Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.5.25, 10.6, 11.8
Description
/source/storage/myisam/ha_myisam.cc:1679:33: runtime error: call to function mysql_sys_var_longlong(THD*, int) through pointer to incorrect function type 'unsigned long long *(*)(THD *, int)'
|
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /source/storage/myisam/ha_myisam.cc:1679:33
|
/source/storage/myisam/ha_myisam.cc:1344:11: runtime error: call to function mysql_sys_var_long(THD*, int) through pointer to incorrect function type 'unsigned long *(*)(THD *, int)'
|
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /source/storage/myisam/ha_myisam.cc:1344:11
|
Attachments
Issue Links
- duplicates
-
-
- Closed
-
- is part of
-
MDEV-25454 Make MariaDB server UBSAN safe
-
- Confirmed
-
- relates to
-
-
- Closed
-
-
-
- Closed
-
Activity
bnestere ycp Hi! The UBSAN call to function mysql_sys_var_long (THD*, int) through pointer to incorrect function type 'unsigned long *(*)(THD *, int)' will require urgent fixing, as this particular issue is not supressable using UBSAN supressions, and occurs on Spider Plugin load, resulting in all other Spider *SAN issues are masked. Thank you
Additional function-type-mismatch for ha_myisam::optimize with this testcase:
CREATE TABLE t1 (f1 VARCHAR(128), f2 VARCHAR(128), KEY(f2,f1) USING BTREE) ENGINE=MyISAM; |
INSERT INTO diaries VALUES (1216, "2014-11-11"); |
OPTIMIZE TABLE t1; |
SELECT SLEEP(2); |
Leads to:
|
CS 10.5.28 a226f12675c6312ca7632b90261397e313e6a7ae (Debug, UBASAN, Clang) |
/test/10.5_dbg_san/storage/myisam/ha_myisam.cc:1256:31: runtime error: call to function mysql_sys_var_longlong(THD*, int) through pointer to incorrect function type 'unsigned long long *(*)(THD *, int)'
|
/test/10.5_dbg_san/sql/sql_plugin.cc:3241: note: mysql_sys_var_longlong(THD*, int) defined here
|
#0 0x563ae0a10df2 in ha_myisam::optimize(THD*, st_ha_check_opt*) /test/10.5_dbg_san/storage/myisam/ha_myisam.cc:1256:31
|
#1 0x563add0d162d in handler::ha_optimize(THD*, st_ha_check_opt*) /test/10.5_dbg_san/sql/handler.cc:4891:10
|
#2 0x563adbef861b in mysql_admin_table(THD*, TABLE_LIST*, st_ha_check_opt*, char const*, thr_lock_type, bool, bool, unsigned int, int (*)(THD*, TABLE_LIST*, st_ha_check_opt*), int (handler::*)(THD*, st_ha_check_opt*), int (*)(THD*, TABLE_LIST*, st_ha_check_opt*), bool) /test/10.5_dbg_san/sql/sql_admin.cc:875:21
|
#3 0x563adbf1235e in Sql_cmd_optimize_table::execute(THD*) /test/10.5_dbg_san/sql/sql_admin.cc:1517:5
|
#4 0x563adaf78140 in mysql_execute_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:6193:26
|
#5 0x563adaeca673 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:8251:18
|
#6 0x563adaea9863 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /test/10.5_dbg_san/sql/sql_parse.cc:1891:7
|
#7 0x563adaed2ba9 in do_command(THD*) /test/10.5_dbg_san/sql/sql_parse.cc:1375:17
|
#8 0x563adbe4f0c0 in do_handle_one_connection(CONNECT*, bool) /test/10.5_dbg_san/sql/sql_connect.cc:1386:11
|
#9 0x563adbe4d88d in handle_one_connection /test/10.5_dbg_san/sql/sql_connect.cc:1298:5
|
#10 0x563ada346a8c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#11 0x14d03f69ca93 in start_thread nptl/pthread_create.c:447:8
|
#12 0x14d03f729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: function-type-mismatch /test/10.5_dbg_san/storage/myisam/ha_myisam.cc:1256:31
|
And finally in ha_maria::optimize:
CREATE TABLE t (c INT) ENGINE=Aria; |
OPTIMIZE LOCAL TABLE t; |
Leads to:
|
CS 11.8.0 7734c85c31c9e292ef1133115fba2f7edd71dd51 (Optimized, UBASAN, Clang) |
/test/11.8_opt_san/storage/maria/ha_maria.cc:1571:35: runtime error: call to function mysql_sys_var_longlong(THD*, int) through pointer to incorrect function type 'unsigned long long *(*)(THD *, int)'
|
/test/11.8_opt_san/sql/sql_plugin.cc:3233: note: mysql_sys_var_longlong(THD*, int) defined here
|
#0 0x55cfe21af147 in ha_maria::optimize(THD*, st_ha_check_opt*) /test/11.8_opt_san/storage/maria/ha_maria.cc:1571:35
|
#1 0x55cfe0db5ea0 in mysql_admin_table(THD*, TABLE_LIST*, st_ha_check_opt*, st_mysql_const_lex_string const*, thr_lock_type, bool, bool, unsigned int, int (*)(THD*, TABLE_LIST*, st_ha_check_opt*), int (handler::*)(THD*, st_ha_check_opt*), int (*)(THD*, TABLE_LIST*, st_ha_check_opt*), bool) /test/11.8_opt_san/sql/sql_admin.cc:937:21
|
#2 0x55cfe0dbe19a in Sql_cmd_optimize_table::execute(THD*) /test/11.8_opt_san/sql/sql_admin.cc:1673:5
|
#3 0x55cfe05a5590 in mysql_execute_command(THD*, bool) /test/11.8_opt_san/sql/sql_parse.cc:5872:26
|
#4 0x55cfe0577c92 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_opt_san/sql/sql_parse.cc:7901:18
|
#5 0x55cfe056cb9e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_opt_san/sql/sql_parse.cc:1903:7
|
#6 0x55cfe057aa6e in do_command(THD*, bool) /test/11.8_opt_san/sql/sql_parse.cc:1416:17
|
#7 0x55cfe0d5be38 in do_handle_one_connection(CONNECT*, bool) /test/11.8_opt_san/sql/sql_connect.cc:1415:11
|
#8 0x55cfe0d5b280 in handle_one_connection /test/11.8_opt_san/sql/sql_connect.cc:1327:5
|
#9 0x55cfdfea3b0c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#10 0x15074269ca93 in start_thread nptl/pthread_create.c:447:8
|
#11 0x150742729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: function-type-mismatch /test/11.8_opt_san/storage/maria/ha_maria.cc:1571:35
|
Bug confirmed present in:
MariaDB: 10.5.28 (dbg), 10.5.28 (opt), 10.6.21 (dbg), 10.6.21 (opt), 10.11.11 (dbg), 10.11.11 (opt), 11.4.5 (dbg), 11.4.5 (opt), 11.7.1 (dbg), 11.7.1 (opt), 11.8.0 (dbg), 11.8.0 (opt)
Looks like the kind of thing that may have been resolved by https://github.com/MariaDB/server/pull/3737/commits/bea471825ce0c4d0c2bab888e888078f8d462219
tested cases described here in 10.6 and no UBSAN errors.
Issue also present in 11.8, including after the merge that brought
MDEV-34348to 11.8. Tested at commit f0961301c81c7f5b009c012c076abc326b203b4a (Debug, UBASAN, Clang).