Details
Major Description
SET @arg1=1e+50; |
SELECT SUBSTR(1,@arg1,5); |
Leads to:
|
CS 12.1.0 a6f55550082b5fcd8cf6dd21ecbcd8bbcf9c0060 (Debug, UBASAN, Clang) Build 09/06/2025 |
/test/12.0_dbg_san/sql/item_func.cc:5053:23: runtime error: 1e+50 is outside the range of representable values of type 'long long'
|
#0 0x55b10812f7e4 in user_var_entry::val_int(bool*) const /test/12.0_dbg_san/sql/item_func.cc:5053:23
|
#1 0x55b10823433c in Item_func_substr::fix_length_and_dec(THD*) /test/12.0_dbg_san/sql/item_strfunc.cc:2178:26
|
#2 0x55b1080d8cc1 in Item_func::fix_fields(THD*, Item**) /test/12.0_dbg_san/sql/item_func.cc:380:7
|
#3 0x55b10820ed08 in Item_str_func::fix_fields(THD*, Item**) /test/12.0_dbg_san/sql/item_strfunc.cc:134:24
|
#4 0x55b106b12deb in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/12.0_dbg_san/sql/item.h:1133:12
|
#5 0x55b106cc1fd1 in setup_fields(THD*, Bounds_checked_array<Item*>, List<Item>&, enum_column_usage, List<Item>*, List<Item>*, bool, THD_WHERE) /test/12.0_dbg_san/sql/sql_base.cc:8170:15
|
#6 0x55b1070f668b in JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /test/12.0_dbg_san/sql/sql_select.cc:1584:7
|
#7 0x55b1070e9a22 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/12.0_dbg_san/sql/sql_select.cc:5365:21
|
#8 0x55b1070e8472 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/12.0_dbg_san/sql/sql_select.cc:634:10
|
#9 0x55b106fbd327 in execute_sqlcom_select(THD*, TABLE_LIST*) /test/12.0_dbg_san/sql/sql_parse.cc:6166:12
|
#10 0x55b106f9b7de in mysql_execute_command(THD*, bool) /test/12.0_dbg_san/sql/sql_parse.cc:3954:12
|
#11 0x55b106f79888 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/12.0_dbg_san/sql/sql_parse.cc:7882:18
|
#12 0x55b106f6d7f1 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/12.0_dbg_san/sql/sql_parse.cc:1877:7
|
#13 0x55b106f7c2ad in do_command(THD*, bool) /test/12.0_dbg_san/sql/sql_parse.cc:1416:17
|
#14 0x55b10764c5cc in do_handle_one_connection(CONNECT*, bool) /test/12.0_dbg_san/sql/sql_connect.cc:1414:11
|
#15 0x55b10764be87 in handle_one_connection /test/12.0_dbg_san/sql/sql_connect.cc:1326:5
|
#16 0x55b10694635c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#17 0x7f8a8a49caa3 in start_thread nptl/pthread_create.c:447:8
|
#18 0x7f8a8a529c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
 |
SUMMARY: UndefinedBehaviorSanitizer: float-cast-overflow /test/12.0_dbg_san/sql/item_func.cc:5053:23
|
Setup:
Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18. Ubuntu instructions:
|
# Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref dpkg --list | grep -iE 'clang|llvm' and use apt purge and dpkg --purge to remove the packages), before installing Clang/LLVM 18
|
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev
|
Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter
|
|
SAN Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 150525 60f046d7e6b0a61f9b0762fe05c4021cff1b79d8 UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
CS 10.6 opt 150525 60f046d7e6b0a61f9b0762fe05c4021cff1b79d8 UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
CS 10.11 dbg 150525 84dd2437c507ed194da03fe04fea14e261e47bc5 UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
CS 10.11 opt 150525 84dd2437c507ed194da03fe04fea14e261e47bc5 UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
CS 11.4 dbg 150525 da5a4d05b9da58705498a42b6ffa5d9211f446af UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
CS 11.4 opt 150525 da5a4d05b9da58705498a42b6ffa5d9211f446af UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
CS 11.8 dbg 150525 865b05bf4acf10e0d4b3359019ed7b2efe0be81d UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
CS 11.8 opt 150525 865b05bf4acf10e0d4b3359019ed7b2efe0be81d UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
CS 12.0 dbg 140525 00a9afb5818433c26537ccaf6b2c59ad493dd473 UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
CS 12.0 opt 140525 00a9afb5818433c26537ccaf6b2c59ad493dd473 UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
CS 12.1 dbg 090625 a6f55550082b5fcd8cf6dd21ecbcd8bbcf9c0060 UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
CS 12.1 opt 090625 a6f55550082b5fcd8cf6dd21ecbcd8bbcf9c0060 UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
ES 10.6 opt 150525 6111fbaf7bdcb6f1170f556ffd05d6e1a4159f62 UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
ES 11.4 dbg 150525 9cd12544ebfd0d52d2158af66b5aced58121cf1f UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|
ES 11.4 opt 150525 9cd12544ebfd0d52d2158af66b5aced58121cf1f UBSAN|X is outside the range of representable values of type 'long long'|sql/item_func.cc|user_var_entry::val_int|Item_func_substr::fix_length_and_dec|Item_func::fix_fields|Item_str_func::fix_fields
|