Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-37694

ASAN heap-use-after-free in check_column_name on CoR ... LIKE

    XMLWordPrintable

Details

    • Not for Release Notes
    • Q4/2025 Server Maintenance

    Description

      CREATE TABLE t1 (a INT KEY);
      		 
      CREATE GLOBAL TEMPORARY TABLE t (x INT) ON COMMIT DELETE ROWS;
      		 
      CREATE OR REPLACE TABLE t1 LIKE t;

      Leads to:

      MDEV-35915-5 CS 12.2.0 5a344faeb0bab8520ad5c92be6fc1fc0a9c56d52 (Optimized, UBASAN, Clang 21.1.0-20250811) Build 16/09/2025

      		 
      ==3324029==ERROR: AddressSanitizer: heap-use-after-free on address 0x7db440c9a9d9 at pc 0x5e6f3f66d4e3 bp 0x7b63548ffe40 sp 0x7b63548ffe38
      		 
      READ of size 1 at 0x7db440c9a9d9 thread T12
      		 
          #0 0x5e6f3f66d4e2 in check_column_name(Lex_cstring const&) /test/bb-12.2-nikita-global-tmp_opt_san/sql/table.cc:5513:10
      		 
          #1 0x5e6f3f4b779e in mysql_prepare_create_table_stage1(THD*, HA_CREATE_INFO*, Alter_info*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:3235:9
      		 
          #2 0x5e6f3f4b3abb in mysql_create_frm_image(THD*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:4409:7
      		 
          #3 0x5e6f3f4ca579 in create_table_impl(THD*, st_ddl_log_state*, st_ddl_log_state*, Lex_ident_db const&, Lex_ident_table const&, Lex_ident_db const&, Lex_ident_table const&, st_mysql_const_lex_string const&, DDL_options_st, HA_CREATE_INFO*, Alter_info*, int, bool*, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:5000:11
      		 
          #4 0x5e6f3f4c7cfa in mysql_create_table_no_lock(THD*, st_ddl_log_state*, st_ddl_log_state*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:5125:8
      		 
          #5 0x5e6f3f542dea in mysql_create_like_table(THD*, TABLE_LIST*, TABLE_LIST*, Table_specification_st*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:5949:10
      		 
          #6 0x5e6f3f53eb5b in Sql_cmd_create_table_like::execute(THD*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:13977:12
      		 
          #7 0x5e6f3efe0fff in mysql_execute_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:5861:26
      		 
          #8 0x5e6f3efc4705 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:7894:18
      		 
          #9 0x5e6f3efbc8c8 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:1882:7
      		 
          #10 0x5e6f3efc6640 in do_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:1421:17
      		 
          #11 0x5e6f3f7f119c in do_handle_one_connection(CONNECT*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_connect.cc:1414:11
      		 
          #12 0x5e6f3f7f0cb6 in handle_one_connection /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_connect.cc:1326:5
      		 
          #13 0x5e6f3dfa5d9a in asan_thread_start(void*) crtstuff.c
      		 
          #14 0x7f6441e9ca93 in start_thread nptl/pthread_create.c:447:8
      		 
          #15 0x7f6441f29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
      		 
       
      		 
      0x7db440c9a9d9 is located 217 bytes inside of 8184-byte region [0x7db440c9a900,0x7db440c9c8f8)
      		 
      freed by thread T12 here:
      		 
          #0 0x5e6f3dfa827a in free (/test/MDEV-35915_5_UBASAN_MD160925-mariadb-12.2.0-linux-x86_64-opt/bin/mariadbd+0x2fcd27a) (BuildId: fb2272293490eb4652cbe0b2d35631589d7e94fa)
      		 
          #1 0x5e6f40f282d7 in root_free /test/bb-12.2-nikita-global-tmp_opt_san/mysys/my_alloc.c:77:5
      		 
          #2 0x5e6f40f282d7 in free_root /test/bb-12.2-nikita-global-tmp_opt_san/mysys/my_alloc.c:517:7
      		 
          #3 0x5e6f3f62b297 in TABLE_SHARE::destroy() /test/bb-12.2-nikita-global-tmp_opt_san/sql/table.cc:554:3
      		 
          #4 0x5e6f3fc54479 in THD::free_tmp_table_share(TMP_TABLE_SHARE*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/temporary_tables.cc:1768:3
      		 
