Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Duplicate
-
11.1(EOL), 11.2(EOL), 11.3(EOL)
Description
PREPARE s FROM 'SELECT JSON_SCHEMA_VALID (?,''{}'')'; |
Repeat till it crashes. Deemed to be lightly sporadic. Leads to:
|
11.3.0 7ba9c7fb84b5f28e4736656b57d9508b70ca6369 (Optimized) |
Core was generated by `/test/MD020923-mariadb-11.3.0-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 Binary_string::ptr (this=0x8)
|
at /test/git-bisect/11.3_opt/sql/sql_string.h:359
|
359 inline const char *ptr() const { return Ptr; }
|
[Current thread is 1 (Thread 0x14c3d1f35640 (LWP 3182442))]
|
(gdb) bt
|
#0 Binary_string::ptr (this=0x8) at /test/git-bisect/11.3_opt/sql/sql_string.h:359
|
#1 Item_func_json_schema_valid::fix_length_and_dec (this=0x14c38001b280, thd=0x14c380000c68) at /test/git-bisect/11.3_opt/sql/item_jsonfunc.cc:4825
|
#2 0x000056315170ab44 in Item_func::fix_fields (ref=<optimized out>, thd=0x14c380000c68, this=0x14c38001b280) at /test/git-bisect/11.3_opt/sql/item_func.cc:361
|
#3 Item_func::fix_fields (this=0x14c38001b280, thd=0x14c380000c68, ref=<optimized out>) at /test/git-bisect/11.3_opt/sql/item_func.cc:316
|
#4 0x00005631513c276f in Item::fix_fields_if_needed (ref=0x14c38001b3c0, thd=0x14c380000c68, this=0x14c38001b280) at /test/git-bisect/11.3_opt/sql/item.h:1147
|
#5 Item::fix_fields_if_needed (ref=0x14c38001b3c0, thd=0x14c380000c68, this=0x14c38001b280) at /test/git-bisect/11.3_opt/sql/item.h:1145
|
#6 Item::fix_fields_if_needed_for_scalar (ref=0x14c38001b3c0, thd=0x14c380000c68, this=0x14c38001b280) at /test/git-bisect/11.3_opt/sql/item.h:1156
|
#7 setup_fields (thd=thd@entry=0x14c380000c68, ref_pointer_array=<optimized out>, fields=<optimized out>, column_usage=<optimized out>, sum_func_list=sum_func_list@entry=0x14c380010fa0, pre_fix=0x14c38001ae08, allow_sum_func=true) at /test/git-bisect/11.3_opt/sql/sql_base.cc:8061
|
#8 0x0000563151496087 in JOIN::prepare (this=this@entry=0x14c380010bf8, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x14c38001ab38, unit_arg=0x14c380018ec8) at /test/git-bisect/11.3_opt/sql/sql_select.cc:1526
|
#9 0x00005631514faea4 in st_select_lex_unit::prepare_join (this=0x14c380018ec8, thd_arg=0x14c380000c68, sl=0x14c38001ab38, tmp_result=0x0, additional_options=<optimized out>, is_union_select=<optimized out>) at /test/git-bisect/11.3_opt/sql/sql_union.cc:1103
|
#10 0x00005631514fdc5c in st_select_lex_unit::prepare (this=this@entry=0x14c380018ec8, derived_arg=0x0, sel_result=sel_result@entry=0x0, additional_options=additional_options@entry=0) at /test/git-bisect/11.3_opt/sql/sql_union.cc:1583
|
#11 0x0000563151450499 in mysql_test_select (tables=0x0, stmt=0x14c380016948) at /test/git-bisect/11.3_opt/sql/sql_prepare.cc:1470
|
#12 check_prepared_statement (stmt=0x14c380016948) at /test/git-bisect/11.3_opt/sql/sql_prepare.cc:2303
|
#13 Prepared_statement::prepare (this=0x14c380016948, packet=<optimized out>, packet_len=<optimized out>) at /test/git-bisect/11.3_opt/sql/sql_prepare.cc:4216
|
#14 0x00005631514546e4 in mysql_sql_stmt_prepare (thd=thd@entry=0x14c380000c68) at /test/git-bisect/11.3_opt/sql/sql_prepare.cc:2807
|
#15 0x000056315142fa64 in mysql_execute_command (thd=0x14c380000c68, is_called_from_prepared_stmt=<optimized out>) at /test/git-bisect/11.3_opt/sql/sql_parse.cc:3933
|
#16 0x0000563151431994 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14c380000c68) at /test/git-bisect/11.3_opt/sql/sql_parse.cc:7760
|
#17 mysql_parse (thd=0x14c380000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/git-bisect/11.3_opt/sql/sql_parse.cc:7682
|
#18 0x0000563151433fe2 in dispatch_command (command=COM_QUERY, thd=0x14c380000c68, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/git-bisect/11.3_opt/sql/sql_parse.cc:1990
|
