Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.6, 10.11, 11.4, 11.8, 12.2(EOL), 12.3, 13.0
Description
SET sql_mode=''; |
CREATE TABLE t (c BIGINT,c2 REAL(1,1) ZEROFILL,c3 CHAR AS (c) VIRTUAL,KEY(c)) ROW_FORMAT=COMPACT; |
CREATE TRIGGER tr1 AFTER INSERT ON t FOR EACH ROW SHOW PROFILES; |
REPLACE INTO t VALUES (0,0,0) RETURNING c; |
Leads to:
|
CS 13.0.1 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 (Debug, Clang 21.1.3-20250923) Build 10/04/2026 |
Core was generated by `/test/MD100426-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x00005d0aaf811f35 in Protocol::valid_handler (this=0x6f4600001430, pos=0, type=PROTOCOL_SEND_LONGLONG) at /test/13.0_dbg/sql/protocol.h:51
|
 |
[Current thread is 1 (LWP 2574141)]
|
(gdb) bt
|
#0 0x00005d0aaf811f35 in Protocol::valid_handler (this=0x6f4600001430, pos=0, type=PROTOCOL_SEND_LONGLONG) at /test/13.0_dbg/sql/protocol.h:51
|
#1 0x00005d0aaf80f2dd in Protocol_text::store_longlong (this=0x6f4600001430, from=0, unsigned_flag=false) at /test/13.0_dbg/sql/protocol.cc:1559
|
#2 0x00005d0aaf5c7cf0 in Field_longlong::send (this=0x6f4600036728, protocol=0x6f4600001430) at /test/13.0_dbg/sql/field.cc:4824
|
#3 0x00005d0aaf80e4a4 in Protocol_text::store (this=0x6f4600001430, field=0x6f4600036728) at /test/13.0_dbg/sql/protocol.cc:1615
|
#4 0x00005d0aaf60f759 in Item_field::send (this=0x6f460001b948, protocol=0x6f4600001430, buffer=0x774748d21590)at /test/13.0_dbg/sql/item.cc:7959
|
#5 0x00005d0aaf80e59c in Protocol::send_result_set_row (this=0x6f4600001430, row_items=0x6f4600005da8) at /test/13.0_dbg/sql/protocol.cc:1358
|
#6 0x00005d0aaf8d9b5e in select_send::send_data (this=0x6f460001ba80, items=@0x6f4600005da8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6f460001ba70, last = 0x6f460001ba70, elements = 1}, <No data fields>})at /test/13.0_dbg/sql/sql_class.cc:3410
|
#7 0x00005d0aaf9c7bf6 in Write_record::send_data (this=0x774748d21f30)at /test/13.0_dbg/sql/sql_insert.cc:2564
|
#8 0x00005d0aaf9c7b8b in Write_record::after_insert (this=0x774748d21f30, inserted=0x774748d21a60) at /test/13.0_dbg/sql/sql_insert.cc:2542
|
#9 0x00005d0aaf9bd7a8 in Write_record::replace_row (this=0x774748d21f30, inserted=0x774748d21a60, deleted=0x774748d21a58)at /test/13.0_dbg/sql/sql_insert.cc:2231
|
#10 0x00005d0aaf9bc245 in Write_record::write_record (this=0x774748d21f30)at /test/13.0_dbg/sql/sql_insert.cc:2440
|
#11 0x00005d0aaf9b99dd in mysql_insert (thd=0x6f4600000d58, table_list=0x6f460001a210, fields=@0x6f4600006218: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5d0ab0aeef70 <end_of_list>, last = 0x6f4600006218, elements = 0}, <No data fields>}, values_list=@0x6f4600006260: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6f460001b030, last = 0x6f460001b030, elements = 1}, <No data fields>}, update_fields=@0x6f4600006248: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5d0ab0aeef70 <end_of_list>, last = 0x6f4600006248, elements = 0}, <No data fields>}, update_values=@0x6f4600006230: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5d0ab0aeef70 <end_of_list>, last = 0x6f4600006230, elements = 0}, <No data fields>}, duplic=DUP_REPLACE, ignore=false, result=0x6f460001ba80)at /test/13.0_dbg/sql/sql_insert.cc:1233
|
#12 0x00005d0aafa1fb9e in mysql_execute_command (thd=0x6f4600000d58, is_called_from_prepared_stmt=false) at /test/13.0_dbg/sql/sql_parse.cc:4500
|
#13 0x00005d0aafa169c8 in mysql_parse (thd=0x6f4600000d58, rawbuf=0x6f460001a110 "REPLACE INTO t VALUES (0,0,0) RETURNING c", length=41, parser_state=0x774748d239f0)at /test/13.0_dbg/sql/sql_parse.cc:7941
|
#14 0x00005d0aafa1411e in dispatch_command (command=COM_QUERY, thd=0x6f4600000d58, packet=0x6f460000b4b9 "", packet_length=41, blocking=true) at /test/13.0_dbg/sql/sql_parse.cc:1898
|
#15 0x00005d0aafa1744a in do_command (thd=0x6f4600000d58, blocking=true)at /test/13.0_dbg/sql/sql_parse.cc:1432
|