          #5 0x5e6f3fc5c898 in THD::drop_tmp_table_share(TABLE*, TMP_TABLE_SHARE*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/temporary_tables.cc:820:11
      		 
          #6 0x5e6f3fc5e3b2 in THD::commit_global_tmp_tables() /test/bb-12.2-nikita-global-tmp_opt_san/sql/temporary_tables.cc:1485:26
      		 
          #7 0x5e6f3e0ac740 in ha_rollback_trans(THD*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/handler.cc:2373:17
      		 
          #8 0x5e6f3f85320e in trans_rollback_stmt(THD*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/transaction.cc:567:5
      		 
          #9 0x5e6f3f4ca0d7 in create_table_impl(THD*, st_ddl_log_state*, st_ddl_log_state*, Lex_ident_db const&, Lex_ident_table const&, Lex_ident_db const&, Lex_ident_table const&, st_mysql_const_lex_string const&, DDL_options_st, HA_CREATE_INFO*, Alter_info*, int, bool*, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:4879:18
      		 
          #10 0x5e6f3f4c7cfa in mysql_create_table_no_lock(THD*, st_ddl_log_state*, st_ddl_log_state*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:5125:8
      		 
          #11 0x5e6f3f542dea in mysql_create_like_table(THD*, TABLE_LIST*, TABLE_LIST*, Table_specification_st*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:5949:10
      		 
          #12 0x5e6f3f53eb5b in Sql_cmd_create_table_like::execute(THD*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:13977:12
      		 
          #13 0x5e6f3efe0fff in mysql_execute_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:5861:26
      		 
          #14 0x5e6f3efc4705 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:7894:18
      		 
          #15 0x5e6f3efbc8c8 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:1882:7
      		 
          #16 0x5e6f3efc6640 in do_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:1421:17
      		 
          #17 0x5e6f3f7f119c in do_handle_one_connection(CONNECT*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_connect.cc:1414:11
      		 
          #18 0x5e6f3f7f0cb6 in handle_one_connection /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_connect.cc:1326:5
      		 
          #19 0x5e6f3dfa5d9a in asan_thread_start(void*) crtstuff.c
      		 
       
      		 
      previously allocated by thread T12 here:
      		 
          #0 0x5e6f3dfa8518 in malloc (/test/MDEV-35915_5_UBASAN_MD160925-mariadb-12.2.0-linux-x86_64-opt/bin/mariadbd+0x2fcd518) (BuildId: fb2272293490eb4652cbe0b2d35631589d7e94fa)
      		 
          #1 0x5e6f40f56cc5 in my_malloc /test/bb-12.2-nikita-global-tmp_opt_san/mysys/my_malloc.c:93:29
      		 
          #2 0x5e6f40f264ba in alloc_root /test/bb-12.2-nikita-global-tmp_opt_san/mysys/my_alloc.c:336:29
      		 
          #3 0x5e6f40f2b99f in memdup_root /test/bb-12.2-nikita-global-tmp_opt_san/mysys/my_alloc.c:690:12
      		 
          #4 0x5e6f3f62d0e0 in TABLE_SHARE::init_from_binary_frm_image(THD*, bool, unsigned char const*, unsigned long, unsigned char const*, unsigned long) /test/bb-12.2-nikita-global-tmp_opt_san/sql/table.cc:1920:33
      		 
          #5 0x5e6f3fc53218 in THD::create_temporary_table(st_mysql_const_unsigned_lex_string*, char const*, Lex_ident_db const&, Lex_ident_table const&) /test/bb-12.2-nikita-global-tmp_opt_san/sql/temporary_tables.cc:1158:14
      		 
          #6 0x5e6f3fc52aab in THD::create_and_open_tmp_table(st_mysql_const_unsigned_lex_string*, char const*, Lex_ident_db const&, Lex_ident_table const&, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/temporary_tables.cc:136:15
      		 
          #7 0x5e6f3f4cadcb in create_table_impl(THD*, st_ddl_log_state*, st_ddl_log_state*, Lex_ident_db const&, Lex_ident_table const&, Lex_ident_db const&, Lex_ident_table const&, st_mysql_const_lex_string const&, DDL_options_st, HA_CREATE_INFO*, Alter_info*, int, bool*, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:5037:24
      		 
          #8 0x5e6f3f4c7cfa in mysql_create_table_no_lock(THD*, st_ddl_log_state*, st_ddl_log_state*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:5125:8
      		 
