Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Critical
-
Resolution: Unresolved
-
11.5(EOL), 11.7(EOL), 11.8
-
Q3/2025 Maintenance
Description
CREATE TABLE t (c INT,c2 CHAR,c3 DATE,CHECK (c>0)); |
ALTER TABLE t ADD INDEX (c2) USING HASH; |
or
--error ER_PARSE_ERROR
|
WITH a AS (SELECT * FROM a FOR TIME ALL; |
or
--error ER_PARSE_ERROR
|
WITH c AS(SELECT * FROM (SELECT * FROM t1) SELECT * FROM DUAL; |
or
--error ER_PARSE_ERROR
|
INSERT INTO t WITH s AS (SELECT * FROM t1; |
Lead to:
|
CS 11.8.0 7734c85c31c9e292ef1133115fba2f7edd71dd51 (Optimized, UBASAN, Clang) |
/test/11.8_opt_san/strings/strcoll.inl:230:25: runtime error: applying zero offset to null pointer
|
#0 0x56158a789512 in my_strnncoll_utf8mb3_general1400_as_ci /test/11.8_opt_san/strings/strcoll.inl:230:25
|
#1 0x561587af53ea in charset_info_st::strnncoll(st_mysql_const_lex_string, st_mysql_const_lex_string, char) const /test/11.8_opt_san/include/m_ctype.h:1081:12
|
#2 0x561587af53ea in charset_info_st::streq(st_mysql_const_lex_string, st_mysql_const_lex_string) const /test/11.8_opt_san/include/m_ctype.h:1073:17
|
#3 0x561587af53ea in Lex_ident<Compare_ident_ci>::streq(st_mysql_const_lex_string const&) const /test/11.8_opt_san/sql/lex_ident.h:119:38
|
#4 0x561587af53ea in is_infoschema_db(st_mysql_const_lex_string const*) /test/11.8_opt_san/sql/table.h:3583:34
|
#5 0x561587af53ea in st_select_lex::add_table_to_list(THD*, Table_ident*, st_mysql_const_lex_string const*, unsigned long, thr_lock_type, enum_mdl_type, List<Index_hint>*, List<String>*, st_mysql_lex_string*) /test/11.8_opt_san/sql/sql_parse.cc:8100:21
|
#6 0x561588870fcd in MYSQLparse(THD*) /test/11.8_opt_san/sql/sql_yacc.yy:12150:47
|
#7 0x561587b44284 in parse_sql(THD*, Parser_state*, Object_creation_ctx*, bool) /test/11.8_opt_san/sql/sql_parse.cc:10314:46
|
#8 0x561587adcef1 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_opt_san/sql/sql_parse.cc:7853:15
|
#9 0x561587ad2b9e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_opt_san/sql/sql_parse.cc:1903:7
|
#10 0x561587ae0a6e in do_command(THD*, bool) /test/11.8_opt_san/sql/sql_parse.cc:1416:17
|
#11 0x5615882c1e38 in do_handle_one_connection(CONNECT*, bool) /test/11.8_opt_san/sql/sql_connect.cc:1415:11
|
#12 0x5615882c1280 in handle_one_connection /test/11.8_opt_san/sql/sql_connect.cc:1327:5
|
#13 0x561587409b0c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#14 0x151f1549ca93 in start_thread nptl/pthread_create.c:447:8
|
#15 0x151f15529c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.8_opt_san/strings/strcoll.inl:230:25
|
|
CS 11.8.0 7734c85c31c9e292ef1133115fba2f7edd71dd51 (Optimized, UBASAN, Clang) |
/test/11.8_opt_san/strings/ctype-ascii.h:110:27: runtime error: applying non-zero offset 4 to null pointer
|
#0 0x56158a7842e6 in my_strcoll_ascii_4bytes_found /test/11.8_opt_san/strings/ctype-ascii.h:110:27
|
#1 0x56158a789227 in my_strnncoll_utf8mb3_general1400_as_ci /test/11.8_opt_san/strings/strcoll.inl:238:24
|
#2 0x561587af53ea in charset_info_st::strnncoll(st_mysql_const_lex_string, st_mysql_const_lex_string, char) const /test/11.8_opt_san/include/m_ctype.h:1081:12
|
#3 0x561587af53ea in charset_info_st::streq(st_mysql_const_lex_string, st_mysql_const_lex_string) const /test/11.8_opt_san/include/m_ctype.h:1073:17
|
#4 0x561587af53ea in Lex_ident<Compare_ident_ci>::streq(st_mysql_const_lex_string const&) const /test/11.8_opt_san/sql/lex_ident.h:119:38
|
#5 0x561587af53ea in is_infoschema_db(st_mysql_const_lex_string const*) /test/11.8_opt_san/sql/table.h:3583:34
|
#6 0x561587af53ea in st_select_lex::add_table_to_list(THD*, Table_ident*, st_mysql_const_lex_string const*, unsigned long, thr_lock_type, enum_mdl_type, List<Index_hint>*, List<String>*, st_mysql_lex_string*) /test/11.8_opt_san/sql/sql_parse.cc:8100:21
