Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Critical
-
Resolution: Unresolved
-
11.4, 11.7, 11.8
Description
Possibly related to the fixed MDEV-32640. ycp FYI in case related.
Create a test ./main/test.test with:
SELECT 1; |
And execute as:
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1; ./mtr test |
Leads to:
CS 11.4.5 2719cc4925c032f483edb0e61c0f487e0c429ae6 (Optimized, UBASAN, Clang) |
2024-12-19 17:07:34 0 [Note] /test/UBASAN_MD031224-mariadb-11.4.5-linux-x86_64-opt/bin/mariadbd: ready for connections.
|
Version: '11.4.5-MariaDB-log' socket: '/test/UBASAN_MD031224-mariadb-11.4.5-linux-x86_64-opt/mariadb-test/var/tmp/mysqld.1.sock' port: 19000 MariaDB Server
|
/test/11.4_opt_san/strings/ctype-utf8.c:754:27: runtime error: applying zero offset to null pointer
|
#0 0x564f545db62d in my_casedn_utf8mb3 /test/11.4_opt_san/strings/ctype-utf8.c:754:27
|
#1 0x564f51dfe02b in CharBuffer<192ul>::copy_casedn(charset_info_st const*, st_mysql_const_lex_string const&) /test/11.4_opt_san/sql/char_buffer.h:65:15
|
#2 0x564f5216930b in IdentBuffer<192ul>::copy_casedn(st_mysql_const_lex_string const&) /test/11.4_opt_san/sql/lex_ident.h:153:26
|
#3 0x564f5216930b in IdentBufferCasedn<192ul>::IdentBufferCasedn(st_mysql_const_lex_string const&) /test/11.4_opt_san/sql/lex_ident.h:165:27
|
#4 0x564f5216930b in Master_info_index::get_master_info(st_mysql_const_lex_string const*, Sql_state_errno_level::enum_warning_level) /test/11.4_opt_san/sql/rpl_mi.cc:1376:42
|
#5 0x564f5216a18e in get_master_info(st_mysql_const_lex_string const*, Sql_state_errno_level::enum_warning_level) /test/11.4_opt_san/sql/rpl_mi.cc:1322:31
|
#6 0x564f522209f2 in Sys_var_rpl_filter::global_value_ptr(THD*, st_mysql_const_lex_string const*) const /test/11.4_opt_san/sql/sys_vars.cc:5621:7
|
#7 0x564f514cfec2 in sys_var::value_ptr(THD*, enum_var_type, st_mysql_const_lex_string const*) const /test/11.4_opt_san/sql/set_var.cc:283:12
|
#8 0x564f51d7f20d in get_one_variable(THD*, st_mysql_show_var const*, enum_var_type, enum_mysql_show_type, system_status_var*, charset_info_st const**, char*, unsigned long*) /test/11.4_opt_san/sql/sql_show.cc:3708:26
|
#9 0x564f51dc0750 in show_status_array(THD*, char const*, st_mysql_show_var*, enum_var_type, system_status_var*, char const*, TABLE*, bool, Item*) /test/11.4_opt_san/sql/sql_show.cc:3929:14
|
#10 0x564f51dbec32 in fill_variables(THD*, TABLE_LIST*, Item*) /test/11.4_opt_san/sql/sql_show.cc:8415:8
|
#11 0x564f51dce7b1 in get_schema_tables_result(JOIN*, enum_schema_table_state) /test/11.4_opt_san/sql/sql_show.cc:9412:11
|
#12 0x564f51bfb1eb in JOIN::exec_inner() /test/11.4_opt_san/sql/sql_select.cc:5006:7
|
#13 0x564f51bf9621 in JOIN::exec() /test/11.4_opt_san/sql/sql_select.cc:4828:8
|
#14 0x564f51b56927 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.4_opt_san/sql/sql_select.cc:5358:21
|
#15 0x564f51b5477d in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.4_opt_san/sql/sql_select.cc:642:10
|
#16 0x564f51a07a4c in execute_sqlcom_select(THD*, TABLE_LIST*) /test/11.4_opt_san/sql/sql_parse.cc:6169:12
|
#17 0x564f519f123f in mysql_execute_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:3962:12
|
#18 0x564f524fb8a9 in sp_instr_stmt::exec_core(THD*, unsigned int*) /test/11.4_opt_san/sql/sp_instr.cc:1051:12
|
#19 0x564f524ed2bb in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*, bool) /test/11.4_opt_san/sql/sp_instr.cc:297:17
|
#20 0x564f524f0a7f in sp_lex_keeper::validate_lex_and_exec_core(THD*, unsigned int*, bool, sp_lex_instr*) /test/11.4_opt_san/sql/sp_instr.cc:476:14
|
#21 0x564f524f8727 in sp_instr_stmt::execute(THD*, unsigned int*) /test/11.4_opt_san/sql/sp_instr.cc:954:25