          #9 0x5e6f3f4cf7e5 in open_global_temporary_table(THD*, TABLE_SHARE*, TABLE_LIST*, MDL_ticket*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:6297:14
      		 
          #10 0x5e6f3eadca6e in open_table(THD*, TABLE_LIST*, Open_table_context*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_base.cc:2351:22
      		 
          #11 0x5e6f3eaef164 in open_and_process_table(THD*, TABLE_LIST*, unsigned int*, unsigned int, Prelocking_strategy*, bool, Open_table_context*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_base.cc:4308:14
      		 
          #12 0x5e6f3eaef164 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_base.cc:4791:14
      		 
          #13 0x5e6f3f541da1 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_base.h:506:10
      		 
          #14 0x5e6f3f541da1 in mysql_create_like_table(THD*, TABLE_LIST*, TABLE_LIST*, Table_specification_st*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:5850:8
      		 
          #15 0x5e6f3f53eb5b in Sql_cmd_create_table_like::execute(THD*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_table.cc:13977:12
      		 
          #16 0x5e6f3efe0fff in mysql_execute_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:5861:26
      		 
          #17 0x5e6f3efc4705 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:7894:18
      		 
          #18 0x5e6f3efbc8c8 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:1882:7
      		 
          #19 0x5e6f3efc6640 in do_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_parse.cc:1421:17
      		 
          #20 0x5e6f3f7f119c in do_handle_one_connection(CONNECT*, bool) /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_connect.cc:1414:11
      		 
          #21 0x5e6f3f7f0cb6 in handle_one_connection /test/bb-12.2-nikita-global-tmp_opt_san/sql/sql_connect.cc:1326:5
      		 
          #22 0x5e6f3dfa5d9a in asan_thread_start(void*) crtstuff.c
      		 
       
      		 
      Thread T12 created by T0 here:
      		 
          #0 0x5e6f3df8c495 in pthread_create (/test/MDEV-35915_5_UBASAN_MD160925-mariadb-12.2.0-linux-x86_64-opt/bin/mariadbd+0x2fb1495) (BuildId: fb2272293490eb4652cbe0b2d35631589d7e94fa)
      		 
          #1 0x5e6f3dffeac9 in create_thread_to_handle_connection(CONNECT*) /test/bb-12.2-nikita-global-tmp_opt_san/sql/mysqld.cc:6272:19
      		 
          #2 0x5e6f3dfffe0a in handle_connections_sockets() /test/bb-12.2-nikita-global-tmp_opt_san/sql/mysqld.cc:6508:9
      		 
          #3 0x5e6f3dffe210 in run_main_loop() /test/bb-12.2-nikita-global-tmp_opt_san/sql/mysqld.cc:5750:3
      		 
          #4 0x5e6f3dff4d4e in mysqld_main(int, char**) /test/bb-12.2-nikita-global-tmp_opt_san/sql/mysqld.cc:6173:3
      		 
          #5 0x7f6441e2a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
      		 
          #6 0x7f6441e2a28a in __libc_start_main csu/../csu/libc-start.c:360:3
      		 
          #7 0x5e6f3df02da4 in _start (/test/MDEV-35915_5_UBASAN_MD160925-mariadb-12.2.0-linux-x86_64-opt/bin/mariadbd+0x2f27da4) (BuildId: fb2272293490eb4652cbe0b2d35631589d7e94fa)
      		 
       
      		 
      SUMMARY: AddressSanitizer: heap-use-after-free /test/bb-12.2-nikita-global-tmp_opt_san/sql/table.cc:5513:10 in check_column_name(Lex_cstring const&)
      		 
      Shadow bytes around the buggy address:
      		 
        0x7db440c9a700: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x7db440c9a780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x7db440c9a800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x7db440c9a880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x7db440c9a900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
      =>0x7db440c9a980: fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd
      		 
        0x7db440c9aa00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x7db440c9aa80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x7db440c9ab00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x7db440c9ab80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x7db440c9ac00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb
      		 
      ==3324029==ABORTING

      MDEV-35915-5 CS 12.2.0 5a344faeb0bab8520ad5c92be6fc1fc0a9c56d52 (Debug, UBASAN, Clang 21.1.0-20250811) Build 16/09/2025

      		 
      ==4100186==ERROR: AddressSanitizer: heap-use-after-free on address 0x7972d4f03a01 at pc 0x5cadd9632125 bp 0x7721e88ffcc0 sp 0x7721e88ffcb8
      		 
