Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36626

Assertion `ptr' failed in skip_trailing_space with certain collations

    XMLWordPrintable

Details

    Description

      CREATE TABLE t (a CHAR(255)) CHARACTER SET utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci;
      		 
      INSERT INTO t (a) VALUES ('foo'),(NULL);
      		 
      SET NAMES utf8mb4;
      		 
      SELECT IFNULL(a, (ExtractValue('<cases><case/></cases>','/cases/case')) ) AS x FROM t GROUP BY x WITH ROLLUP;
      		 
       
      		 
      DROP TABLE t;

      10.11 4c9ff3c1bec8d652f9ec822ee3831d918948a224

      		 
      mariadbd: /data/bld/10.11-asan/strings/strings_def.h:84: skip_trailing_space: Assertion `ptr' failed.
      		 
      250416 16:25:27 [ERROR] /share8t/bld/10.11-asan/sql/mariadbd got signal 6 ;
      		 
       
      		 
      #9  0x00007fc02da53eb2 in __GI___assert_fail (assertion=0x55aeb087fc20 "ptr", file=0x55aeb087fbc0 "/data/bld/10.11-asan/strings/strings_def.h", line=84, function=0x55aeb0880040 <__PRETTY_FUNCTION__.4> "skip_trailing_space") at ./assert/assert.c:101
      		 
      #10 0x000055aeaf454799 in skip_trailing_space (ptr=0x0, len=0) at /data/bld/10.11-asan/strings/strings_def.h:84
      		 
      #11 0x000055aeaf4594fb in my_lengthsp_8bit (cs=0x6210000138b0, ptr=0x0, length=0) at /data/bld/10.11-asan/strings/ctype-simple.c:1226
      		 
      #12 0x000055aeaf46306c in my_ci_lengthsp (cs=0x6210000138b0, str=0x0, length=0) at /data/bld/10.11-asan/include/m_ctype.h:1148
      		 
      #13 0x000055aeaf4858c4 in my_uca_strnxfrm_utf8mb4 (cs=0x6210000138b0, dst=0x628000004521 '\276' <repeats 200 times>..., dstlen=1024, nweights=33554432, src=0x0, srclen=0, flags=192) at /data/bld/10.11-asan/strings/ctype-uca.inl:871
      		 
      #14 0x000055aeadddcb47 in charset_info_st::strnxfrm (this=0x6210000138b0, dst=0x628000004521 '\276' <repeats 200 times>..., dstlen=1024, nweights=33554432, src=0x0, srclen=0, flags=192) at /data/bld/10.11-asan/include/m_ctype.h:1040
      		 
      #15 0x000055aeade0100d in Type_handler_string_result::make_sort_key_part (this=0x55aeb1e2c740 <type_handler_long_blob>, to=0x628000004521 '\276' <repeats 200 times>..., item=0x62d00005b088, sort_field=0x62d00005fee0, tmp_buffer=0x7fc0242c16d8) at /data/bld/10.11-asan/sql/filesort.cc:1165
      		 
      #16 0x000055aeade0dc7c in make_sortkey (param=0x7fc0242c1660, to=0x628000004520 "\001", '\276' <repeats 199 times>...) at /data/bld/10.11-asan/sql/filesort.cc:3050
      		 
      #17 0x000055aeade028fb in make_sortkey (param=0x7fc0242c1660, to=0x628000004520 "\001", '\276' <repeats 199 times>..., ref_pos=0x625000238aa0 "", using_packed_sortkeys=false) at /data/bld/10.11-asan/sql/filesort.cc:1371
      		 
      #18 0x000055aeaddffe10 in find_all_keys (thd=0x62c0000b0218, param=0x7fc0242c1660, select=0x62d00005f310, fs_info=0x615000011880, buffpek_pointers=0x7fc0242c1910, tempfile=0x7fc0242c1760, pq=0x0, found_rows=0x615000011a70) at /data/bld/10.11-asan/sql/filesort.cc:986
      		 
      #19 0x000055aeaddfad1f in filesort (thd=0x62c0000b0218, table=0x619000059b98, filesort=0x62d00005f698, tracker=0x62d00005fe30, join=0x62d00005c408, first_table_bit=1) at /data/bld/10.11-asan/sql/filesort.cc:356
      		 
      #20 0x000055aead6d0120 in create_sort_index (thd=0x62c0000b0218, join=0x62d00005c408, tab=0x62d00005e5a8, fsort=0x62d00005f698) at /data/bld/10.11-asan/sql/sql_select.cc:26545
      		 
      #21 0x000055aead6be279 in st_join_table::sort_table (this=0x62d00005e5a8) at /data/bld/10.11-asan/sql/sql_select.cc:24054
      		 
      #22 0x000055aead6bd846 in join_init_read_record (tab=0x62d00005e5a8) at /data/bld/10.11-asan/sql/sql_select.cc:23993
      		 