|
#7 0x561588870fcd in MYSQLparse(THD*) /test/11.8_opt_san/sql/sql_yacc.yy:12150:47
|
#8 0x561587b44284 in parse_sql(THD*, Parser_state*, Object_creation_ctx*, bool) /test/11.8_opt_san/sql/sql_parse.cc:10314:46
|
#9 0x561587adcef1 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_opt_san/sql/sql_parse.cc:7853:15
|
#10 0x561587ad2b9e in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_opt_san/sql/sql_parse.cc:1903:7
|
#11 0x561587ae0a6e in do_command(THD*, bool) /test/11.8_opt_san/sql/sql_parse.cc:1416:17
|
#12 0x5615882c1e38 in do_handle_one_connection(CONNECT*, bool) /test/11.8_opt_san/sql/sql_connect.cc:1415:11
|
#13 0x5615882c1280 in handle_one_connection /test/11.8_opt_san/sql/sql_connect.cc:1327:5
|
#14 0x561587409b0c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#15 0x151f1549ca93 in start_thread nptl/pthread_create.c:447:8
|
#16 0x151f15529c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-nonzero-offset /test/11.8_opt_san/strings/ctype-ascii.h:110:27
|
Setup:
Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18:
|
# Note: llvm-17-linker-tools installs /usr/lib/llvm-17/lib/LLVMgold.so, which is needed for compilation, and LLVMgold.so is no longer included in LLVM 18
|
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev llvm-17-linker-tools
|
sudo ln -s /usr/lib/llvm-17/lib/LLVMgold.so /usr/lib/llvm-18/lib/LLVMgold.so
|
Compiled with: '-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++' and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter'. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter
|
Bug confirmed present in: 11.5-11.8 (opt+dbg)
Attachments
Issue Links
- is caused by
-
MDEV-31340 Remove MY_COLLATION_HANDLER::strcasecmp()
-
- Closed
-
- relates to
-
-
- In Review
-
-
-
- Stalled
-
Activity
CREATE TABLE t (x INT,CHECK (t.x>0)); |
--error ER_KEY_COLUMN_DOES_NOT_EXIST
|
ALTER TABLE t ADD FULLTEXT INDEX idx_0 (b); |
Leads to:
|
CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Debug, UBASAN, Clang) |
/test/11.8_dbg_san/strings/strcoll.inl:229:25: runtime error: applying zero offset to null pointer
|
#0 0x55b28dd5003d in my_strnncoll_utf8mb3_general1400_as_ci /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
#1 0x55b28b07e665 in charset_info_st::streq(st_mysql_const_lex_string, st_mysql_const_lex_string) const /test/11.8_dbg_san/include/m_ctype.h:1073:17
|
#2 0x55b28b07e665 in Lex_ident<Compare_ident_ci>::streq(Lex_ident<Compare_ident_ci> const&) const /test/11.8_dbg_san/sql/lex_ident.h:129:38
|
#3 0x55b28b840b48 in mysql_prepare_alter_table(THD*, TABLE*, Table_specification_st*, Alter_info*, Alter_table_ctx*) /test/11.8_dbg_san/sql/sql_table.cc:9239:37
|
#4 0x55b28b84b162 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, TABLE_LIST*, Recreate_info*, Alter_info*, unsigned int, st_order*, bool, bool) /test/11.8_dbg_san/sql/sql_table.cc:11066:7
|
#5 0x55b28baf696d in Sql_cmd_alter_table::execute(THD*) /test/11.8_dbg_san/sql/sql_alter.cc:701:11
|
#6 0x55b28b42c686 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:5886:26
|
#7 0x55b28b40b588 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18
|
#8 0x55b28b3ff64b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
|
#9 0x55b28b40dfad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
|
#10 0x55b28bad176c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#11 0x55b28bad1027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#12 0x55b28ae10b5c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#13 0x152b3c69ca93 in start_thread nptl/pthread_create.c:447:8
|
#14 0x152b3c729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
|
CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Optimized, UBASAN, Clang) |
/test/11.8_dbg_san/strings/strcoll.inl:229:25: runtime error: applying zero offset to null pointer
|
#0 0x5585fd13a03d in my_strnncoll_utf8mb3_general1400_as_ci /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
#1 0x5585fa468665 in charset_info_st::streq(st_mysql_const_lex_string, st_mysql_const_lex_string) const /test/11.8_dbg_san/include/m_ctype.h:1073:17
|
#2 0x5585fa468665 in Lex_ident<Compare_ident_ci>::streq(Lex_ident<Compare_ident_ci> const&) const /test/11.8_dbg_san/sql/lex_ident.h:129:38
|
#3 0x5585fac2ab48 in mysql_prepare_alter_table(THD*, TABLE*, Table_specification_st*, Alter_info*, Alter_table_ctx*) /test/11.8_dbg_san/sql/sql_table.cc:9239:37
|
#4 0x5585fac35162 in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, TABLE_LIST*, Recreate_info*, Alter_info*, unsigned int, st_order*, bool, bool) /test/11.8_dbg_san/sql/sql_table.cc:11066:7
|
#5 0x5585faee096d in Sql_cmd_alter_table::execute(THD*) /test/11.8_dbg_san/sql/sql_alter.cc:701:11
|
#6 0x5585fa816686 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:5886:26
|
#7 0x5585fa7f5588 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18
|
#8 0x5585fa7e964b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
|
#9 0x5585fa7f7fad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
|
#10 0x5585faebb76c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#11 0x5585faebb027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#12 0x5585fa1fab5c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#13 0x15253989ca93 in start_thread nptl/pthread_create.c:447:8
|
#14 0x152539929c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
Bug confirmed present in:
MariaDB: 11.7.2 (dbg), 11.7.2 (opt), 11.8.0 (dbg), 11.8.0 (opt)
ALTER TABLE t ADD PERIOD IF NOT EXISTS FOR a (e,s); |
Leads to:
|
CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Debug, UBASAN, Clang) |
/test/11.8_dbg_san/strings/strcoll.inl:229:25: runtime error: applying zero offset to null pointer
|
#0 0x55558ad4703d in my_strnncoll_utf8mb3_general1400_as_ci /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
#1 0x555588075665 in charset_info_st::streq(st_mysql_const_lex_string, st_mysql_const_lex_string) const /test/11.8_dbg_san/include/m_ctype.h:1073:17
|
#2 0x555588075665 in Lex_ident<Compare_ident_ci>::streq(Lex_ident<Compare_ident_ci> const&) const /test/11.8_dbg_san/sql/lex_ident.h:129:38
|
#3 0x55558903a459 in LEX::add_period(Lex_ident_column, Lex_ident_sys_st, Lex_ident_sys_st) /test/11.8_dbg_san/sql/sql_lex.h:4632:35
|
#4 0x555588fd532e in MYSQLparse(THD*) /test/11.8_dbg_san/sql/sql_yacc.yy:6097:22
|
#5 0x555588457ffb in parse_sql(THD*, Parser_state*, Object_creation_ctx*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:10328:46
|
#6 0x555588401cb4 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7867:15
|
#7 0x5555883f664b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
|
#8 0x555588404fad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
|
#9 0x555588ac876c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#10 0x555588ac8027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#11 0x555587e07b5c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#12 0x14937ca9ca93 in start_thread nptl/pthread_create.c:447:8
|
#13 0x14937cb29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
|
CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Optimized, UBASAN, Clang) |
/test/11.8_dbg_san/strings/strcoll.inl:229:25: runtime error: applying zero offset to null pointer
|
#0 0x55fe9357303d in my_strnncoll_utf8mb3_general1400_as_ci /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
