Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
12.0(EOL), 12.1
-
None
Description
CREATE TABLE t (a INT); |
CREATE TRIGGER t BEFORE UPDATE ON t FOR EACH ROW SET @a=1; |
SELECT * FROM information_schema.TRIGGERS; |
Leads to:
|
CS 12.1.0 a6f55550082b5fcd8cf6dd21ecbcd8bbcf9c0060 (Debug, UBASAN, Clang) Build 09/06/2025 |
/test/12.0_dbg_san/strings/ctype-simple.c:1677:43: runtime error: applying zero offset to null pointer
|
#0 0x5599cd1e5afb in my_strntoull10rnd_8bit /test/12.0_dbg_san/strings/ctype-simple.c:1677:43
|
#1 0x5599cb67fd4b in charset_info_st::strntoull10rnd(char const*, unsigned long, int, char**, int*) const /test/12.0_dbg_san/include/m_ctype.h:1023:12
|
#2 0x5599cb67fd4b in Field_longlong::store(char const*, unsigned long, charset_info_st const*) /test/12.0_dbg_san/sql/field.cc:4685:12
|
#3 0x5599cac502c2 in store_trigger(THD*, Trigger*, TABLE*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /test/12.0_dbg_san/sql/sql_show.cc:7780:22
|
#4 0x5599cac502c2 in get_schema_triggers_record(THD*, TABLE_LIST*, TABLE*, bool, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /test/12.0_dbg_san/sql/sql_show.cc:7839:15
|
#5 0x5599cac03e96 in fill_schema_table_from_frm(THD*, st_mem_root*, TABLE*, st_schema_table*, st_mysql_const_lex_string*, st_mysql_const_lex_string*, Open_tables_backup*, bool) /test/12.0_dbg_san/sql/sql_show.cc:5233:12
|
#6 0x5599cac03e96 in get_all_tables(THD*, TABLE_LIST*, Item*) /test/12.0_dbg_san/sql/sql_show.cc:5664:20
|
#7 0x5599cac3530d in get_schema_tables_result(JOIN*, enum_schema_table_state) /test/12.0_dbg_san/sql/sql_show.cc:9740:11
|
#8 0x5599caaa8d51 in JOIN::exec_inner() /test/12.0_dbg_san/sql/sql_select.cc:5035:7
|
#9 0x5599caaa7b02 in JOIN::exec() /test/12.0_dbg_san/sql/sql_select.cc:4857:8
|
#10 0x5599caa20b94 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/12.0_dbg_san/sql/sql_select.cc:5390:21
|
#11 0x5599caa1f472 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/12.0_dbg_san/sql/sql_select.cc:634:10
|
#12 0x5599ca8f4327 in execute_sqlcom_select(THD*, TABLE_LIST*) /test/12.0_dbg_san/sql/sql_parse.cc:6166:12
|
#13 0x5599ca8d27de in mysql_execute_command(THD*, bool) /test/12.0_dbg_san/sql/sql_parse.cc:3954:12
|
#14 0x5599ca8b0888 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/12.0_dbg_san/sql/sql_parse.cc:7882:18
|
#15 0x5599ca8a47f1 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/12.0_dbg_san/sql/sql_parse.cc:1877:7
|
#16 0x5599ca8b32ad in do_command(THD*, bool) /test/12.0_dbg_san/sql/sql_parse.cc:1416:17
|
#17 0x5599caf835cc in do_handle_one_connection(CONNECT*, bool) /test/12.0_dbg_san/sql/sql_connect.cc:1414:11
|
#18 0x5599caf82e87 in handle_one_connection /test/12.0_dbg_san/sql/sql_connect.cc:1326:5
|
#19 0x5599ca27d35c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#20 0x7ff17fa9caa3 in start_thread nptl/pthread_create.c:447:8
|
#21 0x7ff17fb29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
 |
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/12.0_dbg_san/strings/ctype-simple.c:1677:43
|
Setup:
Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18. Ubuntu instructions:
|
# Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref dpkg --list | grep -iE 'clang|llvm' and use apt purge and dpkg --purge to remove the packages), before installing Clang/LLVM 18
|
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev
|
Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter
|
|
SAN Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 150525 60f046d7e6b0a61f9b0762fe05c4021cff1b79d8 No bug found
|
CS 10.6 opt 150525 60f046d7e6b0a61f9b0762fe05c4021cff1b79d8 No bug found
|
CS 10.11 dbg 150525 84dd2437c507ed194da03fe04fea14e261e47bc5 No bug found
|
CS 10.11 opt 150525 84dd2437c507ed194da03fe04fea14e261e47bc5 No bug found
|
CS 11.4 dbg 150525 da5a4d05b9da58705498a42b6ffa5d9211f446af No bug found
|
CS 11.4 opt 150525 da5a4d05b9da58705498a42b6ffa5d9211f446af No bug found
|
CS 11.8 dbg 150525 865b05bf4acf10e0d4b3359019ed7b2efe0be81d No bug found
|
CS 11.8 opt 150525 865b05bf4acf10e0d4b3359019ed7b2efe0be81d No bug found
|
CS 12.0 dbg 140525 00a9afb5818433c26537ccaf6b2c59ad493dd473 UBSAN|applying zero offset to null pointer|strings/ctype-simple.c|my_strntoull10rnd_8bit|charset_info_st::strntoull10rnd|Field_longlong::store|store_trigger
|
CS 12.0 opt 140525 00a9afb5818433c26537ccaf6b2c59ad493dd473 UBSAN|applying zero offset to null pointer|strings/ctype-simple.c|my_strntoull10rnd_8bit|charset_info_st::strntoull10rnd|Field_longlong::store|store_trigger
|
CS 12.1 dbg 090625 a6f55550082b5fcd8cf6dd21ecbcd8bbcf9c0060 UBSAN|applying zero offset to null pointer|strings/ctype-simple.c|my_strntoull10rnd_8bit|charset_info_st::strntoull10rnd|Field_longlong::store|store_trigger
|
CS 12.1 opt 090625 a6f55550082b5fcd8cf6dd21ecbcd8bbcf9c0060 UBSAN|applying zero offset to null pointer|strings/ctype-simple.c|my_strntoull10rnd_8bit|charset_info_st::strntoull10rnd|Field_longlong::store|store_trigger
|
ES 10.6 opt 150525 6111fbaf7bdcb6f1170f556ffd05d6e1a4159f62 No bug found
|
ES 11.4 dbg 150525 9cd12544ebfd0d52d2158af66b5aced58121cf1f No bug found
|
ES 11.4 opt 150525 9cd12544ebfd0d52d2158af66b5aced58121cf1f No bug found
|