      #23 0x000055aead6b6d04 in sub_select (join=0x62d00005c408, join_tab=0x62d00005e5a8, end_of_records=false) at /data/bld/10.11-asan/sql/sql_select.cc:23001
      		 
      #24 0x000055aead6b4c76 in do_select (join=0x62d00005c408, procedure=0x0) at /data/bld/10.11-asan/sql/sql_select.cc:22527
      		 
      #25 0x000055aead637ae4 in JOIN::exec_inner (this=0x62d00005c408) at /data/bld/10.11-asan/sql/sql_select.cc:4974
      		 
      #26 0x000055aead634f9c in JOIN::exec (this=0x62d00005c408) at /data/bld/10.11-asan/sql/sql_select.cc:4752
      		 
      #27 0x000055aead639437 in mysql_select (thd=0x62c0000b0218, tables=0x62d00005b1d8, fields=..., conds=0x0, og_num=1, order=0x0, group=0x62d00005ba40, having=0x0, proc_param=0x0, select_options=2164525824, result=0x62d00005c3d8, unit=0x62c0000b46d8, select_lex=0x62d00005a580) at /data/bld/10.11-asan/sql/sql_select.cc:5232
      		 
      #28 0x000055aead607df2 in handle_select (thd=0x62c0000b0218, lex=0x62c0000b4600, result=0x62d00005c3d8, setup_tables_done_option=0) at /data/bld/10.11-asan/sql/sql_select.cc:600
      		 
      #29 0x000055aead52b9b8 in execute_sqlcom_select (thd=0x62c0000b0218, all_tables=0x62d00005b1d8) at /data/bld/10.11-asan/sql/sql_parse.cc:6426
      		 
      #30 0x000055aead5199af in mysql_execute_command (thd=0x62c0000b0218, is_called_from_prepared_stmt=false) at /data/bld/10.11-asan/sql/sql_parse.cc:4012
      		 
      #31 0x000055aead5362d6 in mysql_parse (thd=0x62c0000b0218, rawbuf=0x62d00005a438 "SELECT IFNULL(a, (ExtractValue('<cases><case/></cases>','/cases/case')) ) AS x FROM t GROUP BY x WITH ROLLUP", length=108, parser_state=0x7fc0242c3a80) at /data/bld/10.11-asan/sql/sql_parse.cc:8188
      		 
      #32 0x000055aead50b90e in dispatch_command (command=COM_QUERY, thd=0x62c0000b0218, packet=0x62900024e219 "", packet_length=108, blocking=true) at /data/bld/10.11-asan/sql/sql_parse.cc:1905
      		 
      #33 0x000055aead50863b in do_command (thd=0x62c0000b0218, blocking=true) at /data/bld/10.11-asan/sql/sql_parse.cc:1418
      		 
      #34 0x000055aead9d40d7 in do_handle_one_connection (connect=0x608000003b38, put_in_cache=true) at /data/bld/10.11-asan/sql/sql_connect.cc:1386
      		 
      #35 0x000055aead9d3c36 in handle_one_connection (arg=0x608000003ab8) at /data/bld/10.11-asan/sql/sql_connect.cc:1298
      		 
      #36 0x000055aeae604d8c in pfs_spawn_thread (arg=0x617000005b98) at /data/bld/10.11-asan/storage/perfschema/pfs.cc:2201
      		 
      #37 0x00007fc02daa81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #38 0x00007fc02db2885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      The assertion itself came to 10.11 with this merge

      commit ab0f2a00b643e2a3a242cb3567d6c03080e3785e
      		 
      Merge: ba81009f635 191209d8abe
      		 
      Author: Marko Mäkelä
      		 
      Date:   Thu Mar 27 08:01:47 2025 +0200
      		 
       
      		 
          Merge 10.6 into 10.11

      specifically this commit

      commit 583b39811ce823abf9f6fe533bdee6aacde3e357
      		 
      Author: Alexander Barkov
      		 
      Date:   Mon Feb 3 15:00:35 2025 +0400
      		 
       
      		 
          MDEV-35620 UBSAN: runtime error: applying zero offset to null pointer
      		 
          in _ma_unique_hash, skip_trailing_space, my_hash_sort_mb_nopad_bin and my_strnncollsp_utf8mb4_bin

      but since there are no UCA collations in 10.5-10.6, and at least the test case above requires it, it's not applicable to 10.5-10.6.

      I don't see any obvious immediate problem on a non-debug build, nor on a debug build before the addition of the assertion.