#19 0x0000563151435850 in do_command (thd=0x14c380000c68, blocking=blocking@entry=true) at /test/git-bisect/11.3_opt/sql/sql_parse.cc:1406
|
#20 0x0000563151552a37 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x563155126b68, put_in_cache=put_in_cache@entry=true) at /test/git-bisect/11.3_opt/sql/sql_connect.cc:1445
|
#21 0x0000563151552d0d in handle_one_connection (arg=0x563155126b68) at /test/git-bisect/11.3_opt/sql/sql_connect.cc:1347
|
#22 0x000014c3ef894b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#23 0x000014c3ef926a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
Bug confirmed present in:
MariaDB: 11.1.2 (dbg), 11.1.2 (opt), 11.2.0 (dbg), 11.2.0 (opt), 11.3.0 (dbg), 11.3.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.31 (dbg), 10.4.31 (opt), 10.5.22 (dbg), 10.5.22 (opt), 10.6.15 (dbg), 10.6.15 (opt), 10.9.8 (dbg), 10.9.8 (opt), 10.10.6 (dbg), 10.10.6 (opt), 10.11.5 (dbg), 10.11.5 (opt), 11.0.3 (dbg), 11.0.3 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.40 (dbg), 8.0.33 (dbg), 8.0.33 (opt)
Attachments
Issue Links
- duplicates
-
-
- Closed
-
Activity
Additional testcase for MDEV-31599. Apologies for missing this, the stack was very different.
UBSAN sees a member access within null pointer of type 'struct String' in Item_func_json_schema_valid::fix_length_and_dec
11.2.0 e81fa345020ec6a067583db6a7019d6404b26f93 (Optimized, UBASAN)
Version: '11.2.0-MariaDB' socket: '/test/UBASAN_MD030823-mariadb-11.2.0-linux-x86_64-opt/socket.sock' port: 12392 MariaDB Server/data/11.2_opt_san/sql/item_jsonfunc.cc:4819:42: runtime error: member access within null pointer of type 'struct String'#0 0x55b19e443575 in Item_func_json_schema_valid::fix_length_and_dec(THD*) /data/11.2_opt_san/sql/item_jsonfunc.cc:4819#1 0x55b19f2cbc02 in Item_func::fix_fields(THD*, Item**) /data/11.2_opt_san/sql/item_func.cc:361#2 0x55b19d427ee0 in Item::fix_fields_if_needed(THD*, Item**) /data/11.2_opt_san/sql/item.h:1147#3 0x55b19d427ee0 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /data/11.2_opt_san/sql/item.h:1156#4 0x55b19d427ee0 in setup_fields(THD*, Bounds_checked_array<Item*>, List<Item>&, enum_column_usage, List<Item>*, List<Item>*, bool) /data/11.2_opt_san/sql/sql_base.cc:8064#5 0x55b19db46375 in JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/11.2_opt_san/sql/sql_select.cc:1526#6 0x55b19ded563c in st_select_lex_unit::prepare_join(THD*, st_select_lex*, select_result*, unsigned long long, bool) /data/11.2_opt_san/sql/sql_union.cc:1103#7 0x55b19deefa66 in st_select_lex_unit::prepare(TABLE_LIST*, select_result*, unsigned long long) /data/11.2_opt_san/sql/sql_union.cc:1583#8 0x55b19d909043 in mysql_test_select /data/11.2_opt_san/sql/sql_prepare.cc:1470#9 0x55b19d909043 in check_prepared_statement /data/11.2_opt_san/sql/sql_prepare.cc:2303#10 0x55b19d909043 in Prepared_statement::prepare(char const*, unsigned int) /data/11.2_opt_san/sql/sql_prepare.cc:4216#11 0x55b19d93710d in mysql_sql_stmt_prepare(THD*) /data/11.2_opt_san/sql/sql_prepare.cc:2807#12 0x55b19d81cd59 in mysql_execute_command(THD*, bool) /data/11.2_opt_san/sql/sql_parse.cc:3955#13 0x55b19d82dfc2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /data/11.2_opt_san/sql/sql_parse.cc:7800#14 0x55b19d8395e5 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /data/11.2_opt_san/sql/sql_parse.cc:1892#15 0x55b19d8451f8 in do_command(THD*, bool) /data/11.2_opt_san/sql/sql_parse.cc:1405#16 0x55b19e1664ac in do_handle_one_connection(CONNECT*, bool) /data/11.2_opt_san/sql/sql_connect.cc:1445#17 0x55b19e168aac in handle_one_connection /data/11.2_opt_san/sql/sql_connect.cc:1347#18 0x147d42c94b42 in start_thread nptl/pthread_create.c:442#19 0x147d42d269ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)230902 14:39:04 [ERROR] mysqld got signal 11 ;