Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
11.4, 11.8, 12.0
Description
SET sql_mode=''; |
INSTALL PLUGIN Spider SONAME 'ha_spider.so'; |
CREATE SERVER srv FOREIGN DATA WRAPPER mysql OPTIONS (SOCKET'',DATABASE'',USER'',PASSWORD''); |
CREATE TABLE t (c INT KEY,c1 BLOB,c2 TEXT) ENGINE=Spider COMMENT='WRAPPER "mysql",SRV "srv",TABLE "t"'; |
SET SESSION pseudo_slave_mode=1; |
XA START 'a'; |
INSERT INTO t (c1) VALUES (1); |
XA END 'a'; |
XA PREPARE 'a'; |
XA ROLLBACK 'a'; |
Leads to:
|
CS 11.8.1 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d (Debug, UBASAN, Clang) Build 15/02/2025 |
/test/11.8_dbg_san/storage/spider/spd_conn.cc:3944:32: runtime error: null pointer passed as argument 2, which is declared to never be null
|
/usr/include/string.h:44:28: note: nonnull attribute specified here
|
#0 0x725120d36d59 in spider_create_ipport_conn(st_spider_conn*) /test/11.8_dbg_san/storage/spider/spd_conn.cc:3944:5
|
#1 0x725120d3303f in spider_create_conn(st_spider_share*, ha_spider*, int, int, int*) /test/11.8_dbg_san/storage/spider/spd_conn.cc:615:20
|
#2 0x725120d37e49 in spider_get_conn(st_spider_share*, int, char*, st_spider_transaction*, ha_spider*, bool, bool, int*) /test/11.8_dbg_san/storage/spider/spd_conn.cc:732:19
|
#3 0x725120c8bc36 in spider_internal_xa_rollback_by_xid(THD*, st_spider_transaction*, xid_t*) /test/11.8_dbg_san/storage/spider/spd_trx.cc:2907:17
|
#4 0x725120c8e6d0 in spider_xa_rollback_by_xid(xid_t*) /test/11.8_dbg_san/storage/spider/spd_trx.cc:3334:15
|
#5 0x590b27dba227 in xarollback_handlerton(THD*, transaction_participant*, void*) /test/11.8_dbg_san/sql/handler.cc:2450:5
|
#6 0x590b27da5a00 in tp_foreach(THD*, bool (*)(THD*, transaction_participant*, void*), void*) /test/11.8_dbg_san/sql/handler.cc:890:17
|
#7 0x590b27db9fec in ha_commit_or_rollback_by_xid(xid_t*, bool) /test/11.8_dbg_san/sql/handler.cc:2472:3
|
#8 0x590b27a78c91 in trans_xa_rollback(THD*) /test/11.8_dbg_san/sql/xa.cc:847:7
|
#9 0x590b26f481cf in mysql_execute_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:5770:27
|
#10 0x590b26f20628 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.8_dbg_san/sql/sql_parse.cc:7915:18
|
#11 0x590b26f146eb in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1902:7
|
#12 0x590b26f2304d in do_command(THD*, bool) /test/11.8_dbg_san/sql/sql_parse.cc:1415:17
|
#13 0x590b275ebcfc in do_handle_one_connection(CONNECT*, bool) /test/11.8_dbg_san/sql/sql_connect.cc:1415:11
|
#14 0x590b275eb5b7 in handle_one_connection /test/11.8_dbg_san/sql/sql_connect.cc:1327:5
|
#15 0x590b26917d9c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#16 0x72518769ca93 in start_thread nptl/pthread_create.c:447:8
|
#17 0x725187729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
 |
SUMMARY: UndefinedBehaviorSanitizer: invalid-null-argument /test/11.8_dbg_san/storage/spider/spd_conn.cc:3944:32
|
Setup:
Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18. Ubuntu instructions:
|
# Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref dpkg --list | grep -iE 'clang|llvm' and use apt purge and dpkg --purge to remove the packages), before installing Clang/LLVM 18
|
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev
|
Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter
|
|
SAN Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.5 dbg 150225 c43d0a015f974c5a0142e6779332089a7a979853 No bug found
|
CS 10.5 opt 150225 c43d0a015f974c5a0142e6779332089a7a979853 No bug found
|
CS 10.6 dbg 150225 f1d7e0c17e33f77278e6226dd94aeb30fc856bf0 No bug found
|
CS 10.6 opt 150225 f1d7e0c17e33f77278e6226dd94aeb30fc856bf0 No bug found
|
CS 10.11 dbg 150225 43c5d1303f5c7c726db276815c459436110f342f No bug found
|
CS 10.11 opt 150225 43c5d1303f5c7c726db276815c459436110f342f No bug found
|
CS 11.4 dbg 150225 ef966af801afc2a07222b5df65dddd52c77431dd UBSAN|null pointer passed as argument 2, which is declared to never be null|storage/spider/spd_conn.cc|spider_create_ipport_conn|spider_create_conn|spider_get_conn|spider_internal_xa_rollback_by_xid
|
CS 11.4 opt 150225 ef966af801afc2a07222b5df65dddd52c77431dd UBSAN|null pointer passed as argument 2, which is declared to never be null|storage/spider/spd_conn.cc|spider_create_ipport_conn|spider_create_conn|spider_get_conn|spider_internal_xa_rollback_by_xid
|
CS 11.8 dbg 150225 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d UBSAN|null pointer passed as argument 2, which is declared to never be null|storage/spider/spd_conn.cc|spider_create_ipport_conn|spider_create_conn|spider_get_conn|spider_internal_xa_rollback_by_xid
|
CS 11.8 opt 150225 33e0796e7a154e02a5e53c55cefc5d6feb4f5e6d UBSAN|null pointer passed as argument 2, which is declared to never be null|storage/spider/spd_conn.cc|spider_create_ipport_conn|spider_create_conn|spider_get_conn|spider_internal_xa_rollback_by_xid
|
CS 12.0 dbg 150225 c92add291e636c797e6d6ddca605905541b2a441 UBSAN|null pointer passed as argument 2, which is declared to never be null|storage/spider/spd_conn.cc|spider_create_ipport_conn|spider_create_conn|spider_get_conn|spider_internal_xa_rollback_by_xid
|
CS 12.0 opt 150225 c92add291e636c797e6d6ddca605905541b2a441 UBSAN|null pointer passed as argument 2, which is declared to never be null|storage/spider/spd_conn.cc|spider_create_ipport_conn|spider_create_conn|spider_get_conn|spider_internal_xa_rollback_by_xid
|
ES 10.5 dbg 140325 6553c62369ab3606efc74295c902181f793fd6d1 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/sql_table.cc|mysql_alter_table|Sql_cmd_alter_table::execute|mysql_execute_command|execute_server_code
|
ES 10.5 opt 140325 6553c62369ab3606efc74295c902181f793fd6d1 No bug found
|
ES 10.6 dbg 140325 a99e9e4101f5d56a379577e6d81c829b7658df99 No bug found
|
ES 10.6 opt 140325 a99e9e4101f5d56a379577e6d81c829b7658df99 UBSAN|member access within null pointer of type 'struct st_my_thread_var'|storage/spider/spd_table.cc
|
ES 11.4 dbg 140325 26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba UBSAN|null pointer passed as argument 2, which is declared to never be null|storage/spider/spd_conn.cc|spider_create_ipport_conn|spider_create_conn|spider_get_conn|spider_internal_xa_rollback_by_xid
|
ES 11.4 opt 140325 26e39c99feaa4e6f9d3e1b13fd4a7d101059b7ba UBSAN|null pointer passed as argument 2, which is declared to never be null|storage/spider/spd_conn.cc|spider_create_ipport_conn|spider_create_conn|spider_get_conn|spider_internal_xa_rollback_by_xid
|
The ES 10.5 dbg and 10.6 opt issues are unrelated.