Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-35945

Assertion `src != ((void *)0)' failed in my_caseup_8bit

Details

    Description

      CREATE TABLE t (id INT, a SET('foo','bar') DEFAULT '');
      		 
      INSERT INTO t (id) VALUES (1);
      		 
      SELECT IF(UPPER(a)='FOO',0,1) FROM t;
      		 
      DROP TABLE t;

      11.4 3a6af458e6149657c1e135af821a23a7c15c68f1

      		 
      mariadbd: /data/bld/11.4-asan/strings/ctype-simple.c:256: my_caseup_8bit: Assertion `src != ((void *)0)' failed.
      		 
      250126 21:57:53 [ERROR] /share8t/bld/11.4-asan/sql/mariadbd got signal 6 ;
      		 
       
      		 
      #9  0x00007f6b98053eb2 in __GI___assert_fail (assertion=0x5590e889cd40 "src != ((void *)0)", file=0x5590e889cce0 "/data/bld/11.4-asan/strings/ctype-simple.c", line=256, function=0x5590e889cf20 <__PRETTY_FUNCTION__.6> "my_caseup_8bit") at ./assert/assert.c:101
      		 
      #10 0x00005590e741350b in my_caseup_8bit (cs=0x5590e9c455a0 <my_charset_latin1>, src=0x0, srclen=0, dst=0x60300004d1e8 "", dstlen=0) at /data/bld/11.4-asan/strings/ctype-simple.c:256
      		 
      #11 0x00005590e5fe6fa6 in Item_str_conv::val_str (this=0x62d0002c6b48, str=0x62d0002c6ec0) at /data/bld/11.4-asan/sql/item_strfunc.cc:1995
      		 
      #12 0x00005590e5ec01c7 in Arg_comparator::compare_string (this=0x62d0002c6d90) at /data/bld/11.4-asan/sql/item_cmpfunc.cc:859
      		 
      #13 0x00005590e5f03576 in Arg_comparator::compare (this=0x62d0002c6d90) at /data/bld/11.4-asan/sql/item_cmpfunc.h:118
      		 
      #14 0x00005590e5ecc902 in Item_func_eq::val_bool (this=0x62d0002c6cd8) at /data/bld/11.4-asan/sql/item_cmpfunc.cc:1885
      		 
      #15 0x00005590e5f052b4 in Item_func_if::find_item (this=0x62d0002c7040) at /data/bld/11.4-asan/sql/item_cmpfunc.h:1326
      		 
      #16 0x00005590e5cc0f6f in Item_func_case_abbreviation2_switch::int_op (this=0x62d0002c7040) at /data/bld/11.4-asan/sql/item_cmpfunc.h:1300
      		 
      #17 0x00005590e5bc0c4a in Item_func_hybrid_field_type::val_int_from_int_op (this=0x62d0002c7040) at /data/bld/11.4-asan/sql/item_func.h:926
      		 
      #18 0x00005590e5b9442c in Type_handler_int_result::Item_func_hybrid_field_type_val_int (this=0x5590e9ea8660 <type_handler_slong>, item=0x62d0002c7040) at /data/bld/11.4-asan/sql/sql_type.cc:5590
      		 
      #19 0x00005590e5445ed2 in Item_func_hybrid_field_type::val_int (this=0x62d0002c7040) at /data/bld/11.4-asan/sql/item_func.h:983
      		 
      #20 0x00005590e5b9dd0c in Type_handler::Item_send_long (this=0x5590e9ea8660 <type_handler_slong>, item=0x62d0002c7040, protocol=0x62c0000c0830, buf=0x7f6b889ae330) at /data/bld/11.4-asan/sql/sql_type.cc:7713
      		 
      #21 0x00005590e5bba668 in Type_handler_long::Item_send (this=0x5590e9ea8660 <type_handler_slong>, item=0x62d0002c7040, protocol=0x62c0000c0830, buf=0x7f6b889ae330) at /data/bld/11.4-asan/sql/sql_type.h:5851
      		 
      #22 0x00005590e50ca73a in Item::send (this=0x62d0002c7040, protocol=0x62c0000c0830, buffer=0x7f6b889ae330) at /data/bld/11.4-asan/sql/item.h:1261
      		 
      #23 0x00005590e519ad8d in Protocol::send_result_set_row (this=0x62c0000c0830, row_items=0x62d0002c67a8) at /data/bld/11.4-asan/sql/protocol.cc:1333
      		 
      #24 0x00005590e533daec in select_send::send_data (this=0x62d0002c8260, items=...) at /data/bld/11.4-asan/sql/sql_class.cc:3252
      		 
      #25 0x00005590e567b1b3 in select_result_sink::send_data_with_check (this=0x62d0002c8260, items=..., u=0x62c0000c46c0, sent=0) at /data/bld/11.4-asan/sql/sql_class.h:6093
      		 
      #26 0x00005590e5631283 in end_send (join=0x62d0002c8290, join_tab=0x0, end_of_records=false) at /data/bld/11.4-asan/sql/sql_select.cc:25414
      		 
      #27 0x00005590e56249fc in do_select (join=0x62d0002c8290, procedure=0x0) at /data/bld/11.4-asan/sql/sql_select.cc:23547
      		 
