[MDEV-37171] SIG 11 in Item_func_current_timestamp - Jira

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.11, 11.4, 11.8, 12.0(EOL), 12.1
Fix Version/s: 10.6, 10.11, 11.4, 11.8, 12.0(EOL)
Component/s: Temporal Types, Time zones
Labels:
- UBSAN

Bug Category:
Can result in hang or crash

Description

CREATE TABLE t (id INT,KEY(id))Engine=InnoDB COMMENT='';

ALTER TABLE t ADD COLUMN c BIGINT UNSIGNED AS ROW START INVISIBLE,ADD COLUMN c2 BIGINT UNSIGNED AS ROW END INVISIBLE,ADD PERIOD FOR SYSTEM_TIME(c,c2),ADD SYSTEM VERSIONING;

INSERT INTO t VALUES (0,+1,0);

SET max_session_mem_used=1;

SELECT * FROM t WHERE c IN (NOW(),NOW());

Leads to:

CS 12.0.1 f1102da37a3dcdc8b92e0205f0a8bd878704b168 (Debug, Clang) Build 09/06/2025
Core was generated by `/test/MD090625-mariadb-12.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 THD::query_start (this=0x0) at /test/12.0_dbg/sql/sql_class.h:4489

[Current thread is 1 (LWP 3200556)]
(gdb) bt
#0 THD::query_start (this=0x0) at /test/12.0_dbg/sql/sql_class.h:4489
#1 0x00005a06fa696885 in Item_func_current_timestamp::val_native (this=0x70fb4801aef8, thd=0x0, to=0x70fc540e4028)at /test/12.0_dbg/sql/item_timefunc.cc:1546
#2 0x00005a06fa3e4421 in Type_handler_timestamp_common::Item_val_native_with_conversion (this=0x5a06fbd509e8 <type_handler_timestamp2>, thd=0x0, item=0x70fb4801aef8, to=0x70fc540e4028)at /test/12.0_dbg/sql/sql_type.cc:9479
#3 0x00005a06fa3e4913 in Timestamp_or_zero_datetime_native_null::Timestamp_or_zero_datetime_native_null (this=0x70fc540e4028, thd=0x0, item=0x70fb4801aef8, conv=true) at /test/12.0_dbg/sql/sql_type.cc:9532
#4 0x00005a06fa3d1389 in Type_handler_timestamp_common::Item_save_in_field (this=0x5a06fbd509e8 <type_handler_timestamp2>, item=0x70fb4801aef8, field=0x70fb48031d38, no_conversions=true)at /test/12.0_dbg/sql/sql_type.cc:4421
#5 0x00005a06fa561295 in Item::save_in_field (this=0x70fb4801aef8, field=0x70fb48031d38, no_conversions=true)at /test/12.0_dbg/sql/item.cc:7216
#6 0x00005a06fa57ed14 in convert_const_to_int (thd=0x70fb48000d58, field_item=0x70fb4801ad28, item=0x70fb4801b120)at /test/12.0_dbg/sql/item_cmpfunc.cc:351
#7 0x00005a06fa59019f in Item_func_in::value_list_convert_const_to_int (this=0x70fb4801aff0, thd=0x70fb48000d58)at /test/12.0_dbg/sql/item_cmpfunc.cc:4804
#8 0x00005a06fa3d67c7 in Type_handler_temporal_result::Item_func_in_fix_comparator_compatible_types (this=0x5a06fbd50a00 <type_handler_datetime>, thd=0x70fb48000d58, func=0x70fb4801aff0)at /test/12.0_dbg/sql/sql_type.cc:6130
#9 0x00005a06fa58fd1d in Item_func_in::fix_length_and_dec (this=0x70fb4801aff0, thd=0x70fb48000d58)at /test/12.0_dbg/sql/item_cmpfunc.cc:4721
#10 0x00005a06fa5c81c3 in Item_func::fix_fields (this=0x70fb4801aff0, thd=0x70fb48000d58, ref=0x70fb4801bf40)at /test/12.0_dbg/sql/item_func.cc:380
#11 0x00005a06fa58f2a5 in Item_func_in::fix_fields (this=0x70fb4801aff0, thd=0x70fb48000d58, ref=0x70fb4801bf40)at /test/12.0_dbg/sql/item_cmpfunc.cc:4550
#12 0x00005a06f9fb5afa in Item::fix_fields_if_needed (this=0x70fb4801aff0, thd=0x70fb48000d58, ref=0x70fb4801bf40) at /test/12.0_dbg/sql/item.h:1124
#13 0x00005a06f9fb4a49 in Item::fix_fields_if_needed_for_scalar (this=0x70fb4801aff0, thd=0x70fb48000d58, ref=0x70fb4801bf40)at /test/12.0_dbg/sql/item.h:1133
#14 0x00005a06fa046bb5 in Item::fix_fields_if_needed_for_bool (this=0x70fb4801aff0, thd=0x70fb48000d58, ref=0x70fb4801bf40)at /test/12.0_dbg/sql/item.h:1137
#15 0x00005a06fa03ea7d in setup_conds (thd=0x70fb48000d58, tables=0x70fb4801a5d8, leaves=@0x70fb4801a1a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x70fb4801c278, last = 0x70fb4801c278, elements = 1}, <No data fie
