Details
-
Bug
-
Status: Approved (View Workflow)
-
Blocker
-
Resolution: Unresolved
-
11.8
-
None
-
Q2/2026 Server Maintenance
Description
CREATE OR REPLACE TABLE t (a INT); |
UPDATE t FOR PORTION OF p FROM '2026-02-01' TO '2026-03-01' SET a = 2; |
Leads to:
|
CS 11.8.7 7c1b02cc19883708b6111f50f8d2cd2d2c371f5c (Debug, Clang 18.1.3-11) Build 17/04/2026 |
mariadbd: /test/11.8_dbg/strings/strcoll.inl:230: int my_strnncoll_utf8mb3_general1400_as_ci(CHARSET_INFO *, const uchar *, size_t, const uchar *, size_t, my_bool): Assertion `a' failed.
|
|
CS 11.8.7 7c1b02cc19883708b6111f50f8d2cd2d2c371f5c (Debug, Clang 18.1.3-11) Build 17/04/2026 |
Core was generated by `/test/MD170426-mariadb-11.8.7-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
|
|
|
[Current thread is 1 (LWP 3892153)]
|
(gdb) bt
|
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
|
#1 __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
|
#2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
|
#3 0x0000791a9aa4527e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
|
#4 0x0000791a9aa288ff in __GI_abort () at ./stdlib/abort.c:79
|
#5 0x0000791a9aa2881b in __assert_fail_base (fmt=0x791a9abd01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x64788db09209 "a", file=file@entry=0x64788dbbb3ff "/test/11.8_dbg/strings/strcoll.inl", line=line@entry=230, function=function@entry=0x64788dbc5af8 "int my_strnncoll_utf8mb3_general1400_as_ci(CHARSET_INFO *, const uchar *, size_t, const uchar *, size_t, my_bool)")at ./assert/assert.c:96
|
#6 0x0000791a9aa3b517 in __assert_fail (assertion=0x64788db09209 "a", file=0x64788dbbb3ff "/test/11.8_dbg/strings/strcoll.inl", line=230, function=0x64788dbc5af8 "int my_strnncoll_utf8mb3_general1400_as_ci(CHARSET_INFO *, const uchar *, size_t, const uchar *, size_t, my_bool)")at ./assert/assert.c:105
|
#7 0x000064788d7d1e11 in my_strnncoll_utf8mb3_general1400_as_ci (cs=0x64788e5ebaf0 <my_charset_utf8mb3_general1400_as_ci>, a=0x0, a_length=0, b=0x71197c019df8 "p", b_length=1, b_is_prefix=0 '\000')at /test/11.8_dbg/strings/strcoll.inl:230
|
#8 0x000064788c8c34bf in charset_info_st::strnncoll (this=0x64788e5ebaf0 <my_charset_utf8mb3_general1400_as_ci>, a={str = 0x0, length = 0}, b={str = 0x71197c019df8 "p", length = 1}, b_is_prefix=0 '\000') at /test/11.8_dbg/include/m_ctype.h:1106
|
#9 0x000064788c8c3358 in charset_info_st::streq (this=0x64788e5ebaf0 <my_charset_utf8mb3_general1400_as_ci>, a={str = 0x0, length = 0}, b={str = 0x71197c019df8 "p", length = 1})at /test/11.8_dbg/include/m_ctype.h:1098
|
#10 0x000064788c8eeace in Lex_ident<Compare_ident_ci>::streq (this=0x71197c02f1b8, b=@0x71197c01a658: {<Lex_cstring> = {<st_mysql_const_lex_string> = {str = 0x71197c019df8 "p", length = 1}, <No data fields>}, <No data fields>})at /test/11.8_dbg/sql/lex_ident.h:129
|
#11 0x000064788ca64e66 in st_select_lex::period_setup_conds (this=0x71197c005908, thd=0x71197c000d58, tables=0x71197c019f60)at /test/11.8_dbg/sql/sql_select.cc:1177
|
#12 0x000064788cb6aa72 in Multiupdate_prelocking_strategy::handle_end (this=0x71197c01a8b8, thd=0x71197c000d58)at /test/11.8_dbg/sql/sql_update.cc:1679
|
#13 0x000064788c940da8 in open_tables (thd=0x71197c000d58, options=@0x71197c006668: {m_options = DDL_options_st::OPT_NONE}, start=0x791a7456c208, counter=0x71197c01a878, flags=0, prelocking_strategy=0x71197c01a8b8) at /test/11.8_dbg/sql/sql_base.cc:4863
|
#14 0x000064788c9442ca in open_tables (thd=0x71197c000d58, tables=0x791a7456c208, counter=0x71197c01a878, flags=0, prelocking_strategy=0x71197c01a8b8) at /test/11.8_dbg/sql/sql_base.h:275
|
#15 0x000064788c944480 in open_tables_for_query (thd=0x71197c000d58, tables=0x71197c019f60, table_count=0x71197c01a878, flags=0, prelocking_strategy=0x71197c01a8b8) at /test/11.8_dbg/sql/sql_base.cc:5887
|
