[MDEV-38879] SIGSEGV in Item_equal_iterator<List_iterator_fast, Item> on SELECT - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 11.4, 11.8, 12.2, 12.3
Fix Version/s: 11.4, 11.8, 12.2
Component/s: Optimizer, Storage Engine - InnoDB
Labels:

Bug Category:
Can result in hang or crash

Description

Possibly connected with MDEV-30051 though this is an additional regression in newer versions.

--source include/have_innodb.inc

CREATE TABLE t (a INT,b INT) ENGINE=InnoDB;

ANALYZE TABLE t PERSISTENT FOR ALL;

SELECT 1 FROM t s WHERE 1 NOT IN (SELECT 1 FROM t WHERE ((a=1 OR a=2) AND b=1) OR (b>5 AND b<1));

Leads to:

CS 12.3.1 21a0714a118614982d20bfa504763d7247800091 (Debug, Clang 21.1.3-20250923) Build 17/02/2026
Core was generated by `/test/MD170226-mariadb-12.3.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000581ac351c714 in Item_equal_iterator<List_iterator_fast, Item>::get_curr_field (this=0x730dbbf6b948) at /test/12.3_dbg/sql/item_cmpfunc.h:3744

[Current thread is 1 (LWP 4026668)]
(gdb) bt
#0 0x0000581ac351c714 in Item_equal_iterator<List_iterator_fast, Item>::get_curr_field (this=0x730dbbf6b948) at /test/12.3_dbg/sql/item_cmpfunc.h:3744
#1 0x0000581ac351676f in Item_equal::contains (this=0x730c7c0869d0, field=0x730c7c03b678) at /test/12.3_dbg/sql/item_cmpfunc.cc:7167
#2 0x0000581ac34574e1 in Item_field::find_item_equal (this=0x730c7c01bd18, cond_equal=0x730c7c01cad8) at /test/12.3_dbg/sql/item.cc:6796
#3 0x0000581ac3903ecd in eliminate_item_equal (thd=0x730c7c000d58, cond=0x0, upper_levels=0x730c7c01cad8, item_equal=0x730c7c0203c8)at /test/12.3_dbg/sql/sql_select.cc:19200
#4 0x0000581ac38dd6cf in substitute_for_best_equal_field (thd=0x730c7c000d58, context_tab=0x1, cond=0x730c7c0203c8, cond_equal=0x730c7c01cad8, table_join_idx=0x730c7c020b18, do_substitution=true)at /test/12.3_dbg/sql/sql_select.cc:19508
#5 0x0000581ac38dd41d in substitute_for_best_equal_field (thd=0x730c7c000d58, context_tab=0x1, cond=0x730c7c01c500, cond_equal=0x730c7c0873c8, table_join_idx=0x730c7c020b18, do_substitution=true)at /test/12.3_dbg/sql/sql_select.cc:19426
#6 0x0000581ac38dd41d in substitute_for_best_equal_field (thd=0x730c7c000d58, context_tab=0x1, cond=0x730c7c0872e8, cond_equal=0x730c7c0873c8, table_join_idx=0x730c7c020b18, do_substitution=true)at /test/12.3_dbg/sql/sql_select.cc:19426
#7 0x0000581ac38d43c6 in JOIN::optimize_stage2 (this=0x730c7c01f3d8)at /test/12.3_dbg/sql/sql_select.cc:2926
#8 0x0000581ac38d3cff in JOIN::optimize_inner (this=0x730c7c01f3d8)at /test/12.3_dbg/sql/sql_select.cc:2789
#9 0x0000581ac38d18d6 in JOIN::optimize (this=0x730c7c01f3d8)at /test/12.3_dbg/sql/sql_select.cc:2016
#10 0x0000581ac3820ad6 in st_select_lex::optimize_unflattened_subqueries (this=0x730c7c01a248, const_only=true) at /test/12.3_dbg/sql/sql_lex.cc:5133
