Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.5, 10.6, 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL), 11.3(EOL), 11.4
-
None
Description
INSTALL SONAME 'ha_mroonga'; |
CREATE TABLE t (a INET6) ENGINE=Mroonga; |
INSERT INTO t VALUES ('::'); |
SELECT * FROM t; |
|
# Cleanup
|
DROP TABLE t; |
UNINSTALL SONAME 'ha_mroonga'; |
10.5 cc5c0eda4c1a516753de238e02a024b0f044b738 ASAN |
==3697303==ERROR: AddressSanitizer: unknown-crash on address 0x61900009d3d9 at pc 0x7fdc3544814b bp 0x7fdc2bb75d00 sp 0x7fdc2bb754b0
|
READ of size 39 at 0x61900009d3d9 thread T5
|
#0 0x7fdc3544814a in __interceptor_memcpy ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827
|
#1 0x7fdc2a17bba6 in grn_bulk_write /data/bld/10.5-asan/storage/mroonga/vendor/groonga/lib/str.c:1967
|
#2 0x7fdc2a17bcd3 in grn_bulk_write_from /data/bld/10.5-asan/storage/mroonga/vendor/groonga/lib/str.c:1977
|
#3 0x7fdc29a1372a in ha_mroonga::generic_store_bulk_fixed_size_string(Field*, _grn_obj*) /data/bld/10.5-asan/storage/mroonga/ha_mroonga.cpp:10326
|
#4 0x7fdc29a1abe7 in ha_mroonga::generic_store_bulk(Field*, _grn_obj*) /data/bld/10.5-asan/storage/mroonga/ha_mroonga.cpp:10829
|
#5 0x7fdc299d5435 in ha_mroonga::storage_write_row(unsigned char const*) /data/bld/10.5-asan/storage/mroonga/ha_mroonga.cpp:6104
|
#6 0x7fdc299da5a6 in ha_mroonga::write_row(unsigned char const*) /data/bld/10.5-asan/storage/mroonga/ha_mroonga.cpp:6427
|
#7 0x559698f26c0b in handler::ha_write_row(unsigned char const*) /data/bld/10.5-asan/sql/handler.cc:7278
|
#8 0x55969861d611 in write_record(THD*, TABLE*, st_copy_info*, select_result*) /data/bld/10.5-asan/sql/sql_insert.cc:2161
|
#9 0x559698614eb1 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /data/bld/10.5-asan/sql/sql_insert.cc:1127
|
#10 0x5596986df4cb in mysql_execute_command(THD*) /data/bld/10.5-asan/sql/sql_parse.cc:4643
|
#11 0x5596986f7c14 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/bld/10.5-asan/sql/sql_parse.cc:8170
|
#12 0x5596986cd319 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/bld/10.5-asan/sql/sql_parse.cc:1891
|
#13 0x5596986c9cac in do_command(THD*) /data/bld/10.5-asan/sql/sql_parse.cc:1375
|
#14 0x559698b1d383 in do_handle_one_connection(CONNECT*, bool) /data/bld/10.5-asan/sql/sql_connect.cc:1415
|
#15 0x559698b1cd4b in handle_one_connection /data/bld/10.5-asan/sql/sql_connect.cc:1317
|
#16 0x55969975ff89 in pfs_spawn_thread /data/bld/10.5-asan/storage/perfschema/pfs.cc:2201
|
#17 0x7fdc34aa8043 in start_thread nptl/pthread_create.c:442
|
#18 0x7fdc34b2861b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
|
0x61900009d3d9 is located 89 bytes inside of 1008-byte region [0x61900009d380,0x61900009d770)
|
allocated by thread T5 here:
|
#0 0x7fdc354b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
|
#1 0x55969a3acf9d in my_malloc /data/bld/10.5-asan/mysys/my_malloc.c:91
|
#2 0x55969a389df7 in alloc_root /data/bld/10.5-asan/mysys/my_alloc.c:244
|
#3 0x55969a38b4e5 in strmake_root /data/bld/10.5-asan/mysys/my_alloc.c:494
|
#4 0x559698a39df4 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /data/bld/10.5-asan/sql/table.cc:4014
|
#5 0x5596985360f1 in open_table(THD*, TABLE_LIST*, Open_table_context*) /data/bld/10.5-asan/sql/sql_base.cc:2022
|
#6 0x55969853fad5 in open_and_process_table /data/bld/10.5-asan/sql/sql_base.cc:3817
|
#7 0x559698542602 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /data/bld/10.5-asan/sql/sql_base.cc:4301
|