      #28 0x00005590e55a112f in JOIN::exec_inner (this=0x62d0002c8290) at /data/bld/11.4-asan/sql/sql_select.cc:5045
      		 
      #29 0x00005590e559e52e in JOIN::exec (this=0x62d0002c8290) at /data/bld/11.4-asan/sql/sql_select.cc:4831
      		 
      #30 0x00005590e55a2be7 in mysql_select (thd=0x62c0000c0218, tables=0x62d0002c71e8, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x62d0002c8260, unit=0x62c0000c46c0, select_lex=0x62d0002c64f0) at /data/bld/11.4-asan/sql/sql_select.cc:5361
      		 
      #31 0x00005590e5571011 in handle_select (thd=0x62c0000c0218, lex=0x62c0000c45e0, result=0x62d0002c8260, setup_tables_done_option=0) at /data/bld/11.4-asan/sql/sql_select.cc:642
      		 
      #32 0x00005590e54939b9 in execute_sqlcom_select (thd=0x62c0000c0218, all_tables=0x62d0002c71e8) at /data/bld/11.4-asan/sql/sql_parse.cc:6183
      		 
      #33 0x00005590e548374c in mysql_execute_command (thd=0x62c0000c0218, is_called_from_prepared_stmt=false) at /data/bld/11.4-asan/sql/sql_parse.cc:3976
      		 
      #34 0x00005590e549e430 in mysql_parse (thd=0x62c0000c0218, rawbuf=0x62d0002c6438 "SELECT IF(UPPER(a)='FOO',0,1) FROM t", length=36, parser_state=0x7f6b889b0a90) at /data/bld/11.4-asan/sql/sql_parse.cc:7907
      		 
      #35 0x00005590e5475460 in dispatch_command (command=COM_QUERY, thd=0x62c0000c0218, packet=0x629000253219 "", packet_length=36, blocking=true) at /data/bld/11.4-asan/sql/sql_parse.cc:1905
      		 
      #36 0x00005590e5472198 in do_command (thd=0x62c0000c0218, blocking=true) at /data/bld/11.4-asan/sql/sql_parse.cc:1418
      		 
      #37 0x00005590e59535d9 in do_handle_one_connection (connect=0x608000003ab8, put_in_cache=true) at /data/bld/11.4-asan/sql/sql_connect.cc:1408
      		 
      #38 0x00005590e5953138 in handle_one_connection (arg=0x608000003a38) at /data/bld/11.4-asan/sql/sql_connect.cc:1320
      		 
      #39 0x00005590e65cf7a8 in pfs_spawn_thread (arg=0x617000005b98) at /data/bld/11.4-asan/storage/perfschema/pfs.cc:2201
      		 
      #40 0x00007f6b980a81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #41 0x00007f6b9812885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      The failure started happening after this commit in 11.4:

      commit c1559f261f2e7a95b035e2be8510e4ef47c6cd23
      		 
      Commit:     Alexander Barkov
      		 
      CommitDate: Mon Jan 20 20:01:48 2025 +0400
      		 
       
      		 
          MDEV-35688 UBSAN: SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset in my_casedn_utf8mb3

      No obvious immediate problem on a non-debug build.

      Attachments

        Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-35688 UBSAN: SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset in my_casedn_utf8mb3

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-35864 UBSAN: "applying zero offset to null pointer" when using a Field_set with empty values

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-36565 Assertion `src != ((void *)0)' failed in my_casedn_8bit

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            elenst Elena Stepanova added a comment -

            It magically disappeared in bb-11.4-release after this merge:

            commit fcb0f86564791935c6b982803731223564b9ed9c
            		 
            Merge: f4a7415f1a1 60fec141db7
            		 
            Author: Sergei Golubchik
            		 
            Date:   Sat Jan 25 18:08:03 2025 +0100
            		 
             
            		 
                Merge branch 'bb-10.11-serg' into bb-11.4-serg

            which is a mystery as it didn't affect 10.11.

            elenst Elena Stepanova added a comment - It magically disappeared in bb-11.4-release after this merge: commit fcb0f86564791935c6b982803731223564b9ed9c Merge: f4a7415f1a1 60fec141db7 Author: Sergei Golubchik Date: Sat Jan 25 18:08:03 2025 +0100   Merge branch 'bb-10.11-serg' into bb-11.4-serg which is a mystery as it didn't affect 10.11.
            bar Alexander Barkov added a comment -

            It was fixed by:

            commit c69fb1a6273f759ad8afb4d6466aca5524df9e2f
            		 
            Author: Alexander Barkov <bar@mariadb.com>
            		 
            Date:   Fri Jan 17 13:28:02 2025 +0400
            		 
             
            		 
                MDEV-35864 UBSAN: "applying zero offset to null pointer" when using a Field_set with empty values

            bar Alexander Barkov added a comment - It was fixed by: commit c69fb1a6273f759ad8afb4d6466aca5524df9e2f Author: Alexander Barkov <bar@mariadb.com> Date: Fri Jan 17 13:28:02 2025 +0400   MDEV-35864 UBSAN: "applying zero offset to null pointer" when using a Field_set with empty values

            People

              Unassigned Unassigned
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.