#11 0x0000581ac3aeb502 in st_select_lex::optimize_constant_subqueries (this=0x730c7c01a248) at /test/12.3_dbg/sql/opt_subselect.cc:5949
#12 0x0000581ac38d2371 in JOIN::optimize_inner (this=0x730c7c01ea88)at /test/12.3_dbg/sql/sql_select.cc:2395
#13 0x0000581ac38d18d6 in JOIN::optimize (this=0x730c7c01ea88)at /test/12.3_dbg/sql/sql_select.cc:2016
#14 0x0000581ac38ca11d in mysql_select (thd=0x730c7c000d58, tables=0x730c7c01a808, fields=@0x730c7c01a500: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x730c7c01a7a8, last = 0x730c7c01a7a8, elements = 1}, <No data fields>}, conds=0x730c7c01e038, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x730c7c01ea60, unit=0x730c7c005280, select_lex=0x730c7c01a248)at /test/12.3_dbg/sql/sql_select.cc:5425
#15 0x0000581ac38c9d1d in handle_select (thd=0x730c7c000d58, lex=0x730c7c0051a0, result=0x730c7c01ea60, setup_tables_done_option=0)at /test/12.3_dbg/sql/sql_select.cc:636
#16 0x0000581ac387131a in execute_sqlcom_select (thd=0x730c7c000d58, all_tables=0x730c7c01a808) at /test/12.3_dbg/sql/sql_parse.cc:6212
#17 0x0000581ac38677b3 in mysql_execute_command (thd=0x730c7c000d58, is_called_from_prepared_stmt=false) at /test/12.3_dbg/sql/sql_parse.cc:3987
#18 0x0000581ac3860678 in mysql_parse (thd=0x730c7c000d58, rawbuf=0x730c7c01a120 "SELECT 1 FROM t s WHERE 1 NOT IN (SELECT 1 FROM t WHERE ((a=1 OR a=2) AND b=1) OR (b>5 AND b<1))", length=96, parser_state=0x730dbbf6e9f0) at /test/12.3_dbg/sql/sql_parse.cc:7940
#19 0x0000581ac385de2e in dispatch_command (command=COM_QUERY, thd=0x730c7c000d58, packet=0x730c7c00b4c9 "SELECT 1 FROM t s WHERE 1 NOT IN (SELECT 1 FROM t WHERE ((a=1 OR a=2) AND b=1) OR (b>5 AND b<1))", packet_length=96, blocking=true)at /test/12.3_dbg/sql/sql_parse.cc:1896
#20 0x0000581ac38610fa in do_command (thd=0x730c7c000d58, blocking=true)at /test/12.3_dbg/sql/sql_parse.cc:1432
#21 0x0000581ac3a6099e in do_handle_one_connection (connect=0x581ac717d6b8, put_in_cache=true) at /test/12.3_dbg/sql/sql_connect.cc:1503
#22 0x0000581ac3a60781 in handle_one_connection (arg=0x581ac7161278)at /test/12.3_dbg/sql/sql_connect.cc:1415
#23 0x0000730dc109ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#24 0x0000730dc1129c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 230126 cd02709a315c9f08965d6b8fb7e75baaae17a4f4 No bug found
CS 10.6 opt 230126 cd02709a315c9f08965d6b8fb7e75baaae17a4f4 No bug found
CS 10.11 dbg 230126 b061b5ab1f2cd2a6993e53dc24a865304ced14cd No bug found
CS 10.11 opt 230126 b061b5ab1f2cd2a6993e53dc24a865304ced14cd No bug found
CS 11.4 dbg 260126 b6d0e23d76fe5936b6a29379ab494852e4d493b1 SIGSEGV\|Item_equal_iterator<List_iterator_fast, Item>::get_curr_field\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
CS 11.4 opt 260126 b6d0e23d76fe5936b6a29379ab494852e4d493b1 SIGSEGV\|Item_equal_iterator<List_iterator_fast, Item>::get_curr_field\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