#16 0x000064788cabcc4f in Sql_cmd_dml::prepare (this=0x71197c01a860, thd=0x71197c000d58) at /test/11.8_dbg/sql/sql_select.cc:34537
|
#17 0x000064788cabcebf in Sql_cmd_dml::execute (this=0x71197c01a860, thd=0x71197c000d58) at /test/11.8_dbg/sql/sql_select.cc:34600
|
#18 0x000064788ca0138f in mysql_execute_command (thd=0x71197c000d58, is_called_from_prepared_stmt=false) at /test/11.8_dbg/sql/sql_parse.cc:4465
|
#19 0x000064788c9f7554 in mysql_parse (thd=0x71197c000d58, rawbuf=0x71197c019cd0 "UPDATE t FOR PORTION OF p FROM '2026-02-01' TO '2026-03-01' SET id = 2", length=71, parser_state=0x791a7456dad0)at /test/11.8_dbg/sql/sql_parse.cc:7955
|
#20 0x000064788c9f4899 in dispatch_command (command=COM_QUERY, thd=0x71197c000d58, packet=0x71197c00b079 "UPDATE t FOR PORTION OF p FROM '2026-02-01' TO '2026-03-01' SET id = 2", packet_length=71, blocking=true)at /test/11.8_dbg/sql/sql_parse.cc:1923
|
#21 0x000064788c9f8103 in do_command (thd=0x71197c000d58, blocking=true)at /test/11.8_dbg/sql/sql_parse.cc:1431
|
#22 0x000064788cbe57e9 in do_handle_one_connection (connect=0x6478b532ba08, put_in_cache=true) at /test/11.8_dbg/sql/sql_connect.cc:1504
|
#23 0x000064788cbe558e in handle_one_connection (arg=0x6478b53ec2c8)at /test/11.8_dbg/sql/sql_connect.cc:1416
|
#24 0x0000791a9aa9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#25 0x0000791a9ab29c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 170426 f12ff3600f3feed089462d111d4e4fcc0d940616 No bug found
|
CS 10.6 opt 170426 f12ff3600f3feed089462d111d4e4fcc0d940616 No bug found
|
CS 10.11 dbg 170426 e7bd8976f6908e51445fe93de550b0e53af1c535 No bug found
|
CS 10.11 opt 170426 e7bd8976f6908e51445fe93de550b0e53af1c535 No bug found
|
CS 11.4 dbg 170426 09eeaa7adbe6d22152ef6df7e3b1758db6480262 No bug found
|
CS 11.4 opt 170426 09eeaa7adbe6d22152ef6df7e3b1758db6480262 No bug found
|
CS 11.8 dbg 170426 7c1b02cc19883708b6111f50f8d2cd2d2c371f5c a|SIGABRT|my_strnncoll_utf8mb3_general1400_as_ci|charset_info_st::strnncoll|charset_info_st::streq|Lex_ident<Compare_ident_ci>::streq
|
CS 11.8 opt 170426 7c1b02cc19883708b6111f50f8d2cd2d2c371f5c No bug found
|
CS 12.3 dbg 170426 cc4bba065ae69cb8a7c585d9c64ed2c379ebdb9d No bug found
|
CS 12.3 opt 170426 cc4bba065ae69cb8a7c585d9c64ed2c379ebdb9d No bug found
|
CS 13.0 dbg 170426 d2803e117b15b2868a65e6289d3a4e77b891c2dd No bug found
|
CS 13.0 opt 170426 d2803e117b15b2868a65e6289d3a4e77b891c2dd No bug found
|
ES 10.6 dbg 151225 bc33b05c6a65de27dbe811a30bc37c207d60ee8e No bug found
|
ES 10.6 opt 151225 bc33b05c6a65de27dbe811a30bc37c207d60ee8e No bug found
|
ES 11.4 dbg 151225 714f2134597e00f4ff107886cf3a55eff48e4510 No bug found
|
ES 11.4 opt 151225 714f2134597e00f4ff107886cf3a55eff48e4510 No bug found
|
ES 11.8 dbg 151225 4008de1a5b06105a64821db7b851328f1b27d99e No bug found
|
ES 11.8 opt 151225 4008de1a5b06105a64821db7b851328f1b27d99e No bug found
|
The assertion happens after this commit
commit 7c1b02cc19883708b6111f50f8d2cd2d2c371f5c (HEAD -> 11.8, origin/11.8)
|
Author: Raghunandan Bhat <raghunandan.bhat96@gmail.com>
|
Date: Mon Apr 13 16:45:39 2026 +0530
|
|
|
MDEV-35717: UBSAN: runtime error: applying zero offset to null pointer in `my_strnncoll_utf8mb3_general1400_as_ci`
|
|
|
Problem:
|
UBSAN reports runtime errors in string comparision functions when
|
pointer arithmetic is done without checking NULL.
|
|
|
Fix:
|
- Add debug asserts in `strnncoll` function to catch NULL pointers.
|
- Define a new function `streq_safe` as a replacement for `streq`,
|
capable of handling NULL pointers. Replace `streq` with `streq_safe`
|
at multiple call sites, identified by the debug asserts.
|
- Add empty identifier checks in `is_infoschema_db` and
|
`is_perfschema_db` before calling the deep character-set based
|
comparision.
|
Attachments
Issue Links
- is caused by
-
-
- Closed
-