[MDEV-37055] UBSAN: 32801 is outside the range of representable values of type 'short' - Jira

XML

Word

Printable

Details

Type: Bug
Status: In Testing (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 11.8, 12.0, 12.1
Fix Version/s: 11.8, 12.0
Component/s: Data Manipulation - Insert
Labels:
- UBSAN
- float-cast-overflow

Description

CREATE TABLE t (v VECTOR (1) NOT NULL,VECTOR INDEX (v));

INSERT INTO t VALUES (0xF0A08080);

Leads to:

CS 12.1.0 4b79d7b8ee557d53a859aedec839b8673585b514 (Debug, UBASAN, Clang) Build 06/06/2025
/test/12.1_dbg_san/sql/vector_mhnsw.cc:104:43: runtime error: 32801 is outside the range of representable values of type 'short'
#0 0x559624e2af37 in FVector::create(metric_type, void, void const, unsigned long) /test/12.1_dbg_san/sql/vector_mhnsw.cc:104:43
#1 0x559624e190a4 in FVectorNode::FVectorNode(MHNSW_Share, void const, unsigned char, void const*) /test/12.1_dbg_san/sql/vector_mhnsw.cc:812:8
#2 0x559624e1ddc7 in mhnsw_insert(TABLE, st_key) /test/12.1_dbg_san/sql/vector_mhnsw.cc:1264:20
#3 0x5596250ce19e in TABLE::hlindexes_on_insert() /test/12.1_dbg_san/sql/sql_base.cc:9981:18
#4 0x5596244a855d in handler::ha_write_row(unsigned char const*) /test/12.1_dbg_san/sql/handler.cc:8239:34
#5 0x5596253db741 in write_record(THD, TABLE, st_copy_info, select_result) /test/12.1_dbg_san/sql/sql_insert.cc:2350:12
#6 0x5596253c9372 in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /test/12.1_dbg_san/sql/sql_insert.cc:1159:14
#7 0x5596255648a2 in mysql_execute_command(THD*, bool) /test/12.1_dbg_san/sql/sql_parse.cc:4459:10
#8 0x55962552f7d8 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/12.1_dbg_san/sql/sql_parse.cc:7891:18
#9 0x559625523741 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/12.1_dbg_san/sql/sql_parse.cc:1877:7
#10 0x5596255321fd in do_command(THD*, bool) /test/12.1_dbg_san/sql/sql_parse.cc:1416:17
#11 0x559625cc0ddc in do_handle_one_connection(CONNECT*, bool) /test/12.1_dbg_san/sql/sql_connect.cc:1414:11
#12 0x559625cc0697 in handle_one_connection /test/12.1_dbg_san/sql/sql_connect.cc:1326:5
#13 0x5596243100ec in asan_thread_start(void*) crtstuff.c
#14 0x7fbb34e9ca93 in start_thread nptl/pthread_create.c:447:8
#15 0x7fbb34f29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: float-cast-overflow /test/12.1_dbg_san/sql/vector_mhnsw.cc:104:43

And ('inf' instead of '32801'):

CREATE TABLE t (v VECTOR (1) NOT NULL,VECTOR INDEX (v));

INSERT INTO t VALUES (0xFA000000);

Leads to:

CS 12.1.0 4b79d7b8ee557d53a859aedec839b8673585b514 (Debug, UBASAN, Clang) Build 06/06/2025
/test/12.1_dbg_san/sql/vector_mhnsw.cc:104:43: runtime error: inf is outside the range of representable values of type 'short'
#0 0x55b45d208f37 in FVector::create(metric_type, void, void const, unsigned long) /test/12.1_dbg_san/sql/vector_mhnsw.cc:104:43
#1 0x55b45d1f70a4 in FVectorNode::FVectorNode(MHNSW_Share, void const, unsigned char, void const*) /test/12.1_dbg_san/sql/vector_mhnsw.cc:812:8
#2 0x55b45d1fbdc7 in mhnsw_insert(TABLE, st_key) /test/12.1_dbg_san/sql/vector_mhnsw.cc:1264:20
#3 0x55b45d4ac19e in TABLE::hlindexes_on_insert() /test/12.1_dbg_san/sql/sql_base.cc:9981:18
#4 0x55b45c88655d in handler::ha_write_row(unsigned char const*) /test/12.1_dbg_san/sql/handler.cc:8239:34
#5 0x55b45d7b9741 in write_record(THD, TABLE, st_copy_info, select_result) /test/12.1_dbg_san/sql/sql_insert.cc:2350:12
#6 0x55b45d7a7372 in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /test/12.1_dbg_san/sql/sql_insert.cc:1159:14
#7 0x55b45d9428a2 in mysql_execute_command(THD*, bool) /test/12.1_dbg_san/sql/sql_parse.cc:4459:10
#8 0x55b45d90d7d8 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/12.1_dbg_san/sql/sql_parse.cc:7891:18
#9 0x55b45d901741 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/12.1_dbg_san/sql/sql_parse.cc:1877:7
#10 0x55b45d9101fd in do_command(THD*, bool) /test/12.1_dbg_san/sql/sql_parse.cc:1416:17
#11 0x55b45e09eddc in do_handle_one_connection(CONNECT*, bool) /test/12.1_dbg_san/sql/sql_connect.cc:1414:11
#12 0x55b45e09e697 in handle_one_connection /test/12.1_dbg_san/sql/sql_connect.cc:1326:5
#13 0x55b45c6ee0ec in asan_thread_start(void*) crtstuff.c
#14 0x7f759189ca93 in start_thread nptl/pthread_create.c:447:8
#15 0x7f7591929c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: float-cast-overflow /test/12.1_dbg_san/sql/vector_mhnsw.cc:104:43