CS 11.8 dbg 230126 01ff5ae6b677bead4c41d91bf5afb25c593a1d02 SIGSEGV\|Item_equal_iterator<List_iterator_fast, Item>::get_curr_field\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
CS 11.8 opt 230126 01ff5ae6b677bead4c41d91bf5afb25c593a1d02 SIGSEGV\|Item_equal_iterator<List_iterator_fast, Item>::get_curr_field\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
CS 12.2 dbg 230126 6ca70dd64ce56da40fad3bcd0641493210dd0a4c SIGSEGV\|Item_equal_iterator<List_iterator_fast, Item>::get_curr_field\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
CS 12.2 opt 230126 6ca70dd64ce56da40fad3bcd0641493210dd0a4c SIGSEGV\|Item_equal_iterator<List_iterator_fast, Item>::get_curr_field\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
CS 12.3 dbg 170226 21a0714a118614982d20bfa504763d7247800091 SIGSEGV\|Item_equal_iterator<List_iterator_fast, Item>::get_curr_field\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
CS 12.3 opt 170226 21a0714a118614982d20bfa504763d7247800091 SIGSEGV\|Item_equal_iterator<List_iterator_fast, Item>::get_curr_field\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
ES 10.6 dbg 230126 0fe345fff3a0463224ca714831303d40fb83648b No bug found
ES 10.6 opt 230126 0fe345fff3a0463224ca714831303d40fb83648b No bug found
ES 11.4 dbg 230126 34f616d5fd2c649d0c79acb4e2423c90b8f10436 SIGSEGV\|Item_equal_iterator<List_iterator_fast, Item>::get_curr_field\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
ES 11.4 opt 230126 34f616d5fd2c649d0c79acb4e2423c90b8f10436 SIGSEGV\|Item_equal_iterator<List_iterator_fast, Item>::get_curr_field\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
ES 11.8 dbg 230126 405ee76b60c4ab82155f339136ed20d3b7363717 SIGSEGV\|Item_equal_iterator<List_iterator_fast, Item>::get_curr_field\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
ES 11.8 opt 230126 405ee76b60c4ab82155f339136ed20d3b7363717 SIGSEGV\|Item_equal_iterator<List_iterator_fast, Item>::get_curr_field\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
MS 5.5 dbg 070123 bac287c315b1792e7ae33f91add6a60292f9bae8 No bug found
MS 5.5 opt 070123 bac287c315b1792e7ae33f91add6a60292f9bae8 No bug found
MS 5.6 dbg 070123 dab95781a1244104d6b87020ac2fc4d190ba2946 No bug found
MS 5.6 opt 070123 dab95781a1244104d6b87020ac2fc4d190ba2946 No bug found
MS 5.7 dbg 070525 f7680e98b6bbe3500399fbad465d08a6b75d7a5c No bug found
MS 5.7 opt 070525 f7680e98b6bbe3500399fbad465d08a6b75d7a5c No bug found
MS 8.0 dbg 060224 49ef33f7edadef3ae04665e73d1babd40179a4f1 No bug found
MS 8.0 opt 060224 49ef33f7edadef3ae04665e73d1babd40179a4f1 No bug found
MS 9.1 dbg 211024 61a3a1d8ef15512396b4c2af46e922a19bf2b174 No bug found
MS 9.1 opt 211024 61a3a1d8ef15512396b4c2af46e922a19bf2b174 No bug found

