Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
11.8
-
None
-
Sprint 6 (24.03.2025)
Description
$ cat /tmp/t.sql
|
CREATE DATABASE test;
|
CREATE TABLE test.t (i int not null primary key);
|
|
|
$ gdb -ex 'b __asan_report_error' -ex 'b __ubsan::ScopedReport::~ScopedReport' sql/mariadbd
|
|
|
(gdb) r --no-defaults --skip-networking --datadir=$(mktemp -d) --bootstrap < /tmp/t.sql
|
#0 0x00000000005a4dc0 in __ubsan::ScopedReport::~ScopedReport() ()
|
#1 0x00000000005a928e in handleNonNullArg(__ubsan::NonNullArgData*, __ubsan::ReportOptions, bool) ()
|
#2 0x00000000005a900d in __ubsan_handle_nonnull_arg ()
|
#3 0x000000000075fa72 in Well_formed_prefix_status::Well_formed_prefix_status (this=0x7ffff5594c20, cs=0x85b03c0 <my_charset_utf8mb3_general1400_as_ci>, str=0x0, end=0x0, nchars=64)
|
at /home/dan/repos/mariadb-server-11.8/include/m_ctype.h:1949
|
#4 0x0000000000a02b54 in Well_formed_prefix::Well_formed_prefix (this=0x7ffff5594c20, cs=0x85b03c0 <my_charset_utf8mb3_general1400_as_ci>, str=0x0, length=0, nchars=64)
|
at /home/dan/repos/mariadb-server-11.8/include/m_ctype.h:1963
|
#5 0x0000000000e6b908 in check_string_char_length (str=0x52d00033f010, err_msg=0, max_char_length=64, cs=0x85b03c0 <my_charset_utf8mb3_general1400_as_ci>, no_error=true)
|
at /home/dan/repos/mariadb-server-11.8/sql/sql_parse.cc:10118
|
#6 0x0000000000e4ec8a in check_ident_length (ident=0x52d00033f010) at /home/dan/repos/mariadb-server-11.8/sql/sql_parse.cc:10136
|
#7 0x00000000013ef90d in mysql_prepare_create_table_finalize (thd=0x52b0000b6288, create_info=0x7ffff56ff070, alter_info=0x7ffff56ff370, db_options=0x7ffff5418e20, file=0x52d00033f388,
|
key_info_buffer=0x7ffff5593c20, key_count=0x7ffff5593c40, create_table_mode=0) at /home/dan/repos/mariadb-server-11.8/sql/sql_table.cc:3452
|
#8 0x00000000013ea090 in mysql_create_frm_image (thd=0x52b0000b6288, create_info=0x7ffff56ff070, alter_info=0x7ffff56ff370, create_table_mode=0, key_info=0x7ffff5593c20,
|
key_count=0x7ffff5593c40, frm=0x7ffff5593ee0) at /home/dan/repos/mariadb-server-11.8/sql/sql_table.cc:4544
|
#9 0x000000000140316f in create_table_impl (thd=0x52b0000b6288, ddl_log_state_create=0x7ffff5412620, ddl_log_state_rm=0x7ffff5412660,
|
orig_db=@0x52d00033e640: {<Lex_ident_fs> = {<Lex_ident<Compare_table_names>> = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x52d00033e5c0 "test", length = 4}, <No data fields>}, <No data fields>}, <No data fields>}, <No data fields>},
|
orig_table_name=@0x52d00033e650: {<Lex_ident_fs> = {<Lex_ident<Compare_table_names>> = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x52d00033e5d8 "t", length = 1}, <No data fields>}, <No data fields>}, <No data fields>}, <No data fields>}, db=@0x52d00033e640: {str = 0x52d00033e5c0 "test", length = 4},
|
table_name=@0x52d00033e650: {str = 0x52d00033e5d8 "t", length = 1}, path=@0x7ffff5593f00: {str = 0x7ffff5593c50 "./test/t", length = 8}, options={m_options = DDL_options_st::OPT_NONE},
|