#8 0x55969854773a in open_and_lock_tables(THD*, DDL_options_st const&, TABLE_LIST*, bool, unsigned int, Prelocking_strategy*) /data/bld/10.5-asan/sql/sql_base.cc:5248
|
#9 0x55969849d601 in open_and_lock_tables(THD*, TABLE_LIST*, bool, unsigned int) /data/bld/10.5-asan/sql/sql_base.h:507
|
#10 0x559698612823 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /data/bld/10.5-asan/sql/sql_insert.cc:760
|
#11 0x5596986df4cb in mysql_execute_command(THD*) /data/bld/10.5-asan/sql/sql_parse.cc:4643
|
#12 0x5596986f7c14 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/bld/10.5-asan/sql/sql_parse.cc:8170
|
#13 0x5596986cd319 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/bld/10.5-asan/sql/sql_parse.cc:1891
|
#14 0x5596986c9cac in do_command(THD*) /data/bld/10.5-asan/sql/sql_parse.cc:1375
|
#15 0x559698b1d383 in do_handle_one_connection(CONNECT*, bool) /data/bld/10.5-asan/sql/sql_connect.cc:1415
|
#16 0x559698b1cd4b in handle_one_connection /data/bld/10.5-asan/sql/sql_connect.cc:1317
|
#17 0x55969975ff89 in pfs_spawn_thread /data/bld/10.5-asan/storage/perfschema/pfs.cc:2201
|
#18 0x7fdc34aa8043 in start_thread nptl/pthread_create.c:442
|
|
Thread T5 created by T0 here:
|
#0 0x7fdc35449726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
|
#1 0x55969975bcbc in my_thread_create /data/bld/10.5-asan/storage/perfschema/my_thread.h:52
|
#2 0x559699760378 in pfs_spawn_thread_v1 /data/bld/10.5-asan/storage/perfschema/pfs.cc:2252
|
#3 0x5596983b9fcc in inline_mysql_thread_create /data/bld/10.5-asan/include/mysql/psi/mysql_thread.h:1323
|
#4 0x5596983cfd86 in create_thread_to_handle_connection(CONNECT*) /data/bld/10.5-asan/sql/mysqld.cc:6070
|
#5 0x5596983d0397 in create_new_thread(CONNECT*) /data/bld/10.5-asan/sql/mysqld.cc:6129
|
#6 0x5596983d066a in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/10.5-asan/sql/mysqld.cc:6194
|
#7 0x5596983d125b in handle_connections_sockets() /data/bld/10.5-asan/sql/mysqld.cc:6321
|
#8 0x5596983cf603 in mysqld_main(int, char**) /data/bld/10.5-asan/sql/mysqld.cc:5716
|
#9 0x5596983b8978 in main /data/bld/10.5-asan/sql/main.cc:25
|
#10 0x7fdc34a461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
|
|
SUMMARY: AddressSanitizer: unknown-crash ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:827 in __interceptor_memcpy
|
Shadow bytes around the buggy address:
|
0x0c328000ba20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c328000ba30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c328000ba40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c328000ba50: 00 fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x0c328000ba60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
=>0x0c328000ba70: 00 00 00 00 00 00 f7 02 f7 00 00[01]00 00 01 f7
|
0x0c328000ba80: 00 00 f7 f7 f7 f7 00 00 00 00 00 00 00 00 00 00
|
0x0c328000ba90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
0x0c328000baa0: f7 00 00 00 04 f7 00 00 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c328000bab0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x0c328000bac0: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==3697303==ABORTING
|
On a release-like build the same test produces a wrong result:
CREATE TABLE t (a INET6) ENGINE=Mroonga; |
INSERT INTO t VALUES ('::'); |
SELECT * FROM t; |
a
|
NULL
|
DROP TABLE t; |
(expected result is :: of course, or an error upon CREATE if Mroonga does not support the type).
Also reproducible with INET4 and UUID types on versions where they exist.
Not reproducible on 10.4 as it has none of INET6, INET4, UUID.