lds>}, conds=0x70fb4801bf40) at /test/12.0_dbg/sql/sql_base.cc:8964
#16 0x00005a06fa168ff6 in setup_without_group (thd=0x70fb48000d58, ref_pointer_array={m_array = 0x70fb4801c8c0, m_size = 7}, tables=0x70fb4801a5d8, leaves=@0x70fb4801a1a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first =
0x70fb4801c278, last = 0x70fb4801c278, elements = 1}, <No data fields>}, fields=@0x70fb4801a248: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x70fb4801a588, last = 0x70fb4801a588, elements = 1}, <No data fields>}, al
l_fields=@0x70fb4801be58: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x70fb4801a588, last = 0x70fb4801a588, elements = 1}, <No data fields>}, conds=0x70fb4801bf40, order=0x0, group=0x0, win_specs=@0x70fb4801a420: {<
base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5a06fbd23820 <end_of_list>, last = 0x70fb4801a420, elements = 0}, <No data fields>}, win_funcs=@0x70fb4801a440: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x
5a06fbd23820 <end_of_list>, last = 0x70fb4801a440, elements = 0}, <No data fields>}, hidden_group_fields=0x70fb4801be07)at /test/12.0_dbg/sql/sql_select.cc:956
#17 0x00005a06fa167736 in JOIN::prepare (this=0x70fb4801bab0, tables_init=0x70fb4801a5d8, conds_init=0x70fb4801aff0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_a
rg=0x70fb48019f90, unit_arg=0x70fb48005148) at /test/12.0_dbg/sql/sql_select.cc:1589
#18 0x00005a06fa162fb9 in mysql_select (thd=0x70fb48000d58, tables=0x70fb4801a5d8, fields=@0x70fb4801a248: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x70fb4801a588, last = 0x70fb4801a588, elements = 1}, <No data fi
elds>}, conds=0x70fb4801aff0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x70fb4801ba88, unit=0x70fb48005148, select_lex=0x70fb48019f90)at /test/12.0_dbg/sql/sql_select.cc:5365
#19 0x00005a06fa162b45 in handle_select (thd=0x70fb48000d58, lex=0x70fb48005068, result=0x70fb4801ba88, setup_tables_done_option=0)at /test/12.0_dbg/sql/sql_select.cc:634
#20 0x00005a06fa10a871 in execute_sqlcom_select (thd=0x70fb48000d58, all_tables=0x70fb4801a5d8) at /test/12.0_dbg/sql/sql_parse.cc:6166
#21 0x00005a06fa0ff6be in mysql_execute_command (thd=0x70fb48000d58, is_called_from_prepared_stmt=false) at /test/12.0_dbg/sql/sql_parse.cc:3954
#22 0x00005a06fa0f7964 in mysql_parse (thd=0x70fb48000d58, rawbuf=0x70fb48019ee0 "SELECT * FROM t WHERE c IN (NOW(),NOW())", length=40, parser_state=0x70fc540e6a10)at /test/12.0_dbg/sql/sql_parse.cc:7882
#23 0x00005a06fa0f4d38 in dispatch_command (command=COM_QUERY, thd=0x70fb48000d58, packet=0x70fb4800b259 "SELECT * FROM t WHERE c IN (NOW(),NOW())", packet_length=40, blocking=true) at /test/12.0_dbg/sql/sql_parse.cc:1877
#24 0x00005a06fa0f8513 in do_command (thd=0x70fb48000d58, blocking=true)at /test/12.0_dbg/sql/sql_parse.cc:1416
#25 0x00005a06fa2e3ec9 in do_handle_one_connection (connect=0x5a0722952668, put_in_cache=true) at /test/12.0_dbg/sql/sql_connect.cc:1414
#26 0x00005a06fa2e3c6e in handle_one_connection (arg=0x5a07228e5a08)at /test/12.0_dbg/sql/sql_connect.cc:1326
#27 0x000070fc5629caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#28 0x000070fc56329c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 090625 888663ce12647c5aefee5e18accd80843d726741 SIGSEGV\|sql_mode_for_dates\|Temporal::sql_mode_for_dates\|Datetime::Options::Options\|Item::save_date_in_field
CS 10.6 opt 090625 888663ce12647c5aefee5e18accd80843d726741 SIGSEGV\|date_conv_mode_t::date_conv_mode_t\|sql_mode_for_dates\|Temporal::sql_mode_for_dates\|Datetime::Options::Options