#16 0x00005d0aafc1a70e in do_handle_one_connection (connect=0x5d0ab3860c68, put_in_cache=true) at /test/13.0_dbg/sql/sql_connect.cc:1503
|
#17 0x00005d0aafc1a4f1 in handle_one_connection (arg=0x5d0ab37d1b78)at /test/13.0_dbg/sql/sql_connect.cc:1415
|
#18 0x000077474a49ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#19 0x000077474a529c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 SIGSEGV|Protocol::valid_handler|Protocol_text::store_longlong|Field_longlong::send|Protocol_text::store
|
CS 10.6 opt 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 No bug found
|
CS 10.11 dbg 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 SIGSEGV|Protocol::valid_handler|Protocol_text::store_longlong|Field_longlong::send|Protocol_text::store
|
CS 10.11 opt 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 No bug found
|
CS 11.4 dbg 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de SIGSEGV|Protocol::valid_handler|Protocol_text::store_longlong|Field_longlong::send|Protocol_text::store
|
CS 11.4 opt 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de No bug found
|
CS 11.8 dbg 100426 e47db94aea7f0d6e0177e948486fc8860331f05f SIGSEGV|Protocol::valid_handler|Protocol_text::store_longlong|Field_longlong::send|Protocol_text::store
|
CS 11.8 opt 100426 e47db94aea7f0d6e0177e948486fc8860331f05f No bug found
|
CS 12.2 dbg 100426 d26a6f44c1f2119377e79a9540886c6d8c01472f SIGSEGV|Protocol::valid_handler|Protocol_text::store_longlong|Field_longlong::send|Protocol_text::store
|
CS 12.2 opt 100426 d26a6f44c1f2119377e79a9540886c6d8c01472f No bug found
|
CS 12.3 dbg 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb SIGSEGV|Protocol::valid_handler|Protocol_text::store_longlong|Field_longlong::send|Protocol_text::store
|
CS 12.3 opt 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb No bug found
|
CS 13.0 dbg 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 SIGSEGV|Protocol::valid_handler|Protocol_text::store_longlong|Field_longlong::send|Protocol_text::store
|
CS 13.0 opt 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 No bug found
|
ES 10.6 dbg 100426 84a80c8b38208d362225496da08d86d8d454e453 SIGSEGV|Protocol::valid_handler|Protocol_text::store_longlong|Field_longlong::send|Protocol_text::store
|
ES 10.6 opt 100426 84a80c8b38208d362225496da08d86d8d454e453 No bug found
|
ES 11.4 dbg 100426 8b2bf17b733262409422ce7d039a0c021fc47077 SIGSEGV|Protocol::valid_handler|Protocol_text::store_longlong|Field_longlong::send|Protocol_text::store
|
ES 11.4 opt 100426 8b2bf17b733262409422ce7d039a0c021fc47077 No bug found
|
ES 11.8 dbg 100426 854cae81f52e477c7777a51db26ba640d8755b81 SIGSEGV|Protocol::valid_handler|Protocol_text::store_longlong|Field_longlong::send|Protocol_text::store
|
ES 11.8 opt 100426 854cae81f52e477c7777a51db26ba640d8755b81 No bug found
|
ES 12.3 dbg 220426 613a6253fe9efc12e166f83a97663ba263db8317 SIGSEGV|Protocol::valid_handler|Protocol_text::store_longlong|Field_longlong::send|Protocol_text::store
|
ES 12.3 opt 220426 613a6253fe9efc12e166f83a97663ba263db8317 No bug found
|
|
CS 13.0.1 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 (Debug, UBASAN, Clang 21.1.3-20250923) Build 10/04/2026 |
==2424454==ERROR: AddressSanitizer: heap-use-after-free on address 0x706c8b11a3c0 at pc 0x56a81b9d12dc bp 0x661b724ffe30 sp 0x661b724ffe28
|
READ of size 8 at 0x706c8b11a3c0 thread T15
|
#0 0x56a81b9d12db in Protocol::valid_handler(unsigned int, protocol_send_type_t) const /test/13.0_dbg_san/sql/protocol.h:51:12
|
#1 0x56a81b9d12db in Protocol_text::store_longlong(long long, bool) /test/13.0_dbg_san/sql/protocol.cc:1559:3
|
#2 0x56a81b9cdd97 in Protocol_text::store(Field*) /test/13.0_dbg_san/sql/protocol.cc:1615:19
|
#3 0x56a81b9ce408 in Protocol::send_result_set_row(List<Item>*) /test/13.0_dbg_san/sql/protocol.cc:1358:15
|
#4 0x56a81bc99328 in select_send::send_data(List<Item>&) /test/13.0_dbg_san/sql/sql_class.cc:3410:17
