Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.6, 11.4
-
None
Description
This problem was originally reported in MDEV-35723, but was moved to this separate MDEV.
The problem is repeatable with InnoDB and MyISAM, and probably with all other engines (I did not check though).
This script demonstrates the problem:
SET sql_mode=''; |
CREATE OR REPLACE TABLE t (c SET('','','') KEY,c2 DECIMAL UNSIGNED ZEROFILL,c3 CHAR(1) BINARY); |
INSERT INTO t VALUES ('',CURRENT_TIME,''); |
UPDATE t SET c2=c2+5 WHERE c BETWEEN '' AND ''; |
This is the output in the server error log:
.../strings/ctype-simple.c:180:10: runtime error: applying zero offset to null pointer
|
#0 0x3afb088 in my_strnncollsp_simple /home/bar/maria-git/10.6/strings/ctype-simple.c:180:10
|
#1 0x1ff8225 in Item_func_between::val_int_cmp_string() /home/bar/maria-git/10.6/sql/item_cmpfunc.cc:2319:25
|
#2 0x2735c36 in Item_func_between::val_bool() /home/bar/maria-git/10.6/sql/item_cmpfunc.h:1027:41
|
#3 0x13e318c in SQL_SELECT::skip_record(THD*) /home/bar/maria-git/10.6/sql/opt_range.h:1740:13
|
#4 0x13d7e8b in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, bool, unsigned long long*, unsigned long long*) /home/bar/maria-git/10.6/sql/sql_update.cc:1033:28
|
#5 0xe8d85d in mysql_execute_command(THD*, bool) /home/bar/maria-git/10.6/sql/sql_parse.cc:4477:21
|
#6 0xe44aa0 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /home/bar/maria-git/10.6/sql/sql_parse.cc:8208:18
|
#7 0xe38e8a in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /home/bar/maria-git/10.6/sql/sql_parse.cc:1908:7
|
#8 0xe479c4 in do_command(THD*, bool) /home/bar/maria-git/10.6/sql/sql_parse.cc:1421:17
|
#9 0x15d5928 in do_handle_one_connection(CONNECT*, bool) /home/bar/maria-git/10.6/sql/sql_connect.cc:1386:11
|
#10 0x15d4d84 in handle_one_connection /home/bar/maria-git/10.6/sql/sql_connect.cc:1298:5
|
#11 0x87789e in asan_thread_start(void*) asan_interceptors.cpp.o
|
#12 0x7efe35aac906 in start_thread (/lib64/libc.so.6+0x8e906) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851)
|
#13 0x7efe35b33adb in __GI___clone3 (/lib64/libc.so.6+0x115adb) (BuildId: 1cd2d1016ef987f11f5709c2aa0deb4520dcc851)
|
compiled with:
cmake .. \
|
-DCMAKE_INSTALL_PREFIX=/opt/mariadb-10.6 \
|
-DWITH_ASAN=ON \
|
-DWITH_ASAN_SCOPE=ON \
|
-DWITH_UBSAN=ON \
|
-DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON \
|
\
|
-DMYSQL_MAINTAINER_MODE=WARN \
|
-DCMAKE_BUILD_TYPE=Debug \
|
-DPLUGIN_{MROONGA,ROCKSDB}=NO \
|
Attachments
Issue Links
- is part of
-
MDEV-25454 Make MariaDB server UBSAN safe
- Confirmed
- relates to
-
MDEV-35723 UBSAN: applying non-zero offset to null pointer in my_charpos_mb/my_uca_scanner_next_utf8mb4, applying zero offset to null pointer in my_strnncollsp_simple, my_uca_strnncollsp_onelevel_utf8mb4/my_uca_scanner_init_any/my_uca_scanner_next_utf8mb4 on INSERT
- Closed
-
MDEV-35945 Assertion `src != ((void *)0)' failed in my_caseup_8bit
- Closed