[MDEV-39450] Memory corruption: overlapping memory ranges in Field_longstr::compress on UPDATE of compressed column - Jira

XML

Word

Printable

Details

Type: Bug
Status: Open (View Workflow)
Priority: Critical
Resolution: Unresolved
Affects Version/s: 10.6, 10.11, 11.4, 11.8, 12.3, 13.0
Fix Version/s: 10.6, 10.11, 11.4, 11.8, 12.3
Component/s: None
Labels:

Bug Category:
Can result in data loss

Description

CREATE TABLE t (c VARCHAR(255) COMPRESSED);

REPLACE INTO t VALUES ('abcdefghijklm');

UPDATE t SET c=RIGHT(c,10);

Leads to (note the different opt vs dbg stacks):

CS 13.0.1 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 (Optimized, UBASAN, Clang 21.1.3-20250923) Build 10/04/2026
==1461171==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x7970ce69d9bc,0x7970ce69d9c6) and [0x7970ce69d9bf, 0x7970ce69d9c9) overlap
#0 0x56e2393a74bd in __asan_memcpy (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-opt/bin/mariadbd+0x37e24bd) (BuildId: 42bcdc55a750676f646e2dd80dc01535a8d1a9ef)
#1 0x56e2395d01e4 in memcpy /usr/include/x86_64-linux-gnu/bits/string_fortified.h:29:10
#2 0x56e2395d01e4 in Field_longstr::compress(char, unsigned int, char const, unsigned int, unsigned int, unsigned int, charset_info_st const, unsigned long) /test/13.0_opt_san/sql/field.cc:8735:7
#3 0x56e2395d112c in Field_varstring_compressed::store(char const, unsigned long, charset_info_st const) /test/13.0_opt_san/sql/field.cc:8800:11
#4 0x56e239671887 in Item::save_str_in_field(Field*, bool) /test/13.0_opt_san/sql/item.cc:7282:21
#5 0x56e2396726fd in Item::save_in_field(Field*, bool) /test/13.0_opt_san/sql/item.cc:7330:30
#6 0x56e239ffe832 in fill_record(THD, TABLE, List<Item>&, List<Item>&, bool, bool) /test/13.0_opt_san/sql/sql_base.cc:9209:20
#7 0x56e23a001c80 in fill_record_n_invoke_before_triggers(THD, TABLE, List<Item>&, List<Item>&, bool, trg_event_type, bool*) /test/13.0_opt_san/sql/sql_base.cc:9411:11
#8 0x56e23ab1604f in Sql_cmd_update::update_single_table(THD*) /test/13.0_opt_san/sql/sql_update.cc:991:11
#9 0x56e23ab3fb91 in Sql_cmd_update::execute_inner(THD*) /test/13.0_opt_san/sql/sql_update.cc:3237:10
#10 0x56e23a8179b2 in Sql_cmd_dml::execute(THD*) /test/13.0_opt_san/sql/sql_select.cc:34993:9
#11 0x56e23a4eec81 in mysql_execute_command(THD*, bool) /test/13.0_opt_san/sql/sql_parse.cc:4444:27
#12 0x56e23a4d0d99 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/13.0_opt_san/sql/sql_parse.cc:7941:18
#13 0x56e23a4c8317 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/13.0_opt_san/sql/sql_parse.cc:1898:7
#14 0x56e23a4d2f6e in do_command(THD*, bool) /test/13.0_opt_san/sql/sql_parse.cc:1432:17
#15 0x56e23ad4e41c in do_handle_one_connection(CONNECT*, bool) /test/13.0_opt_san/sql/sql_connect.cc:1503:11
#16 0x56e23ad4ddfd in handle_one_connection /test/13.0_opt_san/sql/sql_connect.cc:1415:5
#17 0x56e23b7fe975 in pfs_spawn_thread /test/13.0_opt_san/storage/perfschema/pfs.cc:2198:3
#18 0x56e2393a726a in asan_thread_start(void*) crtstuff.c
#19 0x7b20cf69ca93 in start_thread nptl/pthread_create.c:447:8
#20 0x7b20cf729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