|
#5 0x56a81bfe9032 in Write_record::send_data() /test/13.0_dbg_san/sql/sql_insert.cc:2564:23
|
#6 0x56a81bfe8d82 in Write_record::after_insert(unsigned long long*) /test/13.0_dbg_san/sql/sql_insert.cc:2542:29
|
#7 0x56a81bfb62f4 in Write_record::replace_row(unsigned long long*, unsigned long long*) /test/13.0_dbg_san/sql/sql_insert.cc:2231:10
|
#8 0x56a81bfad766 in Write_record::write_record() /test/13.0_dbg_san/sql/sql_insert.cc:2440:10
|
#9 0x56a81bf9f9e0 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /test/13.0_dbg_san/sql/sql_insert.cc:1233:22
|
#10 0x56a81c11a909 in mysql_execute_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:4500:10
|
#11 0x56a81c0f021d in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/13.0_dbg_san/sql/sql_parse.cc:7941:18
|
#12 0x56a81c0e7fee in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1898:7
|
#13 0x56a81c0f25c4 in do_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1432:17
|
#14 0x56a81c92a84c in do_handle_one_connection(CONNECT*, bool) /test/13.0_dbg_san/sql/sql_connect.cc:1503:11
|
#15 0x56a81c92a355 in handle_one_connection /test/13.0_dbg_san/sql/sql_connect.cc:1415:5
|
#16 0x56a81afe86ca in asan_thread_start(void*) crtstuff.c
|
#17 0x721c8c29ca93 in start_thread nptl/pthread_create.c:447:8
|
#18 0x721c8c329c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
 |
0x706c8b11a3c0 is located 704 bytes inside of 8184-byte region [0x706c8b11a100,0x706c8b11c0f8)
|
freed by thread T15 here:
|
#0 0x56a81afeabaa in free (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd+0x4139baa) (BuildId: 57d40479ece88ee21294f041e3ea8c6902999338)
|
#1 0x56a81e2a1327 in root_free /test/13.0_dbg_san/mysys/my_alloc.c:77:5
|
#2 0x56a81e2a1327 in free_root /test/13.0_dbg_san/mysys/my_alloc.c:517:7
|
#3 0x56a81ba95555 in sp_head::execute(THD*, bool) /test/13.0_dbg_san/sql/sp_head.cc:1386:5
|
#4 0x56a81ba9b5f0 in sp_head::execute_trigger(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, st_grant_info*) /test/13.0_dbg_san/sql/sp_head.cc:1805:3
|
#5 0x56a81c6a221a in Table_triggers_list::process_triggers(THD*, trg_event_type, trg_action_time_type, bool, bool*, List<Item>*) /test/13.0_dbg_san/sql/sql_trigger.cc:2848:22
|
#6 0x56a81bfe8d76 in Write_record::after_ins_trg() /test/13.0_dbg_san/sql/sql_insert.cc:2550:27
|
#7 0x56a81bfe8d76 in Write_record::after_insert(unsigned long long*) /test/13.0_dbg_san/sql/sql_insert.cc:2542:10
|
#8 0x56a81bfb62f4 in Write_record::replace_row(unsigned long long*, unsigned long long*) /test/13.0_dbg_san/sql/sql_insert.cc:2231:10
|
#9 0x56a81bfad766 in Write_record::write_record() /test/13.0_dbg_san/sql/sql_insert.cc:2440:10
|
#10 0x56a81bf9f9e0 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /test/13.0_dbg_san/sql/sql_insert.cc:1233:22
|
#11 0x56a81c11a909 in mysql_execute_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:4500:10
|
#12 0x56a81c0f021d in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/13.0_dbg_san/sql/sql_parse.cc:7941:18
|
#13 0x56a81c0e7fee in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1898:7
|
#14 0x56a81c0f25c4 in do_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1432:17
|
#15 0x56a81c92a84c in do_handle_one_connection(CONNECT*, bool) /test/13.0_dbg_san/sql/sql_connect.cc:1503:11
|
#16 0x56a81c92a355 in handle_one_connection /test/13.0_dbg_san/sql/sql_connect.cc:1415:5
|
#17 0x56a81afe86ca in asan_thread_start(void*) crtstuff.c
|
 |
previously allocated by thread T15 here:
|
#0 0x56a81afeae48 in malloc (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd+0x4139e48) (BuildId: 57d40479ece88ee21294f041e3ea8c6902999338)
|
#1 0x56a81e2ed196 in my_malloc /test/13.0_dbg_san/mysys/my_malloc.c:93:29
|
#2 0x56a81e29f063 in alloc_root /test/13.0_dbg_san/mysys/my_alloc.c:336:29
|
#3 0x56a81c0f6dc5 in Query_arena::memdup_w_gap(void const*, unsigned long, unsigned long) const /test/13.0_dbg_san/sql/sql_class.h:1388:9
