[MDEV-32240] UBSAN: downcast of address X which does not point to an object of type 'Field_num' in field_longlong::get_opt_type | sql/sql_analyse.cc - Jira

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.4, 10.5, 10.6, 10.11, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.1, 11.2, 11.4
Component/s: Data types
Labels:
- UBSAN

Description

CREATE TABLE t (c BIT(10));

INSERT INTO t VALUES ('a');

SELECT * FROM t PROCEDURE ANALYSE(2);

Leads to

11.3.0 fa64a7a10cb23475c3008ff3d935d12659d2a81f (Optimized, UBASAN)
/test/mtest/MDEV-31606/11.3_opt_san/sql/sql_analyse.cc:968:51: runtime error: member access within address 0x619000093900 which does not point to an object of type 'Field_num'
0x619000093900: note: object is of type 'Field_bit_as_char'
be be be be f8 bd 58 85 96 55 00 00 c9 38 09 00 90 61 00 00 c8 38 09 00 90 61 00 00 98 33 09 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'Field_bit_as_char'
#0 0x5596828decab in field_longlong::get_opt_type(String*, unsigned long long) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_analyse.cc:968
#1 0x5596828ece16 in analyse::end_of_records() /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_analyse.cc:792
#2 0x5596807224c4 in end_send /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_select.cc:24674
#3 0x55968084cc0d in do_select /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_select.cc:22963
#4 0x55968084cc0d in JOIN::exec_inner() /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_select.cc:4941
#5 0x559680852129 in JOIN::exec() /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_select.cc:4718
#6 0x55968083f4bc in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_select.cc:5249
#7 0x559680843153 in handle_select(THD, LEX, select_result*, unsigned long long) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_select.cc:628
#8 0x55968041dd4f in execute_sqlcom_select /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_parse.cc:6012
#9 0x55968046d305 in mysql_execute_command(THD*, bool) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_parse.cc:3911
#10 0x5596803ecfb0 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_parse.cc:7732
#11 0x559680443d28 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_parse.cc:1893
#12 0x55968044f42d in do_command(THD*, bool) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_parse.cc:1406
#13 0x559680d8f71d in do_handle_one_connection(CONNECT*, bool) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_connect.cc:1445
#14 0x559680d91d8c in handle_one_connection /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_connect.cc:1347
#15 0x14e539faa608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
#16 0x14e53921f132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)

11.4.2 9b6e267bfd8fbed66807b8ca81a84d1faa84ff34 (Debug, UBASAN)
/test/11.4_dbg_san/sql/sql_analyse.cc:969:8: runtime error: downcast of address 0x619000073b10 which does not point to an object of type 'Field_num'
0x619000073b10: note: object is of type 'Field_bit_as_char'
be be be be 90 4c e2 aa ee 55 00 00 c9 3a 07 00 90 61 00 00 c8 3a 07 00 90 61 00 00 98 35 07 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'Field_bit_as_char'
#0 0x55eea809f529 in field_longlong::get_opt_type(String*, unsigned long long) /test/11.4_dbg_san/sql/sql_analyse.cc:969
#1 0x55eea80ab02d in analyse::end_of_records() /test/11.4_dbg_san/sql/sql_analyse.cc:792
#2 0x55eea5b46177 in end_send /test/11.4_dbg_san/sql/sql_select.cc:24875
#3 0x55eea5a61ead in sub_select(JOIN, st_join_table, bool) /test/11.4_dbg_san/sql/sql_select.cc:23537
#4 0x55eea5c17e45 in do_select /test/11.4_dbg_san/sql/sql_select.cc:23117
#5 0x55eea5c17e45 in JOIN::exec_inner() /test/11.4_dbg_san/sql/sql_select.cc:4988
#6 0x55eea5c1944e in JOIN::exec() /test/11.4_dbg_san/sql/sql_select.cc:4774
#7 0x55eea5c07871 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/11.4_dbg_san/sql/sql_select.cc:5304
#8 0x55eea5c0bd82 in handle_select(THD, LEX, select_result*, unsigned long long) /test/11.4_dbg_san/sql/sql_select.cc:630
#9 0x55eea57702f4 in execute_sqlcom_select /test/11.4_dbg_san/sql/sql_parse.cc:6094
#10 0x55eea57d5140 in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:3943
#11 0x55eea57fc40e in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.4_dbg_san/sql/sql_parse.cc:7815
#12 0x55eea580c252 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1893
#13 0x55eea581a799 in do_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1406
#14 0x55eea622c88b in do_handle_one_connection(CONNECT*, bool) /test/11.4_dbg_san/sql/sql_connect.cc:1437
#15 0x55eea622dda6 in handle_one_connection /test/11.4_dbg_san/sql/sql_connect.cc:1339
#16 0x152dfd894ac2 in start_thread nptl/pthread_create.c:442
#17 0x152dfd92684f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)

/test/11.4_dbg_san/sql/sql_analyse.cc:969:51: runtime error: member access within address 0x619000073b10 which does not point to an object of type 'Field_num'
0x619000073b10: note: object is of type 'Field_bit_as_char'
be be be be 90 4c e2 aa ee 55 00 00 c9 3a 07 00 90 61 00 00 c8 3a 07 00 90 61 00 00 98 35 07 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'Field_bit_as_char'
#0 0x55eea809f55b in field_longlong::get_opt_type(String*, unsigned long long) /test/11.4_dbg_san/sql/sql_analyse.cc:969
#1 0x55eea80ab02d in analyse::end_of_records() /test/11.4_dbg_san/sql/sql_analyse.cc:792
#2 0x55eea5b46177 in end_send /test/11.4_dbg_san/sql/sql_select.cc:24875
#3 0x55eea5a61ead in sub_select(JOIN, st_join_table, bool) /test/11.4_dbg_san/sql/sql_select.cc:23537
#4 0x55eea5c17e45 in do_select /test/11.4_dbg_san/sql/sql_select.cc:23117
#5 0x55eea5c17e45 in JOIN::exec_inner() /test/11.4_dbg_san/sql/sql_select.cc:4988
#6 0x55eea5c1944e in JOIN::exec() /test/11.4_dbg_san/sql/sql_select.cc:4774
#7 0x55eea5c07871 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/11.4_dbg_san/sql/sql_select.cc:5304
#8 0x55eea5c0bd82 in handle_select(THD, LEX, select_result*, unsigned long long) /test/11.4_dbg_san/sql/sql_select.cc:630
#9 0x55eea57702f4 in execute_sqlcom_select /test/11.4_dbg_san/sql/sql_parse.cc:6094
#10 0x55eea57d5140 in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:3943
#11 0x55eea57fc40e in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.4_dbg_san/sql/sql_parse.cc:7815
#12 0x55eea580c252 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1893
#13 0x55eea581a799 in do_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1406
#14 0x55eea622c88b in do_handle_one_connection(CONNECT*, bool) /test/11.4_dbg_san/sql/sql_connect.cc:1437
#15 0x55eea622dda6 in handle_one_connection /test/11.4_dbg_san/sql/sql_connect.cc:1339
#16 0x152dfd894ac2 in start_thread nptl/pthread_create.c:442
#17 0x152dfd92684f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)

Note the different opt vs dbg stack, i.e. sub_select.

UBSAN: downcast of address X which does not point to an object of type 'Field_num' in field_longlong::get_opt_type | sql/sql_analyse.cc

Details

Description

Attachments

Activity

People

Dates

Git Integration