      READ of size 1 at 0x7972d4f03a01 thread T12
      		 
          #0 0x5cadd9632124 in check_column_name(Lex_cstring const&) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/table.cc:5513:10
      		 
          #1 0x5cadd9483b2e in mysql_prepare_create_table_stage1(THD*, HA_CREATE_INFO*, Alter_info*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:3235:9
      		 
          #2 0x5cadd947f64d in mysql_create_frm_image(THD*, HA_CREATE_INFO*, Alter_info*, int, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:4409:7
      		 
          #3 0x5cadd9496258 in create_table_impl(THD*, st_ddl_log_state*, st_ddl_log_state*, Lex_ident_db const&, Lex_ident_table const&, Lex_ident_db const&, Lex_ident_table const&, st_mysql_const_lex_string const&, DDL_options_st, HA_CREATE_INFO*, Alter_info*, int, bool*, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:5000:11
      		 
          #4 0x5cadd9493ba1 in mysql_create_table_no_lock(THD*, st_ddl_log_state*, st_ddl_log_state*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:5125:8
      		 
          #5 0x5cadd95077e9 in mysql_create_like_table(THD*, TABLE_LIST*, TABLE_LIST*, Table_specification_st*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:5949:10
      		 
          #6 0x5cadd950382b in Sql_cmd_create_table_like::execute(THD*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:13977:12
      		 
          #7 0x5cadd8fcd3c7 in mysql_execute_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_parse.cc:5861:26
      		 
          #8 0x5cadd8fb0518 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_parse.cc:7894:18
      		 
          #9 0x5cadd8fa9cdc in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_parse.cc:1882:7
      		 
          #10 0x5cadd8fb294a in do_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_parse.cc:1421:17
      		 
          #11 0x5cadd97b781c in do_handle_one_connection(CONNECT*, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_connect.cc:1414:11
      		 
          #12 0x5cadd97b7325 in handle_one_connection /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_connect.cc:1326:5
      		 
          #13 0x5cadd7f70d6a in asan_thread_start(void*) crtstuff.c
      		 
          #14 0x7b22d5e9ca93 in start_thread nptl/pthread_create.c:447:8
      		 
          #15 0x7b22d5f29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
      		 
       
      		 
      0x7972d4f03a01 is located 257 bytes inside of 8184-byte region [0x7972d4f03900,0x7972d4f058f8)
      		 
      freed by thread T12 here:
      		 
          #0 0x5cadd7f7324a in free (/test/MDEV-35915_5_UBASAN_MD160925-mariadb-12.2.0-linux-x86_64-dbg/bin/mariadbd+0x3b9824a) (BuildId: 875724b5ebbe978ad95c25535971436c9dc343ab)
      		 
          #1 0x5caddb0e8c47 in root_free /test/bb-12.2-nikita-global-tmp_dbg_san/mysys/my_alloc.c:77:5
      		 
          #2 0x5caddb0e8c47 in free_root /test/bb-12.2-nikita-global-tmp_dbg_san/mysys/my_alloc.c:517:7
      		 
          #3 0x5cadd95edc94 in TABLE_SHARE::destroy() /test/bb-12.2-nikita-global-tmp_dbg_san/sql/table.cc:554:3
      		 
          #4 0x5cadd9c2dced in THD::free_tmp_table_share(TMP_TABLE_SHARE*, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/temporary_tables.cc:1768:3
      		 
          #5 0x5cadd9c36509 in THD::drop_tmp_table_share(TABLE*, TMP_TABLE_SHARE*, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/temporary_tables.cc:820:11
      		 
          #6 0x5cadd9c3880f in THD::commit_global_tmp_tables() /test/bb-12.2-nikita-global-tmp_dbg_san/sql/temporary_tables.cc:1485:26
      		 
          #7 0x5cadd808ab05 in ha_rollback_trans(THD*, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/handler.cc:2373:17
      		 
          #8 0x5cadd982147c in trans_rollback_stmt(THD*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/transaction.cc:567:5
      		 
          #9 0x5cadd949541f in create_table_impl(THD*, st_ddl_log_state*, st_ddl_log_state*, Lex_ident_db const&, Lex_ident_table const&, Lex_ident_db const&, Lex_ident_table const&, st_mysql_const_lex_string const&, DDL_options_st, HA_CREATE_INFO*, Alter_info*, int, bool*, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:4879:18
      		 
