Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.6, 10.11
-
None
-
Unexpected results
Description
set sql_mode=''; |
CREATE TABLE t (FTS_DOC_ID BIGINT UNSIGNED NOT NULL,body TEXT); |
ALTER ONLINE TABLE t ADD c TIMESTAMP; |
INSERT INTO t VALUES ('a','a',1.e-1); |
SET SESSION sql_buffer_result=1; |
SET NAMES utf8; |
SELECT EXTRACTVALUE ('a','a') AS f,SPACE(c) AS f2 FROM t GROUP BY f,f2 WITH ROLLUP; |
Leads to:
|
CS 10.6.24 e80998281aa1551f12a6b86cb3765796130d822d (Debug, UBASAN, Clang 18.1.3-11) Build 02/11/2025 |
/test/10.6_dbg_san/strings/strcoll.inl:253:25: runtime error: applying zero offset to null pointer
|
#0 0x5746357386c6 in my_strnncollsp_utf8mb3_general_ci /test/10.6_dbg_san/strings/strcoll.inl:253:25
|
#1 0x5746330ddf07 in Cached_item_str::cmp() /test/10.6_dbg_san/sql/item_buff.cc:95:10
|
#2 0x574633c6bbe6 in test_if_group_changed(List<Cached_item>&) /test/10.6_dbg_san/sql/sql_select.cc:27315:15
|
#3 0x574633c5ae60 in end_write_group(JOIN*, st_join_table*, bool) /test/10.6_dbg_san/sql/sql_select.cc:24231:14
|
#4 0x574633c929a1 in AGGR_OP::put_record(bool) /test/10.6_dbg_san/sql/sql_select.cc:31517:30
|
#5 0x574633bb7a15 in AGGR_OP::put_record() /test/10.6_dbg_san/sql/sql_select.h:1096:48
|
#6 0x574633bb7a15 in sub_select_postjoin_aggr(JOIN*, st_join_table*, bool) /test/10.6_dbg_san/sql/sql_select.cc:22093:13
|
#7 0x574633c615bf in evaluate_join_record(JOIN*, st_join_table*, int) /test/10.6_dbg_san/sql/sql_select.cc:22629:11
|
#8 0x574633b4168a in sub_select(JOIN*, st_join_table*, bool) /test/10.6_dbg_san/sql/sql_select.cc:22399:9
|
#9 0x574633bcd6b6 in do_select(JOIN*, Procedure*) /test/10.6_dbg_san/sql/sql_select.cc:21922:14
|
#10 0x574633bc9f59 in JOIN::exec_inner() /test/10.6_dbg_san/sql/sql_select.cc:4939:50
|
#11 0x574633bc78a3 in JOIN::exec() /test/10.6_dbg_san/sql/sql_select.cc:4717:3
|
#12 0x574633b451f6 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.6_dbg_san/sql/sql_select.cc:5196:9
|
#13 0x574633b43c22 in handle_select(THD*, LEX*, select_result*, unsigned long) /test/10.6_dbg_san/sql/sql_select.cc:573:10
|
#14 0x574633a17ae5 in execute_sqlcom_select(THD*, TABLE_LIST*) /test/10.6_dbg_san/sql/sql_parse.cc:6422:12
|
#15 0x574633a00149 in mysql_execute_command(THD*, bool) /test/10.6_dbg_san/sql/sql_parse.cc:4013:12
|
#16 0x5746339d0188 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.6_dbg_san/sql/sql_parse.cc:8200:18
|
#17 0x5746339c4414 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.6_dbg_san/sql/sql_parse.cc:1908:7
|
#18 0x5746339d2bad in do_command(THD*, bool) /test/10.6_dbg_san/sql/sql_parse.cc:1421:17
|
#19 0x5746341015ec in do_handle_one_connection(CONNECT*, bool) /test/10.6_dbg_san/sql/sql_connect.cc:1386:11
|
#20 0x574634100eab in handle_one_connection /test/10.6_dbg_san/sql/sql_connect.cc:1298:5
|
#21 0x57463289990c in asan_thread_start(void*) crtstuff.c
|
#22 0x7e09d689caa3 in start_thread nptl/pthread_create.c:447:8
|
#23 0x7e09d6929c6b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
 |
SUMMARY: UndefinedBehaviorSanitizer: nullptr-with-offset /test/10.6_dbg_san/strings/strcoll.inl:253:25