0x7970ce69d9bc is located 2236 bytes inside of 8184-byte region [0x7970ce69d100,0x7970ce69f0f8)
allocated by thread T13 here:
#0 0x56e2393a99e8 in malloc (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-opt/bin/mariadbd+0x37e49e8) (BuildId: 42bcdc55a750676f646e2dd80dc01535a8d1a9ef)
#1 0x56e23c7a3c78 in my_malloc /test/13.0_opt_san/mysys/my_malloc.c:93:29
#2 0x56e23c76f62e in init_alloc_root /test/13.0_opt_san/mysys/my_alloc.c:178:22
#3 0x56e23abfcc69 in init_sql_alloc(unsigned int, st_mem_root*, unsigned int, unsigned int, unsigned long) /test/13.0_opt_san/sql/thr_malloc.cc:64:3
#4 0x56e23ab9dc14 in open_table_from_share(THD, TABLE_SHARE, st_mysql_const_lex_string const, unsigned int, unsigned int, unsigned int, TABLE, bool, List<String>*) /test/13.0_opt_san/sql/table.cc:4419:3
#5 0x56e239fc1b94 in open_table(THD, TABLE_LIST, Open_table_context*) /test/13.0_opt_san/sql/sql_base.cc:2321:12
#6 0x56e239fd4ab1 in open_and_process_table(THD, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy, bool, Open_table_context*) /test/13.0_opt_san/sql/sql_base.cc:4263:14
#7 0x56e239fd4ab1 in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /test/13.0_opt_san/sql/sql_base.cc:4746:14
#8 0x56e239fe3635 in open_and_lock_tables(THD, DDL_options_st const&, TABLE_LIST, bool, unsigned int, Prelocking_strategy*) /test/13.0_opt_san/sql/sql_base.cc:5747:7
#9 0x56e239a14ed3 in open_and_lock_tables(THD, TABLE_LIST, bool, unsigned int) /test/13.0_opt_san/sql/sql_base.h:545:10
#10 0x56e23a37729f in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /test/13.0_opt_san/sql/sql_insert.cc:813:9
#11 0x56e23a4fe791 in mysql_execute_command(THD*, bool) /test/13.0_opt_san/sql/sql_parse.cc:4500:10
#12 0x56e23a4d0d99 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/13.0_opt_san/sql/sql_parse.cc:7941:18
#13 0x56e23a4c8317 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/13.0_opt_san/sql/sql_parse.cc:1898:7
#14 0x56e23a4d2f6e in do_command(THD*, bool) /test/13.0_opt_san/sql/sql_parse.cc:1432:17
#15 0x56e23ad4e41c in do_handle_one_connection(CONNECT*, bool) /test/13.0_opt_san/sql/sql_connect.cc:1503:11
#16 0x56e23ad4ddfd in handle_one_connection /test/13.0_opt_san/sql/sql_connect.cc:1415:5
#17 0x56e23b7fe975 in pfs_spawn_thread /test/13.0_opt_san/storage/perfschema/pfs.cc:2198:3
#18 0x56e2393a726a in asan_thread_start(void*) crtstuff.c