And UBSAN sees invalid-bool-load and null-pointer-use issues:

CS 12.3.1 21a0714a118614982d20bfa504763d7247800091 (Debug, UBASAN, Clang 21.1.3-20250923) Build 17/02/2026
/test/12.3_dbg_san/sql/item_cmpfunc.h:3723:17: runtime error: load of value 224, which is not a valid value for type 'bool'
#0 0x5b844201054a in Item_equal_iterator<List_iterator_fast, Item>::Item_equal_iterator(Item_equal&) /test/12.3_dbg_san/sql/item_cmpfunc.h:3723:17
#1 0x5b84422317df in Item_equal_fields_iterator::Item_equal_fields_iterator(Item_equal&) /test/12.3_dbg_san/sql/item_cmpfunc.h:3756:6
#2 0x5b84422317df in Item_equal::contains(Field*) /test/12.3_dbg_san/sql/item_cmpfunc.cc:7164:30
#3 0x5b8441f9a447 in Item_field::find_item_equal(COND_EQUAL*) /test/12.3_dbg_san/sql/item.cc:6796:17
#4 0x5b84430725ad in eliminate_item_equal(THD, Item, COND_EQUAL, Item_equal) /test/12.3_dbg_san/sql/sql_select.cc:19200:36
#5 0x5b8442fbc3d5 in substitute_for_best_equal_field(THD, st_join_table, Item, COND_EQUAL, void*, bool) /test/12.3_dbg_san/sql/sql_select.cc:19508:11
#6 0x5b8442fbbe43 in substitute_for_best_equal_field(THD, st_join_table, Item, COND_EQUAL, void*, bool) /test/12.3_dbg_san/sql/sql_select.cc:19426:23
#7 0x5b8442fbbe43 in substitute_for_best_equal_field(THD, st_join_table, Item, COND_EQUAL, void*, bool) /test/12.3_dbg_san/sql/sql_select.cc:19426:23
#8 0x5b8442f880df in JOIN::optimize_stage2() /test/12.3_dbg_san/sql/sql_select.cc:2926:12
#9 0x5b8442f842c8 in JOIN::optimize_inner() /test/12.3_dbg_san/sql/sql_select.cc:2789:9
#10 0x5b8442f7f3d6 in JOIN::optimize() /test/12.3_dbg_san/sql/sql_select.cc:2016:10
#11 0x5b8442cfa608 in st_select_lex::optimize_unflattened_subqueries(bool) /test/12.3_dbg_san/sql/sql_lex.cc:5133:31
#12 0x5b84437a1c27 in st_select_lex::optimize_constant_subqueries() /test/12.3_dbg_san/sql/opt_subselect.cc:5949:8
#13 0x5b8442f80fc5 in JOIN::optimize_inner() /test/12.3_dbg_san/sql/sql_select.cc:2395:19
#14 0x5b8442f7f3d6 in JOIN::optimize() /test/12.3_dbg_san/sql/sql_select.cc:2016:10
#15 0x5b8442f5e63f in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/12.3_dbg_san/sql/sql_select.cc:5425:19
#16 0x5b8442f5d83a in handle_select(THD, LEX, select_result*, unsigned long long) /test/12.3_dbg_san/sql/sql_select.cc:636:10
#17 0x5b8442e025dd in execute_sqlcom_select(THD, TABLE_LIST) /test/12.3_dbg_san/sql/sql_parse.cc:6212:12
#18 0x5b8442decc10 in mysql_execute_command(THD*, bool) /test/12.3_dbg_san/sql/sql_parse.cc:3987:12
#19 0x5b8442dc6678 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/12.3_dbg_san/sql/sql_parse.cc:7940:18
#20 0x5b8442dbe37e in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/12.3_dbg_san/sql/sql_parse.cc:1896:7
#21 0x5b8442dc8aba in do_command(THD*, bool) /test/12.3_dbg_san/sql/sql_parse.cc:1432:17
#22 0x5b84435f521c in do_handle_one_connection(CONNECT*, bool) /test/12.3_dbg_san/sql/sql_connect.cc:1503:11
#23 0x5b84435f4d25 in handle_one_connection /test/12.3_dbg_san/sql/sql_connect.cc:1415:5
#24 0x5b8441cbe82a in asan_thread_start(void*) crtstuff.c
#25 0x76718189ca93 in start_thread nptl/pthread_create.c:447:8
#26 0x767181929c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: invalid-bool-load /test/12.3_dbg_san/sql/item_cmpfunc.h:3723:17

