[MDEV-33235] [Draft] ASAN errors in my_mb_wc_latin1 / my_convert_fix - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.11, 11.0, 11.1, 11.2, 11.3
Fix Version/s: 10.6, 10.11, 11.0, 11.1, 11.2, 11.3
Component/s: Character Sets
Labels:
None

Description

Reproducible, needs cleaning and comparison with other numerous bugs of the similar kind.
On 10.4-10.5 fails with "marked_for_read" instead.

--source include/have_innodb.inc

CREATE DATABASE IF NOT EXISTS advanced_db;

CREATE TABLE advanced_db.t2_InnoDB (id SERIAL /*!100303 */, col_int SMALLINT(46) UNSIGNED NOT NULL DEFAULT 0, col_year YEAR NOT NULL DEFAULT 1970, col_char CHAR(229) NULL, col_varchar VARCHAR(2922) NULL) ENGINE=InnoDB;

INSERT IGNORE INTO advanced_db.t2_InnoDB (col_char,col_int,col_varchar,col_year,id) VALUES

 (NULL,1,'m',1995,1995);

ALTER TABLE /*!100502 IF EXISTS */ advanced_db.t2_InnoDB ADD PRIMARY KEY (col_varchar(150) ASC), LOCK = EXCLUSIVE;

ALTER TABLE advanced_db.t2_InnoDB ADD COLUMN IF NOT EXISTS func_vcol_str VARCHAR(1024) GENERATED ALWAYS AS (SHA1((@A := (LEFT(((AES_DECRYPT(col_year, (@A := 'vxvygcdxvvvmkmbrysbanmxtrytrkrbkyltjmttnkuniyyzidrxwgzecsxndnjlxehlorhwsmpedzwaumgqfttnjpbeokpirvxqzfjzmprbqqckfmgivrlcvkvqtkrcmwfkfiesdbzthfcaltlhxdmjfrojchezhfrnbybptnlrnoyxinqrpluikvpcmdxrlufglqnihdkidifqpucfdmeddqtpmlcaxamysdo'))) AND ('xvygcdxvvvmkmbrysbanmxtrytrkrbkyltjmttnkuniyyzidrxwgzecsxndnjlxehlorhwsmpedzwaumgqfttnjpbeokpirvxqzfjzmprbqqckfmgivrlcvkvqtkrcmwfkfiesdbzthfcaltlhxdmjfrojchezhfrnbybptnlrnoyxinqrpluikvpcmdxr' < 4287168512)), (((SYSTEM_USER()) RLIKE '04:43:54.049043') IN ('q', id, '2027-02-09', 28957, col_int)))))));

ALTER TABLE advanced_db.t2_InnoDB MODIFY COLUMN IF EXISTS func_vcol_str VARCHAR(1024) GENERATED ALWAYS AS ((CONVERT(col_varchar USING utf8mb4)) << -13600);

CREATE INDEX indcnstr15 ON advanced_db.t2_InnoDB (func_vcol_str DESC) WAIT 5;