Thread T13 created by T0 here:
#0 0x56e23938d965 in pthread_create (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-opt/bin/mariadbd+0x37c8965) (BuildId: 42bcdc55a750676f646e2dd80dc01535a8d1a9ef)
#1 0x56e23b7ff03c in my_thread_create(unsigned long, pthread_attr_t const, void* ()(void), void*) /test/13.0_opt_san/storage/perfschema/my_thread.h:38:10
#2 0x56e23b7ff03c in pfs_spawn_thread_v1 /test/13.0_opt_san/storage/perfschema/pfs.cc:2249:15
#3 0x56e23940660e in inline_mysql_thread_create(unsigned int, unsigned long, pthread_attr_t const, void* ()(void), void*) /test/13.0_opt_san/include/mysql/psi/mysql_thread.h:1139:11
#4 0x56e23940660e in create_thread_to_handle_connection(CONNECT*) /test/13.0_opt_san/sql/mysqld.cc:6466:19
#5 0x56e2394080a8 in handle_connections_sockets() /test/13.0_opt_san/sql/mysqld.cc:6702:9
#6 0x56e239405c7a in run_main_loop() /test/13.0_opt_san/sql/mysqld.cc:5942:3
#7 0x56e2393f874b in mysqld_main(int, char**) /test/13.0_opt_san/sql/mysqld.cc:6371:3
#8 0x7b20cf62a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#9 0x7b20cf62a28a in __libc_start_main csu/../csu/libc-start.c:360:3
#10 0x56e239304274 in _start (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-opt/bin/mariadbd+0x373f274) (BuildId: 42bcdc55a750676f646e2dd80dc01535a8d1a9ef)

0x7970ce69d9bf is located 2239 bytes inside of 8184-byte region [0x7970ce69d100,0x7970ce69f0f8)
allocated by thread T13 here:
#0 0x56e2393a99e8 in malloc (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-opt/bin/mariadbd+0x37e49e8) (BuildId: 42bcdc55a750676f646e2dd80dc01535a8d1a9ef)
#1 0x56e23c7a3c78 in my_malloc /test/13.0_opt_san/mysys/my_malloc.c:93:29
#2 0x56e23c76f62e in init_alloc_root /test/13.0_opt_san/mysys/my_alloc.c:178:22
#3 0x56e23abfcc69 in init_sql_alloc(unsigned int, st_mem_root*, unsigned int, unsigned int, unsigned long) /test/13.0_opt_san/sql/thr_malloc.cc:64:3
#4 0x56e23ab9dc14 in open_table_from_share(THD, TABLE_SHARE, st_mysql_const_lex_string const, unsigned int, unsigned int, unsigned int, TABLE, bool, List<String>*) /test/13.0_opt_san/sql/table.cc:4419:3
#5 0x56e239fc1b94 in open_table(THD, TABLE_LIST, Open_table_context*) /test/13.0_opt_san/sql/sql_base.cc:2321:12
#6 0x56e239fd4ab1 in open_and_process_table(THD, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy, bool, Open_table_context*) /test/13.0_opt_san/sql/sql_base.cc:4263:14
#7 0x56e239fd4ab1 in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /test/13.0_opt_san/sql/sql_base.cc:4746:14
#8 0x56e239fe3635 in open_and_lock_tables(THD, DDL_options_st const&, TABLE_LIST, bool, unsigned int, Prelocking_strategy*) /test/13.0_opt_san/sql/sql_base.cc:5747:7
#9 0x56e239a14ed3 in open_and_lock_tables(THD, TABLE_LIST, bool, unsigned int) /test/13.0_opt_san/sql/sql_base.h:545:10
#10 0x56e23a37729f in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /test/13.0_opt_san/sql/sql_insert.cc:813:9
#11 0x56e23a4fe791 in mysql_execute_command(THD*, bool) /test/13.0_opt_san/sql/sql_parse.cc:4500:10
#12 0x56e23a4d0d99 in mysql_parse(THD, char, unsigned int, Parser_state*) /test/13.0_opt_san/sql/sql_parse.cc:7941:18
#13 0x56e23a4c8317 in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/13.0_opt_san/sql/sql_parse.cc:1898:7
#14 0x56e23a4d2f6e in do_command(THD*, bool) /test/13.0_opt_san/sql/sql_parse.cc:1432:17
#15 0x56e23ad4e41c in do_handle_one_connection(CONNECT*, bool) /test/13.0_opt_san/sql/sql_connect.cc:1503:11
#16 0x56e23ad4ddfd in handle_one_connection /test/13.0_opt_san/sql/sql_connect.cc:1415:5
#17 0x56e23b7fe975 in pfs_spawn_thread /test/13.0_opt_san/storage/perfschema/pfs.cc:2198:3
#18 0x56e2393a726a in asan_thread_start(void*) crtstuff.c

