Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-33232

Server crash in TYPVAL<char*>::SetValue_char upon ALTER on CONNECT table

    XMLWordPrintable

Details

    Description

      INSTALL SONAME 'ha_connect';
       
      CREATE TABLE t (id int NOT NULL, a char(8), UNIQUE(id)) ENGINE=CONNECT TABLE_TYPE=FIX;
      INSERT INTO t VALUES (10000000,'bar'),(1,'foo');
      ALTER TABLE t MODIFY id VARCHAR(1024) NOT NULL, ALGORITHM=COPY;
       
      # Cleanup
      DROP TABLE t;
      UNINSTALL SONAME 'ha_connect';
      

      10.5 969669767ba4f4dcfadbcc73d14d0904ad3c6aca non-debug

      #2  <signal handler called>
      #3  __strncpy_avx2 () at ../sysdeps/x86_64/multiarch/strcpy-avx2.S:843
      #4  0x00007f99b214dace in strncpy (__len=18446744073709548404, __src=0x7f99b2238381 "\203\277", __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:95
      #5  TYPVAL<char*>::SetValue_char (this=0x7f999621ada8, cp=0x7f99b2238381 "\203\277", n=-3212) at /data/bld/10.5-rel/storage/connect/value.cpp:1385
      #6  0x00007f99b20ed8c3 in CntIndexRead (g=<optimized out>, ptdb=0x7f9996201178, op=<optimized out>, kr=<optimized out>, mrr=<optimized out>) at /data/bld/10.5-rel/storage/connect/connect.cc:792
      #7  0x00007f99b20e5563 in ha_connect::ReadIndexed (this=this@entry=0x7f99a0042360, buf=buf@entry=0x7f99a0042ce0 "\376\b", op=op@entry=OP_EQ, kr=kr@entry=0x7f99a00428a0) at /data/bld/10.5-rel/storage/connect/ha_connect.cc:3899
      #8  0x00007f99b20e571f in ha_connect::index_read (this=0x7f99a0042360, buf=0x7f99a0042ce0 "\376\b", key=0x7f99b223837f "t\363\203\277", key_len=8, find_flag=HA_READ_KEY_EXACT) at /data/bld/10.5-rel/storage/connect/ha_connect.cc:3970
      #9  0x00005572b508abc0 in handler::ha_index_read_map (this=0x7f99a0042360, buf=0x7f99a0042ce0 "\376\b", key=key@entry=0x7f99b223837f "t\363\203\277", keypart_map=keypart_map@entry=18446744073709551615, find_flag=find_flag@entry=HA_READ_KEY_EXACT) at /data/bld/10.5-rel/sql/handler.cc:3189
      #10 0x00005572b50910f0 in handler::check_duplicate_long_entry_key (this=this@entry=0x7f99a0042360, new_rec=new_rec@entry=0x7f99a0042ce0 "\376\b", key_no=key_no@entry=0) at /data/bld/10.5-rel/sql/handler.cc:6912
      #11 0x00005572b509149a in handler::check_duplicate_long_entries (this=this@entry=0x7f99a0042360, new_rec=new_rec@entry=0x7f99a0042ce0 "\376\b") at /data/bld/10.5-rel/sql/handler.cc:7001
      #12 0x00005572b5091d9b in handler::ha_write_row (this=0x7f99a0042360, buf=0x7f99a0042ce0 "\376\b") at /data/bld/10.5-rel/sql/handler.cc:7278
      #13 0x00005572b4f1ea1d in copy_data_between_tables (thd=thd@entry=0x7f99a0000c68, from=from@entry=0x7f99a01a4f18, to=to@entry=0x7f99a0041af8, ignore=ignore@entry=false, order_num=order_num@entry=0, order=order@entry=0x0, copied=<optimized out>, deleted=<optimized out>, alter_info=<optimized out>, alter_ctx=<optimized out>) at /data/bld/10.5-rel/sql/sql_table.cc:11827
      #14 0x00005572b4f2db77 in mysql_alter_table (thd=thd@entry=0x7f99a0000c68, new_db=new_db@entry=0x7f99a0005538, new_name=new_name@entry=0x7f99a00059a0, create_info=create_info@entry=0x7f99b223b620, table_list=<optimized out>, table_list@entry=0x7f99a00106b0, recreate_info=recreate_info@entry=0x7f99b223b510, alter_info=<optimized out>, order_num=<optimized out>, order=<optimized out>, ignore=<optimized out>, if_exists=<optimized out>) at /data/bld/10.5-rel/sql/sql_table.cc:11174
      #15 0x00005572b4f87c8c in Sql_cmd_alter_table::execute (this=<optimized out>, thd=0x7f99a0000c68) at /data/bld/10.5-rel/sql/sql_alter.cc:601
      #16 0x00005572b4e86a96 in mysql_execute_command (thd=thd@entry=0x7f99a0000c68) at /data/bld/10.5-rel/sql/sql_parse.cc:6159
      #17 0x00005572b4e8af46 in mysql_parse (thd=0x7f99a0000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/bld/10.5-rel/sql/sql_parse.cc:8196
      #18 0x00005572b4e8cc75 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f99a0000c68, packet=packet@entry=0x7f99a0008109 "ALTER TABLE t MODIFY id VARCHAR(1024) NOT NULL, ALGORITHM=COPY", packet_length=packet_length@entry=62, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/bld/10.5-rel/sql/sql_parse.cc:1992
      #19 0x00005572b4e8e970 in do_command (thd=0x7f99a0000c68) at /data/bld/10.5-rel/sql/sql_parse.cc:1375
      #20 0x00005572b4f83122 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5572b73355d8, put_in_cache=put_in_cache@entry=true) at /data/bld/10.5-rel/sql/sql_connect.cc:1415
      #21 0x00005572b4f8338d in handle_one_connection (arg=arg@entry=0x5572b73355d8) at /data/bld/10.5-rel/sql/sql_connect.cc:1317
      #22 0x00005572b52ba3fb in pfs_spawn_thread (arg=0x5572b6f5b628) at /data/bld/10.5-rel/storage/perfschema/pfs.cc:2201
      #23 0x00007f99b7aa8044 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      #24 0x00007f99b7b2861c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
      

