Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.5, 10.6, 10.11, 11.4
-
None
Description
from mysql.geojson_functions.test
--source include/have_innodb.inc
|
|
|
CREATE TABLE t1 (g GEOMETRY) engine=innodb; |
INSERT INTO t1 VALUES (0x000000000107000000010000000107000000010000000101000000000000000000244000000000000024); |
SELECT ST_ASGEOJSON(g) FROM t1; |
Version: '10.5.29-MariaDB-debug-log'
|
=================================================================
|
==772941==ERROR: AddressSanitizer: unknown-crash on address 0x62900029e2c3 at pc 0x55f925b96cd4 bp 0x7ff0a8378130 sp 0x7ff0a8378120
|
READ of size 8 at 0x62900029e2c3 thread T18
|
#0 0x55f925b96cd3 in get_point /10.5/src/sql/spatial.cc:232
|
#1 0x55f925b9aa7b in append_json_point /10.5/src/sql/spatial.cc:829
|
#2 0x55f925b9bc3a in Gis_point::get_data_as_json(String*, unsigned int, char const**) const /10.5/src/sql/spatial.cc:1020
|
#3 0x55f925b98000 in Geometry::as_json(String*, unsigned int, char const**) /10.5/src/sql/spatial.cc:396
|
#4 0x55f925bad03c in Gis_geometry_collection::get_data_as_json(String*, unsigned int, char const**) const /10.5/src/sql/spatial.cc:3530
|
#5 0x55f925b98000 in Geometry::as_json(String*, unsigned int, char const**) /10.5/src/sql/spatial.cc:396
|
#6 0x55f925bad03c in Gis_geometry_collection::get_data_as_json(String*, unsigned int, char const**) const /10.5/src/sql/spatial.cc:3530
|
#7 0x55f925b98000 in Geometry::as_json(String*, unsigned int, char const**) /10.5/src/sql/spatial.cc:396
|
#8 0x55f9258a841b in Item_func_as_geojson::val_str_ascii(String*) /10.5/src/sql/item_geofunc.cc:308
|
#9 0x55f9258dbcb9 in Item_func::val_str_from_val_str_ascii(String*, String*) /10.5/src/sql/item_strfunc.cc:98
|
#10 0x55f9255ab9a9 in Item_str_ascii_func::val_str(String*) /10.5/src/sql/item_strfunc.h:93
|
#11 0x55f92548e41d in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /10.5/src/sql/sql_type.cc:7563
|
#12 0x55f925267aa7 in Type_handler_string_result::Item_send(Item*, Protocol*, st_value*) const /10.5/src/sql/sql_type.h:5495
|
#13 0x55f924b64bc5 in Item::send(Protocol*, st_value*) /10.5/src/sql/item.h:1083
|
#14 0x55f924b54d6b in Protocol::send_result_set_row(List<Item>*) /10.5/src/sql/protocol.cc:1086
|
#15 0x55f924d197f5 in select_send::send_data(List<Item>&) /10.5/src/sql/sql_class.cc:3173
|
#16 0x55f924ff96e4 in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /10.5/src/sql/sql_class.h:5582
|
#17 0x55f924fb0196 in end_send /10.5/src/sql/sql_select.cc:22522
|
#18 0x55f924fa83bf in evaluate_join_record /10.5/src/sql/sql_select.cc:21540
|
#19 0x55f924fa6c49 in sub_select(JOIN*, st_join_table*, bool) /10.5/src/sql/sql_select.cc:21310
|
#20 0x55f924fa48f6 in do_select /10.5/src/sql/sql_select.cc:20827
|
#21 0x55f924f2da98 in JOIN::exec_inner() /10.5/src/sql/sql_select.cc:4664
|
#22 0x55f924f2b06b in JOIN::exec() /10.5/src/sql/sql_select.cc:4444
|
#23 0x55f924f2f515 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /10.5/src/sql/sql_select.cc:4921
|
#24 0x55f924efe98b in handle_select(THD*, LEX*, select_result*, unsigned long) /10.5/src/sql/sql_select.cc:449
|
#25 0x55f924e5f70e in execute_sqlcom_select /10.5/src/sql/sql_parse.cc:6452
|
#26 0x55f924e4db23 in mysql_execute_command(THD*) /10.5/src/sql/sql_parse.cc:4043
|
#27 0x55f924e6aadc in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.5/src/sql/sql_parse.cc:8252
|
#28 0x55f924e3f329 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.5/src/sql/sql_parse.cc:1891
|
#29 0x55f924e3bc03 in do_command(THD*) /10.5/src/sql/sql_parse.cc:1375
|
#30 0x55f9252b27fd in do_handle_one_connection(CONNECT*, bool) /10.5/src/sql/sql_connect.cc:1386
|
#31 0x55f9252b2357 in handle_one_connection /10.5/src/sql/sql_connect.cc:1298
|
#32 0x55f925f727e7 in pfs_spawn_thread /10.5/src/storage/perfschema/pfs.cc:2201
|
#33 0x7ff0c5d67608 in start_thread /build/glibc-FcRMwW/glibc-2.31/nptl/pthread_create.c:477
|
#34 0x7ff0c58a2352 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f352) (BuildId: 0323ab4806bee6f846d9ad4bccfc29afdca49a58)
|
|
|
0x62900029e2c3 is located 195 bytes inside of 16536-byte region [0x62900029e200,0x6290002a2298)
|
allocated by thread T18 here:
|
#0 0x7ff0c63548ff in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
|
#1 0x55f926210408 in ut_allocator<unsigned char, true>::allocate(unsigned long, unsigned char const*, unsigned int, bool, bool) /10.5/src/storage/innobase/include/ut0new.h:377
|
#2 0x55f9264711fe in mem_heap_create_block_func(mem_block_info_t*, unsigned long, char const*, unsigned int, unsigned long) /10.5/src/storage/innobase/mem/mem0mem.cc:277
