Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-35688

UBSAN: SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset in my_casedn_utf8mb3

    XMLWordPrintable

Details

    Description

      Possibly related to the fixed MDEV-32640. ycp FYI in case related.
      Create a test ./main/test.test with:

      SELECT 1;
      

      And execute as:

      export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1; ./mtr test
      

      Leads to:

      CS 11.4.5 2719cc4925c032f483edb0e61c0f487e0c429ae6 (Optimized, UBASAN, Clang)

      2024-12-19 17:07:34 0 [Note] /test/UBASAN_MD031224-mariadb-11.4.5-linux-x86_64-opt/bin/mariadbd: ready for connections.
      Version: '11.4.5-MariaDB-log'  socket: '/test/UBASAN_MD031224-mariadb-11.4.5-linux-x86_64-opt/mariadb-test/var/tmp/mysqld.1.sock'  port: 19000  MariaDB Server
      /test/11.4_opt_san/strings/ctype-utf8.c:754:27: runtime error: applying zero offset to null pointer
          #0 0x564f545db62d in my_casedn_utf8mb3 /test/11.4_opt_san/strings/ctype-utf8.c:754:27
          #1 0x564f51dfe02b in CharBuffer<192ul>::copy_casedn(charset_info_st const*, st_mysql_const_lex_string const&) /test/11.4_opt_san/sql/char_buffer.h:65:15
          #2 0x564f5216930b in IdentBuffer<192ul>::copy_casedn(st_mysql_const_lex_string const&) /test/11.4_opt_san/sql/lex_ident.h:153:26
          #3 0x564f5216930b in IdentBufferCasedn<192ul>::IdentBufferCasedn(st_mysql_const_lex_string const&) /test/11.4_opt_san/sql/lex_ident.h:165:27
          #4 0x564f5216930b in Master_info_index::get_master_info(st_mysql_const_lex_string const*, Sql_state_errno_level::enum_warning_level) /test/11.4_opt_san/sql/rpl_mi.cc:1376:42
          #5 0x564f5216a18e in get_master_info(st_mysql_const_lex_string const*, Sql_state_errno_level::enum_warning_level) /test/11.4_opt_san/sql/rpl_mi.cc:1322:31
          #6 0x564f522209f2 in Sys_var_rpl_filter::global_value_ptr(THD*, st_mysql_const_lex_string const*) const /test/11.4_opt_san/sql/sys_vars.cc:5621:7
          #7 0x564f514cfec2 in sys_var::value_ptr(THD*, enum_var_type, st_mysql_const_lex_string const*) const /test/11.4_opt_san/sql/set_var.cc:283:12
          #8 0x564f51d7f20d in get_one_variable(THD*, st_mysql_show_var const*, enum_var_type, enum_mysql_show_type, system_status_var*, charset_info_st const**, char*, unsigned long*) /test/11.4_opt_san/sql/sql_show.cc:3708:26
          #9 0x564f51dc0750 in show_status_array(THD*, char const*, st_mysql_show_var*, enum_var_type, system_status_var*, char const*, TABLE*, bool, Item*) /test/11.4_opt_san/sql/sql_show.cc:3929:14
          #10 0x564f51dbec32 in fill_variables(THD*, TABLE_LIST*, Item*) /test/11.4_opt_san/sql/sql_show.cc:8415:8
          #11 0x564f51dce7b1 in get_schema_tables_result(JOIN*, enum_schema_table_state) /test/11.4_opt_san/sql/sql_show.cc:9412:11
          #12 0x564f51bfb1eb in JOIN::exec_inner() /test/11.4_opt_san/sql/sql_select.cc:5006:7
          #13 0x564f51bf9621 in JOIN::exec() /test/11.4_opt_san/sql/sql_select.cc:4828:8
          #14 0x564f51b56927 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.4_opt_san/sql/sql_select.cc:5358:21
          #15 0x564f51b5477d in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.4_opt_san/sql/sql_select.cc:642:10
          #16 0x564f51a07a4c in execute_sqlcom_select(THD*, TABLE_LIST*) /test/11.4_opt_san/sql/sql_parse.cc:6169:12
          #17 0x564f519f123f in mysql_execute_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:3962:12
          #18 0x564f524fb8a9 in sp_instr_stmt::exec_core(THD*, unsigned int*) /test/11.4_opt_san/sql/sp_instr.cc:1051:12
          #19 0x564f524ed2bb in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*, bool) /test/11.4_opt_san/sql/sp_instr.cc:297:17
          #20 0x564f524f0a7f in sp_lex_keeper::validate_lex_and_exec_core(THD*, unsigned int*, bool, sp_lex_instr*) /test/11.4_opt_san/sql/sp_instr.cc:476:14
          #21 0x564f524f8727 in sp_instr_stmt::execute(THD*, unsigned int*) /test/11.4_opt_san/sql/sp_instr.cc:954:25
          #22 0x564f51574acc in sp_head::execute(THD*, bool) /test/11.4_opt_san/sql/sp_head.cc:1286:20
          #23 0x564f515827fc in sp_head::execute_procedure(THD*, List<Item>*) /test/11.4_opt_san/sql/sp_head.cc:2302:5
          #24 0x564f519d2eb8 in do_execute_sp(THD*, sp_head*) /test/11.4_opt_san/sql/sql_parse.cc:3069:16
          #25 0x564f519d1d85 in Sql_cmd_call::execute(THD*) /test/11.4_opt_san/sql/sql_parse.cc:3292:9
          #26 0x564f519e3560 in mysql_execute_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:5864:26
          #27 0x564f519b67e2 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_opt_san/sql/sql_parse.cc:7893:18
          #28 0x564f519ab668 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_opt_san/sql/sql_parse.cc:1905:7
          #29 0x564f519b95be in do_command(THD*, bool) /test/11.4_opt_san/sql/sql_parse.cc:1418:17
          #30 0x564f5218c9a8 in do_handle_one_connection(CONNECT*, bool) /test/11.4_opt_san/sql/sql_connect.cc:1408:11
          #31 0x564f5218bdf4 in handle_one_connection /test/11.4_opt_san/sql/sql_connect.cc:1320:5
          #32 0x564f512efbdc in asan_thread_start(void*) asan_interceptors.cpp.o
          #33 0x14bfdd09ca93 in start_thread nptl/pthread_create.c:447:8
          #34 0x14bfdd129c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
       
      SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.4_opt_san/strings/ctype-utf8.c:754:27 
      

      CS 11.4.5 2719cc4925c032f483edb0e61c0f487e0c429ae6 (Debug, UBASAN, Clang)

      2024-12-19 17:07:31 0 [Note] /test/UBASAN_MD031224-mariadb-11.4.5-linux-x86_64-dbg/bin/mariadbd: ready for connections.
      Version: '11.4.5-MariaDB-debug-log'  socket: '/test/UBASAN_MD031224-mariadb-11.4.5-linux-x86_64-dbg/mariadb-test/var/tmp/mysqld.1.sock'  port: 19000  MariaDB Server
      /test/11.4_dbg_san/strings/ctype-utf8.c:754:27: runtime error: applying zero offset to null pointer
          #0 0x55896eb5ef17 in my_casedn_utf8mb3 /test/11.4_dbg_san/strings/ctype-utf8.c:754:27
          #1 0x5589691a0e08 in CharBuffer<192ul>::copy_casedn(charset_info_st const*, st_mysql_const_lex_string const&) /test/11.4_dbg_san/sql/char_buffer.h:65:15
          #2 0x55896919fce3 in IdentBuffer<192ul>::copy_casedn(st_mysql_const_lex_string const&) /test/11.4_dbg_san/sql/lex_ident.h:153:26
          #3 0x55896992bec2 in IdentBufferCasedn<192ul>::IdentBufferCasedn(st_mysql_const_lex_string const&) /test/11.4_dbg_san/sql/lex_ident.h:165:27
          #4 0x558969929154 in Master_info_index::get_master_info(st_mysql_const_lex_string const*, Sql_state_errno_level::enum_warning_level) /test/11.4_dbg_san/sql/rpl_mi.cc:1376:42
          #5 0x55896992b315 in get_master_info(st_mysql_const_lex_string const*, Sql_state_errno_level::enum_warning_level) /test/11.4_dbg_san/sql/rpl_mi.cc:1322:31
          #6 0x558969acf699 in Sys_var_rpl_filter::global_value_ptr(THD*, st_mysql_const_lex_string const*) const /test/11.4_dbg_san/sql/sys_vars.cc:5621:7
          #7 0x558967dd0abf in sys_var::value_ptr(THD*, enum_var_type, st_mysql_const_lex_string const*) const /test/11.4_dbg_san/sql/set_var.cc:283:12
          #8 0x55896909723c in get_one_variable(THD*, st_mysql_show_var const*, enum_var_type, enum_mysql_show_type, system_status_var*, charset_info_st const**, char*, unsigned long*) /test/11.4_dbg_san/sql/sql_show.cc:3708:26
          #9 0x55896912141f in show_status_array(THD*, char const*, st_mysql_show_var*, enum_var_type, system_status_var*, char const*, TABLE*, bool, Item*) /test/11.4_dbg_san/sql/sql_show.cc:3929:14
          #10 0x55896911dda2 in fill_variables(THD*, TABLE_LIST*, Item*) /test/11.4_dbg_san/sql/sql_show.cc:8415:8
          #11 0x5589691404cc in get_schema_tables_result(JOIN*, enum_schema_table_state) /test/11.4_dbg_san/sql/sql_show.cc:9412:11
          #12 0x558968d63e4e in JOIN::exec_inner() /test/11.4_dbg_san/sql/sql_select.cc:5006:7
          #13 0x558968d5dd1a in JOIN::exec() /test/11.4_dbg_san/sql/sql_select.cc:4828:8
          #14 0x558968bfd019 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/11.4_dbg_san/sql/sql_select.cc:5358:21
          #15 0x558968bf86d7 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/11.4_dbg_san/sql/sql_select.cc:642:10
          #16 0x5589688e25f0 in execute_sqlcom_select(THD*, TABLE_LIST*) /test/11.4_dbg_san/sql/sql_parse.cc:6169:12
          #17 0x55896888308c in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:3962:12
          #18 0x55896a051199 in sp_instr_stmt::exec_core(THD*, unsigned int*) /test/11.4_dbg_san/sql/sp_instr.cc:1051:12
          #19 0x55896a0352f6 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*, bool) /test/11.4_dbg_san/sql/sp_instr.cc:297:17
          #20 0x55896a03b4e8 in sp_lex_keeper::validate_lex_and_exec_core(THD*, unsigned int*, bool, sp_lex_instr*) /test/11.4_dbg_san/sql/sp_instr.cc:476:14
          #21 0x55896a049f3f in sp_instr_stmt::execute(THD*, unsigned int*) /test/11.4_dbg_san/sql/sp_instr.cc:954:25
          #22 0x558967f40201 in sp_head::execute(THD*, bool) /test/11.4_dbg_san/sql/sp_head.cc:1286:20
          #23 0x558967f5e122 in sp_head::execute_procedure(THD*, List<Item>*) /test/11.4_dbg_san/sql/sp_head.cc:2302:5
          #24 0x558968862ad8 in do_execute_sp(THD*, sp_head*) /test/11.4_dbg_san/sql/sql_parse.cc:3069:16
          #25 0x55896885fd67 in Sql_cmd_call::execute(THD*) /test/11.4_dbg_san/sql/sql_parse.cc:3292:9
          #26 0x5589688cb2e8 in mysql_execute_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:5864:26
          #27 0x558968829699 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.4_dbg_san/sql/sql_parse.cc:7893:18
          #28 0x55896880a993 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1905:7
          #29 0x5589688335f6 in do_command(THD*, bool) /test/11.4_dbg_san/sql/sql_parse.cc:1418:17
          #30 0x55896997c8c6 in do_handle_one_connection(CONNECT*, bool) /test/11.4_dbg_san/sql/sql_connect.cc:1408:11
          #31 0x55896997b08d in handle_one_connection /test/11.4_dbg_san/sql/sql_connect.cc:1320:5
          #32 0x558967a0c9dc in asan_thread_start(void*) asan_interceptors.cpp.o
          #33 0x1554d9a9ca93 in start_thread nptl/pthread_create.c:447:8
          #34 0x1554d9b29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
       
      SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.4_dbg_san/strings/ctype-utf8.c:754:27 
      

      cmake command:

      cmake . -DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DWITH_SSL=bundled -DBUILD_CONFIG=mysql_release -DWITH_TOKUDB=0 -DWITH_JEMALLOC=no -DFEATURE_SET=community -DDEBUG_EXTNAME=OFF -DWITH_EMBEDDED_SERVER=0 -DENABLE_DOWNLOADS=1 -DDOWNLOAD_BOOST=1 -DWITH_BOOST=/tmp/boost_024627 -DENABLED_LOCAL_INFILE=1 -DENABLE_DTRACE=0 -DWITH_SAFEMALLOC=OFF -DPLUGIN_PERFSCHEMA=NO -DWITH_DBUG_TRACE=OFF -DWITH_ZLIB=bundled -DWITH_ROCKSDB=1 -DWITH_PAM=ON -DWITH_MARIABACKUP=0 -DFORCE_INSOURCE_BUILD=1 -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON -DCMAKE_CXX_FLAGS=-fsanitize-coverage=trace-pc-guard -DMYSQL_MAINTAINER_MODE=OFF -DWARNING_AS_ERROR='' -DCMAKE_BUILD_TYPE=RelWithDebInfo
      

      Setup:

      Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18:
           # Note: llvm-17-linker-tools installs /usr/lib/llvm-17/lib/LLVMgold.so, which is needed for compilation, and LLVMgold.so is no longer included in LLVM 18
           sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev llvm-17-linker-tools
           sudo ln -s /usr/lib/llvm-17/lib/LLVMgold.so /usr/lib/llvm-18/lib/LLVMgold.so
      Compiled with: '-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++' and:
          -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
      Set before execution:
          export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1   # And you may also want to supress other UBSAN issues using 'suppressions=UBSAN.filter'. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter - just remember to remove the errors seen in this report.
      

      Present in optimized & debug builds.

      Attachments

        Activity

          People

            bar Alexander Barkov
            Roel Roel Van de Paar
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.