CS 12.3.1 21a0714a118614982d20bfa504763d7247800091 (Debug, UBASAN, Clang 21.1.3-20250923) Build 17/02/2026
/test/12.3_dbg_san/sql/field.h:1193:27: runtime error: member access within null pointer of type 'Field'
#0 0x5b8441f21f11 in Field::eq(Field*) /test/12.3_dbg_san/sql/field.h:1193:27
#1 0x5b84422318c2 in Item_equal::contains(Field*) /test/12.3_dbg_san/sql/item_cmpfunc.cc:7167:16
#2 0x5b8441f9a447 in Item_field::find_item_equal(COND_EQUAL*) /test/12.3_dbg_san/sql/item.cc:6796:17
#3 0x5b84430725ad in eliminate_item_equal(THD, Item, COND_EQUAL, Item_equal) /test/12.3_dbg_san/sql/sql_select.cc:19200:36
#4 0x5b8442fbc3d5 in substitute_for_best_equal_field(THD, st_join_table, Item, COND_EQUAL, void*, bool) /test/12.3_dbg_san/sql/sql_select.cc:19508:11
#5 0x5b8442fbbe43 in substitute_for_best_equal_field(THD, st_join_table, Item, COND_EQUAL, void*, bool) /test/12.3_dbg_san/sql/sql_select.cc:19426:23
#6 0x5b8442fbbe43 in substitute_for_best_equal_field(THD, st_join_table, Item, COND_EQUAL, void*, bool) /test/12.3_dbg_san/sql/sql_select.cc:19426:23
#7 0x5b8442f880df in JOIN::optimize_stage2() /test/12.3_dbg_san/sql/sql_select.cc:2926:12
#8 0x5b8442f842c8 in JOIN::optimize_inner() /test/12.3_dbg_san/sql/sql_select.cc:2789:9
#9 0x5b8442f7f3d6 in JOIN::optimize() /test/12.3_dbg_san/sql/sql_select.cc:2016:10
#10 0x5b8442cfa608 in st_select_lex::optimize_unflattened_subqueries(bool) /test/12.3_dbg_san/sql/sql_lex.cc:5133:31
#11 0x5b84437a1c27 in st_select_lex::optimize_constant_subqueries() /test/12.3_dbg_san/sql/opt_subselect.cc:5949:8
#12 0x5b8442f80fc5 in JOIN::optimize_inner() /test/12.3_dbg_san/sql/sql_select.cc:2395:19
#13 0x5b8442f7f3d6 in JOIN::optimize() /test/12.3_dbg_san/sql/sql_select.cc:2016:10
#14 0x5b8442f5e63f in mysql_select(THD, TABLE_LIST, List<Item>&, Item, unsigned int, st_order, st_order, Item, st_order, unsigned long long, select_result, st_select_lex_unit, st_select_lex) /test/12.3_dbg_san/sql/sql_select.cc:5425:19
#15 0x5b8442f5d83a in handle_select(THD, LEX, select_result*, unsigned long long) /test/12.3_dbg_san/sql/sql_select.cc:636:10
#16 0x5b8442e025dd in execute_sqlcom_select(THD, TABLE_LIST) /test/12.3_dbg_san/sql/sql_parse.cc:6212:12
#17 0x5b8442decc10 in mysql_execute_command(THD*, bool) /test/12.3_dbg_san/sql/sql_parse.cc:3987:12
#18 0x5b8442dc6678 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/12.3_dbg_san/sql/sql_parse.cc:7940:18
#19 0x5b8442dbe37e in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/12.3_dbg_san/sql/sql_parse.cc:1896:7
#20 0x5b8442dc8aba in do_command(THD*, bool) /test/12.3_dbg_san/sql/sql_parse.cc:1432:17
#21 0x5b84435f521c in do_handle_one_connection(CONNECT*, bool) /test/12.3_dbg_san/sql/sql_connect.cc:1503:11
#22 0x5b84435f4d25 in handle_one_connection /test/12.3_dbg_san/sql/sql_connect.cc:1415:5
#23 0x5b8441cbe82a in asan_thread_start(void*) crtstuff.c
#24 0x76718189ca93 in start_thread nptl/pthread_create.c:447:8
#25 0x767181929c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/12.3_dbg_san/sql/field.h:1193:27

Setup:

Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:

  # Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref  dpkg --list | grep -iE 'clang|llvm'  and use  apt purge  and  dpkg --purge  to remove the packages), before installing Clang/LLVM 18

     sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18

Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1   # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter

SAN Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 230126 cd02709a315c9f08965d6b8fb7e75baaae17a4f4 No bug found
CS 10.6 opt 230126 cd02709a315c9f08965d6b8fb7e75baaae17a4f4 No bug found
CS 10.11 dbg 230126 b061b5ab1f2cd2a6993e53dc24a865304ced14cd No bug found
CS 10.11 opt 230126 b061b5ab1f2cd2a6993e53dc24a865304ced14cd No bug found
CS 11.4 dbg 260126 b6d0e23d76fe5936b6a29379ab494852e4d493b1 UBSAN\|load of value X, which is not a valid value for type 'bool'\|sql/item_cmpfunc.h\|Item_equal_iterator<List_iterator_fast,\|Item_equal_fields_iterator::Item_equal_fields_iterator\|Item_equal::contains\|Item_field::find_item_equal
CS 11.4 opt 260126 b6d0e23d76fe5936b6a29379ab494852e4d493b1 UBSAN\|load of value X, which is not a valid value for type 'bool'\|sql/item_cmpfunc.h\|Item_equal_iterator<List_iterator_fast,\|Item_equal_fields_iterator::Item_equal_fields_iterator\|Item_equal::contains\|Item_field::find_item_equal
CS 11.8 dbg 230126 01ff5ae6b677bead4c41d91bf5afb25c593a1d02 UBSAN\|load of value X, which is not a valid value for type 'bool'\|sql/item_cmpfunc.h\|Item_equal_iterator<List_iterator_fast,\|Item_equal_fields_iterator::Item_equal_fields_iterator\|Item_equal::contains\|Item_field::find_item_equal
CS 11.8 opt 230126 01ff5ae6b677bead4c41d91bf5afb25c593a1d02 UBSAN\|load of value X, which is not a valid value for type 'bool'\|sql/item_cmpfunc.h\|Item_equal_iterator<List_iterator_fast,\|Item_equal_fields_iterator::Item_equal_fields_iterator\|Item_equal::contains\|Item_field::find_item_equal
CS 12.2 dbg 230126 6ca70dd64ce56da40fad3bcd0641493210dd0a4c UBSAN\|member access within null pointer of type 'Field'\|sql/field.h\|Field::eq\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
CS 12.2 opt 230126 6ca70dd64ce56da40fad3bcd0641493210dd0a4c UBSAN\|member access within null pointer of type 'Field'\|sql/field.h\|Field::eq\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
CS 12.3 dbg 170226 21a0714a118614982d20bfa504763d7247800091 UBSAN\|load of value X, which is not a valid value for type 'bool'\|sql/item_cmpfunc.h\|Item_equal_iterator<List_iterator_fast,\|Item_equal_fields_iterator::Item_equal_fields_iterator\|Item_equal::contains\|Item_field::find_item_equal
CS 12.3 opt 170226 21a0714a118614982d20bfa504763d7247800091 UBSAN\|load of value X, which is not a valid value for type 'bool'\|sql/item_cmpfunc.h\|Item_equal_iterator<List_iterator_fast,\|Item_equal_fields_iterator::Item_equal_fields_iterator\|Item_equal::contains\|Item_field::find_item_equal
ES 10.6 dbg 260126 0fe345fff3a0463224ca714831303d40fb83648b No bug found
ES 10.6 opt 230126 0fe345fff3a0463224ca714831303d40fb83648b No bug found
ES 11.4 dbg 260126 34f616d5fd2c649d0c79acb4e2423c90b8f10436 UBSAN\|load of value X, which is not a valid value for type 'bool'\|sql/item_cmpfunc.h\|Item_equal_iterator<List_iterator_fast,\|Item_equal_fields_iterator::Item_equal_fields_iterator\|Item_equal::contains\|Item_field::find_item_equal
ES 11.4 opt 260126 34f616d5fd2c649d0c79acb4e2423c90b8f10436 UBSAN\|load of value X, which is not a valid value for type 'bool'\|sql/item_cmpfunc.h\|Item_equal_iterator<List_iterator_fast,\|Item_equal_fields_iterator::Item_equal_fields_iterator\|Item_equal::contains\|Item_field::find_item_equal
ES 11.8 dbg 230126 405ee76b60c4ab82155f339136ed20d3b7363717 UBSAN\|member access within null pointer of type 'Field'\|sql/field.h\|Field::eq\|Item_equal::contains\|Item_field::find_item_equal\|eliminate_item_equal
ES 11.8 opt 230126 405ee76b60c4ab82155f339136ed20d3b7363717 UBSAN\|load of value X, which is not a valid value for type 'bool'\|sql/item_cmpfunc.h\|Item_equal_iterator<List_iterator_fast,\|Item_equal_fields_iterator::Item_equal_fields_iterator\|Item_equal::contains\|Item_field::find_item_equal

Attachments

Issue Links

relates to

MDEV-30051 SIGSEGV in Item_equal_iterator or Field::eq on SELECT, UBSAN: member call on address X which does not point to an object of type 'Item_equal' in sql/item_cmpfunc.cc and other UBSAN issues

Confirmed

Activity

People

Assignee:: Sergei Petrunia

Reporter:: Roel Van de Paar

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2026-02-20 04:42

Updated:: 2026-02-20 04:49

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.