Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
12.1, 12.2
Description
CREATE TABLE t (a INT); |
CREATE TRIGGER trg BEFORE UPDATE ON t FOR EACH ROW BEGIN END; |
SELECT 1 FROM information_schema.TRIGGERS; |
Leads to:
|
CS 12.1.2 033471a367b4c60b7262e64f43f46b02e95b9d74 (Debug, UBASAN, Clang 18.1.3-11) Build 13/08/2025 |
/test/12.1_dbg_san/strings/ctype.c:1298:46: runtime error: applying zero offset to null pointer
|
#0 0x56a4c3c03308 in my_convert_fix /test/12.1_dbg_san/strings/ctype.c:1298:46
|
#1 0x56a4c15c0753 in String_copier::well_formed_copy(charset_info_st const*, char*, unsigned long, charset_info_st const*, char const*, unsigned long, unsigned long) /test/12.1_dbg_san/sql/sql_string.cc:1135:17
|
#2 0x56a4c2050453 in Field_longstr::well_formed_copy_with_check(char*, unsigned long, charset_info_st const*, char const*, unsigned long, unsigned long, bool, unsigned int*) /test/12.1_dbg_san/sql/field.h:2354:26
|
#3 0x56a4c1ffca08 in Field_string::store(char const*, unsigned long, charset_info_st const*) /test/12.1_dbg_san/sql/field.cc:7530:7
|
#4 0x56a4c1567992 in store_trigger(THD*, Trigger*, TABLE*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /test/12.1_dbg_san/sql/sql_show.cc:7780:22
|
#5 0x56a4c1567992 in get_schema_triggers_record(THD*, TABLE_LIST*, TABLE*, bool, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*) /test/12.1_dbg_san/sql/sql_show.cc:7839:15
|
#6 0x56a4c151b2d6 in fill_schema_table_from_frm(THD*, st_mem_root*, TABLE*, st_schema_table*, st_mysql_const_lex_string*, st_mysql_const_lex_string*, Open_tables_backup*, bool) /test/12.1_dbg_san/sql/sql_show.cc:5233:12
|
#7 0x56a4c151b2d6 in get_all_tables(THD*, TABLE_LIST*, Item*) /test/12.1_dbg_san/sql/sql_show.cc:5664:20
|
#8 0x56a4c154c9dd in get_schema_tables_result(JOIN*, enum_schema_table_state) /test/12.1_dbg_san/sql/sql_show.cc:9740:11
|
#9 0x56a4c13bf2a6 in JOIN::exec_inner() /test/12.1_dbg_san/sql/sql_select.cc:5047:7
|
#10 0x56a4c13be1e2 in JOIN::exec() /test/12.1_dbg_san/sql/sql_select.cc:4874:8
|
#11 0x56a4c1335e94 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/12.1_dbg_san/sql/sql_select.cc:5402:21
|
#12 0x56a4c1334772 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/12.1_dbg_san/sql/sql_select.cc:634:10
|
#13 0x56a4c1208b37 in execute_sqlcom_select(THD*, TABLE_LIST*) /test/12.1_dbg_san/sql/sql_parse.cc:6167:12
|
#14 0x56a4c11e6f0e in mysql_execute_command(THD*, bool) /test/12.1_dbg_san/sql/sql_parse.cc:3950:12
|
#15 0x56a4c11c5218 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/12.1_dbg_san/sql/sql_parse.cc:7883:18
|
#16 0x56a4c11b9181 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/12.1_dbg_san/sql/sql_parse.cc:1878:7
|
#17 0x56a4c11c7c3d in do_command(THD*, bool) /test/12.1_dbg_san/sql/sql_parse.cc:1417:17
|
#18 0x56a4c189eecc in do_handle_one_connection(CONNECT*, bool) /test/12.1_dbg_san/sql/sql_connect.cc:1414:11
|
#19 0x56a4c189e787 in handle_one_connection /test/12.1_dbg_san/sql/sql_connect.cc:1326:5
|
#20 0x56a4c0b9650c in asan_thread_start(void*) asan_interceptors.cpp.o
|
#21 0x7aaa6bc9caa3 in start_thread nptl/pthread_create.c:447:8
|
#22 0x7aaa6bd29c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
 |
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/12.1_dbg_san/strings/ctype.c:1298:46
|
Setup:
Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:
|
# Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref dpkg --list | grep -iE 'clang|llvm' and use apt purge and dpkg --purge to remove the packages), before installing Clang/LLVM 18
|
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18
|
Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter
|
|
SAN Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 110825 9ffec4c1f3e73b0d3853edb486e5604604bc7051 No bug found
|
CS 10.6 opt 110825 9ffec4c1f3e73b0d3853edb486e5604604bc7051 No bug found
|
CS 10.11 dbg 130825 e46c9a01529687401b0f82b1427855535d38c0c0 No bug found
|
CS 10.11 opt 130825 e46c9a01529687401b0f82b1427855535d38c0c0 No bug found
|
CS 11.4 dbg 130825 03b31c0bd99390c1984f19a19f22dd6e77b7692e No bug found
|
CS 11.4 opt 130825 03b31c0bd99390c1984f19a19f22dd6e77b7692e No bug found
|
CS 11.8 dbg 130825 1a446ccc48528e88a3cd6cd1d1ec9e7492d342ca No bug found
|
CS 11.8 opt 130825 1a446ccc48528e88a3cd6cd1d1ec9e7492d342ca No bug found
|
CS 12.1 dbg 130825 033471a367b4c60b7262e64f43f46b02e95b9d74 UBSAN|applying zero offset to null pointer|strings/ctype.c|my_convert_fix|String_copier::well_formed_copy|Field_longstr::well_formed_copy_with_check|Field_string::store
|
CS 12.1 opt 130825 033471a367b4c60b7262e64f43f46b02e95b9d74 UBSAN|applying zero offset to null pointer|strings/ctype.c|my_convert_fix|String_copier::well_formed_copy|Field_longstr::well_formed_copy_with_check|Field_string::store
|
CS 12.2 dbg 130825 e02f4d7e311e214ea62ff2e59599849e229f4165 UBSAN|applying zero offset to null pointer|strings/ctype.c|my_convert_fix|String_copier::well_formed_copy|Field_longstr::well_formed_copy_with_check|Field_string::store
|
CS 12.2 opt 130825 e02f4d7e311e214ea62ff2e59599849e229f4165 UBSAN|applying zero offset to null pointer|strings/ctype.c|my_convert_fix|String_copier::well_formed_copy|Field_longstr::well_formed_copy_with_check|Field_string::store
|
ES 10.6 opt 150525 6111fbaf7bdcb6f1170f556ffd05d6e1a4159f62 No bug found
|
ES 11.4 dbg 150525 9cd12544ebfd0d52d2158af66b5aced58121cf1f No bug found
|
ES 11.4 opt 150525 9cd12544ebfd0d52d2158af66b5aced58121cf1f No bug found
|