Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-37438

Downcast of address to Item_func_eq but of type Item_func_equal in opt_split.cc(add_ext_keyuse_for_splitting) found with UBSAN

    XMLWordPrintable

Details

    • Not for Release Notes

    Description

      The following script:

      CREATE TABLE t1 (a int, b int, KEY t1_IDX (a,b)) ENGINE=INNODB;
      		 
      EXPLAIN SELECT t1.a,t1.b FROM t1
      		 
      LEFT JOIN
      		 
      (
      		 
      SELECT a, b FROM t1 GROUP BY a, b
      		 
      ) AS t ON t1.a=t.a and t1.b<=>t.b;

      leads to runtime error:

      /src/mariadb/sql/opt_split.cc:697:26: runtime error: downcast of address 0x74985ef8f048 which does not point to an object of type 'Item_func_eq'

      and subsequently triggers ASAN:

      SUMMARY: AddressSanitizer: 32 byte(s) leaked in 2 allocation(s).
      		 
      250813  7:52:07 [ERROR] /src/mariadb/sql/mariadbd got signal 6 ;

      with the following stacktrace:

      ==12445==ERROR: LeakSanitizer: detected memory leaks
      		 
       
      		 
      Direct leak of 16 byte(s) in 1 object(s) allocated from:
      		 
          #0 0x7cda56d2154b in realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:81
      		 
          #1 0x7cda560c3a5a  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xc3a5a) (BuildId: 8d4f2235ec34ae33c412aa436c18ef4618f2efa6)
      		 
          #2 0x7cda560cf9eb  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xcf9eb) (BuildId: 8d4f2235ec34ae33c412aa436c18ef4618f2efa6)
      		 
          #3 0x7cda560d0578 in __cxa_demangle (/lib/x86_64-linux-gnu/libstdc++.so.6+0xd0578) (BuildId: 8d4f2235ec34ae33c412aa436c18ef4618f2efa6)
      		 
          #4 0x7cda5582fb9a in __sanitizer::Symbolizer::Demangle(char const*) ../../../../src/libsanitizer/sanitizer_common/sanitizer_symbolizer_libcdep.cpp:169
      		 
          #5 0x7cda55808340 in RenderText ../../../../src/libsanitizer/ubsan/ubsan_diag.cpp:199
      		 
          #6 0x7cda558098a5 in PrintMemorySnippet ../../../../src/libsanitizer/ubsan/ubsan_diag.cpp:329
      		 
          #7 0x7cda558098a5 in __ubsan::Diag::~Diag() ../../../../src/libsanitizer/ubsan/ubsan_diag.cpp:385
      		 
          #8 0x7cda5580f9b0 in HandleDynamicTypeCacheMiss ../../../../src/libsanitizer/ubsan/ubsan_handlers_cxx.cpp:69
      		 
          #9 0x7cda5580fcae in __ubsan_handle_dynamic_type_cache_miss ../../../../src/libsanitizer/ubsan/ubsan_handlers_cxx.cpp:87
      		 
          #10 0x5f9f60e05706 in add_ext_keyuse_for_splitting /src/mariadb/sql/opt_split.cc:697
      		 
          #11 0x5f9f60e06f6d in add_ext_keyuses_for_splitting_field /src/mariadb/sql/opt_split.cc:761
      		 
          #12 0x5f9f60e07976 in JOIN::add_keyuses_for_splitting() /src/mariadb/sql/opt_split.cc:836
      		 
          #13 0x5f9f60e09ac9 in st_join_table::add_keyuses_for_splitting() /src/mariadb/sql/opt_split.cc:918
      		 
          #14 0x5f9f5fc292f0 in make_join_statistics /src/mariadb/sql/sql_select.cc:6157
      		 
          #15 0x5f9f5fbd29f4 in JOIN::optimize_inner() /src/mariadb/sql/sql_select.cc:2743
      		 
          #16 0x5f9f5fbbef44 in JOIN::optimize() /src/mariadb/sql/sql_select.cc:2023
      		 
          #17 0x5f9f5fc16e9d in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /src/mariadb/sql/sql_select.cc:5388
      		 
          #18 0x5f9f5fe219c9 in mysql_explain_union(THD*, st_select_lex_unit*, select_result*) /src/mariadb/sql/sql_select.cc:31662
      		 
          #19 0x5f9f5f965569 in execute_sqlcom_select /src/mariadb/sql/sql_parse.cc:6106
      		 
          #20 0x5f9f5f9361dd in mysql_execute_command(THD*, bool) /src/mariadb/sql/sql_parse.cc:3950
      		 
          #21 0x5f9f5f98729f in mysql_parse(THD*, char*, unsigned int, Parser_state*) /src/mariadb/sql/sql_parse.cc:7883
      		 
          #22 0x5f9f5f90455c in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /src/mariadb/sql/sql_parse.cc:1878
      		 
          #23 0x5f9f5f8f8975 in do_command(THD*, bool) /src/mariadb/sql/sql_parse.cc:1417
      		 
          #24 0x5f9f605f0a37 in do_handle_one_connection(CONNECT*, bool) /src/mariadb/sql/sql_connect.cc:1414
      		 