          #10 0x5cadd9493ba1 in mysql_create_table_no_lock(THD*, st_ddl_log_state*, st_ddl_log_state*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:5125:8
      		 
          #11 0x5cadd95077e9 in mysql_create_like_table(THD*, TABLE_LIST*, TABLE_LIST*, Table_specification_st*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:5949:10
      		 
          #12 0x5cadd950382b in Sql_cmd_create_table_like::execute(THD*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:13977:12
      		 
          #13 0x5cadd8fcd3c7 in mysql_execute_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_parse.cc:5861:26
      		 
          #14 0x5cadd8fb0518 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_parse.cc:7894:18
      		 
          #15 0x5cadd8fa9cdc in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_parse.cc:1882:7
      		 
          #16 0x5cadd8fb294a in do_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_parse.cc:1421:17
      		 
          #17 0x5cadd97b781c in do_handle_one_connection(CONNECT*, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_connect.cc:1414:11
      		 
          #18 0x5cadd97b7325 in handle_one_connection /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_connect.cc:1326:5
      		 
          #19 0x5cadd7f70d6a in asan_thread_start(void*) crtstuff.c
      		 
       
      		 
      previously allocated by thread T12 here:
      		 
          #0 0x5cadd7f734e8 in malloc (/test/MDEV-35915_5_UBASAN_MD160925-mariadb-12.2.0-linux-x86_64-dbg/bin/mariadbd+0x3b984e8) (BuildId: 875724b5ebbe978ad95c25535971436c9dc343ab)
      		 
          #1 0x5caddb131fb1 in my_malloc /test/bb-12.2-nikita-global-tmp_dbg_san/mysys/my_malloc.c:93:29
      		 
          #2 0x5caddb0e6983 in alloc_root /test/bb-12.2-nikita-global-tmp_dbg_san/mysys/my_alloc.c:336:29
      		 
          #3 0x5caddb0ec99f in memdup_root /test/bb-12.2-nikita-global-tmp_dbg_san/mysys/my_alloc.c:690:12
      		 
          #4 0x5cadd95ef9dd in TABLE_SHARE::init_from_binary_frm_image(THD*, bool, unsigned char const*, unsigned long, unsigned char const*, unsigned long) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/table.cc:1920:33
      		 
          #5 0x5cadd9c2c939 in THD::create_temporary_table(st_mysql_const_unsigned_lex_string*, char const*, Lex_ident_db const&, Lex_ident_table const&) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/temporary_tables.cc:1158:14
      		 
          #6 0x5cadd9c2c2bb in THD::create_and_open_tmp_table(st_mysql_const_unsigned_lex_string*, char const*, Lex_ident_db const&, Lex_ident_table const&, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/temporary_tables.cc:136:15
      		 
          #7 0x5cadd949711a in create_table_impl(THD*, st_ddl_log_state*, st_ddl_log_state*, Lex_ident_db const&, Lex_ident_table const&, Lex_ident_db const&, Lex_ident_table const&, st_mysql_const_lex_string const&, DDL_options_st, HA_CREATE_INFO*, Alter_info*, int, bool*, st_key**, unsigned int*, st_mysql_const_unsigned_lex_string*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:5037:24
      		 
          #8 0x5cadd9493ba1 in mysql_create_table_no_lock(THD*, st_ddl_log_state*, st_ddl_log_state*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:5125:8
      		 
          #9 0x5cadd949bbfe in open_global_temporary_table(THD*, TABLE_SHARE*, TABLE_LIST*, MDL_ticket*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:6297:14
      		 
          #10 0x5cadd8ac7cb2 in open_table(THD*, TABLE_LIST*, Open_table_context*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_base.cc:2351:22
      		 
          #11 0x5cadd8adaf15 in open_and_process_table(THD*, TABLE_LIST*, unsigned int*, unsigned int, Prelocking_strategy*, bool, Open_table_context*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_base.cc:4308:14
      		 
          #12 0x5cadd8adaf15 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int, Prelocking_strategy*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_base.cc:4791:14
      		 
          #13 0x5cadd95067e1 in open_tables(THD*, DDL_options_st const&, TABLE_LIST**, unsigned int*, unsigned int) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_base.h:506:10
      		 
          #14 0x5cadd95067e1 in mysql_create_like_table(THD*, TABLE_LIST*, TABLE_LIST*, Table_specification_st*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:5850:8
      		 