CS 10.11 dbg 090625 11d1ac7285221ab4df7d9ef7cc8ee949b01c9b32 SIGSEGV\|sql_mode_for_dates\|Temporal::sql_mode_for_dates\|Datetime::Options::Options\|Item::save_date_in_field
CS 10.11 opt 090625 11d1ac7285221ab4df7d9ef7cc8ee949b01c9b32 SIGSEGV\|date_conv_mode_t::date_conv_mode_t\|sql_mode_for_dates\|Temporal::sql_mode_for_dates\|Datetime::Options::Options
CS 11.4 dbg 090625 8c6cbb336081a5e1ad781df4a9778b61e3b4d73f SIGSEGV\|sql_mode_for_dates\|Temporal::sql_mode_for_dates\|Datetime::Options::Options\|Item::save_date_in_field
CS 11.4 opt 090625 8c6cbb336081a5e1ad781df4a9778b61e3b4d73f SIGSEGV\|date_conv_mode_t::date_conv_mode_t\|sql_mode_for_dates\|Temporal::sql_mode_for_dates\|Datetime::Options::Options
CS 11.8 dbg 170625 c095283ea6f9ef25cd1bd731b6984c7cbc7e4c3f SIGSEGV\|THD::query_start\|Item_func_current_timestamp::val_native\|Type_handler_timestamp_common::Item_val_native_with_conversion\|Timestamp_or_zero_datetime_native_null::Timestamp_or_zero_datetime_native_null
CS 11.8 opt 170625 c095283ea6f9ef25cd1bd731b6984c7cbc7e4c3f SIGSEGV\|THD::query_start_sec_part\|Item_func_current_timestamp::val_native\|Timestamp_or_zero_datetime_native_null::Timestamp_or_zero_datetime_native_null\|Type_handler_timestamp_common::Item_save_in_field
CS 12.0 dbg 090625 f1102da37a3dcdc8b92e0205f0a8bd878704b168 SIGSEGV\|THD::query_start\|Item_func_current_timestamp::val_native\|Type_handler_timestamp_common::Item_val_native_with_conversion\|Timestamp_or_zero_datetime_native_null::Timestamp_or_zero_datetime_native_null
CS 12.0 opt 090625 f1102da37a3dcdc8b92e0205f0a8bd878704b168 SIGSEGV\|THD::query_start_sec_part\|Item_func_current_timestamp::val_native\|Timestamp_or_zero_datetime_native_null::Timestamp_or_zero_datetime_native_null\|Type_handler_timestamp_common::Item_save_in_field
CS 12.1 dbg 090625 6a2afb42ba86188ccda0972f9c2df363f34e10a0 SIGSEGV\|THD::query_start\|Item_func_current_timestamp::val_native\|Type_handler_timestamp_common::Item_val_native_with_conversion\|Timestamp_or_zero_datetime_native_null::Timestamp_or_zero_datetime_native_null
CS 12.1 opt 090625 6a2afb42ba86188ccda0972f9c2df363f34e10a0 SIGSEGV\|THD::query_start_sec_part\|Item_func_current_timestamp::val_native\|Timestamp_or_zero_datetime_native_null::Timestamp_or_zero_datetime_native_null\|Type_handler_timestamp_common::Item_save_in_field
ES 10.6 dbg 090625 6111fbaf7bdcb6f1170f556ffd05d6e1a4159f62 SIGSEGV\|sql_mode_for_dates\|Temporal::sql_mode_for_dates\|Datetime::Options::Options\|Item::save_date_in_field
ES 10.6 opt 090625 6111fbaf7bdcb6f1170f556ffd05d6e1a4159f62 SIGSEGV\|date_conv_mode_t::date_conv_mode_t\|sql_mode_for_dates\|Temporal::sql_mode_for_dates\|Datetime::Options::Options
ES 11.4 dbg 090625 9cd12544ebfd0d52d2158af66b5aced58121cf1f SIGSEGV\|sql_mode_for_dates\|Temporal::sql_mode_for_dates\|Datetime::Options::Options\|Item::save_date_in_field
ES 11.4 opt 090625 9cd12544ebfd0d52d2158af66b5aced58121cf1f SIGSEGV\|date_conv_mode_t::date_conv_mode_t\|sql_mode_for_dates\|Temporal::sql_mode_for_dates\|Datetime::Options::Options
ES 11.8 dbg 170625 b9f97a5bc42a4f23889996d2891bcbb0cafcf0bc SIGSEGV\|THD::query_start\|Item_func_current_timestamp::val_native\|Type_handler_timestamp_common::Item_val_native_with_conversion\|Timestamp_or_zero_datetime_native_null::Timestamp_or_zero_datetime_native_null
ES 11.8 opt 170625 b9f97a5bc42a4f23889996d2891bcbb0cafcf0bc SIGSEGV\|THD::query_start_sec_part\|Item_func_current_timestamp::val_native\|Timestamp_or_zero_datetime_native_null::Timestamp_or_zero_datetime_native_null\|Type_handler_timestamp_common::Item_save_in_field

SIG 11 in Item_func_current_timestamp

Details

Description

Attachments

Activity

People

Dates

Git Integration