[MDEV-35439] UBSAN: runtime error: shift exponent 32 is too large for 32-bit type 'int' in Item_sum_xor::set_bits_from_counters on SELECT - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.5, 10.6, 10.11, 11.2(EOL), 11.4, 11.6(EOL), 11.7
Fix Version/s: 10.5, 10.6, 10.11, 11.4
Component/s: Data types, Partitioning
Labels:
None

Description

CREATE TABLE t(b int);

INSERT INTO t VALUES(-1);

SELECT BIT_XOR(b) OVER (PARTITION BY b RANGE BETWEEN UNBOUNDED PRECEDING AND CURRENT ROW) BIT_XOR FROM t;

Leads to:

CS 11.2.6 66b8d32b7514f46b1467d404d3f9ad688bbfeb4f (Optimized, UBASAN)
/test/11.2_opt_san/sql/item_sum.cc:2723:40: runtime error: shift exponent 32 is too large for 32-bit type 'int'

CS 11.2.6 66b8d32b7514f46b1467d404d3f9ad688bbfeb4f (Optimized, UBASAN)
#0 0x562079753268 in Item_sum_xor::set_bits_from_counters() /test/11.2_opt_san/sql/item_sum.cc:2723
#1 0x56207c83322c in Item_sum_bit::add_as_window(unsigned long long) /test/11.2_opt_san/sql/item_sum.cc:2692
#2 0x56207b5ee503 in Frame_cursor::add_value_to_items() /test/11.2_opt_san/sql/sql_window.cc:1175
#3 0x56207b5ee503 in Frame_range_current_row_bottom::pre_next_partition(unsigned long long) /test/11.2_opt_san/sql/sql_window.cc:1585
#4 0x56207b5c1e91 in Cursor_manager::notify_cursors_partition_changed(unsigned long long) /test/11.2_opt_san/sql/sql_window.cc:1234
#5 0x56207b5c1e91 in compute_window_func(THD, List<Item_window_func>&, List<Cursor_manager>&, TABLE, SORT_INFO*) /test/11.2_opt_san/sql/sql_window.cc:2916
#6 0x56207b5c57e8 in Window_func_runner::exec(THD, TABLE, SORT_INFO*) /test/11.2_opt_san/sql/sql_window.cc:3048
#7 0x56207b5c6517 in Window_funcs_sort::exec(JOIN*, bool) /test/11.2_opt_san/sql/sql_window.cc:3076
#8 0x56207b5cce26 in Window_funcs_computation::exec(JOIN*, bool) /test/11.2_opt_san/sql/sql_window.cc:3205
#9 0x56207a8f396d in AGGR_OP::end_send() /test/11.2_opt_san/sql/sql_select.cc:33197
#10 0x56207a8f58d8 in sub_select_postjoin_aggr(JOIN, st_join_table, bool) /test/11.2_opt_san/sql/sql_select.cc:23728 #11 0x56207a94bb81 in do_select /test/11.2_opt_san/sql/sql_select.cc:23563
#12 0x56207a94bb81 in JOIN::exec_inner() /test/11.2_opt_san/sql/sql_select.cc:5043
#13 0x56207a951483 in JOIN::exec() /test/11.2_opt_san/sql/sql_select.cc:4820
#14 0x56207a93e94d in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/11.2_opt_san/sql/sql_select.cc:5358
#15 0x56207a942550 in handle_select(THD, LEX, select_result*, unsigned long long) /test/11.2_opt_san/sql/sql_select.cc:642
#16 0x56207a477450 in execute_sqlcom_select /test/11.2_opt_san/sql/sql_parse.cc:6177
#17 0x56207a4e775f in mysql_execute_command(THD*, bool) /test/11.2_opt_san/sql/sql_parse.cc:3984
#18 0x56207a4f8482 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.2_opt_san/sql/sql_parse.cc:7938
#19 0x56207a50a0da in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.2_opt_san/sql/sql_parse.cc:1894
#20 0x56207a51a486 in do_command(THD*, bool) /test/11.2_opt_san/sql/sql_parse.cc:1407
#21 0x56207aeedefc in do_handle_one_connection(CONNECT*, bool) /test/11.2_opt_san/sql/sql_connect.cc:1439
#22 0x56207aef052c in handle_one_connection /test/11.2_opt_san/sql/sql_connect.cc:1341
#23 0x14bd6269ca93 in start_thread nptl/pthread_create.c:447
#24 0x14bd62729c3b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

CS 11.2.6 66b8d32b7514f46b1467d404d3f9ad688bbfeb4f (Debug, UBASAN)
/test/11.2_dbg_san/sql/item_sum.cc:2723:40: runtime error: shift exponent 32 is too large for 32-bit type 'int'