#1 0x55fe908a1665 in charset_info_st::streq(st_mysql_const_lex_string, st_mysql_const_lex_string) const /test/11.8_dbg_san/include/m_ctype.h:1073:17
|
#2 0x55fe908a1665 in Lex_ident<Compare_ident_ci>::streq(Lex_ident<Compare_ident_ci> const&) const /test/11.8_dbg_san/sql/lex_ident.h:129:38
|
#3 0x55fe91866459 in LEX::add_period(Lex_ident_column, Lex_ident_sys_st, Lex_ident_sys_st) /test/11.8_dbg_san/sql/sql_lex.h:4632:35
|
#4 0x55fe9180132e in MYSQLparse(THD*) /test/11.8_dbg_san/sql/sql_yacc.yy:6097:22
|
#5 0x55fe90c83ffb in parse_sql(THD*, Parser_state*, Object_creation_ctx*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:10328:46
|
#6 0x55fe90c2dcb4 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7867:15
|
#7 0x55fe90c2264b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
|
#8 0x55fe90c30fad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
|
#9 0x55fe912f476c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#10 0x55fe912f4027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#11 0x55fe90633b5c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#12 0x14eeb149ca93 in start_thread nptl/pthread_create.c:447:8
|
#13 0x14eeb1529c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
Bug confirmed present in:
MariaDB: 11.7.2 (dbg), 11.7.2 (opt), 11.8.0 (dbg), 11.8.0 (opt)
bar Hi! I am raising the prio on this bug as it is seen very regularly. with a variety of testcases and with a variety of stacks.
Please feel free to adjust as you see fit.
CREATE TABLE t (i INT) ; |
ALTER TABLE t DROP PERIOD IF EXISTS FOR b; |
Leads to:
|
CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Debug, UBASAN, Clang) |
/test/11.8_dbg_san/strings/strcoll.inl:229:25: runtime error: applying zero offset to null pointer
|
#0 0x5556cd8d403d in my_strnncoll_utf8mb3_general1400_as_ci /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
#1 0x5556cac02665 in charset_info_st::streq(st_mysql_const_lex_string, st_mysql_const_lex_string) const /test/11.8_dbg_san/include/m_ctype.h:1073:17
|
#2 0x5556cac02665 in Lex_ident<Compare_ident_ci>::streq(Lex_ident<Compare_ident_ci> const&) const /test/11.8_dbg_san/sql/lex_ident.h:129:38
|
#3 0x5556cb3db6c2 in handle_if_exists_options(THD*, TABLE*, Alter_info*, Table_period_info*) /test/11.8_dbg_san/sql/sql_table.cc:6228:35
|
#4 0x5556cb3cee9f in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, TABLE_LIST*, Recreate_info*, Alter_info*, unsigned int, st_order*, bool, bool) /test/11.8_dbg_san/sql/sql_table.cc:10965:7
|
#5 0x5556cb67a96d in Sql_cmd_alter_table::execute(THD*) /test/11.8_dbg_san/sql/sql_alter.cc:701:11
|
#6 0x5556cafb0686 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:5886:26
|
#7 0x5556caf8f588 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18
|
#8 0x5556caf8364b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
|
#9 0x5556caf91fad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
|
#10 0x5556cb65576c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#11 0x5556cb655027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#12 0x5556ca994b5c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#13 0x14636709ca93 in start_thread nptl/pthread_create.c:447:8
|
#14 0x146367129c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
|
CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Optimized, UBASAN, Clang) |
/test/11.8_dbg_san/strings/strcoll.inl:229:25: runtime error: applying zero offset to null pointer
|
#0 0x5621ebecb03d in my_strnncoll_utf8mb3_general1400_as_ci /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
#1 0x5621e91f9665 in charset_info_st::streq(st_mysql_const_lex_string, st_mysql_const_lex_string) const /test/11.8_dbg_san/include/m_ctype.h:1073:17
|
