Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-39268

UBSAN : shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long') in sql/sql_select.cc|create_ref_for_key | JOIN::get_best_combination

    XMLWordPrintable

Details

    • Can result in unexpected behaviour

    Description

      --source include/have_innodb.inc
      		 
       
      		 
      CREATE TABLE t (c1 INT,c2 INT,c3 INT,c4 INT,c5 INT,c6 INT,c7 INT,c8 INT,c9 INT,c10 INT,c11 INT,c12 INT,c13 INT,c14 INT,c15 INT,c16 INT,c17 INT,c18 INT,c19 INT,c20 INT,c21 INT,c22 INT,c23 INT,c24 INT,c25 INT,c26 INT,c27 INT,c28 INT,c29 INT,c30 INT,c31 INT,c32 INT,c33 INT,c34 INT,c35 INT,c36 INT,c37 INT,c38 INT,c39 INT,c40 INT,c41 INT,c42 INT,c43 INT,c44 INT,c45 INT,c46 INT,c47 INT,c48 INT,c49 INT,c50 INT,c51 INT,c52 INT,c53 INT,c54 INT,c55 INT,c56 INT,c57 INT,c58 INT,c59 INT,c60 INT,c61 INT,c62 INT,c63 INT,c64 INT,c65 INT) ENGINE=INNODB;
      		 
      SET JOIN_cache_level=4;
      		 
      SELECT * FROM t AS a NATURAL JOIN t AS b;

      Leads to:

      CS 12.2.2 de72d02bffe6639ef0b7911966a3f85e3eba052f (Debug, UBASAN, Clang 18.1.3-11) Build 03/02/2026

      		 
      /test/12.2_dbg_san/sql/sql_select.cc:13854:49: runtime error: shift exponent 64 is too large for 64-bit type 'key_part_map' (aka 'unsigned long')
      		 
          #0 0x58ad73e2597a in create_ref_for_key(JOIN*, st_join_table*, keyuse_t*, bool, unsigned long long) /test/12.2_dbg_san/sql/sql_select.cc:13854:49
      		 
          #1 0x58ad73da0374 in JOIN::get_best_combination() /test/12.2_dbg_san/sql/sql_select.cc:13535:11
      		 
          #2 0x58ad73d7c980 in JOIN::optimize_stage2() /test/12.2_dbg_san/sql/sql_select.cc:2828:7
      		 
          #3 0x58ad73d79db3 in JOIN::optimize_inner() /test/12.2_dbg_san/sql/sql_select.cc:2794:9
      		 
          #4 0x58ad73d75451 in JOIN::optimize() /test/12.2_dbg_san/sql/sql_select.cc:2021:10
      		 
          #5 0x58ad73d567ca in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/12.2_dbg_san/sql/sql_select.cc:5430:19
      		 
          #6 0x58ad73d55642 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/12.2_dbg_san/sql/sql_select.cc:636:10
      		 
          #7 0x58ad73c1b54a in execute_sqlcom_select(THD*, TABLE_LIST*) /test/12.2_dbg_san/sql/sql_parse.cc:6210:12
      		 
          #8 0x58ad73bf9116 in mysql_execute_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:3967:12
      		 
          #9 0x58ad73bd72e8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/12.2_dbg_san/sql/sql_parse.cc:7932:18
      		 
          #10 0x58ad73bd0182 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1896:7
      		 
          #11 0x58ad73bd9d0d in do_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1432:17
      		 
          #12 0x58ad7437dfac in do_handle_one_connection(CONNECT*, bool) /test/12.2_dbg_san/sql/sql_connect.cc:1503:11
      		 
          #13 0x58ad7437d867 in handle_one_connection /test/12.2_dbg_san/sql/sql_connect.cc:1415:5
      		 
          #14 0x58ad7291b5ac in asan_thread_start(void*) crtstuff.c
      		 
          #15 0x7da9fde9caa3 in start_thread nptl/pthread_create.c:447:8
      		 
          #16 0x7da9fdf29c6b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
      		 
       
      		 