10.6 d06b6de3050180ec2f96ef00963d1beab8e1b47a
==238232==ERROR: AddressSanitizer: use-after-poison on address 0x6290003622ff at pc 0x560685015f08 bp 0x7fa6b2ca8ed0 sp 0x7fa6b2ca8ec8
READ of size 1 at 0x6290003622ff thread T11
#0 0x560685015f07 in my_mb_wc_latin1 /data/bld/10.6-asan/strings/ctype-latin1.c:376
#1 0x56068509168c in my_convert_fix /data/bld/10.6-asan/strings/ctype.c:1306
#2 0x5606835232a5 in String_copier::well_formed_copy(charset_info_st const, char, unsigned long, charset_info_st const, char const, unsigned long, unsigned long) /data/bld/10.6-asan/sql/sql_string.cc:1130
#3 0x560683bd9184 in String::copy(charset_info_st const, charset_info_st const, char const, unsigned long, unsigned long, String_copier) /data/bld/10.6-asan/sql/sql_string.h:1027
#4 0x560683bb1572 in String_copier_for_item::copy_with_warn(charset_info_st const, String, charset_info_st const, char const, unsigned int, unsigned int) /data/bld/10.6-asan/sql/item.cc:6553
#5 0x560683d31b07 in Item_func_conv_charset::val_str(String*) /data/bld/10.6-asan/sql/item_strfunc.cc:3584
#6 0x560683d11a18 in Item_str_func::val_decimal(my_decimal*) /data/bld/10.6-asan/sql/item_strfunc.cc:137
#7 0x560683d49d83 in Item_func_conv_charset::val_decimal(my_decimal*) /data/bld/10.6-asan/sql/item_strfunc.h:1820
#8 0x5606838bb737 in VDec::VDec(Item*) /data/bld/10.6-asan/sql/sql_type.cc:293
#9 0x560683cd1701 in Func_handler_shift_left_decimal_to_ulonglong::to_longlong_null(Item_handled_func*) const /data/bld/10.6-asan/sql/item_func.cc:2150
#10 0x560683c3a255 in Item_handled_func::Handler_int::val_int(Item_handled_func*) const /data/bld/10.6-asan/sql/item_func.h:767
#11 0x560683903214 in Item_handled_func::val_int() /data/bld/10.6-asan/sql/item_func.h:854
#12 0x560683bb319a in Item::save_int_in_field(Field*, bool) /data/bld/10.6-asan/sql/item.cc:6830
#13 0x5606838d320f in Type_handler_int_result::Item_save_in_field(Item, Field, bool) const /data/bld/10.6-asan/sql/sql_type.cc:4333
#14 0x560683bb3382 in Item::save_in_field(Field*, bool) /data/bld/10.6-asan/sql/item.cc:6840
#15 0x56068365b2a0 in TABLE::update_virtual_field(Field*, bool) /data/bld/10.6-asan/sql/table.cc:9055
#16 0x5606845adae3 in innobase_get_computed_value(dtuple_t, dict_v_col_t const, dict_index_t const, mem_block_info_t, mem_block_info_t, dict_field_t const, THD, TABLE, unsigned char, dict_table_t const, upd_t const, bool) /data/bld/10.6-asan/storage/innobase/handler/ha_innodb.cc:20285
#17 0x5606848f4c08 in row_merge_buf_add /data/bld/10.6-asan/storage/innobase/row/row0merge.cc:587
#18 0x560684903537 in row_merge_read_clustered_index /data/bld/10.6-asan/storage/innobase/row/row0merge.cc:2387
#19 0x560684912d29 in row_merge_build_indexes(trx_t, dict_table_t, dict_table_t, bool, dict_index_t, unsigned long const, unsigned long, TABLE, dtuple_t const, unsigned long const, unsigned long, ib_sequence_t&, bool, ut_stage_alter_t, dict_add_v_col_t const, TABLE, bool, std::map<unsigned int, dict_col_t, std::less<unsigned int>, std::allocator<std::pair<unsigned int const, dict_col_t> > > const*) /data/bld/10.6-asan/storage/innobase/row/row0merge.cc:4559
#20 0x56068462654d in ha_innobase::inplace_alter_table(TABLE, Alter_inplace_info) /data/bld/10.6-asan/storage/innobase/handler/handler0alter.cc:8801
#21 0x56068358164b in handler::ha_inplace_alter_table(TABLE, Alter_inplace_info) /data/bld/10.6-asan/sql/handler.h:4697
#22 0x56068355b190 in mysql_inplace_alter_table /data/bld/10.6-asan/sql/sql_table.cc:7484
#23 0x56068357308a in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Recreate_info, Alter_info, unsigned int, st_order, bool, bool) /data/bld/10.6-asan/sql/sql_table.cc:10522
#24 0x5606832b5bfb in mysql_execute_command(THD*, bool) /data/bld/10.6-asan/sql/sql_parse.cc:4229
#25 0x5606832d0f0e in mysql_parse(THD, char, unsigned int, Parser_state*) /data/bld/10.6-asan/sql/sql_parse.cc:8100
#26 0x5606832a6943 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /data/bld/10.6-asan/sql/sql_parse.cc:1896
#27 0x5606832a3677 in do_command(THD*, bool) /data/bld/10.6-asan/sql/sql_parse.cc:1409
#28 0x560683718c7a in do_handle_one_connection(CONNECT*, bool) /data/bld/10.6-asan/sql/sql_connect.cc:1415
#29 0x56068371863b in handle_one_connection /data/bld/10.6-asan/sql/sql_connect.cc:1317
#30 0x56068436fa73 in pfs_spawn_thread /data/bld/10.6-asan/storage/perfschema/pfs.cc:2201
#31 0x7fa6c0ea8043 in start_thread nptl/pthread_create.c:442
#32 0x7fa6c0f2861b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