      10.5 969669767ba4f4dcfadbcc73d14d0904ad3c6aca ASAN

      ==1309716==ERROR: AddressSanitizer: negative-size-param: (size=-3212)
          #0 0x7fa1f2a70bc0 in __interceptor_strncpy ../../../../src/libsanitizer/asan/asan_interceptors.cpp:470
          #1 0x7fa1e82d601b in TYPVAL<char*>::SetValue_char(char const*, int) /data/bld/10.5-asan/storage/connect/value.cpp:1385
          #2 0x7fa1e8174332 in CntIndexRead(_global*, TDB*, OPVAL, st_key_range const*, bool) /data/bld/10.5-asan/storage/connect/connect.cc:792
          #3 0x7fa1e8150e91 in ha_connect::ReadIndexed(unsigned char*, OPVAL, st_key_range const*) /data/bld/10.5-asan/storage/connect/ha_connect.cc:3899
          #4 0x7fa1e8151484 in ha_connect::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function) /data/bld/10.5-asan/storage/connect/ha_connect.cc:3970
          #5 0x7fa1e816a8a4 in handler::index_read_map(unsigned char*, unsigned char const*, unsigned long, ha_rkey_function) (/mnt8t/bld/10.5-asan/mysql-test/var/plugins/ha_connect.so+0x16a8a4)
          #6 0x55cd91b21eaa in handler::ha_index_read_map(unsigned char*, unsigned char const*, unsigned long, ha_rkey_function) /data/bld/10.5-asan/sql/handler.cc:3189
          #7 0x55cd91b41b38 in handler::check_duplicate_long_entry_key(unsigned char const*, unsigned int) /data/bld/10.5-asan/sql/handler.cc:6912
          #8 0x55cd91b43518 in handler::check_duplicate_long_entries(unsigned char const*) /data/bld/10.5-asan/sql/handler.cc:7001
          #9 0x55cd91b4583e in handler::ha_write_row(unsigned char const*) /data/bld/10.5-asan/sql/handler.cc:7278
          #10 0x55cd915b9ff5 in copy_data_between_tables /data/bld/10.5-asan/sql/sql_table.cc:11827
          #11 0x55cd915b48e7 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, HA_CREATE_INFO*, TABLE_LIST*, Recreate_info*, Alter_info*, unsigned int, st_order*, bool, bool) /data/bld/10.5-asan/sql/sql_table.cc:11174
          #12 0x55cd9175761a in Sql_cmd_alter_table::execute(THD*) /data/bld/10.5-asan/sql/sql_alter.cc:601
          #13 0x55cd9130669f in mysql_execute_command(THD*) /data/bld/10.5-asan/sql/sql_parse.cc:6159
          #14 0x55cd91313cc4 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/bld/10.5-asan/sql/sql_parse.cc:8196
          #15 0x55cd912e8f8b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/bld/10.5-asan/sql/sql_parse.cc:1891
          #16 0x55cd912e591e in do_command(THD*) /data/bld/10.5-asan/sql/sql_parse.cc:1375
          #17 0x55cd9173a887 in do_handle_one_connection(CONNECT*, bool) /data/bld/10.5-asan/sql/sql_connect.cc:1415
          #18 0x55cd9173a24f in handle_one_connection /data/bld/10.5-asan/sql/sql_connect.cc:1317
          #19 0x55cd923814af in pfs_spawn_thread /data/bld/10.5-asan/storage/perfschema/pfs.cc:2201
          #20 0x7fa1f1ea8043 in start_thread nptl/pthread_create.c:442
          #21 0x7fa1f1f2861b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
       