#2 0x5621e91f9665 in Lex_ident<Compare_ident_ci>::streq(Lex_ident<Compare_ident_ci> const&) const /test/11.8_dbg_san/sql/lex_ident.h:129:38
|
#3 0x5621e99d26c2 in handle_if_exists_options(THD*, TABLE*, Alter_info*, Table_period_info*) /test/11.8_dbg_san/sql/sql_table.cc:6228:35
|
#4 0x5621e99c5e9f in mysql_alter_table(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, TABLE_LIST*, Recreate_info*, Alter_info*, unsigned int, st_order*, bool, bool) /test/11.8_dbg_san/sql/sql_table.cc:10965:7
|
#5 0x5621e9c7196d in Sql_cmd_alter_table::execute(THD*) /test/11.8_dbg_san/sql/sql_alter.cc:701:11
|
#6 0x5621e95a7686 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:5886:26
|
#7 0x5621e9586588 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18
|
#8 0x5621e957a64b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
|
#9 0x5621e9588fad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
|
#10 0x5621e9c4c76c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#11 0x5621e9c4c027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#12 0x5621e8f8bb5c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#13 0x1465b7a9ca93 in start_thread nptl/pthread_create.c:447:8
|
#14 0x1465b7b29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
Bug confirmed present in:
MariaDB: 11.7.2 (dbg), 11.7.2 (opt), 11.8.0 (dbg), 11.8.0 (opt)
Additional t/c to test any fixes with
WITH s AS (SELECT * FROM t FOR SYSTEM_TIME AS of TIMESTAMP @t; |
On preview-11.8-preview this yielded an additional stack, at least a few times:
|
CS 11.8.0 349b8a10274c88887b7b2af24b4200724617611f (Debug) |
/test/preview-11.8-preview_dbg_san/strings/strcoll.inl:229:25: runtime error: applying zero offset to null pointer
|
#0 0x5638a70afafd in my_strnncoll_utf8mb3_general1400_as_ci /test/preview-11.8-preview_dbg_san/strings/strcoll.inl:229:25
|
#1 0x5638a43c80e5 in charset_info_st::streq(st_mysql_const_lex_string, st_mysql_const_lex_string) const /test/preview-11.8-preview_dbg_san/include/m_ctype.h:1073:17
|
#2 0x5638a43c80e5 in Lex_ident<Compare_ident_ci>::streq(Lex_ident<Compare_ident_ci> const&) const /test/preview-11.8-preview_dbg_san/sql/lex_ident.h:132:38
|
#3 0x5638a53a2229 in LEX::add_period(Lex_ident_column, Lex_ident_sys_st, Lex_ident_sys_st) /test/preview-11.8-preview_dbg_san/sql/sql_lex.h:4685:35
|
#4 0x5638a5344e9a in MYSQLparse(THD*) /test/preview-11.8-preview_dbg_san/sql/sql_yacc.yy:6192:22
|
#5 0x5638a47c06db in parse_sql(THD*, Parser_state*, Object_creation_ctx*, bool) /test/preview-11.8-preview_dbg_san/sql/sql_parse.cc:10318:46
|
#6 0x5638a476abd4 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/preview-11.8-preview_dbg_san/sql/sql_parse.cc:7853:15
|
#7 0x5638a475fc57 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/preview-11.8-preview_dbg_san/sql/sql_parse.cc:1903:7
|
#8 0x5638a476decd in do_command(THD*, bool) /test/preview-11.8-preview_dbg_san/sql/sql_parse.cc:1416:17
|
#9 0x5638a4e24b3c in do_handle_one_connection(CONNECT*, bool) /test/preview-11.8-preview_dbg_san/sql/sql_connect.cc:1415:11
|
#10 0x5638a4e243f7 in handle_one_connection /test/preview-11.8-preview_dbg_san/sql/sql_connect.cc:1327:5
|
#11 0x5638a415790c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#12 0x152fa229ca93 in start_thread nptl/pthread_create.c:447:8
|
#13 0x152fa2329c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/preview-11.8-preview_dbg_san/strings/strcoll.inl:229:25
|
However, when replayed - even on that version - it more commonly yields one of the stacks above, like UniqueID
UBSAN|applying zero offset to null pointer|strings/strcoll.inl|my_strnncoll_utf8mb3_general1400_as_ci|charset_info_st::streq|Lex_ident<Compare_ident_ci>::streq|is_infoschema_db
|
Another testcase with offset stack
CREATE TABLE t (a INT) DEFAULT CHARSET=utf8; |