|
Setup:
Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:
|
# Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref dpkg --list | grep -iE 'clang|llvm' and use apt purge and dpkg --purge to remove the packages), before installing Clang/LLVM 18
|
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18
|
Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter
|
export ASAN_OPTIONS=quarantine_size_mb=512:atexit=0:detect_invalid_pointer_pairs=3:dump_instruction_bytes=1:abort_on_error=1:allocator_may_return_null=1
|
|
SAN Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 021125 e80998281aa1551f12a6b86cb3765796130d822d UBSAN|applying zero offset to null pointer|strings/strcoll.inl|my_strnncollsp_utf8mb3_general_ci|Cached_item_str::cmp|test_if_group_changed|end_write_group
|
CS 10.6 opt 021125 e80998281aa1551f12a6b86cb3765796130d822d UBSAN|applying zero offset to null pointer|strings/strcoll.inl|my_strnncollsp_utf8mb3_general_ci|Cached_item_str::cmp|test_if_group_changed|end_write_group
|
CS 10.11 dbg 081025 63620ca6d88af5e3e758d768e7818ca1865736e6 UBSAN|applying zero offset to null pointer|strings/strcoll.inl|my_strnncollsp_utf8mb3_general_ci|Cached_item_str::cmp|test_if_group_changed|end_write_group
|
CS 10.11 opt 081025 63620ca6d88af5e3e758d768e7818ca1865736e6 UBSAN|applying zero offset to null pointer|strings/strcoll.inl|my_strnncollsp_utf8mb3_general_ci|Cached_item_str::cmp|test_if_group_changed|end_write_group
|
CS 11.4 dbg 151025 2a722fcfc941200a3ed5aec2c414fbbaf34df1ca No bug found
|
CS 11.4 dbg 290925 62c70a8ae9f12edca3633c2d415e90e26fe694e8 No bug found
|
CS 11.4 opt 151025 2a722fcfc941200a3ed5aec2c414fbbaf34df1ca No bug found
|
CS 11.4 opt 290925 62c70a8ae9f12edca3633c2d415e90e26fe694e8 No bug found
|
CS 11.8 dbg 290925 d203a8a5df95e2c5778a304a885fb7aedfbc095e No bug found
|
CS 11.8 opt 290925 d203a8a5df95e2c5778a304a885fb7aedfbc095e No bug found
|
CS 12.1 dbg 021125 4af88ced488e78458f0febb55a0ae67783330029 No bug found
|
CS 12.1 dbg 290925 667c5e0b002a24bc595d60955950200a588f4fb7 No bug found
|
CS 12.1 opt 021125 4af88ced488e78458f0febb55a0ae67783330029 No bug found
|
CS 12.1 opt 290925 667c5e0b002a24bc595d60955950200a588f4fb7 No bug found
|
CS 12.2 dbg 290925 b8a77289639a3b10ada64cf892f02b5cecdb1603 No bug found
|
CS 12.2 opt 290925 b8a77289639a3b10ada64cf892f02b5cecdb1603 No bug found
|
ES 10.6 dbg 290925 ed866636069dda51daa8570497926ae43af8aa24 UBSAN|applying zero offset to null pointer|strings/strcoll.inl|my_strnncollsp_utf8mb3_general_ci|Cached_item_str::cmp|test_if_group_changed|end_write_group
|
ES 10.6 opt 290925 ed866636069dda51daa8570497926ae43af8aa24 UBSAN|applying zero offset to null pointer|strings/strcoll.inl|my_strnncollsp_utf8mb3_general_ci|Cached_item_str::cmp|test_if_group_changed|end_write_group
|
ES 11.4 dbg 290925 9dbe002d95a46a7a92aaedd2a23c1c1cbcf8340c No bug found
|
ES 11.4 opt 290925 9dbe002d95a46a7a92aaedd2a23c1c1cbcf8340c No bug found
|
ES 11.8 dbg 290925 543157202acd67ac9b0bb50e0b35bf7790e5467d No bug found
|
ES 11.8 opt 290925 543157202acd67ac9b0bb50e0b35bf7790e5467d No bug found
|