      Update:

      Test case for all versions, including 10.6:

      CREATE TABLE t (a INT, b CHAR(8), c CHAR(8))
      		 
        CHARACTER SET utf8mb4 COLLATE utf8mb4_estonian_ci;
      		 
      INSERT INTO t () VALUES (0,'',''),(0,'','');
      		 
      SELECT * FROM t ORDER BY IFNULL(EXPORT_SET(a, 0, b, c), 1);
      		 
       
      		 
      DROP TABLE t;

      10.6 bedacb3eeb94a04e35633580f8423c010338bc34

      		 
      mariadbd: /data/bld/10.6-asan-ubsan/strings/strings_def.h:84: skip_trailing_space: Assertion `ptr' failed.
      		 
      260506 20:32:46 [ERROR] /share8t/bld/10.6-asan-ubsan/sql/mariadbd got signal 6 ;
      		 
       
      		 
      #9  0x00007f36e2245395 in __assert_fail_base (fmt=0x7f36e23b9a90 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x557f6772c660 "ptr", file=file@entry=0x557f6772c600 "/data/bld/10.6-asan-ubsan/strings/strings_def.h", line=line@entry=84, function=function@entry=0x557f6772c7c0 <__PRETTY_FUNCTION__.2> "skip_trailing_space") at ./assert/assert.c:92
      		 
      #10 0x00007f36e2253eb2 in __GI___assert_fail (assertion=assertion@entry=0x557f6772c660 "ptr", file=file@entry=0x557f6772c600 "/data/bld/10.6-asan-ubsan/strings/strings_def.h", line=line@entry=84, function=function@entry=0x557f6772c7c0 <__PRETTY_FUNCTION__.2> "skip_trailing_space") at ./assert/assert.c:101
      		 
      #11 0x0000557f669a6205 in skip_trailing_space (ptr=ptr@entry=0x0, len=0) at /data/bld/10.6-asan-ubsan/strings/strings_def.h:84
      		 
      #12 0x0000557f669a6401 in my_lengthsp_8bit (cs=<optimized out>, ptr=0x0, length=<optimized out>) at /data/bld/10.6-asan-ubsan/strings/ctype-simple.c:1228
      		 
      #13 0x0000557f669c1409 in my_ci_lengthsp (length=0, str=0x0, cs=0x557f6f480000 <my_charset_utf8mb4_estonian_uca_ci>) at /data/bld/10.6-asan-ubsan/include/m_ctype.h:1006
      		 
      #14 my_uca_strnxfrm_no_contractions_utf8mb4 (cs=0x557f6f480000 <my_charset_utf8mb4_estonian_uca_ci>, dst=0x628000010118 '\276' <repeats 200 times>..., dstlen=<optimized out>, nweights=8128, src=0x0, srclen=0, flags=192) at /data/bld/10.6-asan-ubsan/strings/ctype-uca.inl:766
      		 
      #15 0x0000557f646ab564 in charset_info_st::strnxfrm (flags=192, srclen=0, src=0x0, nweights=8128, dstlen=1024, dst=0x628000010118 '\276' <repeats 200 times>..., this=0x557f6f480000 <my_charset_utf8mb4_estonian_uca_ci>) at /data/bld/10.6-asan-ubsan/include/m_ctype.h:907
      		 
      #16 Type_handler_string_result::make_sort_key_part (this=<optimized out>, to=0x628000010118 '\276' <repeats 200 times>..., item=<optimized out>, sort_field=0x62d00005f4b0, tmp_buffer=<optimized out>) at /data/bld/10.6-asan-ubsan/sql/filesort.cc:1177
      		 
      #17 0x0000557f646b4e7e in make_sortkey (param=0x7f36d772d8e0, to=to@entry=0x628000010118 '\276' <repeats 200 times>...) at /data/bld/10.6-asan-ubsan/sql/filesort.cc:3062
      		 
      #18 0x0000557f646b5649 in make_sortkey (param=param@entry=0x7f36d772d8e0, to=to@entry=0x628000010118 '\276' <repeats 200 times>..., ref_pos=ref_pos@entry=0x625000235d00 "", using_packed_sortkeys=using_packed_sortkeys@entry=false) at /data/bld/10.6-asan-ubsan/sql/filesort.cc:1383
      		 
      #19 0x0000557f646bf20e in find_all_keys (thd=thd@entry=0x62b00007e218, param=param@entry=0x7f36d772d8e0, select=select@entry=0x62d00005eaa0, fs_info=fs_info@entry=0x615000011880, buffpek_pointers=buffpek_pointers@entry=0x7f36d772db90, tempfile=tempfile@entry=0x7f36d772d9e0, pq=<optimized out>, found_rows=<optimized out>) at /data/bld/10.6-asan-ubsan/sql/filesort.cc:998
      		 
      #20 0x0000557f646c256b in filesort (thd=thd@entry=0x62b00007e218, table=table@entry=0x619000059698, filesort=filesort@entry=0x62d00005ec78, tracker=<optimized out>, join=join@entry=0x62d00005c478, first_table_bit=first_table_bit@entry=1) at /data/bld/10.6-asan-ubsan/sql/filesort.cc:356
      		 