          #25 0x5f9f605efac6 in handle_one_connection /src/mariadb/sql/sql_connect.cc:1326
      		 
          #26 0x5f9f62cf14b5 in pfs_spawn_thread /src/mariadb/storage/perfschema/pfs.cc:2198
      		 
          #27 0x7cda56c5f972 in asan_thread_start ../../../../src/libsanitizer/asan/asan_interceptors.cpp:239
      		 
          #28 0x7cda554a27f0 in start_thread nptl/pthread_create.c:448
      		 
       
      		 
      Direct leak of 16 byte(s) in 1 object(s) allocated from:
      		 
          #0 0x7cda56d2154b in realloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:81
      		 
          #1 0x7cda560c3a5a  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xc3a5a) (BuildId: 8d4f2235ec34ae33c412aa436c18ef4618f2efa6)
      		 
          #2 0x7cda560cf9eb  (/lib/x86_64-linux-gnu/libstdc++.so.6+0xcf9eb) (BuildId: 8d4f2235ec34ae33c412aa436c18ef4618f2efa6)
      		 
          #3 0x7cda560d0578 in __cxa_demangle (/lib/x86_64-linux-gnu/libstdc++.so.6+0xd0578) (BuildId: 8d4f2235ec34ae33c412aa436c18ef4618f2efa6)
      		 
          #4 0x7cda5582fb9a in __sanitizer::Symbolizer::Demangle(char const*) ../../../../src/libsanitizer/sanitizer_common/sanitizer_symbolizer_libcdep.cpp:169
      		 
          #5 0x7cda55808340 in RenderText ../../../../src/libsanitizer/ubsan/ubsan_diag.cpp:199
      		 
          #6 0x7cda5580907a in __ubsan::Diag::~Diag() ../../../../src/libsanitizer/ubsan/ubsan_diag.cpp:379
      		 
          #7 0x7cda5580f9b0 in HandleDynamicTypeCacheMiss ../../../../src/libsanitizer/ubsan/ubsan_handlers_cxx.cpp:69
      		 
          #8 0x7cda5580fcae in __ubsan_handle_dynamic_type_cache_miss ../../../../src/libsanitizer/ubsan/ubsan_handlers_cxx.cpp:87
      		 
          #9 0x5f9f60e05706 in add_ext_keyuse_for_splitting /src/mariadb/sql/opt_split.cc:697
      		 
          #10 0x5f9f60e06f6d in add_ext_keyuses_for_splitting_field /src/mariadb/sql/opt_split.cc:761
      		 
          #11 0x5f9f60e07976 in JOIN::add_keyuses_for_splitting() /src/mariadb/sql/opt_split.cc:836
      		 
          #12 0x5f9f60e09ac9 in st_join_table::add_keyuses_for_splitting() /src/mariadb/sql/opt_split.cc:918
      		 
          #13 0x5f9f5fc292f0 in make_join_statistics /src/mariadb/sql/sql_select.cc:6157
      		 
          #14 0x5f9f5fbd29f4 in JOIN::optimize_inner() /src/mariadb/sql/sql_select.cc:2743
      		 
          #15 0x5f9f5fbbef44 in JOIN::optimize() /src/mariadb/sql/sql_select.cc:2023
      		 
          #16 0x5f9f5fc16e9d in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /src/mariadb/sql/sql_select.cc:5388
      		 
          #17 0x5f9f5fe219c9 in mysql_explain_union(THD*, st_select_lex_unit*, select_result*) /src/mariadb/sql/sql_select.cc:31662
      		 
          #18 0x5f9f5f965569 in execute_sqlcom_select /src/mariadb/sql/sql_parse.cc:6106
      		 
          #19 0x5f9f5f9361dd in mysql_execute_command(THD*, bool) /src/mariadb/sql/sql_parse.cc:3950
      		 
          #20 0x5f9f5f98729f in mysql_parse(THD*, char*, unsigned int, Parser_state*) /src/mariadb/sql/sql_parse.cc:7883
      		 
          #21 0x5f9f5f90455c in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /src/mariadb/sql/sql_parse.cc:1878
      		 
          #22 0x5f9f5f8f8975 in do_command(THD*, bool) /src/mariadb/sql/sql_parse.cc:1417
      		 
          #23 0x5f9f605f0a37 in do_handle_one_connection(CONNECT*, bool) /src/mariadb/sql/sql_connect.cc:1414
      		 
          #24 0x5f9f605efac6 in handle_one_connection /src/mariadb/sql/sql_connect.cc:1326
      		 
          #25 0x5f9f62cf14b5 in pfs_spawn_thread /src/mariadb/storage/perfschema/pfs.cc:2198
      		 
          #26 0x7cda56c5f972 in asan_thread_start ../../../../src/libsanitizer/asan/asan_interceptors.cpp:239
      		 
          #27 0x7cda554a27f0 in start_thread nptl/pthread_create.c:448
      		 
       
      		 
      SUMMARY: AddressSanitizer: 32 byte(s) leaked in 2 allocation(s).

      The issue is reproduced on main (e02f4d7e31), with ASAN and UBSAN enabled.

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. MDBF-1120 Add --cursor protocol (or ps-protocol) to UBSAN Debug builder

          • Major - Major loss of function.
          • Open

          Activity

            People

              danblack Daniel Black
              qobood Vasilii Lakhin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.