|
#3 0x55f92668e7fb in mem_heap_create_func /10.5/src/storage/innobase/include/mem0mem.inl:375
|
#4 0x55f9266a67d5 in row_sel_store_mysql_field /10.5/src/storage/innobase/row/row0sel.cc:3035
|
#5 0x55f9266a78f8 in row_sel_store_mysql_rec /10.5/src/storage/innobase/row/row0sel.cc:3181
|
#6 0x55f9266b7724 in row_search_mvcc(unsigned char*, page_cur_mode_t, row_prebuilt_t*, unsigned long, unsigned long) /10.5/src/storage/innobase/row/row0sel.cc:5539
|
#7 0x55f9261ba7f2 in ha_innobase::index_read(unsigned char*, unsigned char const*, unsigned int, ha_rkey_function) /10.5/src/storage/innobase/handler/ha_innodb.cc:8931
|
#8 0x55f9261bdb6b in ha_innobase::index_first(unsigned char*) /10.5/src/storage/innobase/handler/ha_innodb.cc:9300
|
#9 0x55f9261be12f in ha_innobase::rnd_next(unsigned char*) /10.5/src/storage/innobase/handler/ha_innodb.cc:9393
|
#10 0x55f9256ef865 in handler::ha_rnd_next(unsigned char*) /10.5/src/sql/handler.cc:3189
|
#11 0x55f925b78dfb in rr_sequential(READ_RECORD*) /10.5/src/sql/records.cc:519
|
#12 0x55f924c7c347 in READ_RECORD::read_record() /10.5/src/sql/records.h:80
|
#13 0x55f924fada35 in join_init_read_record(st_join_table*) /10.5/src/sql/sql_select.cc:22275
|
#14 0x55f924fa6a8d in sub_select(JOIN*, st_join_table*, bool) /10.5/src/sql/sql_select.cc:21307
|
#15 0x55f924fa48f6 in do_select /10.5/src/sql/sql_select.cc:20827
|
#16 0x55f924f2da98 in JOIN::exec_inner() /10.5/src/sql/sql_select.cc:4664
|
#17 0x55f924f2b06b in JOIN::exec() /10.5/src/sql/sql_select.cc:4444
|
#18 0x55f924f2f515 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /10.5/src/sql/sql_select.cc:4921
|
#19 0x55f924efe98b in handle_select(THD*, LEX*, select_result*, unsigned long) /10.5/src/sql/sql_select.cc:449
|
#20 0x55f924e5f70e in execute_sqlcom_select /10.5/src/sql/sql_parse.cc:6452
|
#21 0x55f924e4db23 in mysql_execute_command(THD*) /10.5/src/sql/sql_parse.cc:4043
|
#22 0x55f924e6aadc in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.5/src/sql/sql_parse.cc:8252
|
#23 0x55f924e3f329 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.5/src/sql/sql_parse.cc:1891
|
#24 0x55f924e3bc03 in do_command(THD*) /10.5/src/sql/sql_parse.cc:1375
|
#25 0x55f9252b27fd in do_handle_one_connection(CONNECT*, bool) /10.5/src/sql/sql_connect.cc:1386
|
#26 0x55f9252b2357 in handle_one_connection /10.5/src/sql/sql_connect.cc:1298
|
#27 0x55f925f727e7 in pfs_spawn_thread /10.5/src/storage/perfschema/pfs.cc:2201
|
#28 0x7ff0c5d67608 in start_thread /build/glibc-FcRMwW/glibc-2.31/nptl/pthread_create.c:477
|
|
|
Thread T18 created by T0 here:
|
#0 0x7ff0c62c0175 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:208
|
#1 0x55f925f6e39c in my_thread_create /10.5/src/storage/perfschema/my_thread.h:52
|
#2 0x55f925f72bda in pfs_spawn_thread_v1 /10.5/src/storage/perfschema/pfs.cc:2252
|
#3 0x55f924afd58c in inline_mysql_thread_create /10.5/src/include/mysql/psi/mysql_thread.h:1323
|
#4 0x55f924b143ba in create_thread_to_handle_connection(CONNECT*) /10.5/src/sql/mysqld.cc:6072
|
#5 0x55f924b14a11 in create_new_thread(CONNECT*) /10.5/src/sql/mysqld.cc:6131
|
#6 0x55f924b14d25 in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /10.5/src/sql/mysqld.cc:6196
|
#7 0x55f924b15dc6 in handle_connections_sockets() /10.5/src/sql/mysqld.cc:6327
|
#8 0x55f924b125bc in run_main_loop /10.5/src/sql/mysqld.cc:5313
|
#9 0x55f924b13c04 in mysqld_main(int, char**) /10.5/src/sql/mysqld.cc:5724
|
#10 0x55f924afc07c in main /10.5/src/sql/main.cc:25
|
#11 0x7ff0c57a7082 in __libc_start_main ../csu/libc-start.c:308
|
|
|
SUMMARY: AddressSanitizer: unknown-crash /10.5/src/sql/spatial.cc:232 in get_point
|
Shadow bytes around the buggy address:
|
0x62900029e000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x62900029e080: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x62900029e100: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x62900029e180: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
|
0x62900029e200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
|
=>0x62900029e280: 00 00 00 f7 00 00 00 00[00]02 f7 f7 f7 f7 f7 f7
|
0x62900029e300: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x62900029e380: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x62900029e400: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x62900029e480: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
0x62900029e500: f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7 f7
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==772941==ABORTING
|