[MDEV-33001] ASAN heap-use-after-free in mysql_insert_select_prepare stack - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6
Fix Version/s: 10.6
Component/s: Server
Labels:
None

Description

At running

mtr main.win_big-mdev-11697 main.bad_startup_options
the following asan report is generated.

10.6 47f2b16a8cd
=================================================================
==6702==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 128 byte(s) in 8 object(s) allocated from:
#0 0x7f5220fd2317 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.6+0xb4317)
#1 0x55e574906ccf in st_select_lex::save_item_list_names(THD*) /home3/MDB/WTs/TMP/10.6/sql/sql_lex.cc:11211
#2 0x55e574a08289 in JOIN::prepare(TABLE_LIST, Item, unsigned int, st_order, bool, st_order, Item, st_order, st_select_lex, st_select_lex_unit) /home3/MDB/WTs/TMP/10.6/sql/sql_select.cc:1449
#3 0x55e574c50d95 in st_select_lex_unit::prepare_join(THD, st_select_lex, select_result*, unsigned long long, bool) /home3/MDB/WTs/TMP/10.6/sql/sql_union.cc:1105
#4 0x55e574c553d8 in st_select_lex_unit::prepare(TABLE_LIST, select_result, unsigned long long) /home3/MDB/WTs/TMP/10.6/sql/sql_union.cc:1574
#5 0x55e5748698e9 in mysql_derived_prepare /home3/MDB/WTs/TMP/10.6/sql/sql_derived.cc:840
#6 0x55e574865b83 in mysql_handle_single_derived(LEX, TABLE_LIST, unsigned int) /home3/MDB/WTs/TMP/10.6/sql/sql_derived.cc:200
#7 0x55e574d00788 in TABLE_LIST::handle_derived(LEX*, unsigned int) /home3/MDB/WTs/TMP/10.6/sql/table.cc:9536
#8 0x55e5748b1163 in LEX::handle_list_of_derived(TABLE_LIST*, unsigned int) /home3/MDB/WTs/TMP/10.6/sql/sql_lex.h:4498
#9 0x55e5748d715a in st_select_lex::handle_derived(LEX*, unsigned int) /home3/MDB/WTs/TMP/10.6/sql/sql_lex.cc:4973
#10 0x55e574d006fa in TABLE_LIST::handle_derived(LEX*, unsigned int) /home3/MDB/WTs/TMP/10.6/sql/table.cc:9533
#11 0x55e5748b1163 in LEX::handle_list_of_derived(TABLE_LIST*, unsigned int) /home3/MDB/WTs/TMP/10.6/sql/sql_lex.h:4498
#12 0x55e5748d715a in st_select_lex::handle_derived(LEX*, unsigned int) /home3/MDB/WTs/TMP/10.6/sql/sql_lex.cc:4973
#13 0x55e574d006fa in TABLE_LIST::handle_derived(LEX*, unsigned int) /home3/MDB/WTs/TMP/10.6/sql/table.cc:9533
#14 0x55e5748b1163 in LEX::handle_list_of_derived(TABLE_LIST*, unsigned int) /home3/MDB/WTs/TMP/10.6/sql/sql_lex.h:4498
#15 0x55e57488ca19 in mysql_prepare_insert(THD, TABLE_LIST, List<Item>&, List<Item>, List<Item>&, List<Item>&, enum_duplicates, Item*, bool) /home3/MDB/WTs/TMP/10.6/sql/sql_insert.cc:1643
#16 0x55e57489db51 in mysql_insert_select_prepare(THD, select_result) /home3/MDB/WTs/TMP/10.6/sql/sql_insert.cc:3794
#17 0x55e574954fb1 in mysql_execute_command(THD*, bool) /home3/MDB/WTs/TMP/10.6/sql/sql_parse.cc:4713
#18 0x55e57496c49c in mysql_parse(THD, char, unsigned int, Parser_state*) /home3/MDB/WTs/TMP/10.6/sql/sql_parse.cc:8051

Jira search hints at a relating bug is linked to the current one just in case.

Attachments

Issue Links

relates to

MDEV-21630 Server crashes in mysql_derived_prepare on 2nd execution of SP with views, ASAN: heap-use-after-free in mysql_derived_prepare

Confirmed

Activity

People

Assignee:: Oleksandr Byelkin

Reporter:: Andrei Elkin

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2023-12-12 09:51

Updated:: 2024-01-16 14:01

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.