UPDATE t FOR PORTION OF a FROM''TO''SET id=id+1; |
Leads to:
|
CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Debug, UBASAN, Clang) |
/test/11.8_dbg_san/strings/strcoll.inl:229:25: runtime error: applying zero offset to null pointer
|
#0 0x564fa5c4403d in my_strnncoll_utf8mb3_general1400_as_ci /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
#1 0x564fa2f72665 in charset_info_st::streq(st_mysql_const_lex_string, st_mysql_const_lex_string) const /test/11.8_dbg_san/include/m_ctype.h:1073:17
|
#2 0x564fa2f72665 in Lex_ident<Compare_ident_ci>::streq(Lex_ident<Compare_ident_ci> const&) const /test/11.8_dbg_san/sql/lex_ident.h:129:38
|
#3 0x564fa347408d in st_select_lex::period_setup_conds(THD*, TABLE_LIST*) /test/11.8_dbg_san/sql/sql_select.cc:1176:39
|
#4 0x564fa38156e4 in Multiupdate_prelocking_strategy::handle_end(THD*) /test/11.8_dbg_san/sql/sql_update.cc:1658:19
|
#5 0x564fa305919e in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /test/11.8_dbg_san/sql/sql_base.cc:4778:38
|
#6 0x564fa3063414 in open_tables_for_query(THD*, TABLE_LIST*, unsigned int*, unsigned int, DML_prelocking_strategy*) /test/11.8_dbg_san/sql/sql_base.cc:5772:7
|
#7 0x564fa35d1308 in Sql_cmd_dml::prepare(THD*) /test/11.8_dbg_san/sql/sql_select.cc:34232:7
|
#8 0x564fa35d2129 in Sql_cmd_dml::execute(THD*) /test/11.8_dbg_san/sql/sql_select.cc:34294:9
|
#9 0x564fa3320b78 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:4429:27
|
#10 0x564fa32ff588 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18
|
#11 0x564fa32f364b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
|
#12 0x564fa3301fad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
|
#13 0x564fa39c576c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#14 0x564fa39c5027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#15 0x564fa2d04b5c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#16 0x1482ae49ca93 in start_thread nptl/pthread_create.c:447:8
|
#17 0x1482ae529c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
|
CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Optimized, UBASAN, Clang) |
/test/11.8_dbg_san/strings/strcoll.inl:229:25: runtime error: applying zero offset to null pointer
|
#0 0x5591a2dd903d in my_strnncoll_utf8mb3_general1400_as_ci /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
#1 0x5591a0107665 in charset_info_st::streq(st_mysql_const_lex_string, st_mysql_const_lex_string) const /test/11.8_dbg_san/include/m_ctype.h:1073:17
|
#2 0x5591a0107665 in Lex_ident<Compare_ident_ci>::streq(Lex_ident<Compare_ident_ci> const&) const /test/11.8_dbg_san/sql/lex_ident.h:129:38
|
#3 0x5591a060908d in st_select_lex::period_setup_conds(THD*, TABLE_LIST*) /test/11.8_dbg_san/sql/sql_select.cc:1176:39
|
#4 0x5591a09aa6e4 in Multiupdate_prelocking_strategy::handle_end(THD*) /test/11.8_dbg_san/sql/sql_update.cc:1658:19
|
#5 0x5591a01ee19e in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /test/11.8_dbg_san/sql/sql_base.cc:4778:38
|
#6 0x5591a01f8414 in open_tables_for_query(THD*, TABLE_LIST*, unsigned int*, unsigned int, DML_prelocking_strategy*) /test/11.8_dbg_san/sql/sql_base.cc:5772:7
|
#7 0x5591a0766308 in Sql_cmd_dml::prepare(THD*) /test/11.8_dbg_san/sql/sql_select.cc:34232:7
|
#8 0x5591a0767129 in Sql_cmd_dml::execute(THD*) /test/11.8_dbg_san/sql/sql_select.cc:34294:9
|
#9 0x5591a04b5b78 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:4429:27
|
#10 0x5591a0494588 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18
|
#11 0x5591a048864b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
|
#12 0x5591a0496fad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
|
