Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-38089

Connect: SIGSEGV and UBSAN null-pointer-use in ha_connect::create on DROP INDEX

    XMLWordPrintable

Details

    • Can result in hang or crash

    Description

      --source include/have_partition.inc
      		 
      INSTALL SONAME 'ha_connect';
      		 
      CREATE TABLE t(c INT,c2 INT,PRIMARY KEY(c,c2)) ENGINE=Connect PARTITION BY RANGE(c) SUBPARTITION BY KEY(c2) SUBPARTITIONS 2 (PARTITION p VALUES LESS THAN (1));
      		 
      DROP INDEX `PRIMARY` ON t;   # The `...` are required, as is 'PRIMARY'

      Leads to:

      CS 12.2.0 fd15fd2765b53d0c070dd01d86fb231024b8f284 (Debug, Clang 21.1.3-20250923) Build 10/11/2025

      		 
      Core was generated by `/test/MD101125-mariadb-12.2.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x00007010f44fa515 in ha_connect::create (this=0x70100c0561f8, name=0x70112ffac210 "./test/#sql-alter-4bb4-4-0#P#p#SP#psp0", table_arg=0x70112ffac740, create_info=0x70112ffb2358)at /test/12.2_dbg/storage/connect/ha_connect.cc:6940
      		 
       
      		 
      [Current thread is 1 (LWP 32200)]
      		 
      (gdb) bt
      		 
      #0  0x00007010f44fa515 in ha_connect::create (this=0x70100c0561f8, name=0x70112ffac210 "./test/#sql-alter-4bb4-4-0#P#p#SP#psp0", table_arg=0x70112ffac740, create_info=0x70112ffb2358)at /test/12.2_dbg/storage/connect/ha_connect.cc:6940
      		 
      #1  0x00005e78c3693350 in handler::ha_create (this=0x70100c0561f8, name=0x70112ffac210 "./test/#sql-alter-4bb4-4-0#P#p#SP#psp0", form=0x70112ffac740, info_arg=0x70112ffb2358)at /test/12.2_dbg/sql/handler.cc:5970
      		 
      #2  0x00005e78c3f692ce in ha_partition::create (this=0x70100c0558f8, name=0x70112ffb054b "./test/#sql-alter-4bb4-4-0", table_arg=0x70112ffac740, create_info=0x70112ffb2358)at /test/12.2_dbg/sql/ha_partition.cc:861
      		 
      #3  0x00005e78c3693350 in handler::ha_create (this=0x70100c0558f8, name=0x70112ffb054b "./test/#sql-alter-4bb4-4-0", form=0x70112ffac740, info_arg=0x70112ffb2358) at /test/12.2_dbg/sql/handler.cc:5970
      		 
      #4  0x00005e78c36951e0 in ha_create_table_from_share (thd=0x70100c000d58, share=0x70112ffadad0, create_info=0x70112ffb2358, ref_length=0x70112ffacc14) at /test/12.2_dbg/sql/handler.cc:6428
      		 
      #5  0x00005e78c3694b15 in ha_create_table (thd=0x70100c000d58, path=0x70112ffb054b "./test/#sql-alter-4bb4-4-0", db=0x70100c019ff8 "test", table_name=0x70100c019fa0 "t", create_info=0x70112ffb2358, frm=0x70112ffaeae0, skip_frm_file=false)at /test/12.2_dbg/sql/handler.cc:6495
      		 
      #6  0x00005e78c3c22b8f in mysql_alter_table (thd=0x70100c000d58, new_db=0x70100c01a028, new_name=0x70100c01a038, create_info=0x70112ffb2358, table_list=0x70100c01a008, recreate_info=0x70112ffb21c0, alter_info=0x70112ffb21e0, order_num=0, order=0x0, ignore=false, if_exists=false)at /test/12.2_dbg/sql/sql_table.cc:11844
      		 
