/sql/handler.cc:6850

    #10 0x56198ead15e9 in write_record(THD*, TABLE*, st_copy_info*) /data/src/10.4/sql/sql_insert.cc:2085

    #11 0x56198eac93d0 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool) /data/src/10.4/sql/sql_insert.cc:1084

    #12 0x56198eb84750 in mysql_execute_command(THD*) /data/src/10.4/sql/sql_parse.cc:4613

    #13 0x56198eb9c726 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.4/sql/sql_parse.cc:8010

    #14 0x56198eb729f1 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.4/sql/sql_parse.cc:1857

    #15 0x56198eb6f560 in do_command(THD*) /data/src/10.4/sql/sql_parse.cc:1378

    #16 0x56198ef6eabf in do_handle_one_connection(CONNECT*) /data/src/10.4/sql/sql_connect.cc:1420

    #17 0x56198ef6e3d6 in handle_one_connection /data/src/10.4/sql/sql_connect.cc:1324

    #18 0x56198fbde3cd in pfs_spawn_thread /data/src/10.4/storage/perfschema/pfs.cc:1869

    #19 0x7f80f07c8fd3 in start_thread nptl/pthread_create.c:442

Thread T5 created by T0 here:

    #0 0x7f80f0e49726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207

    #1 0x56198fbde7ba in spawn_thread_v1 /data/src/10.4/storage/perfschema/pfs.cc:1919

    #2 0x56198e87af89 in inline_mysql_thread_create /data/src/10.4/include/mysql/psi/mysql_thread.h:1275

    #3 0x56198e892690 in create_thread_to_handle_connection(CONNECT*) /data/src/10.4/sql/mysqld.cc:6287

    #4 0x56198e892ddb in create_new_thread(CONNECT*) /data/src/10.4/sql/mysqld.cc:6357

    #5 0x56198e8932a9 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/src/10.4/sql/mysqld.cc:6455

    #6 0x56198e894155 in handle_connections_sockets() /data/src/10.4/sql/mysqld.cc:6613

    #7 0x56198e891df3 in mysqld_main(int, char**) /data/src/10.4/sql/mysqld.cc:5945

    #8 0x56198e8790b8 in main /data/src/10.4/sql/main.cc:25

    #9 0x7f80f0767189 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: heap-buffer-overflow /data/src/10.4/storage/mroonga/vendor/groonga/lib/normalizer.c:897 in latin1_normalize

Shadow bytes around the buggy address:

  0x0c4280018c50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0c4280018c60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0c4280018c70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0c4280018c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

  0x0c4280018c90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

=>0x0c4280018ca0:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c4280018cb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c4280018cc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c4280018cd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c4280018ce0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

  0x0c4280018cf0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07 

  Heap left redzone:       fa

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Container overflow:      fc

  Array cookie:            ac

  Intra object redzone:    bb

  ASan internal:           fe

  Left alloca redzone:     ca

  Right alloca redzone:    cb

==3694460==ABORTING