Setup:

Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18. Ubuntu instructions:

  # Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref  dpkg --list | grep -iE 'clang|llvm'  and use  apt purge  and  dpkg --purge  to remove the packages), before installing Clang/LLVM 18

     sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev

Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1   # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter

SAN Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 060625 643319a7fb1e273797c2a1e46d76cfac0fa1da8f No bug found
CS 10.6 opt 060625 643319a7fb1e273797c2a1e46d76cfac0fa1da8f No bug found
CS 10.11 dbg 060625 11d1ac7285221ab4df7d9ef7cc8ee949b01c9b32 No bug found
CS 10.11 opt 060625 11d1ac7285221ab4df7d9ef7cc8ee949b01c9b32 No bug found
CS 11.4 dbg 060625 8c6cbb336081a5e1ad781df4a9778b61e3b4d73f No bug found
CS 11.4 opt 060625 8c6cbb336081a5e1ad781df4a9778b61e3b4d73f No bug found
CS 11.8 dbg 060625 67e6fdee05ead4974fe632e91c38941ade369b0c UBSAN\|inf is outside the range of representable values of type 'short'\|sql/vector_mhnsw.cc\|FVector::create\|FVectorNode::FVectorNode\|mhnsw_insert\|TABLE::hlindexes_on_insert
CS 11.8 opt 060625 67e6fdee05ead4974fe632e91c38941ade369b0c UBSAN\|inf is outside the range of representable values of type 'short'\|sql/vector_mhnsw.cc\|FVector::create\|FVectorNode::FVectorNode\|mhnsw_insert\|TABLE::hlindexes_on_insert
CS 12.0 dbg 060625 f1102da37a3dcdc8b92e0205f0a8bd878704b168 UBSAN\|inf is outside the range of representable values of type 'short'\|sql/vector_mhnsw.cc\|FVector::create\|FVectorNode::FVectorNode\|mhnsw_insert\|TABLE::hlindexes_on_insert
CS 12.0 opt 060625 f1102da37a3dcdc8b92e0205f0a8bd878704b168 UBSAN\|inf is outside the range of representable values of type 'short'\|sql/vector_mhnsw.cc\|FVector::create\|FVectorNode::FVectorNode\|mhnsw_insert\|TABLE::hlindexes_on_insert
CS 12.1 dbg 060625 4b79d7b8ee557d53a859aedec839b8673585b514 UBSAN\|inf is outside the range of representable values of type 'short'\|sql/vector_mhnsw.cc\|FVector::create\|FVectorNode::FVectorNode\|mhnsw_insert\|TABLE::hlindexes_on_insert
CS 12.1 opt 060625 4b79d7b8ee557d53a859aedec839b8673585b514 UBSAN\|inf is outside the range of representable values of type 'short'\|sql/vector_mhnsw.cc\|FVector::create\|FVectorNode::FVectorNode\|mhnsw_insert\|TABLE::hlindexes_on_insert
ES 10.5 dbg 060625 ec7bc4f84e490b25f52db7422a1e0e8bbea72fb1 No bug found
ES 10.5 opt 060625 ec7bc4f84e490b25f52db7422a1e0e8bbea72fb1 No bug found
ES 10.6 dbg 060625 8541ea1e4c2fa15789dd162f6ba4b32681f74e61 No bug found
ES 10.6 opt 060625 8541ea1e4c2fa15789dd162f6ba4b32681f74e61 No bug found
ES 11.4 dbg 060625 1c8b2d3059f5ccb67c042868baca3ee269c6eca7 UBSAN\|inf is outside the range of representable values of type 'short'\|sql/vector_mhnsw.cc\|FVector::create\|FVectorNode::FVectorNode\|mhnsw_insert\|TABLE::hlindexes_on_insert
ES 11.4 opt 060625 1c8b2d3059f5ccb67c042868baca3ee269c6eca7 UBSAN\|inf is outside the range of representable values of type 'short'\|sql/vector_mhnsw.cc\|FVector::create\|FVectorNode::FVectorNode\|mhnsw_insert\|TABLE::hlindexes_on_insert
ES 11.8 dbg 110625 b9f97a5bc42a4f23889996d2891bcbb0cafcf0bc UBSAN\|inf is outside the range of representable values of type 'short'\|sql/vector_mhnsw.cc\|FVector::create\|FVectorNode::FVectorNode\|mhnsw_insert\|TABLE::hlindexes_on_insert
ES 11.8 opt 110625 b9f97a5bc42a4f23889996d2891bcbb0cafcf0bc UBSAN\|inf is outside the range of representable values of type 'short'\|sql/vector_mhnsw.cc\|FVector::create\|FVectorNode::FVectorNode\|mhnsw_insert\|TABLE::hlindexes_on_insert

Attachments

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2025-06-20 13:17

Updated:: Yesterday 15:17

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.