SUMMARY: AddressSanitizer: memcpy-param-overlap (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-opt/bin/mariadbd+0x37e24bd) (BuildId: 42bcdc55a750676f646e2dd80dc01535a8d1a9ef) in __asan_memcpy
==1461171==ABORTING

CS 13.0.1 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 (Debug, UBASAN, Clang 21.1.3-20250923) Build 10/04/2026
==1455381==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x711dd92f79bc,0x711dd92f79c6) and [0x711dd92f79bf, 0x711dd92f79c9) overlap
#0 0x6480de2a691d in __asan_memcpy (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd+0x413791d) (BuildId: 57d40479ece88ee21294f041e3ea8c6902999338)
#1 0x6480de4d6783 in Field_longstr::compress(char, unsigned int, char const, unsigned int, unsigned int, unsigned int, charset_info_st const, unsigned long) /test/13.0_dbg_san/sql/field.cc:8735:7
#2 0x6480de4d766d in Field_varstring_compressed::store(char const, unsigned long, charset_info_st const) /test/13.0_dbg_san/sql/field.cc:8800:11
#3 0x6480de5854e6 in Item::save_str_in_field(Field*, bool) /test/13.0_dbg_san/sql/item.cc:7282:21
#4 0x6480de58638d in Item::save_in_field(Field*, bool) /test/13.0_dbg_san/sql/item.cc:7330:30
#5 0x6480deee9547 in fill_record(THD, TABLE, List<Item>&, List<Item>&, bool, bool) /test/13.0_dbg_san/sql/sql_base.cc:9209:20
#6 0x6480deeec84f in fill_record_n_invoke_before_triggers(THD, TABLE, List<Item>&, List<Item>&, bool, trg_event_type, bool*) /test/13.0_dbg_san/sql/sql_base.cc:9411:11
#7 0x6480df9ba1b7 in Sql_cmd_update::update_single_table(THD*) /test/13.0_dbg_san/sql/sql_update.cc:991:11
#8 0x6480df9e18bc in Sql_cmd_update::execute_inner(THD*) /test/13.0_dbg_san/sql/sql_update.cc:3237:10
#9 0x6480df6e2110 in Sql_cmd_dml::execute(THD*) /test/13.0_dbg_san/sql/sql_select.cc:34993:9
#10 0x6480df3cb45e in mysql_execute_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:4444:27
#11 0x6480df3ae21d in mysql_parse(THD, char, unsigned int, Parser_state*) /test/13.0_dbg_san/sql/sql_parse.cc:7941:18
#12 0x6480df3a5fee in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1898:7
#13 0x6480df3b05c4 in do_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1432:17
#14 0x6480dfbe884c in do_handle_one_connection(CONNECT*, bool) /test/13.0_dbg_san/sql/sql_connect.cc:1503:11
#15 0x6480dfbe8355 in handle_one_connection /test/13.0_dbg_san/sql/sql_connect.cc:1415:5
#16 0x6480de2a66ca in asan_thread_start(void*) crtstuff.c
#17 0x72cdda29ca93 in start_thread nptl/pthread_create.c:447:8
#18 0x72cdda329c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