      0x7fa1dde195d8 is located 114136 bytes inside of 67108864-byte region [0x7fa1dddfd800,0x7fa1e1dfd800)
      allocated by thread T5 here:
          #0 0x7fa1f2ab89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
          #1 0x7fa1e8224d01 in AllocSarea /data/bld/10.5-asan/storage/connect/plugutil.cpp:481
          #2 0x7fa1e8223f58 in PlugInit /data/bld/10.5-asan/storage/connect/plugutil.cpp:175
          #3 0x7fa1e81763c4 in user_connect::user_init() /data/bld/10.5-asan/storage/connect/user_connect.cc:107
          #4 0x7fa1e813bac8 in GetUser /data/bld/10.5-asan/storage/connect/ha_connect.cc:1055
          #5 0x7fa1e814e41f in ha_connect::open(char const*, int, unsigned int) /data/bld/10.5-asan/storage/connect/ha_connect.cc:3540
          #6 0x55cd91b1e0f0 in handler::ha_open(TABLE*, char const*, int, unsigned int, st_mem_root*, List<String>*) /data/bld/10.5-asan/sql/handler.cc:3049
          #7 0x55cd91659389 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/bld/10.5-asan/sql/table.cc:4315
          #8 0x55cd911512e1 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/bld/10.5-asan/sql/sql_base.cc:2022
          #9 0x55cd9115acc5 in open_and_process_table /data/bld/10.5-asan/sql/sql_base.cc:3817
          #10 0x55cd9115d7f2 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/bld/10.5-asan/sql/sql_base.cc:4301
          #11 0x55cd9116292a in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/bld/10.5-asan/sql/sql_base.cc:5248
          #12 0x55cd910b8899 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/bld/10.5-asan/sql/sql_base.h:508
          #13 0x55cd9122e279 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /data/bld/10.5-asan/sql/sql_insert.cc:760
          #14 0x55cd912fb13d in mysql_execute_command(THD*) /data/bld/10.5-asan/sql/sql_parse.cc:4643
          #15 0x55cd91313cc4 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/bld/10.5-asan/sql/sql_parse.cc:8196
          #16 0x55cd912e8f8b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/bld/10.5-asan/sql/sql_parse.cc:1891
          #17 0x55cd912e591e in do_command(THD*) /data/bld/10.5-asan/sql/sql_parse.cc:1375
          #18 0x55cd9173a887 in do_handle_one_connection(CONNECT*, bool) /data/bld/10.5-asan/sql/sql_connect.cc:1415
          #19 0x55cd9173a24f in handle_one_connection /data/bld/10.5-asan/sql/sql_connect.cc:1317
          #20 0x55cd923814af in pfs_spawn_thread /data/bld/10.5-asan/storage/perfschema/pfs.cc:2201
          #21 0x7fa1f1ea8043 in start_thread nptl/pthread_create.c:442
       
      Thread T5 created by T0 here:
          #0 0x7fa1f2a49726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
          #1 0x55cd9237d1e2 in my_thread_create /data/bld/10.5-asan/storage/perfschema/my_thread.h:52
          #2 0x55cd9238189e in pfs_spawn_thread_v1 /data/bld/10.5-asan/storage/perfschema/pfs.cc:2252
          #3 0x55cd90fd4fbc in inline_mysql_thread_create /data/bld/10.5-asan/include/mysql/psi/mysql_thread.h:1323
          #4 0x55cd90fead82 in create_thread_to_handle_connection(CONNECT*) /data/bld/10.5-asan/sql/mysqld.cc:6081
          #5 0x55cd90feb393 in create_new_thread(CONNECT*) /data/bld/10.5-asan/sql/mysqld.cc:6140
          #6 0x55cd90feb666 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/10.5-asan/sql/mysqld.cc:6205
          #7 0x55cd90fec257 in handle_connections_sockets() /data/bld/10.5-asan/sql/mysqld.cc:6332
          #8 0x55cd90fea5ff in mysqld_main(int, char**) /data/bld/10.5-asan/sql/mysqld.cc:5727
          #9 0x55cd90fd3968 in main /data/bld/10.5-asan/sql/main.cc:25
          #10 0x7fa1f1e461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
       
      SUMMARY: AddressSanitizer: negative-size-param ../../../../src/libsanitizer/asan/asan_interceptors.cpp:470 in __interceptor_strncpy
      ==1309716==ABORTING
      

      Reproducible on all existing versions, debug and non-debug as described above.
      The test case fails on ALTER TABLE .. ALGORITHM=COPY. Without ALGORITHM=COPY it doesn't crash, but fails with a strange error:

      ALTER TABLE t MODIFY id VARCHAR(1024) NOT NULL;
      bug.t2                                   [ fail ]
              Test ended at 2024-03-02 23:18:37
       
      CURRENT_TEST: bug.t2
      mysqltest: At line 5: query 'ALTER TABLE t MODIFY id VARCHAR(1024) NOT NULL' failed: 1845: Alter operations not supported together by CONNECT
      

      Attachments

        Activity

          People

            Unassigned Unassigned
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.