create_info=0x7ffff56ff070, alter_info=0x7ffff56ff370, create_table_mode=0, is_trans=0x7ffff54126a0, key_info=0x7ffff5593c20, key_count=0x7ffff5593c40, frm=0x7ffff5593ee0)
|
at /home/dan/repos/mariadb-server-11.8/sql/sql_table.cc:4866
|
#10 0x00000000013fed9a in mysql_create_table_no_lock (thd=0x52b0000b6288, ddl_log_state_create=0x7ffff5412620, ddl_log_state_rm=0x7ffff5412660, create_info=0x7ffff56ff070,
|
alter_info=0x7ffff56ff370, is_trans=0x7ffff54126a0, create_table_mode=0, table_list=0x52d00033e628) at /home/dan/repos/mariadb-server-11.8/sql/sql_table.cc:4991
|
#11 0x000000000148d4c2 in mysql_create_table (thd=0x52b0000b6288, create_table=0x52d00033e628, create_info=0x7ffff56ff070, alter_info=0x7ffff56ff370)
|
at /home/dan/repos/mariadb-server-11.8/sql/sql_table.cc:5233
|
#12 0x0000000001485707 in Sql_cmd_create_table_like::execute (this=0x52d00033e578, thd=0x52b0000b6288) at /home/dan/repos/mariadb-server-11.8/sql/sql_table.cc:13624
|
#13 0x0000000000e344af in mysql_execute_command (thd=0x52b0000b6288, is_called_from_prepared_stmt=false) at /home/dan/repos/mariadb-server-11.8/sql/sql_parse.cc:5886
|
#14 0x0000000000ddb081 in mysql_parse (thd=0x52b0000b6288, rawbuf=0x52d00033e4a8 "CREATE TABLE test.t (i int not null primary key);", length=49, parser_state=0x7ffff540c640)
|
at /home/dan/repos/mariadb-server-11.8/sql/sql_parse.cc:7915
|
#15 0x0000000000dd9014 in bootstrap (file=0x9f3bde0 <instrumented_stdin>) at /home/dan/repos/mariadb-server-11.8/sql/sql_parse.cc:1090
|
#16 0x00000000005b63c1 in mysqld_main (argc=6, argv=0x521000000278) at /home/dan/repos/mariadb-server-11.8/sql/mysqld.cc:6091
|
#17 0x00000000005acb8a in main (argc=5, argv=0x7fffffffd388) at /home/dan/repos/mariadb-server-11.8/sql/main.cc:34
|
|
|
(gdb) frame 7
|
#7 0x00000000013ef90d in mysql_prepare_create_table_finalize (thd=0x52b0000b6288, create_info=0x7ffff56ff070, alter_info=0x7ffff56ff370, db_options=0x7ffff5418e20, file=0x52d00033f388,
|
key_info_buffer=0x7ffff5593c20, key_count=0x7ffff5593c40, create_table_mode=0) at /home/dan/repos/mariadb-server-11.8/sql/sql_table.cc:3452
|
3452 if (check_ident_length(&key->name))
|
(gdb) p key->name
|
$1 = {<Lex_ident_ci> = {<Lex_ident<Compare_ident_ci>> = {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x0,
|
length = 0}, <No data fields>}, <No data fields>}, <No data fields>}, <No data fields>}
|
mysql_prepare_create_table_finalize returns TRUE On error so proposed patch:
diff --git a/sql/sql_table.cc b/sql/sql_table.cc
|
index ee1a0bb1c05..926cfff68ef 100644
|
--- a/sql/sql_table.cc
|
+++ b/sql/sql_table.cc
|
@@ -3449,7 +3449,7 @@ mysql_prepare_create_table_finalize(THD *thd, HA_CREATE_INFO *create_info,
|
my_error(ER_TOO_MANY_KEY_PARTS,MYF(0),tmp);
|
DBUG_RETURN(TRUE);
|
}
|
- if (check_ident_length(&key->name))
|
+ if (key->name.length && check_ident_length(&key->name))
|
DBUG_RETURN(TRUE);
|
key_iterator2.rewind ();
|
if (key->type != Key::FOREIGN_KEY)
|
Attachments
Issue Links
- is part of
-
MDEV-25454 Make MariaDB server UBSAN safe
-
- Confirmed
-
-
-
- Open
-