      #7  0x00005e78c3af4d77 in mysql_execute_command (thd=0x70100c000d58, is_called_from_prepared_stmt=false) at /test/12.2_dbg/sql/sql_parse.cc:4216
      		 
      #8  0x00005e78c3aeccf8 in mysql_parse (thd=0x70100c000d58, rawbuf=0x70100c019ee0 "DROP INDEX `PRIMARY` ON t", length=25, parser_state=0x70112ffb2a00) at /test/12.2_dbg/sql/sql_parse.cc:7888
      		 
      #9  0x00005e78c3aea4d9 in dispatch_command (command=COM_QUERY, thd=0x70100c000d58, packet=0x70100c00b239 "DROP INDEX `PRIMARY` ON t", packet_length=25, blocking=true) at /test/12.2_dbg/sql/sql_parse.cc:1878
      		 
      #10 0x00005e78c3aed77a in do_command (thd=0x70100c000d58, blocking=true)at /test/12.2_dbg/sql/sql_parse.cc:1417
      		 
      #11 0x00005e78c3ce0afe in do_handle_one_connection (connect=0x5e78c5f99088, put_in_cache=true) at /test/12.2_dbg/sql/sql_connect.cc:1503
      		 
      #12 0x00005e78c3ce08e1 in handle_one_connection (arg=0x5e78c5ed8868)at /test/12.2_dbg/sql/sql_connect.cc:1415
      		 
      #13 0x000070113d69ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #14 0x000070113d729c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      Bug Detection Matrix

      		 
          Rel    o/d  Build   Commit                                    UniqueID observed             
      CS  10.6   dbg  101125  759e3523e3d832b174cf0a612704da38b2557b40  No bug found                  
      CS  10.6   opt  101125  759e3523e3d832b174cf0a612704da38b2557b40  No bug found                  
      CS  10.11  dbg  101125  536cd151f0370216d9ba4c15f40c7037060972a5  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create
      		 
      CS  10.11  opt  101125  536cd151f0370216d9ba4c15f40c7037060972a5  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create
      		 
      CS  11.4   dbg  101125  a1bb5c94fda453baa99e57e3927eaa7cd3c8bafe  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create
      		 
      CS  11.4   opt  101125  a1bb5c94fda453baa99e57e3927eaa7cd3c8bafe  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create
      		 
      CS  11.8   dbg  101125  e0428264d0095472c015eb58c46be68ca1a320ee  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create
      		 
      CS  11.8   opt  101125  e0428264d0095472c015eb58c46be68ca1a320ee  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create
      		 
      CS  12.1   dbg  101125  ba00960fdaee67a4efff6866e31f446bf486a1c2  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create
      		 
      CS  12.1   opt  101125  ba00960fdaee67a4efff6866e31f446bf486a1c2  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create
      		 
      CS  12.2   dbg  101125  fd15fd2765b53d0c070dd01d86fb231024b8f284  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create
      		 
      CS  12.2   opt  101125  fd15fd2765b53d0c070dd01d86fb231024b8f284  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create
      		 
      ES  10.6   dbg  101125  f0d4d34fb0314b03fddb71fb9dbde372744a8c13  No bug found                  
      ES  10.6   opt  101125  f0d4d34fb0314b03fddb71fb9dbde372744a8c13  No bug found                  
      ES  11.4   dbg  101125  b81ec4b57a5ddce88b8e2b2d16b64625ffdaa0e6  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create
      		 
      ES  11.4   opt  101125  b81ec4b57a5ddce88b8e2b2d16b64625ffdaa0e6  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create
      		 
      ES  11.8   dbg  101125  db36e8fb3bcdae26dd0acdcb2b52f7f4eb014df6  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create
      		 
      ES  11.8   opt  101125  db36e8fb3bcdae26dd0acdcb2b52f7f4eb014df6  SIGSEGV|ha_connect::create|handler::ha_create|ha_partition::create|handler::ha_create

      Attachments

        Activity

          People

            Unassigned Unassigned
            Roel Roel Van de Paar
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.