      SUMMARY: UndefinedBehaviorSanitizer: invalid-shift-exponent /test/12.2_dbg_san/sql/sql_select.cc:13854:49
      		 
      /test/12.2_dbg_san/sql/sql_select.cc:14069:56: runtime error: shift exponent 64 is too large for 64-bit type 'key_part_map' (aka 'unsigned long')
      		 
          #0 0x58ad73da6250 in add_not_null_conds(JOIN*) /test/12.2_dbg_san/sql/sql_select.cc:14069:56
      		 
          #1 0x58ad73da6250 in make_join_select(JOIN*, SQL_SELECT*, Item*) /test/12.2_dbg_san/sql/sql_select.cc:14389:5
      		 
          #2 0x58ad73d7f735 in JOIN::optimize_stage2() /test/12.2_dbg_san/sql/sql_select.cc:3074:7
      		 
          #3 0x58ad73d79db3 in JOIN::optimize_inner() /test/12.2_dbg_san/sql/sql_select.cc:2794:9
      		 
          #4 0x58ad73d75451 in JOIN::optimize() /test/12.2_dbg_san/sql/sql_select.cc:2021:10
      		 
          #5 0x58ad73d567ca in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/12.2_dbg_san/sql/sql_select.cc:5430:19
      		 
          #6 0x58ad73d55642 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/12.2_dbg_san/sql/sql_select.cc:636:10
      		 
          #7 0x58ad73c1b54a in execute_sqlcom_select(THD*, TABLE_LIST*) /test/12.2_dbg_san/sql/sql_parse.cc:6210:12
      		 
          #8 0x58ad73bf9116 in mysql_execute_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:3967:12
      		 
          #9 0x58ad73bd72e8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/12.2_dbg_san/sql/sql_parse.cc:7932:18
      		 
          #10 0x58ad73bd0182 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1896:7
      		 
          #11 0x58ad73bd9d0d in do_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1432:17
      		 
          #12 0x58ad7437dfac in do_handle_one_connection(CONNECT*, bool) /test/12.2_dbg_san/sql/sql_connect.cc:1503:11
      		 
          #13 0x58ad7437d867 in handle_one_connection /test/12.2_dbg_san/sql/sql_connect.cc:1415:5
      		 
          #14 0x58ad7291b5ac in asan_thread_start(void*) crtstuff.c
      		 
          #15 0x7da9fde9caa3 in start_thread nptl/pthread_create.c:447:8
      		 
          #16 0x7da9fdf29c6b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
      		 
       
      		 
      SUMMARY: UndefinedBehaviorSanitizer: invalid-shift-exponent /test/12.2_dbg_san/sql/sql_select.cc:14069:56
      		 
      /test/12.2_dbg_san/sql/sql_select.cc:31104:30: runtime error: shift exponent 64 is too large for 64-bit type 'key_part_map' (aka 'unsigned long')
      		 
          #0 0x58ad73ea1000 in st_join_table::save_explain_data(Explain_table_access*, unsigned long long, bool, st_join_table*) /test/12.2_dbg_san/sql/sql_select.cc:31104:30
      		 
          #1 0x58ad73dde461 in JOIN::save_explain_data_intern(Explain_query*, bool, bool, bool, char const*) /test/12.2_dbg_san/sql/sql_select.cc:31627:16
      		 
          #2 0x58ad73d74a99 in JOIN::save_explain_data(Explain_query*, bool, bool, bool, bool) /test/12.2_dbg_san/sql/sql_select.cc:4875:14
      		 
          #3 0x58ad73d72fab in JOIN::build_explain() /test/12.2_dbg_san/sql/sql_select.cc:1958:13
      		 
          #4 0x58ad73d754c3 in JOIN::optimize() /test/12.2_dbg_san/sql/sql_select.cc:2026:12
      		 
          #5 0x58ad73d567ca in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/12.2_dbg_san/sql/sql_select.cc:5430:19
      		 