|
#22 0x564f51574acc in sp_head::execute(THD*, bool) /test/11.4_opt_san/sql/sp_head.cc:1286:20
|
#23 0x564f515827fc in sp_head::execute_procedure(THD*, List<Item>*) /test/11.4_opt_san/sql/sp_head.cc:2302:5
|
#24 0x564f519d2eb8 in do_execute_sp(THD*, sp_head*) /test/11.4_opt_san/sql/sql_parse.cc:3069:16
|
#25 0x564f519d1d85 in Sql_cmd_call::execute(THD*) /test/11.4_opt_san/sql/sql_parse.cc:3292:9
|
#26 0x564f519e3560 in mysql_execute_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:5864:26
|
#27 0x564f519b67e2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_opt_san/sql/sql_parse.cc:7893:18
|
#28 0x564f519ab668 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_opt_san/sql/sql_parse.cc:1905:7
|
#29 0x564f519b95be in do_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:1418:17
|
#30 0x564f5218c9a8 in do_handle_one_connection(CONNECT*, bool) /test/11.4_opt_san/sql/sql_connect.cc:1408:11
|
#31 0x564f5218bdf4 in handle_one_connection /test/11.4_opt_san/sql/sql_connect.cc:1320:5
|
#32 0x564f512efbdc in asan_thread_start(void*) asan_interceptors.cpp.o
|
#33 0x14bfdd09ca93 in start_thread nptl/pthread_create.c:447:8
|
#34 0x14bfdd129c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.4_opt_san/strings/ctype-utf8.c:754:27
|
CS 11.4.5 2719cc4925c032f483edb0e61c0f487e0c429ae6 (Debug, UBASAN, Clang) |
2024-12-19 17:07:31 0 [Note] /test/UBASAN_MD031224-mariadb-11.4.5-linux-x86_64-dbg/bin/mariadbd: ready for connections.
|
Version: '11.4.5-MariaDB-debug-log' socket: '/test/UBASAN_MD031224-mariadb-11.4.5-linux-x86_64-dbg/mariadb-test/var/tmp/mysqld.1.sock' port: 19000 MariaDB Server
|
/test/11.4_dbg_san/strings/ctype-utf8.c:754:27: runtime error: applying zero offset to null pointer
|
#0 0x55896eb5ef17 in my_casedn_utf8mb3 /test/11.4_dbg_san/strings/ctype-utf8.c:754:27
|
#1 0x5589691a0e08 in CharBuffer<192ul>::copy_casedn(charset_info_st const*, st_mysql_const_lex_string const&) /test/11.4_dbg_san/sql/char_buffer.h:65:15
|
#2 0x55896919fce3 in IdentBuffer<192ul>::copy_casedn(st_mysql_const_lex_string const&) /test/11.4_dbg_san/sql/lex_ident.h:153:26
|
#3 0x55896992bec2 in IdentBufferCasedn<192ul>::IdentBufferCasedn(st_mysql_const_lex_string const&) /test/11.4_dbg_san/sql/lex_ident.h:165:27
|
#4 0x558969929154 in Master_info_index::get_master_info(st_mysql_const_lex_string const*, Sql_state_errno_level::enum_warning_level) /test/11.4_dbg_san/sql/rpl_mi.cc:1376:42
|
#5 0x55896992b315 in get_master_info(st_mysql_const_lex_string const*, Sql_state_errno_level::enum_warning_level) /test/11.4_dbg_san/sql/rpl_mi.cc:1322:31
|
#6 0x558969acf699 in Sys_var_rpl_filter::global_value_ptr(THD*, st_mysql_const_lex_string const*) const /test/11.4_dbg_san/sql/sys_vars.cc:5621:7
|
#7 0x558967dd0abf in sys_var::value_ptr(THD*, enum_var_type, st_mysql_const_lex_string const*) const /test/11.4_dbg_san/sql/set_var.cc:283:12
|
#8 0x55896909723c in get_one_variable(THD*, st_mysql_show_var const*, enum_var_type, enum_mysql_show_type, system_status_var*, charset_info_st const**, char*, unsigned long*) /test/11.4_dbg_san/sql/sql_show.cc:3708:26
|
#9 0x55896912141f in show_status_array(THD*, char const*, st_mysql_show_var*, enum_var_type, system_status_var*, char const*, TABLE*, bool, Item*) /test/11.4_dbg_san/sql/sql_show.cc:3929:14
|
#10 0x55896911dda2 in fill_variables(THD*, TABLE_LIST*, Item*) /test/11.4_dbg_san/sql/sql_show.cc:8415:8
|
#11 0x5589691404cc in get_schema_tables_result(JOIN*, enum_schema_table_state) /test/11.4_dbg_san/sql/sql_show.cc:9412:11
|
#12 0x558968d63e4e in JOIN::exec_inner() /test/11.4_dbg_san/sql/sql_select.cc:5006:7