0x711dd92f79bc is located 2236 bytes inside of 8184-byte region [0x711dd92f7100,0x711dd92f90f8)
allocated by thread T13 here:
#0 0x6480de2a8e48 in malloc (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd+0x4139e48) (BuildId: 57d40479ece88ee21294f041e3ea8c6902999338)
#1 0x6480e15ab196 in my_malloc /test/13.0_dbg_san/mysys/my_malloc.c:93:29
#2 0x6480e155a0c3 in init_alloc_root /test/13.0_dbg_san/mysys/my_alloc.c:178:22
#3 0x6480dfaa0179 in init_sql_alloc(unsigned int, st_mem_root*, unsigned int, unsigned int, unsigned long) /test/13.0_dbg_san/sql/thr_malloc.cc:64:3
#4 0x6480dfa3c01b in open_table_from_share(THD, TABLE_SHARE, st_mysql_const_lex_string const, unsigned int, unsigned int, unsigned int, TABLE, bool, List<String>*) /test/13.0_dbg_san/sql/table.cc:4419:3
#5 0x6480deea9829 in open_table(THD, TABLE_LIST, Open_table_context*) /test/13.0_dbg_san/sql/sql_base.cc:2321:12
#6 0x6480deebc885 in open_and_process_table(THD, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy, bool, Open_table_context*) /test/13.0_dbg_san/sql/sql_base.cc:4263:14
#7 0x6480deebc885 in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /test/13.0_dbg_san/sql/sql_base.cc:4746:14
#8 0x6480deecd8b1 in open_and_lock_tables(THD, DDL_options_st const&, TABLE_LIST, bool, unsigned int, Prelocking_strategy*) /test/13.0_dbg_san/sql/sql_base.cc:5747:7
#9 0x6480de924184 in open_and_lock_tables(THD, TABLE_LIST, bool, unsigned int) /test/13.0_dbg_san/sql/sql_base.h:545:10
#10 0x6480df256c49 in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /test/13.0_dbg_san/sql/sql_insert.cc:813:9
#11 0x6480df3d8909 in mysql_execute_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:4500:10
#12 0x6480df3ae21d in mysql_parse(THD, char, unsigned int, Parser_state*) /test/13.0_dbg_san/sql/sql_parse.cc:7941:18
#13 0x6480df3a5fee in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1898:7
#14 0x6480df3b05c4 in do_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1432:17
#15 0x6480dfbe884c in do_handle_one_connection(CONNECT*, bool) /test/13.0_dbg_san/sql/sql_connect.cc:1503:11
#16 0x6480dfbe8355 in handle_one_connection /test/13.0_dbg_san/sql/sql_connect.cc:1415:5
#17 0x6480de2a66ca in asan_thread_start(void*) crtstuff.c

Thread T13 created by T0 here:
#0 0x6480de28cdc5 in pthread_create (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd+0x411ddc5) (BuildId: 57d40479ece88ee21294f041e3ea8c6902999338)
#1 0x6480de301eac in create_thread_to_handle_connection(CONNECT*) /test/13.0_dbg_san/sql/mysqld.cc:6466:19
#2 0x6480de302f35 in handle_connections_sockets() /test/13.0_dbg_san/sql/mysqld.cc:6702:9
#3 0x6480de30147a in run_main_loop() /test/13.0_dbg_san/sql/mysqld.cc:5942:3
#4 0x6480de2f589c in mysqld_main(int, char**) /test/13.0_dbg_san/sql/mysqld.cc:6371:3
#5 0x72cdda22a1c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#6 0x72cdda22a28a in __libc_start_main csu/../csu/libc-start.c:360:3
#7 0x6480de2036d4 in _start (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd+0x40946d4) (BuildId: 57d40479ece88ee21294f041e3ea8c6902999338)

