Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-37064

UBSAN: runtime error: call to function show_func_example() through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'

    XMLWordPrintable

Details

    • Not for Release Notes

    Description

      # mysqld options required for replay:  --plugin-maturity=unknown
      		 
      INSTALL PLUGIN example SONAME 'ha_example.so';
      		 
      SET @a=(SELECT 0 FROM information_schema.session_status WHERE variable_name='a');

      Leads to:

      CS 12.0.1 f1102da37a3dcdc8b92e0205f0a8bd878704b168 (Debug, UBASAN) Build 06/06/2025

      		 
      /test/12.0_dbg_san/sql/sql_show.cc:4028:7: runtime error: call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'
      		 
      /test/12.0_dbg_san/storage/example/ha_example.cc:1068: note: show_func_example(THD*, st_mysql_show_var*, char*) defined here
      		 
          #0 0x59c12206708c in show_status_array(THD*, char const*, st_mysql_show_var*, enum_var_type, system_status_var*, st_mysql_const_lex_string const&, TABLE*, bool, Item*) /test/12.0_dbg_san/sql/sql_show.cc:4028:7
      		 
          #1 0x59c122067161 in show_status_array(THD*, char const*, st_mysql_show_var*, enum_var_type, system_status_var*, st_mysql_const_lex_string const&, TABLE*, bool, Item*) /test/12.0_dbg_san/sql/sql_show.cc:4034:7
      		 
          #2 0x59c122069477 in fill_status(THD*, TABLE_LIST*, Item*) /test/12.0_dbg_san/sql/sql_show.cc:8734:8
      		 
          #3 0x59c12207350d in get_schema_tables_result(JOIN*, enum_schema_table_state) /test/12.0_dbg_san/sql/sql_show.cc:9738:11
      		 
          #4 0x59c121ec5e41 in JOIN::exec_inner() /test/12.0_dbg_san/sql/sql_select.cc:5035:7
      		 
          #5 0x59c121ec4bf2 in JOIN::exec() /test/12.0_dbg_san/sql/sql_select.cc:4857:8
      		 
          #6 0x59c12122ecee in subselect_single_select_engine::exec() /test/12.0_dbg_san/sql/item_subselect.cc:4199:23
      		 
          #7 0x59c1211e0aa0 in Item_subselect::exec() /test/12.0_dbg_san/sql/item_subselect.cc:813:21
      		 
          #8 0x59c1211edddf in Item_singlerow_subselect::val_int() /test/12.0_dbg_san/sql/item_subselect.cc:1481:8
      		 
          #9 0x59c120f21c27 in Item_func_set_user_var::check(bool) /test/12.0_dbg_san/sql/item_func.cc
      		 
          #10 0x59c12162a7cb in set_var_user::check(THD*) /test/12.0_dbg_san/sql/set_var.cc:909:26
      		 
          #11 0x59c121627722 in sql_set_variables(THD*, List<set_var_base>*, bool) /test/12.0_dbg_san/sql/set_var.cc:745:9
      		 
          #12 0x59c121ce9aa3 in mysql_execute_command(THD*, bool) /test/12.0_dbg_san/sql/sql_parse.cc:4859:9
      		 
          #13 0x59c121cc21a8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/12.0_dbg_san/sql/sql_parse.cc:7882:18
      		 
          #14 0x59c121cb6111 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/12.0_dbg_san/sql/sql_parse.cc:1877:7
      		 
          #15 0x59c121cc4bcd in do_command(THD*, bool) /test/12.0_dbg_san/sql/sql_parse.cc:1416:17
      		 
          #16 0x59c122455a3c in do_handle_one_connection(CONNECT*, bool) /test/12.0_dbg_san/sql/sql_connect.cc:1414:11
      		 
          #17 0x59c1224552f7 in handle_one_connection /test/12.0_dbg_san/sql/sql_connect.cc:1326:5
      		 
          #18 0x59c120aa619c in asan_thread_start(void*) crtstuff.c
      		 
          #19 0x725899e9ca93 in start_thread nptl/pthread_create.c:447:8
      		 
          #20 0x725899f29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
      		 
       
      		 
      SUMMARY: UndefinedBehaviorSanitizer: function-type-mismatch /test/12.0_dbg_san/sql/sql_show.cc:4028:7

      Setup:

      Compiled with a recent version of Clang (I used Clang 18.1.3) with LLVM 18. Ubuntu instructions:
      		 
        # Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref  dpkg --list | grep -iE 'clang|llvm'  and use  apt purge  and  dpkg --purge  to remove the packages), before installing Clang/LLVM 18
      		 
           sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev
      		 
      Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
      		 
          -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
      		 
      Set before execution:
      		 
          export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1   # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter

      SAN Bug Detection Matrix

      		 
          Rel    o/d  Build   Commit                                    UniqueID observed             
      CS  10.6   dbg  060625  643319a7fb1e273797c2a1e46d76cfac0fa1da8f  No bug found                  
      CS  10.6   opt  060625  643319a7fb1e273797c2a1e46d76cfac0fa1da8f  No bug found                  
      CS  10.11  dbg  060625  11d1ac7285221ab4df7d9ef7cc8ee949b01c9b32  No bug found                  
      CS  10.11  opt  060625  11d1ac7285221ab4df7d9ef7cc8ee949b01c9b32  No bug found                  
      CS  11.4   dbg  060625  8c6cbb336081a5e1ad781df4a9778b61e3b4d73f  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      CS  11.4   opt  060625  8c6cbb336081a5e1ad781df4a9778b61e3b4d73f  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      CS  11.8   dbg  060625  67e6fdee05ead4974fe632e91c38941ade369b0c  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      CS  11.8   opt  060625  67e6fdee05ead4974fe632e91c38941ade369b0c  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      CS  12.0   dbg  060625  f1102da37a3dcdc8b92e0205f0a8bd878704b168  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      CS  12.0   opt  060625  f1102da37a3dcdc8b92e0205f0a8bd878704b168  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      CS  12.1   dbg  060625  4b79d7b8ee557d53a859aedec839b8673585b514  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      CS  12.1   opt  060625  4b79d7b8ee557d53a859aedec839b8673585b514  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      ES  10.5   dbg  060625  ec7bc4f84e490b25f52db7422a1e0e8bbea72fb1  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      ES  10.5   opt  060625  ec7bc4f84e490b25f52db7422a1e0e8bbea72fb1  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      ES  10.6   dbg  060625  8541ea1e4c2fa15789dd162f6ba4b32681f74e61  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      ES  10.6   opt  060625  8541ea1e4c2fa15789dd162f6ba4b32681f74e61  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      ES  11.4   dbg  060625  1c8b2d3059f5ccb67c042868baca3ee269c6eca7  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      ES  11.4   opt  060625  1c8b2d3059f5ccb67c042868baca3ee269c6eca7  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      ES  11.8   dbg  110625  b9f97a5bc42a4f23889996d2891bcbb0cafcf0bc  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result
      		 
      ES  11.8   opt  110625  b9f97a5bc42a4f23889996d2891bcbb0cafcf0bc  UBSAN|call to function show_func_example(THD*, st_mysql_show_var*, char*) through pointer to incorrect function type 'int (*)(THD *, st_mysql_show_var *, void *, system_status_var *, enum_var_type)'|sql/sql_show.cc|show_status_array|show_status_array|fill_status|get_schema_tables_result

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-36729 Undefined behaviour: ha_example plugin show_func_example via show_status_array for SHOW_SIMPLE_FUNC has wrong function defination

          • Major - Major loss of function.
          • Closed

          Activity

            People

              danblack Daniel Black
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.