#13 0x5591a0b5a76c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#14 0x5591a0b5a027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#15 0x55919fe99b5c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#16 0x1464f1a9ca93 in start_thread nptl/pthread_create.c:447:8
|
#17 0x1464f1b29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.8_dbg_san/strings/strcoll.inl:229:25
|
Bug confirmed present in:
MariaDB: 11.7.2 (dbg), 11.7.2 (opt), 11.8.0 (dbg), 11.8.0 (opt)
CREATE TABLE t (a INT,CONSTRAINT foo CHECK (a>0),FOREIGN KEY(a) REFERENCES t (a) ON UPDATE CASCADE); |
|
CS 11.8.0 cacaaebf01939d387645fb850ceeec5392496171 (Debug, UBASAN, Clang) |
/test/11.8_dbg_san/strings/strcoll.inl:230:25: runtime error: applying zero offset to null pointer
|
#0 0x562c75f2705d in my_strnncoll_utf8mb3_general1400_as_ci /test/11.8_dbg_san/strings/strcoll.inl:230:25
|
#1 0x562c73255665 in charset_info_st::streq(st_mysql_const_lex_string, st_mysql_const_lex_string) const /test/11.8_dbg_san/include/m_ctype.h:1073:17
|
#2 0x562c73255665 in Lex_ident<Compare_ident_ci>::streq(Lex_ident<Compare_ident_ci> const&) const /test/11.8_dbg_san/sql/lex_ident.h:129:38
|
#3 0x562c73a007ed in mysql_prepare_create_table_finalize(THD*, HA_CREATE_INFO*, Alter_info*, unsigned int*, handler*, st_key**, unsigned int*, int) /test/11.8_dbg_san/sql/sql_table.cc:3909:27
|
#4 0x562c739f19b8 in mysql_create_frm_image(THD*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/11.8_dbg_san/sql/sql_table.cc:4431:7
|
#5 0x562c73a05180 in create_table_impl(THD*, st_ddl_log_state*, st_ddl_log_state*, Lex_ident_db const&, Lex_ident_table const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, st_mysql_const_lex_string const&, DDL_options_st, HA_CREATE_INFO*, Alter_info*, int, bool*, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/11.8_dbg_san/sql/sql_table.cc:4753:11
|
#6 0x562c73a02f60 in mysql_create_table_no_lock(THD*, st_ddl_log_state*, st_ddl_log_state*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /test/11.8_dbg_san/sql/sql_table.cc:4878:8
|
#7 0x562c73a5fd56 in mysql_create_table(THD*, TABLE_LIST*, Table_specification_st*, Alter_info*) /test/11.8_dbg_san/sql/sql_table.cc:5103:7
|
#8 0x562c73a59677 in Sql_cmd_create_table_like::execute(THD*) /test/11.8_dbg_san/sql/sql_table.cc:13439:12
|
#9 0x562c73603686 in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:5886:26
|
#10 0x562c735e2588 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18
|
#11 0x562c735d664b in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1903:7
|
#12 0x562c735e4fad in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1416:17
|
#13 0x562c73ca876c in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#14 0x562c73ca8027 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#15 0x562c72fe7b5c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#16 0x14ba25c9ca93 in start_thread nptl/pthread_create.c:447:8
|
#17 0x14ba25d29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
|
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/11.8_dbg_san/strings/strcoll.inl:230:25
|
Present in 11.7 at revision 9adc81791eb287879c500f5eaaeb78057cf85791 of Aug 20.
This was the 11.7 branch creation commit.
Present in 11.5 at revision 8b8c8fcb864f4f9753211ad911337201cfe21d23 of Aug 12.
Not present in 11.5 at revison de9c357284edb46084c45c3b96600c854efdf69a of Jan 24.
git-bisect found
Finished: fd247cc21fbc975fbc7f20ef2c4e722f13552330 is the first bad commitcommit fd247cc21fbc975fbc7f20ef2c4e722f13552330Author: Alexander Barkov <bar@mariadb.com>Date: Wed Apr 26 15:27:01 2023 +0400MDEV-31340 Remove MY_COLLATION_HANDLER::strcasecmp()https://github.com/MariaDB/server/commit/fd247cc21fbc975fbc7f20ef2c4e722f13552330
Note: the commit date shows as 2023, but the actual push date was April 2024.