|
#13 0x558968d5dd1a in JOIN::exec() /test/11.4_dbg_san/sql/sql_select.cc:4828:8
|
#14 0x558968bfd019 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.4_dbg_san/sql/sql_select.cc:5358:21
|
#15 0x558968bf86d7 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.4_dbg_san/sql/sql_select.cc:642:10
|
#16 0x5589688e25f0 in execute_sqlcom_select(THD*, TABLE_LIST*) /test/11.4_dbg_san/sql/sql_parse.cc:6169:12
|
#17 0x55896888308c in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:3962:12
|
#18 0x55896a051199 in sp_instr_stmt::exec_core(THD*, unsigned int*) /test/11.4_dbg_san/sql/sp_instr.cc:1051:12
|
#19 0x55896a0352f6 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*, bool) /test/11.4_dbg_san/sql/sp_instr.cc:297:17
|
#20 0x55896a03b4e8 in sp_lex_keeper::validate_lex_and_exec_core(THD*, unsigned int*, bool, sp_lex_instr*) /test/11.4_dbg_san/sql/sp_instr.cc:476:14
|
#21 0x55896a049f3f in sp_instr_stmt::execute(THD*, unsigned int*) /test/11.4_dbg_san/sql/sp_instr.cc:954:25
|
#22 0x558967f40201 in sp_head::execute(THD*, bool) /test/11.4_dbg_san/sql/sp_head.cc:1286:20
|
#23 0x558967f5e122 in sp_head::execute_procedure(THD*, List<Item>*) /test/11.4_dbg_san/sql/sp_head.cc:2302:5
|
#24 0x558968862ad8 in do_execute_sp(THD*, sp_head*) /test/11.4_dbg_san/sql/sql_parse.cc:3069:16
|
#25 0x55896885fd67 in Sql_cmd_call::execute(THD*) /test/11.4_dbg_san/sql/sql_parse.cc:3292:9
|
#26 0x5589688cb2e8 in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:5864:26
|
#27 0x558968829699 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_dbg_san/sql/sql_parse.cc:7893:18
|
#28 0x55896880a993 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1905:7
|
#29 0x5589688335f6 in do_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1418:17
|
#30 0x55896997c8c6 in do_handle_one_connection(CONNECT*, bool) /test/11.4_dbg_san/sql/sql_connect.cc:1408:11
|
#31 0x55896997b08d in handle_one_connection /test/11.4_dbg_san/sql/sql_connect.cc:1320:5
|
#32 0x558967a0c9dc in asan_thread_start(void*) asan_interceptors.cpp.o
|
#33 0x1554d9a9ca93 in start_thread nptl/pthread_create.c:447:8
|
#34 0x1554d9b29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.4_dbg_san/strings/ctype-utf8.c:754:27
|
cmake command:
cmake . -DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DWITH_SSL=bundled -DBUILD_CONFIG=mysql_release -DWITH_TOKUDB=0 -DWITH_JEMALLOC=no -DFEATURE_SET=community -DDEBUG_EXTNAME=OFF -DWITH_EMBEDDED_SERVER=0 -DENABLE_DOWNLOADS=1 -DDOWNLOAD_BOOST=1 -DWITH_BOOST=/tmp/boost_024627 -DENABLED_LOCAL_INFILE=1 -DENABLE_DTRACE=0 -DWITH_SAFEMALLOC=OFF -DPLUGIN_PERFSCHEMA=NO -DWITH_DBUG_TRACE=OFF -DWITH_ZLIB=bundled -DWITH_ROCKSDB=1 -DWITH_PAM=ON -DWITH_MARIABACKUP=0 -DFORCE_INSOURCE_BUILD=1 -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON -DCMAKE_CXX_FLAGS=-fsanitize-coverage=trace-pc-guard -DMYSQL_MAINTAINER_MODE=OFF -DWARNING_AS_ERROR='' -DCMAKE_BUILD_TYPE=RelWithDebInfo |
Setup:
Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18:
|
# Note: llvm-17-linker-tools installs /usr/lib/llvm-17/lib/LLVMgold.so, which is needed for compilation, and LLVMgold.so is no longer included in LLVM 18
|
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev llvm-17-linker-tools
|
sudo ln -s /usr/lib/llvm-17/lib/LLVMgold.so /usr/lib/llvm-18/lib/LLVMgold.so
|
Compiled with: '-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++' and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress other UBSAN issues using 'suppressions=UBSAN.filter'. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter - just remember to remove the errors seen in this report.
|
Present in optimized & debug builds.