[MDEV-34227] On startup: UBSAN: runtime error: applying non-zero offset in JOIN::make_aggr_tables_info in sql/sql_select.cc - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.5
Fix Version/s: 11.6.0, 10.5.26, 10.6.19, 10.11.9, 11.1.6, 11.2.5, 11.4.3, 11.5.2
Component/s: Character Sets, Optimizer
Labels:
- affects-tests

Description

As per bar, splitting from ~~MDEV-34226~~, the sql/sql_select.cc issues, as they are a different bug.
Upon startup, using a clang build, we see, amongst other warnings;

connect (con1,localhost,root,,);

SELECT database();

disconnect con1;

Leads to:

10.5.26 736449d30ffb2ec71bd700ac84eb38ba30bb662c (Debug, UBASAN)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /test/10.5_dbg_san/strings/ctype.c:870:27 in
/test/10.5_dbg_san/sql/sql_select.cc:3886:22: runtime error: applying non-zero offset 4054449126480 to null pointer
#0 0x5612795ea1da in JOIN::make_aggr_tables_info() /test/10.5_dbg_san/sql/sql_select.cc:3886:22
#1 0x561279531d93 in JOIN::optimize_stage2() /test/10.5_dbg_san/sql/sql_select.cc:3189:9
#2 0x5612795411da in JOIN::optimize_inner() /test/10.5_dbg_san/sql/sql_select.cc:2432:9
#3 0x56127951dd7d in JOIN::optimize() /test/10.5_dbg_san/sql/sql_select.cc:1760:10
#4 0x5612794cde7b in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.5_dbg_san/sql/sql_select.cc:4888:19
#5 0x5612794ca567 in handle_select(THD, LEX, select_result*, unsigned long) /test/10.5_dbg_san/sql/sql_select.cc:449:10
#6 0x56127929b000 in execute_sqlcom_select(THD, TABLE_LIST) /test/10.5_dbg_san/sql/sql_parse.cc:6425:12
#7 0x56127922da21 in mysql_execute_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:4030:12
#8 0x5612791d4313 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:8204:18
#9 0x5612791b3316 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:1892:7
#10 0x5612791dc896 in do_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:1376:17
#11 0x56127a18cbf5 in do_handle_one_connection(CONNECT*, bool) /test/10.5_dbg_san/sql/sql_connect.cc:1417:11
#12 0x56127a18ae0d in handle_one_connection /test/10.5_dbg_san/sql/sql_connect.cc:1319:5
#13 0x14bc5c097ad9 in start_thread nptl/pthread_create.c:444:8
#14 0x14bc5c12847b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

10.5.26 736449d30ffb2ec71bd700ac84eb38ba30bb662c (Debug, UBASAN)
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /test/10.5_dbg_san/sql/sql_select.cc:3886:22 in
/test/10.5_dbg_san/sql/sql_select.cc:3328:32: runtime error: applying non-zero offset 944 to null pointer
#0 0x5612795da01d in JOIN::make_aggr_tables_info() /test/10.5_dbg_san/sql/sql_select.cc:3328:32
#1 0x561279531d93 in JOIN::optimize_stage2() /test/10.5_dbg_san/sql/sql_select.cc:3189:9
#2 0x5612795411da in JOIN::optimize_inner() /test/10.5_dbg_san/sql/sql_select.cc:2432:9
#3 0x56127951dd7d in JOIN::optimize() /test/10.5_dbg_san/sql/sql_select.cc:1760:10
#4 0x5612794cde7b in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.5_dbg_san/sql/sql_select.cc:4888:19
#5 0x5612794ca567 in handle_select(THD, LEX, select_result*, unsigned long) /test/10.5_dbg_san/sql/sql_select.cc:449:10
#6 0x56127929b000 in execute_sqlcom_select(THD, TABLE_LIST) /test/10.5_dbg_san/sql/sql_parse.cc:6425:12
#7 0x56127922da21 in mysql_execute_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:4030:12
#8 0x5612791d4313 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:8204:18
#9 0x5612791b3316 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:1892:7
#10 0x5612791dc896 in do_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:1376:17
#11 0x56127a18cbf5 in do_handle_one_connection(CONNECT*, bool) /test/10.5_dbg_san/sql/sql_connect.cc:1417:11
#12 0x56127a18ae0d in handle_one_connection /test/10.5_dbg_san/sql/sql_connect.cc:1319:5
#13 0x14bc5c097ad9 in start_thread nptl/pthread_create.c:444:8
#14 0x14bc5c12847b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /test/10.5_dbg_san/sql/sql_select.cc:3328:32 in

This blocks UBSAN testing using Clang-compiled builds. Likely present in other versions also.

$ cat BUILD_CMD_CMAKE

cmake . -DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DWITH_SSL=bundled -DBUILD_CONFIG=mysql_release -DWITH_TOKUDB=0 -DWITH_JEMALLOC=no -DFEATURE_SET=community -DDEBUG_EXTNAME=OFF -DWITH_EMBEDDED_SERVER=0 -DENABLE_DOWNLOADS=1 -DDOWNLOAD_BOOST=1 -DWITH_BOOST=/tmp/boost_011979 -DENABLED_LOCAL_INFILE=1 -DENABLE_DTRACE=0 -DWITH_SAFEMALLOC=OFF -DPLUGIN_PERFSCHEMA=NO -DWITH_DBUG_TRACE=OFF -DWITH_ZLIB=bundled -DWITH_ROCKSDB=1 -DWITH_PAM=ON -DWITH_MARIABACKUP=0 -DFORCE_INSOURCE_BUILD=1 -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON -DCMAKE_CXX_FLAGS=-fsanitize-coverage=trace-pc-guard -DMYSQL_MAINTAINER_MODE=OFF -DWARNING_AS_ERROR='' -DCMAKE_BUILD_TYPE=Debug

export UBSAN_OPTIONS=print_stacktrace=1

Summary of locations included in this report:

sql/sql_select.cc:3886:22

sql/sql_select.cc:3328:32

Possibly caused by ~~MDEV-34187~~, or previously masked.

Attachments

Issue Links

split from

MDEV-34226 On startup: UBSAN: applying zero offset to null pointer in my_copy_fix_mb from strings/ctype-mb.c and other locations

Closed

Activity

People

Assignee:: Alexander Barkov

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2024-05-24 06:13

Updated:: 2024-06-10 09:32

Resolved:: 2024-06-10 09:32

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server