          #15 0x5cadd950382b in Sql_cmd_create_table_like::execute(THD*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_table.cc:13977:12
      		 
          #16 0x5cadd8fcd3c7 in mysql_execute_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_parse.cc:5861:26
      		 
          #17 0x5cadd8fb0518 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_parse.cc:7894:18
      		 
          #18 0x5cadd8fa9cdc in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_parse.cc:1882:7
      		 
          #19 0x5cadd8fb294a in do_command(THD*, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_parse.cc:1421:17
      		 
          #20 0x5cadd97b781c in do_handle_one_connection(CONNECT*, bool) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_connect.cc:1414:11
      		 
          #21 0x5cadd97b7325 in handle_one_connection /test/bb-12.2-nikita-global-tmp_dbg_san/sql/sql_connect.cc:1326:5
      		 
          #22 0x5cadd7f70d6a in asan_thread_start(void*) crtstuff.c
      		 
       
      		 
      Thread T12 created by T0 here:
      		 
          #0 0x5cadd7f57465 in pthread_create (/test/MDEV-35915_5_UBASAN_MD160925-mariadb-12.2.0-linux-x86_64-dbg/bin/mariadbd+0x3b7c465) (BuildId: 875724b5ebbe978ad95c25535971436c9dc343ab)
      		 
          #1 0x5cadd7fcadbc in create_thread_to_handle_connection(CONNECT*) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/mysqld.cc:6272:19
      		 
          #2 0x5cadd7fcbe45 in handle_connections_sockets() /test/bb-12.2-nikita-global-tmp_dbg_san/sql/mysqld.cc:6508:9
      		 
          #3 0x5cadd7fca3ca in run_main_loop() /test/bb-12.2-nikita-global-tmp_dbg_san/sql/mysqld.cc:5750:3
      		 
          #4 0x5cadd7fbfd7e in mysqld_main(int, char**) /test/bb-12.2-nikita-global-tmp_dbg_san/sql/mysqld.cc:6173:3
      		 
          #5 0x7b22d5e2a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
      		 
          #6 0x7b22d5e2a28a in __libc_start_main csu/../csu/libc-start.c:360:3
      		 
          #7 0x5cadd7ecdd74 in _start (/test/MDEV-35915_5_UBASAN_MD160925-mariadb-12.2.0-linux-x86_64-dbg/bin/mariadbd+0x3af2d74) (BuildId: 875724b5ebbe978ad95c25535971436c9dc343ab)
      		 
       
      		 
      SUMMARY: AddressSanitizer: heap-use-after-free /test/bb-12.2-nikita-global-tmp_dbg_san/sql/table.cc:5513:10 in check_column_name(Lex_cstring const&)
      		 
      Shadow bytes around the buggy address:
      		 
        0x7972d4f03780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x7972d4f03800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x7972d4f03880: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
      		 
        0x7972d4f03900: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x7972d4f03980: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
      =>0x7972d4f03a00:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x7972d4f03a80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x7972d4f03b00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x7972d4f03b80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x7972d4f03c00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
        0x7972d4f03c80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
      		 
      Shadow byte legend (one shadow byte represents 8 application bytes):
      		 
        Addressable:           00
      		 
        Partially addressable: 01 02 03 04 05 06 07 
        Heap left redzone:       fa
      		 
        Freed heap region:       fd
      		 
        Stack left redzone:      f1
      		 
        Stack mid redzone:       f2
      		 
        Stack right redzone:     f3
      		 
        Stack after return:      f5
      		 
        Stack use after scope:   f8
      		 
        Global redzone:          f9
      		 
        Global init order:       f6
      		 
        Poisoned by user:        f7
      		 
        Container overflow:      fc
      		 
        Array cookie:            ac
      		 
        Intra object redzone:    bb
      		 
        ASan internal:           fe
      		 
        Left alloca redzone:     ca
      		 
        Right alloca redzone:    cb
      		 
      ==4100186==ABORTING

      Testcase is MTR and CLI compatible. InnoDB and MyISAM both affected.

      Attachments

        Issue Links

          is caused by

          New Feature - A new feature of the product, which has yet to be developed. MDEV-35915 Implement Global temporary tables

          • Critical - Crashes, loss of data, severe memory leak.
          • In Testing

          Activity

            People

              nikitamalyavin Nikita Malyavin
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.