|
#4 0x56a81c0f6dc5 in alloc_query(THD*, char const*, unsigned long) /test/13.0_dbg_san/sql/sql_parse.cc:2775:30
|
#5 0x56a81cc583bd in sp_instr_stmt::execute(THD*, unsigned int*) /test/13.0_dbg_san/sql/sp_instr.cc:1158:14
|
#6 0x56a81ba942ac in sp_head::execute(THD*, bool) /test/13.0_dbg_san/sql/sp_head.cc:1292:20
|
#7 0x56a81ba9b5f0 in sp_head::execute_trigger(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, st_grant_info*) /test/13.0_dbg_san/sql/sp_head.cc:1805:3
|
#8 0x56a81c6a221a in Table_triggers_list::process_triggers(THD*, trg_event_type, trg_action_time_type, bool, bool*, List<Item>*) /test/13.0_dbg_san/sql/sql_trigger.cc:2848:22
|
#9 0x56a81bfe8d76 in Write_record::after_ins_trg() /test/13.0_dbg_san/sql/sql_insert.cc:2550:27
|
#10 0x56a81bfe8d76 in Write_record::after_insert(unsigned long long*) /test/13.0_dbg_san/sql/sql_insert.cc:2542:10
|
#11 0x56a81bfb62f4 in Write_record::replace_row(unsigned long long*, unsigned long long*) /test/13.0_dbg_san/sql/sql_insert.cc:2231:10
|
#12 0x56a81bfad766 in Write_record::write_record() /test/13.0_dbg_san/sql/sql_insert.cc:2440:10
|
#13 0x56a81bf9f9e0 in mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /test/13.0_dbg_san/sql/sql_insert.cc:1233:22
|
#14 0x56a81c11a909 in mysql_execute_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:4500:10
|
#15 0x56a81c0f021d in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/13.0_dbg_san/sql/sql_parse.cc:7941:18
|
#16 0x56a81c0e7fee in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1898:7
|
#17 0x56a81c0f25c4 in do_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1432:17
|
#18 0x56a81c92a84c in do_handle_one_connection(CONNECT*, bool) /test/13.0_dbg_san/sql/sql_connect.cc:1503:11
|
#19 0x56a81c92a355 in handle_one_connection /test/13.0_dbg_san/sql/sql_connect.cc:1415:5
|
#20 0x56a81afe86ca in asan_thread_start(void*) crtstuff.c
|
 |
Thread T15 created by T0 here:
|
#0 0x56a81afcedc5 in pthread_create (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd+0x411ddc5) (BuildId: 57d40479ece88ee21294f041e3ea8c6902999338)
|
#1 0x56a81b043eac in create_thread_to_handle_connection(CONNECT*) /test/13.0_dbg_san/sql/mysqld.cc:6466:19
|
#2 0x56a81b044f35 in handle_connections_sockets() /test/13.0_dbg_san/sql/mysqld.cc:6702:9
|
#3 0x56a81b04347a in run_main_loop() /test/13.0_dbg_san/sql/mysqld.cc:5942:3
|
#4 0x56a81b03789c in mysqld_main(int, char**) /test/13.0_dbg_san/sql/mysqld.cc:6371:3
|
#5 0x721c8c22a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
|
#6 0x721c8c22a28a in __libc_start_main csu/../csu/libc-start.c:360:3
|
#7 0x56a81af456d4 in _start (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd+0x40946d4) (BuildId: 57d40479ece88ee21294f041e3ea8c6902999338)
|
 |
SUMMARY: AddressSanitizer: heap-use-after-free /test/13.0_dbg_san/sql/protocol.h:51:12 in Protocol::valid_handler(unsigned int, protocol_send_type_t) const
|
Shadow bytes around the buggy address:
|
0x706c8b11a100: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x706c8b11a180: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x706c8b11a200: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x706c8b11a280: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x706c8b11a300: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
=>0x706c8b11a380: fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd
|
0x706c8b11a400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x706c8b11a480: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x706c8b11a500: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x706c8b11a580: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
0x706c8b11a600: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
|
Shadow byte legend (one shadow byte represents 8 application bytes):
|
Addressable: 00
|
Partially addressable: 01 02 03 04 05 06 07
|