0x6290003622ff is located 4351 bytes inside of 16536-byte region [0x629000361200,0x629000365298)
allocated by thread T11 here:
#0 0x7fa6c1ab89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x5606845c953d in ut_allocator<unsigned char, true>::allocate(unsigned long, unsigned char const*, unsigned int, bool, bool) /data/bld/10.6-asan/storage/innobase/include/ut0new.h:375
#2 0x5606847ba67b in mem_heap_create_block_func(mem_block_info_t, unsigned long, char const, unsigned int, unsigned long) /data/bld/10.6-asan/storage/innobase/mem/mem0mem.cc:277
#3 0x560684542874 in mem_heap_create_func /data/bld/10.6-asan/storage/innobase/include/mem0mem.inl:377
#4 0x5606845ac156 in innobase_allocate_row_for_vcol(THD, dict_index_t const, mem_block_info_t, TABLE, VCOL_STORAGE*) /data/bld/10.6-asan/storage/innobase/handler/ha_innodb.cc:20107
#5 0x5606848f4afe in row_merge_buf_add /data/bld/10.6-asan/storage/innobase/row/row0merge.cc:579
#6 0x560684903537 in row_merge_read_clustered_index /data/bld/10.6-asan/storage/innobase/row/row0merge.cc:2387
#7 0x560684912d29 in row_merge_build_indexes(trx_t, dict_table_t, dict_table_t, bool, dict_index_t, unsigned long const, unsigned long, TABLE, dtuple_t const, unsigned long const, unsigned long, ib_sequence_t&, bool, ut_stage_alter_t, dict_add_v_col_t const, TABLE, bool, std::map<unsigned int, dict_col_t, std::less<unsigned int>, std::allocator<std::pair<unsigned int const, dict_col_t> > > const*) /data/bld/10.6-asan/storage/innobase/row/row0merge.cc:4559
#8 0x56068462654d in ha_innobase::inplace_alter_table(TABLE, Alter_inplace_info) /data/bld/10.6-asan/storage/innobase/handler/handler0alter.cc:8801
#9 0x56068358164b in handler::ha_inplace_alter_table(TABLE, Alter_inplace_info) /data/bld/10.6-asan/sql/handler.h:4697
#10 0x56068355b190 in mysql_inplace_alter_table /data/bld/10.6-asan/sql/sql_table.cc:7484
#11 0x56068357308a in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Recreate_info, Alter_info, unsigned int, st_order, bool, bool) /data/bld/10.6-asan/sql/sql_table.cc:10522
#12 0x5606832b5bfb in mysql_execute_command(THD*, bool) /data/bld/10.6-asan/sql/sql_parse.cc:4229
#13 0x5606832d0f0e in mysql_parse(THD, char, unsigned int, Parser_state*) /data/bld/10.6-asan/sql/sql_parse.cc:8100
#14 0x5606832a6943 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /data/bld/10.6-asan/sql/sql_parse.cc:1896
#15 0x5606832a3677 in do_command(THD*, bool) /data/bld/10.6-asan/sql/sql_parse.cc:1409
#16 0x560683718c7a in do_handle_one_connection(CONNECT*, bool) /data/bld/10.6-asan/sql/sql_connect.cc:1415
#17 0x56068371863b in handle_one_connection /data/bld/10.6-asan/sql/sql_connect.cc:1317
#18 0x56068436fa73 in pfs_spawn_thread /data/bld/10.6-asan/storage/perfschema/pfs.cc:2201
#19 0x7fa6c0ea8043 in start_thread nptl/pthread_create.c:442

Thread T11 created by T0 here:
#0 0x7fa6c1a49726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
#1 0x56068436b7ae in my_thread_create /data/bld/10.6-asan/storage/perfschema/my_thread.h:52
#2 0x56068436fe62 in pfs_spawn_thread_v1 /data/bld/10.6-asan/storage/perfschema/pfs.cc:2252
#3 0x560682f8d8ab in inline_mysql_thread_create /data/bld/10.6-asan/include/mysql/psi/mysql_thread.h:1139
#4 0x560682fa4b31 in create_thread_to_handle_connection(CONNECT*) /data/bld/10.6-asan/sql/mysqld.cc:6001
#5 0x560682fa5142 in create_new_thread(CONNECT*) /data/bld/10.6-asan/sql/mysqld.cc:6060
#6 0x560682fa542d in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/10.6-asan/sql/mysqld.cc:6122
#7 0x560682fa5dbd in handle_connections_sockets() /data/bld/10.6-asan/sql/mysqld.cc:6246
#8 0x560682fa43ae in mysqld_main(int, char**) /data/bld/10.6-asan/sql/mysqld.cc:5896
#9 0x560682f8c9b8 in main /data/bld/10.6-asan/sql/main.cc:34
#10 0x7fa6c0e461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: use-after-poison /data/bld/10.6-asan/strings/ctype-latin1.c:376 in my_mb_wc_latin1
Shadow bytes around the buggy address:
0x0c5280064400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5280064410: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5280064420: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5280064430: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5280064440: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c5280064450: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[07]
0x0c5280064460: f7 f7 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5280064470: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5280064480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c5280064490: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c52800644a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==238232==ABORTING

Attachments

Activity

People

Assignee:: Elena Stepanova

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2024-01-13 16:03

Updated:: 2024-01-13 16:03

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.