Details
Major Description
I found UBSAN bugs with a long query which, when simplified, lead to many different UBSAN stacks. In reverse order from short to long query (using UniqeID's to keep this report to a reasonable length):
SELECT TRUNCATE(EXP(-1.e-2),-1.e+30); |
Leads to:
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|my_double_round|Item_func_round::real_op|Item_func_hybrid_field_type::val_real_from_real_op|Type_handler_real_result::Item_func_hybrid_field_type_val_real
|
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|my_double_round|Type_handler::Item_send_double|Protocol::send_result_set_row|select_send::send_data
|
SELECT (TRUNCATE(EXP(-1.e-2),-1.e+30) % RADIANS(-1)); |
Leads to (opt/dbg):
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|my_double_round|Item_func_mod::real_op|Type_handler::Item_send_double|Protocol::send_result_set_row
|
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|my_double_round|Item_func_round::real_op|Item_func_hybrid_field_type::val_real_from_real_op|Type_handler_real_result::Item_func_hybrid_field_type_val_real
|
SELECT (TRUNCATE(EXP(-1.e-2),-1.e+30) % RADIANS(-1)) * (LAST_DAY('1-03-30 1:29:12') MOD 1 + COS(-1)); |
Leads to (opt/dbg):
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|my_double_round|Item_func_mod::real_op|Item_func_mul::real_op|Type_handler::Item_send_double
|
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|my_double_round|Item_func_round::real_op|Item_func_hybrid_field_type::val_real_from_real_op|Type_handler_real_result::Item_func_hybrid_field_type_val_real
|
SELECT(ASIN(-1)+ LN(-1)) % (ATAN(-1) MOD FLOOR(1)) * (TRUNCATE(EXP(-1.e-2),-1.e+30) % RADIANS(-1)) * (LAST_DAY('1-03-30 1:29:12') MOD 1 + COS(-1)); |
Leads to (opt/dbg):
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|my_double_round|Item_func_mod::real_op|Item_func_mul::real_op|Item_func_mul::real_op
|
UBSAN|negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself|sql/item_func.cc|my_double_round|Item_func_round::real_op|Item_func_hybrid_field_type::val_real_from_real_op|Type_handler_real_result::Item_func_hybrid_field_type_val_real
|
The optimized outcomes are different for each testcase. The debug build outcomes are the same for the last three only, but different from the first testcase. However, for the first testcase the optimized build outcome is the same outcome as the three last testcases debug build outcomes.
All versions and build types affected.
Setup:
Compiled with GCC >=7.5.0 (I use GCC 11.4.0) and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1
|