0x711dd92f79bf is located 2239 bytes inside of 8184-byte region [0x711dd92f7100,0x711dd92f90f8)
allocated by thread T13 here:
#0 0x6480de2a8e48 in malloc (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd+0x4139e48) (BuildId: 57d40479ece88ee21294f041e3ea8c6902999338)
#1 0x6480e15ab196 in my_malloc /test/13.0_dbg_san/mysys/my_malloc.c:93:29
#2 0x6480e155a0c3 in init_alloc_root /test/13.0_dbg_san/mysys/my_alloc.c:178:22
#3 0x6480dfaa0179 in init_sql_alloc(unsigned int, st_mem_root*, unsigned int, unsigned int, unsigned long) /test/13.0_dbg_san/sql/thr_malloc.cc:64:3
#4 0x6480dfa3c01b in open_table_from_share(THD, TABLE_SHARE, st_mysql_const_lex_string const, unsigned int, unsigned int, unsigned int, TABLE, bool, List<String>*) /test/13.0_dbg_san/sql/table.cc:4419:3
#5 0x6480deea9829 in open_table(THD, TABLE_LIST, Open_table_context*) /test/13.0_dbg_san/sql/sql_base.cc:2321:12
#6 0x6480deebc885 in open_and_process_table(THD, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy, bool, Open_table_context*) /test/13.0_dbg_san/sql/sql_base.cc:4263:14
#7 0x6480deebc885 in open_tables(THD, DDL_options_st const&, TABLE_LIST, unsigned int, unsigned int, Prelocking_strategy*) /test/13.0_dbg_san/sql/sql_base.cc:4746:14
#8 0x6480deecd8b1 in open_and_lock_tables(THD, DDL_options_st const&, TABLE_LIST, bool, unsigned int, Prelocking_strategy*) /test/13.0_dbg_san/sql/sql_base.cc:5747:7
#9 0x6480de924184 in open_and_lock_tables(THD, TABLE_LIST, bool, unsigned int) /test/13.0_dbg_san/sql/sql_base.h:545:10
#10 0x6480df256c49 in mysql_insert(THD, TABLE_LIST, List<Item>&, List<List<Item>>&, List<Item>&, List<Item>&, enum_duplicates, bool, select_result*) /test/13.0_dbg_san/sql/sql_insert.cc:813:9
#11 0x6480df3d8909 in mysql_execute_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:4500:10
#12 0x6480df3ae21d in mysql_parse(THD, char, unsigned int, Parser_state*) /test/13.0_dbg_san/sql/sql_parse.cc:7941:18
#13 0x6480df3a5fee in dispatch_command(enum_server_command, THD, char, unsigned int, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1898:7
#14 0x6480df3b05c4 in do_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1432:17
#15 0x6480dfbe884c in do_handle_one_connection(CONNECT*, bool) /test/13.0_dbg_san/sql/sql_connect.cc:1503:11
#16 0x6480dfbe8355 in handle_one_connection /test/13.0_dbg_san/sql/sql_connect.cc:1415:5
#17 0x6480de2a66ca in asan_thread_start(void*) crtstuff.c

SUMMARY: AddressSanitizer: memcpy-param-overlap (/test/UBASAN_MD100426-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd+0x413791d) (BuildId: 57d40479ece88ee21294f041e3ea8c6902999338) in __asan_memcpy
==1455381==ABORTING

Setup:

Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:

  # Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref  dpkg --list | grep -iE 'clang|llvm'  and use  apt purge  and  dpkg --purge  to remove the packages), before installing Clang/LLVM 18

     sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18

Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:

    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON

Set before execution:

    export ASAN_OPTIONS=quarantine_size_mb=512:atexit=0:detect_invalid_pointer_pairs=3:dump_instruction_bytes=1:abort_on_error=1:allocator_may_return_null=1

