[MDEV-35714] UBSAN: runtime error: downcast of address 0x1549d2b0ba50 with insufficient space for an object of type 'my_decimal' in Item_dyncol_get::get_date - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.5, 10.6, 10.11, 11.4, 11.7, 11.8
Fix Version/s: 10.5, 10.6, 10.11, 11.4, 11.7
Component/s: Data types
Labels:
- UBSAN
- insufficient-object-size

Description

SELECT COLUMN_GET (COLUMN_CREATE (0,0 AS DECIMAL(0,0)),0 AS DATE);

Leads to:

CS 10.5.28 a226f12675c6312ca7632b90261397e313e6a7ae (Optimized, UBASAN, Clang)
/test/10.5_opt_san/sql/item_strfunc.cc:5203:44: runtime error: downcast of address 0x1549d2b0ba50 with insufficient space for an object of type 'my_decimal'
0x1549d2b0ba50: note: pointer points here
00 00 00 00 01 00 00 00 00 00 00 00 09 00 00 00 00 00 00 00 28 ba b0 d2 49 15 00 00 00 00 00 00
^
#0 0x55e0bb0a34c6 in Item_dyncol_get::get_date(THD, st_mysql_time, date_mode_t) /test/10.5_opt_san/sql/item_strfunc.cc:5203:44
#1 0x55e0ba6eae4b in Temporal_with_date::make_from_item(THD, Item, date_mode_t) /test/10.5_opt_san/sql/sql_type.cc:1011:13
#2 0x55e0bb21e994 in Temporal_with_date::Temporal_with_date(THD, Item, date_mode_t) /test/10.5_opt_san/sql/sql_type.h:2120:5
#3 0x55e0bb21e994 in Date::Date(THD, Item, date_mode_t) /test/10.5_opt_san/sql/sql_type.h:2193:5
#4 0x55e0bb21e994 in Item_date_typecast::get_date(THD, st_mysql_time, date_mode_t) /test/10.5_opt_san/sql/item_timefunc.cc:2591:23
#5 0x55e0ba738019 in Type_handler::Item_send_date(Item, Protocol, st_value*) const /test/10.5_opt_san/sql/sql_type.cc:7658:9
#6 0x55e0b9817240 in Protocol::send_result_set_row(List<Item>*) /test/10.5_opt_san/sql/protocol.cc:1086:15
#7 0x55e0b9afda15 in select_send::send_data(List<Item>&) /test/10.5_opt_san/sql/sql_class.cc:3161:17
#8 0x55e0b9f00102 in JOIN::exec_inner() /test/10.5_opt_san/sql/sql_select.cc:4532:22
#9 0x55e0b9efb80c in JOIN::exec() /test/10.5_opt_san/sql/sql_select.cc:4444:3
#10 0x55e0b9e60df3 in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/10.5_opt_san/sql/sql_select.cc:4921:9
#11 0x55e0b9e5f5ad in handle_select(THD, LEX, select_result*, unsigned long) /test/10.5_opt_san/sql/sql_select.cc:449:10
#12 0x55e0b9d75ab2 in execute_sqlcom_select(THD, TABLE_LIST) /test/10.5_opt_san/sql/sql_parse.cc:6451:12
#13 0x55e0b9d5891f in mysql_execute_command(THD*) /test/10.5_opt_san/sql/sql_parse.cc:4043:12
#14 0x55e0b9d1fe98 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /test/10.5_opt_san/sql/sql_parse.cc:8251:18
#15 0x55e0b9d129d0 in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /test/10.5_opt_san/sql/sql_parse.cc:1891:7
#16 0x55e0b9d228d9 in do_command(THD*) /test/10.5_opt_san/sql/sql_parse.cc:1375:17
#17 0x55e0ba42a5c2 in do_handle_one_connection(CONNECT*, bool) /test/10.5_opt_san/sql/sql_connect.cc:1386:11
#18 0x55e0ba429a24 in handle_one_connection /test/10.5_opt_san/sql/sql_connect.cc:1298:5
#19 0x55e0b978a10c in asan_thread_start(void*) asan_interceptors.cpp.o
#20 0x154a0369ca93 in start_thread nptl/pthread_create.c:447:8
#21 0x154a03729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: insufficient-object-size /test/10.5_opt_san/sql/item_strfunc.cc:5203:44

Setup:

Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18:

     # Note: llvm-17-linker-tools installs /usr/lib/llvm-17/lib/LLVMgold.so, which is needed for compilation, and LLVMgold.so is no longer included in LLVM 18

     sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev llvm-17-linker-tools

     sudo ln -s /usr/lib/llvm-17/lib/LLVMgold.so /usr/lib/llvm-18/lib/LLVMgold.so

Compiled with: '-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++' and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1   # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter'. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter

Bug confirmed present in:
MariaDB: 10.5.28 (opt), 10.6.21 (opt), 10.11.11 (opt), 11.4.5 (opt), 11.7.1 (opt), 11.8.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.5.28 (dbg), 10.6.21 (dbg), 10.11.11 (dbg), 11.4.5 (dbg), 11.7.1 (dbg), 11.8.0 (dbg)

Attachments

Issue Links

relates to

MDEV-30931 UBSAN: negation of -X cannot be represented in type 'long long int'; cast to an unsigned type to negate this value to itself in get_interval_value on SELECT

Closed

MDEV-35406 UBSAN runtime error: signed integer overflow on SELECT DATE_ADD/MAKEDATE

Confirmed

Activity

People

Assignee:: Alexander Barkov

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2024-12-24 04:48

Updated:: 2024-12-27 02:25

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.