[MDEV-34607] UBSAN downcast of address X which does not point to an object of type 'Field_num' in Type_handler_long::make_conversion_table_field - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.5, 10.6, 10.11, 11.1, 11.2, 11.4, 11.5
Fix Version/s: 10.5, 10.6, 10.11, 11.1, 11.2, 11.4, 11.5
Component/s: None
Labels:
- ubsan

Description

CREATE OR REPLACE TABLE t1(c1 SERIAL,c2 CHAR(1)) ;

BINLOG ' SOgWTg8BAAAAbgAAAHIAAAAAAAQANS42LjMtbTUtZGVidWctbG9nAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAABI6BZOEzgNAAgAEgAEBAQEEgAAVgAEGggAAAAICAgCAAAAAAVAYI8=';

SET GLOBAL SLAVE_TYPE_CONVERSIONS='ALL_NON_LOSSY';

--ERROR ER_UNKNOWN_ERROR

BINLOG 'wlZOTxMBAAAAKgAAADwCAAAAACkAAAAAAAEABHRlc3QAAnQxAAIDAwAC wlZOTxcBAAAAJgAAAGICAAAAACkAAAAAAAEAAv/8AgAAAAgAAAA=';

Leads to

11.5.2 4e805aed8554e21ba5f2b979cbcb55769162ba33 (Optimized, UBASAN)
/test/11.5_opt_san/sql/sql_type.cc:2475:37: runtime error: downcast of address 0x619000064808 which does not point to an object of type 'Field_num'
0x619000064808: note: object is of type 'Field_varstring'
be be be be b0 3d e1 2e c5 55 00 00 d1 45 06 00 90 61 00 00 c8 45 06 00 90 61 00 00 98 40 06 00
^~~~~~~~~~~~~~~~~~~~~~~
vptr for 'Field_varstring'
#0 0x55c52a871c57 in Type_handler_long::make_conversion_table_field(st_mem_root, TABLE, unsigned int, Field const*) const /test/11.5_opt_san/sql/sql_type.cc:2475
#1 0x55c52a2d98ce in Virtual_conversion_table::add(Type_handler const, unsigned short, Field const) /test/11.5_opt_san/sql/rpl_utility_server.cc:1053
#2 0x55c52a2d98ce in table_def::create_conversion_table(THD, rpl_group_info, TABLE*) const /test/11.5_opt_san/sql/rpl_utility_server.cc:1099
#3 0x55c52a2dc50b in table_def::compatible_with(THD, rpl_group_info, TABLE, TABLE*) const /test/11.5_opt_san/sql/rpl_utility_server.cc:971
#4 0x55c52be1395a in Rows_log_event::do_apply_event(rpl_group_info*) /test/11.5_opt_san/sql/log_event_server.cc:4984
#5 0x55c52bdd3d25 in Log_event::apply_event(rpl_group_info*) /test/11.5_opt_san/sql/log_event.cc:3932
#6 0x55c52a272815 in save_restore_context_apply_event(Log_event, rpl_group_info) /test/11.5_opt_san/sql/sql_binlog.cc:188
#7 0x55c52a274634 in mysql_client_binlog_statement(THD*) /test/11.5_opt_san/sql/sql_binlog.cc:428
#8 0x55c5299d83d0 in mysql_execute_command(THD*, bool) /test/11.5_opt_san/sql/sql_parse.cc:5756
#9 0x55c52995eea0 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.5_opt_san/sql/sql_parse.cc:7867
#10 0x55c5299b4ba0 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.5_opt_san/sql/sql_parse.cc:1892
#11 0x55c5299c102d in do_command(THD*, bool) /test/11.5_opt_san/sql/sql_parse.cc:1405
#12 0x55c52a35712d in do_handle_one_connection(CONNECT*, bool) /test/11.5_opt_san/sql/sql_connect.cc:1447
#13 0x55c52a35979c in handle_one_connection /test/11.5_opt_san/sql/sql_connect.cc:1349
#14 0x14a42d829608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
#15 0x14a42ca9e132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)

Bug confirmed present in:
MariaDB: 10.5.26 (dbg), 10.5.26 (opt), 10.6.19 (dbg), 10.6.19 (opt), 10.11.9 (dbg), 10.11.9 (opt), 11.1.6 (dbg), 11.1.6 (opt), 11.2.4 (dbg), 11.2.4 (opt), 11.4.2 (dbg), 11.4.2 (opt), 11.5.2 (dbg), 11.5.2 (opt)

Attachments

Issue Links

is part of

MDEV-25454 Make MariaDB server UBSAN safe

Confirmed

Activity

People

Assignee:: Andrei Elkin

Reporter:: Ramesh Sivaraman

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2024-07-17 06:50

Updated:: 2024-07-17 07:17

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.