SAN Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|sql/field.cc\|__asan_memcpy\|Field_longstr::compress\|Field_varstring_compressed::store\|Item::save_str_in_field
CS 10.6 opt 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|include/x86_64-linux-gnu/bits/string_fortified.h\|__asan_memcpy\|memcpy\|Field_longstr::compress\|Field_varstring_compressed::store
CS 10.11 dbg 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|sql/field.cc\|__asan_memcpy\|Field_longstr::compress\|Field_varstring_compressed::store\|Item::save_str_in_field
CS 10.11 opt 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|include/x86_64-linux-gnu/bits/string_fortified.h\|__asan_memcpy\|memcpy\|Field_longstr::compress\|Field_varstring_compressed::store
CS 11.4 dbg 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|sql/field.cc\|__asan_memcpy\|Field_longstr::compress\|Field_varstring_compressed::store\|Item::save_str_in_field
CS 11.4 opt 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|include/x86_64-linux-gnu/bits/string_fortified.h\|__asan_memcpy\|memcpy\|Field_longstr::compress\|Field_varstring_compressed::store
CS 11.8 dbg 100426 e47db94aea7f0d6e0177e948486fc8860331f05f ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|sql/field.cc\|__asan_memcpy\|Field_longstr::compress\|Field_varstring_compressed::store\|Item::save_str_in_field
CS 11.8 opt 100426 e47db94aea7f0d6e0177e948486fc8860331f05f ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|include/x86_64-linux-gnu/bits/string_fortified.h\|__asan_memcpy\|memcpy\|Field_longstr::compress\|Field_varstring_compressed::store
CS 12.3 dbg 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|sql/field.cc\|__asan_memcpy\|Field_longstr::compress\|Field_varstring_compressed::store\|Item::save_str_in_field
CS 12.3 opt 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|include/x86_64-linux-gnu/bits/string_fortified.h\|__asan_memcpy\|memcpy\|Field_longstr::compress\|Field_varstring_compressed::store
CS 13.0 dbg 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|sql/field.cc\|__asan_memcpy\|Field_longstr::compress\|Field_varstring_compressed::store\|Item::save_str_in_field
CS 13.0 opt 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|include/x86_64-linux-gnu/bits/string_fortified.h\|__asan_memcpy\|memcpy\|Field_longstr::compress\|Field_varstring_compressed::store
ES 10.6 dbg 100426 84a80c8b38208d362225496da08d86d8d454e453 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|sql/field.cc\|__asan_memcpy\|Field_longstr::compress\|Field_varstring_compressed::store\|Item::save_str_in_field
ES 10.6 opt 100426 84a80c8b38208d362225496da08d86d8d454e453 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|include/x86_64-linux-gnu/bits/string_fortified.h\|__asan_memcpy\|memcpy\|Field_longstr::compress\|Field_varstring_compressed::store
ES 11.4 dbg 100426 8b2bf17b733262409422ce7d039a0c021fc47077 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|sql/field.cc\|__asan_memcpy\|Field_longstr::compress\|Field_varstring_compressed::store\|Item::save_str_in_field
ES 11.4 opt 100426 8b2bf17b733262409422ce7d039a0c021fc47077 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|include/x86_64-linux-gnu/bits/string_fortified.h\|__asan_memcpy\|memcpy\|Field_longstr::compress\|Field_varstring_compressed::store
ES 11.8 dbg 100426 854cae81f52e477c7777a51db26ba640d8755b81 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|sql/field.cc\|__asan_memcpy\|Field_longstr::compress\|Field_varstring_compressed::store\|Item::save_str_in_field
ES 11.8 opt 100426 854cae81f52e477c7777a51db26ba640d8755b81 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|include/x86_64-linux-gnu/bits/string_fortified.h\|__asan_memcpy\|memcpy\|Field_longstr::compress\|Field_varstring_compressed::store
ES 12.3 dbg 220426 613a6253fe9efc12e166f83a97663ba263db8317 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|sql/field.cc\|__asan_memcpy\|Field_longstr::compress\|Field_varstring_compressed::store\|Item::save_str_in_field
ES 12.3 opt 220426 613a6253fe9efc12e166f83a97663ba263db8317 ASAN\|memcpy-param-overlap: memory ranges X and Y overlap\|include/x86_64-linux-gnu/bits/string_fortified.h\|__asan_memcpy\|memcpy\|Field_longstr::compress\|Field_varstring_compressed::store

Attachments

Activity

People

Assignee:: Oleksandr Byelkin

Reporter:: Roel Van de Paar

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 5 days ago 01:31

Updated:: 5 days ago 01:34

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.