[MDEV-35557] SIGSEGV in get_server_from_table_to_cache | servers_load, UBSAN null pointer passed as argument 1, which is declared to never be null - Jira

XML

Word

Printable

Details

Type: Bug
Status: In Review (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 11.7, 11.8
Fix Version/s: 11.7, 11.8
Component/s: Admin statements
Labels:
None

Description

--source include/have_innodb.inc

CREATE SERVER s1 FOREIGN DATA WRAPPER mysql OPTIONS (HOST '127.0.0.1');

ALTER TABLE mysql.servers ENGINE=InnoDB;

FLUSH PRIVILEGES;

Leads to:

CS 11.8.0 0fabe1dc182d7186e0b42fca4b83474e5734409e (Optimized)
Core was generated by `/test/MD271124-mariadb-11.8.0-linux-x86_64-opt/bin/mariadbd --no-defaults --max'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
[Current thread is 1 (Thread 0x14a0095aa700 (LWP 775055))]
(gdb) bt
#0 __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:65
#1 0x00005616a39ddcac in get_server_from_table_to_cache (table=<optimized out>) at /test/11.8_opt/sql/sql_servers.cc:444
#2 0x00005616a39ddf28 in servers_load (thd=<optimized out>, tables=<optimized out>) at /test/11.8_opt/sql/sql_servers.cc:305
#3 0x00005616a39df863 in servers_reload (thd=thd@entry=0x149fd0000c58) at /test/11.8_opt/sql/sql_servers.cc:361
#4 0x00005616a3a01def in reload_acl_and_cache (thd=<optimized out>, thd@entry=0x149fd0000c58, options=1, tables=tables@entry=0x0, write_to_binlog=write_to_binlog@entry=0x14a0095a8f30) at /test/11.8_opt/sql/sql_reload.cc:102
#5 0x00005616a38b7f00 in mysql_execute_command (thd=0x149fd0000c58, is_called_from_prepared_stmt=<optimized out>) at /test/11.8_opt/sql/sql_parse.cc:5340
#6 0x00005616a38a66f5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x149fd0000c58) at /test/11.8_opt/sql/sql_parse.cc:7901
#7 mysql_parse (thd=0x149fd0000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.8_opt/sql/sql_parse.cc:7823
#8 0x00005616a38b3422 in dispatch_command (command=COM_QUERY, thd=0x149fd0000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.8_opt/sql/sql_class.h:1656
#9 0x00005616a38b54f9 in do_command (thd=thd@entry=0x149fd0000c58, blocking=blocking@entry=true) at /test/11.8_opt/sql/sql_parse.cc:1416
#10 0x00005616a39e2a55 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5616a7627558, put_in_cache=put_in_cache@entry=true) at /test/11.8_opt/sql/sql_connect.cc:1438
#11 0x00005616a39e2d6d in handle_one_connection (arg=0x5616a7627558) at /test/11.8_opt/sql/sql_connect.cc:1350
#12 0x000014a022d29609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#13 0x000014a0228fa133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 11.7.1 (dbg), 11.7.1 (opt), 11.8.0 (dbg), 11.8.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.5.28 (dbg), 10.5.28 (opt), 10.6.21 (dbg), 10.6.21 (opt), 10.11.11 (dbg), 10.11.11 (opt), 11.4.5 (dbg), 11.4.5 (opt), 11.6.2 (dbg), 11.6.2 (opt)

Attachments

Issue Links

is caused by

MDEV-34716 Allow arbitrary options in CREATE SERVER

Closed

split to

MDEV-35622 SEGV when reading system table with less than expected number of columns

Confirmed

MDEV-35641 foreign server "disappears" after ALTERing the servers system table to use innodb and FLUSH PRIVILEGES

In Review

Activity

People

Assignee:: Alexey Botchkov

Reporter:: Ramesh Sivaraman

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2024-12-03 06:01

Updated:: 2024-12-13 05:34

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.