Heap left redzone: fa
|
Freed heap region: fd
|
Stack left redzone: f1
|
Stack mid redzone: f2
|
Stack right redzone: f3
|
Stack after return: f5
|
Stack use after scope: f8
|
Global redzone: f9
|
Global init order: f6
|
Poisoned by user: f7
|
Container overflow: fc
|
Array cookie: ac
|
Intra object redzone: bb
|
ASan internal: fe
|
Left alloca redzone: ca
|
Right alloca redzone: cb
|
==2424454==ABORTING
|
Setup:
Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:
|
# Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref dpkg --list | grep -iE 'clang|llvm' and use apt purge and dpkg --purge to remove the packages), before installing Clang/LLVM 18
|
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18
|
Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export ASAN_OPTIONS=quarantine_size_mb=512:atexit=0:detect_invalid_pointer_pairs=3:dump_instruction_bytes=1:abort_on_error=1:allocator_may_return_null=1
|
|
SAN Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 ASAN|heap-use-after-free|sql/protocol.h|Protocol::valid_handler|Protocol_text::store_longlong|Protocol_text::store|Protocol::send_result_set_row
|
CS 10.6 opt 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 No bug found
|
CS 10.11 dbg 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 ASAN|heap-use-after-free|sql/protocol.h|Protocol::valid_handler|Protocol_text::store_longlong|Protocol_text::store|Protocol::send_result_set_row
|
CS 10.11 opt 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 No bug found
|
CS 11.4 dbg 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de ASAN|heap-use-after-free|sql/protocol.h|Protocol::valid_handler|Protocol_text::store_longlong|Protocol_text::store|Protocol::send_result_set_row
|
CS 11.4 opt 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de No bug found
|
CS 11.8 dbg 100426 e47db94aea7f0d6e0177e948486fc8860331f05f ASAN|heap-use-after-free|sql/protocol.h|Protocol::valid_handler|Protocol_text::store_longlong|Protocol_text::store|Protocol::send_result_set_row
|
CS 11.8 opt 100426 e47db94aea7f0d6e0177e948486fc8860331f05f No bug found
|
CS 12.2 dbg 100426 d26a6f44c1f2119377e79a9540886c6d8c01472f ASAN|heap-use-after-free|sql/protocol.h|Protocol::valid_handler|Protocol_text::store_longlong|Protocol_text::store|Protocol::send_result_set_row
|
CS 12.2 opt 100426 d26a6f44c1f2119377e79a9540886c6d8c01472f No bug found
|
CS 12.3 dbg 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb ASAN|heap-use-after-free|sql/protocol.h|Protocol::valid_handler|Protocol_text::store_longlong|Protocol_text::store|Protocol::send_result_set_row
|
CS 12.3 opt 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb No bug found
|
CS 13.0 dbg 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 ASAN|heap-use-after-free|sql/protocol.h|Protocol::valid_handler|Protocol_text::store_longlong|Protocol_text::store|Protocol::send_result_set_row
|
CS 13.0 opt 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 No bug found
|
ES 10.6 dbg 100426 84a80c8b38208d362225496da08d86d8d454e453 ASAN|heap-use-after-free|sql/protocol.h|Protocol::valid_handler|Protocol_text::store_longlong|Protocol_text::store|Protocol::send_result_set_row
|
ES 10.6 opt 100426 84a80c8b38208d362225496da08d86d8d454e453 No bug found
|
ES 11.4 dbg 100426 8b2bf17b733262409422ce7d039a0c021fc47077 ASAN|heap-use-after-free|sql/protocol.h|Protocol::valid_handler|Protocol_text::store_longlong|Protocol_text::store|Protocol::send_result_set_row
|
ES 11.4 opt 100426 8b2bf17b733262409422ce7d039a0c021fc47077 No bug found
|
ES 11.8 dbg 100426 854cae81f52e477c7777a51db26ba640d8755b81 ASAN|heap-use-after-free|sql/protocol.h|Protocol::valid_handler|Protocol_text::store_longlong|Protocol_text::store|Protocol::send_result_set_row
|
ES 11.8 opt 100426 854cae81f52e477c7777a51db26ba640d8755b81 No bug found
|
Testcase is MTR and CLI compatible. Happens at least with MyISAM and InnoDB.