      #21 0x0000557f636d9db1 in create_sort_index (thd=<optimized out>, join=join@entry=0x62d00005c478, tab=tab@entry=0x62d00005dd50, fsort=0x62d00005ec78, fsort@entry=0x0) at /data/bld/10.6-asan-ubsan/sql/sql_select.cc:25940
      		 
      #22 0x0000557f636da96c in st_join_table::sort_table (this=this@entry=0x62d00005dd50) at /data/bld/10.6-asan-ubsan/sql/sql_select.cc:23449
      		 
      #23 0x0000557f636db04d in join_init_read_record (tab=0x62d00005dd50) at /data/bld/10.6-asan-ubsan/sql/sql_select.cc:23388
      		 
      #24 0x0000557f6368d0d8 in sub_select (join=<optimized out>, join_tab=<optimized out>, end_of_records=<optimized out>) at /data/bld/10.6-asan-ubsan/sql/sql_select.cc:22396
      		 
      #25 0x0000557f637348b6 in do_select (join=join@entry=0x62d00005c478, procedure=<optimized out>) at /data/bld/10.6-asan-ubsan/sql/sql_select.cc:21922
      		 
      #26 0x0000557f637eeb22 in JOIN::exec_inner (this=this@entry=0x62d00005c478) at /data/bld/10.6-asan-ubsan/sql/sql_select.cc:4939
      		 
      #27 0x0000557f637ef254 in JOIN::exec (this=this@entry=0x62d00005c478) at /data/bld/10.6-asan-ubsan/sql/sql_select.cc:4717
      		 
      #28 0x0000557f637e5be2 in mysql_select (thd=thd@entry=0x62b00007e218, tables=<optimized out>, fields=..., conds=conds@entry=0x0, og_num=og_num@entry=1, order=order@entry=0x62d00005c2c8, group=<optimized out>, having=<optimized out>, proc_param=<optimized out>, select_options=<optimized out>, result=<optimized out>, unit=<optimized out>, select_lex=<optimized out>) at /data/bld/10.6-asan-ubsan/sql/sql_select.cc:5196
      		 
      #29 0x0000557f637e6dcc in handle_select (thd=thd@entry=0x62b00007e218, lex=lex@entry=0x62b000082538, result=result@entry=0x62d00005c448, setup_tables_done_option=setup_tables_done_option@entry=0) at /data/bld/10.6-asan-ubsan/sql/sql_select.cc:573
      		 
      #30 0x0000557f634ddf84 in execute_sqlcom_select (thd=thd@entry=0x62b00007e218, all_tables=<optimized out>) at /data/bld/10.6-asan-ubsan/sql/sql_parse.cc:6421
      		 
      #31 0x0000557f635219dc in mysql_execute_command (thd=thd@entry=0x62b00007e218, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /data/bld/10.6-asan-ubsan/sql/sql_parse.cc:4012
      		 
      #32 0x0000557f6354392d in mysql_parse (thd=thd@entry=0x62b00007e218, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7f36d772fac0) at /data/bld/10.6-asan-ubsan/sql/sql_parse.cc:8199
      		 
      #33 0x0000557f6354cbef in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x62b00007e218, packet=packet@entry=0x62900024e219 "", packet_length=packet_length@entry=58, blocking=blocking@entry=true) at /data/bld/10.6-asan-ubsan/sql/sql_parse.cc:1911
      		 
      #34 0x0000557f635592b2 in do_command (thd=thd@entry=0x62b00007e218, blocking=blocking@entry=true) at /data/bld/10.6-asan-ubsan/sql/sql_parse.cc:1421
      		 
      #35 0x0000557f63cd4cfc in do_handle_one_connection (connect=<optimized out>, connect@entry=0x608000002f38, put_in_cache=put_in_cache@entry=true) at /data/bld/10.6-asan-ubsan/sql/sql_connect.cc:1386
      		 
      #36 0x0000557f63cd5e59 in handle_one_connection (arg=0x608000002f38) at /data/bld/10.6-asan-ubsan/sql/sql_connect.cc:1298
      		 
      #37 0x0000557f656b828b in pfs_spawn_thread (arg=0x617000005f18) at /data/bld/10.6-asan-ubsan/storage/perfschema/pfs.cc:2201
      		 
      #38 0x00007f36e22a81c4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
      		 
      #39 0x00007f36e232885c in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-35620 UBSAN: runtime error: applying zero offset to null pointer in _ma_unique_hash, skip_trailing_space, my_hash_sort_mb_nopad_bin and my_strnncollsp_utf8mb4_bin

          • Major - Major loss of function.
          • Closed

          Activity

            People

              bar Alexander Barkov
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.