CS 11.2.6 66b8d32b7514f46b1467d404d3f9ad688bbfeb4f (Debug, UBASAN)
#0 0x5637c1115a66 in Item_sum_xor::set_bits_from_counters() /test/11.2_dbg_san/sql/item_sum.cc:2723
#1 0x5637c11873b8 in Item_sum_bit::add_as_window(unsigned long long) /test/11.2_dbg_san/sql/item_sum.cc:2692
#2 0x5637c1187ed9 in Item_sum_xor::add() /test/11.2_dbg_san/sql/item_sum.cc:2740
#3 0x5637bfe5dd2c in Frame_cursor::add_value_to_items() /test/11.2_dbg_san/sql/sql_window.cc:1175
#4 0x5637bfe5dd2c in Frame_range_current_row_bottom::pre_next_partition(unsigned long long) /test/11.2_dbg_san/sql/sql_window.cc:1585
#5 0x5637bfe32fa9 in Cursor_manager::notify_cursors_partition_changed(unsigned long long) /test/11.2_dbg_san/sql/sql_window.cc:1234
#6 0x5637bfe32fa9 in compute_window_func(THD, List<Item_window_func>&, List<Cursor_manager>&, TABLE, SORT_INFO*) /test/11.2_dbg_san/sql/sql_window.cc:2916
#7 0x5637bfe358b6 in Window_func_runner::exec(THD, TABLE, SORT_INFO*) /test/11.2_dbg_san/sql/sql_window.cc:3048
#8 0x5637bfe36375 in Window_funcs_sort::exec(JOIN*, bool) /test/11.2_dbg_san/sql/sql_window.cc:3076
#9 0x5637bfe3a0a7 in Window_funcs_computation::exec(JOIN*, bool) /test/11.2_dbg_san/sql/sql_window.cc:3205
#10 0x5637bf0562b2 in AGGR_OP::end_send() /test/11.2_dbg_san/sql/sql_select.cc:33197
#11 0x5637bf058617 in sub_select_postjoin_aggr(JOIN, st_join_table, bool) /test/11.2_dbg_san/sql/sql_select.cc:23728
#12 0x5637bef06723 in sub_select(JOIN, st_join_table, bool) /test/11.2_dbg_san/sql/sql_select.cc:23983
#13 0x5637bf0bb581 in do_select /test/11.2_dbg_san/sql/sql_select.cc:23563
#14 0x5637bf0bb581 in JOIN::exec_inner() /test/11.2_dbg_san/sql/sql_select.cc:5043
#15 0x5637bf0bcbd6 in JOIN::exec() /test/11.2_dbg_san/sql/sql_select.cc:4820
#16 0x5637bf0aadc3 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/11.2_dbg_san/sql/sql_select.cc:5358
#17 0x5637bf0af2d4 in handle_select(THD, LEX, select_result*, unsigned long long) /test/11.2_dbg_san/sql/sql_select.cc:642
#18 0x5637bec02dd9 in execute_sqlcom_select /test/11.2_dbg_san/sql/sql_parse.cc:6177
#19 0x5637bec678fc in mysql_execute_command(THD*, bool) /test/11.2_dbg_san/sql/sql_parse.cc:3984
#20 0x5637bec92351 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/11.2_dbg_san/sql/sql_parse.cc:7938
#21 0x5637beca229b in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/11.2_dbg_san/sql/sql_parse.cc:1894
#22 0x5637becb0b06 in do_command(THD*, bool) /test/11.2_dbg_san/sql/sql_parse.cc:1407
#23 0x5637bf6d8791 in do_handle_one_connection(CONNECT*, bool) /test/11.2_dbg_san/sql/sql_connect.cc:1439
#24 0x5637bf6d9cb3 in handle_one_connection /test/11.2_dbg_san/sql/sql_connect.cc:1341
#25 0x145e61c9ca93 in start_thread nptl/pthread_create.c:447
#26 0x145e61d29c3b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Setup:

Compiled with a recent version of GCC (I used GCC 11.4.0) and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1

Bug confirmed present in:
MariaDB: 10.5.27 (dbg), 10.5.27 (opt), 10.6.20 (dbg), 10.6.20 (opt), 10.11.10 (dbg), 10.11.10 (opt), 11.2.6 (dbg), 11.2.6 (opt), 11.4.4 (dbg), 11.4.4 (opt), 11.6.2 (dbg), 11.6.2 (opt), 11.7.0 (dbg), 11.7.0 (opt)

Attachments

Activity

People

Assignee:: Alexander Barkov

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2024-11-19 01:34

Updated:: 2024-11-22 17:12

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.