Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.9, 10.10, 10.11, 11.1, 11.2, 11.3
-
None
Description
SELECT ST_ASGEOJSON(ST_GEOMFROMTEXT("POINT(1 11)",13),2147483647); |
SELECT JSON_INSERT('{ "a" : "foo","b" : [ 1,2,3 ] }','$.a[1]',true); |
Leads to:
|
10.10.7 04d9a46c41b36b61057741abddf7840962e76893 (Optimized) |
/test/10.10_opt_san/strings/json_lib.c:1456:69: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
|
|
10.10.7 04d9a46c41b36b61057741abddf7840962e76893 (Optimized) |
#0 0x5621389bd06d in json_find_path /test/10.10_opt_san/strings/json_lib.c:1456
|
#1 0x5621356bb8f7 in Item_func_json_insert::val_str(String*) /test/10.10_opt_san/sql/item_jsonfunc.cc:3177
|
#2 0x56213588284d in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/10.10_opt_san/sql/sql_type.cc:7469
|
#3 0x56213440e381 in Protocol::send_result_set_row(List<Item>*) /test/10.10_opt_san/sql/protocol.cc:1334
|
#4 0x562134788e29 in select_send::send_data(List<Item>&) /test/10.10_opt_san/sql/sql_class.cc:3135
|
#5 0x562134e9eeb7 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/10.10_opt_san/sql/sql_class.h:5818
|
#6 0x562134e9eeb7 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/10.10_opt_san/sql/sql_class.h:5808
|
#7 0x562134e9eeb7 in JOIN::exec_inner() /test/10.10_opt_san/sql/sql_select.cc:4751
|
#8 0x562134ea3279 in JOIN::exec() /test/10.10_opt_san/sql/sql_select.cc:4663
|
#9 0x562134e914e1 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.10_opt_san/sql/sql_select.cc:5143
|
#10 0x562134e950b3 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.10_opt_san/sql/sql_select.cc:588
|
#11 0x562134a82e4f in execute_sqlcom_select /test/10.10_opt_san/sql/sql_parse.cc:6289
|
#12 0x562134ad3d14 in mysql_execute_command(THD*, bool) /test/10.10_opt_san/sql/sql_parse.cc:3960
|
#13 0x562134a53100 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.10_opt_san/sql/sql_parse.cc:8055
|
#14 0x562134aa8520 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.10_opt_san/sql/sql_parse.cc:1894
|
#15 0x562134ab3d5d in do_command(THD*, bool) /test/10.10_opt_san/sql/sql_parse.cc:1407
|
#16 0x5621353d18ed in do_handle_one_connection(CONNECT*, bool) /test/10.10_opt_san/sql/sql_connect.cc:1416
|
#17 0x5621353d3f5c in handle_one_connection /test/10.10_opt_san/sql/sql_connect.cc:1318
|
#18 0x14558695c608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
|
#19 0x145585bd1132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
|
grep: /test/UBASAN_MD071223-mariadb-10.10.7-linux-x86_64-dbg/log/master.err: No such file or directory
|
Setup:
Compiled with GCC >=7.5.0 (I use GCC 11.4.0) and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1
|
Bug confirmed present in:
MariaDB: 10.9.8 (opt), 10.10.7 (opt), 10.11.6 (opt), 11.1.3 (opt), 11.2.2 (opt), 11.3.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.32 (dbg), 10.4.32 (opt), 10.5.23 (dbg), 10.5.23 (opt), 10.6.16 (dbg), 10.6.16 (opt), 10.9.8 (dbg), 10.10.7 (dbg), 10.11.6 (dbg), 11.0.4 (dbg), 11.0.4 (opt), 11.1.3 (dbg), 11.2.2 (dbg), 11.3.0 (dbg)