          #6 0x58ad73d55642 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/12.2_dbg_san/sql/sql_select.cc:636:10
      		 
          #7 0x58ad73c1b54a in execute_sqlcom_select(THD*, TABLE_LIST*) /test/12.2_dbg_san/sql/sql_parse.cc:6210:12
      		 
          #8 0x58ad73bf9116 in mysql_execute_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:3967:12
      		 
          #9 0x58ad73bd72e8 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/12.2_dbg_san/sql/sql_parse.cc:7932:18
      		 
          #10 0x58ad73bd0182 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1896:7
      		 
          #11 0x58ad73bd9d0d in do_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1432:17
      		 
          #12 0x58ad7437dfac in do_handle_one_connection(CONNECT*, bool) /test/12.2_dbg_san/sql/sql_connect.cc:1503:11
      		 
          #13 0x58ad7437d867 in handle_one_connection /test/12.2_dbg_san/sql/sql_connect.cc:1415:5
      		 
          #14 0x58ad7291b5ac in asan_thread_start(void*) crtstuff.c
      		 
          #15 0x7da9fde9caa3 in start_thread nptl/pthread_create.c:447:8
      		 
          #16 0x7da9fdf29c6b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
      		 
       
      		 
      SUMMARY: UndefinedBehaviorSanitizer: invalid-shift-exponent /test/12.2_dbg_san/sql/sql_select.cc:31104:30

      Setup:

      Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:
      		 
        # Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref  dpkg --list | grep -iE 'clang|llvm'  and use  apt purge  and  dpkg --purge  to remove the packages), before installing Clang/LLVM 18
      		 
           sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18
      		 
      Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
      		 
          -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
      		 
      Set before execution:
      		 
          export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1   # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter

      SAN Bug Detection Matrix

      		 
          Rel    o/d  Build   Commit                                    UniqueID observed
      		 
      CS  10.6   dbg  050126  b64db51ad89d78e6a6f8bc238dd2e208b5f7aa92  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  10.6   opt  050126  b64db51ad89d78e6a6f8bc238dd2e208b5f7aa92  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  10.11  dbg  120226  67fceadfa45b3f14921114544734455ecbdd480e  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  10.11  opt  120226  67fceadfa45b3f14921114544734455ecbdd480e  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  11.4   dbg  120226  78201a41b5e88b94c27f5ecc16c9e5486e2e50c3  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  11.4   opt  120226  78201a41b5e88b94c27f5ecc16c9e5486e2e50c3  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  11.8   dbg  120226  65ee9a7b4694d1b6f366b5a7a3d1b0549e5a3671  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  11.8   opt  120226  65ee9a7b4694d1b6f366b5a7a3d1b0549e5a3671  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  12.2   dbg  120226  d26a6f44c1f2119377e79a9540886c6d8c01472f  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  12.2   opt  120226  d26a6f44c1f2119377e79a9540886c6d8c01472f  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  12.3   dbg  020426  669e7aa798f984c0c4178c20f6926b956c8f095e  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  12.3   opt  020426  669e7aa798f984c0c4178c20f6926b956c8f095e  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  10.6   dbg  170226  22e626b9c17e9969925c54f14d30e39e25320b22  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  10.6   opt  170226  22e626b9c17e9969925c54f14d30e39e25320b22  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  11.4   dbg  170226  34f616d5fd2c649d0c79acb4e2423c90b8f10436  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  11.4   opt  170226  34f616d5fd2c649d0c79acb4e2423c90b8f10436  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  11.8   dbg  170226  405ee76b60c4ab82155f339136ed20d3b7363717  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  11.8   opt  170226  405ee76b60c4ab82155f339136ed20d3b7363717  UBSAN|shift exponent X is too large for 64-bit type 'key_part_map' (aka 'unsigned long')|sql/sql_select.cc|create_ref_for_key|JOIN::get_best_combination|JOIN::optimize_stage2|JOIN::optimize_inner

      Attachments

        Activity

          People

            psergei Sergei Petrunia
            ramesh Ramesh Sivaraman
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.