Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-39451

Floating point exception: division by zero in Item_sum_ntile::val_int

    XMLWordPrintable

Details

    • Can result in hang or crash

    Description

      CREATE TABLE t (c2 TEXT CHARACTER SET 'Binary' COLLATE 'Binary');
      		 
      INSERT INTO t VALUES (REPEAT('a',1026)),(REPEAT('a',1026));
      		 
      SELECT NTILE(2)OVER (PARTITION BY c2 ORDER BY c2) FROM t;

      Leads to:

      CS 13.0.1 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 (Optimized, Clang 21.1.3-20250923) Build 10/04/2026

      		 
      Core was generated by `/test/MD100426-mariadb-13.0.1-linux-x86_64-opt/bin/mariadbd --no-defaults --max'.
      		 
      Program terminated with signal SIGFPE, Arithmetic exception.
      		 
      #0  0x00005d7228716c5b in Item_sum_ntile::val_int (this=0x7642b4017f48)at /test/13.0_opt/sql/item_windowfunc.h:707
      		 
       
      		 
      [Current thread is 1 (LWP 1585714)]
      		 
      (gdb) bt
      		 
      #0  0x00005d7228716c5b in Item_sum_ntile::val_int (this=0x7642b4017f48)at /test/13.0_opt/sql/item_windowfunc.h:707
      		 
      #1  0x00005d72289deae0 in Item_window_func::val_int (this=0x7642b4018430)at /test/13.0_opt/sql/item_windowfunc.h:1307
      		 
      #2  0x00005d72284fcb6c in Item::save_int_in_field (this=0x2, field=0x0, no_conversions=false) at /test/13.0_opt/sql/item.cc:7310
      		 
      #3  0x00005d72284fcc62 in Item::save_in_field (this=0x7642b4018430, field=0x7642b4056c60, no_conversions=true)at /test/13.0_opt/sql/item.cc:7330
      		 
      #4  0x00005d72289e2072 in save_window_function_values (window_functions=@0x7642b401c290: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7642b401c2b0, last = 0x7642b401c2b0, elements = 1}, <No data fields>}, tbl=0x7642b4055eb0, rowid_buf=0x7642b40557c8 "")at /test/13.0_opt/sql/sql_window.cc:2805
      		 
      #5  compute_window_func (thd=thd@entry=0x7642b4000c68, window_functions=@0x7642b401c290: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7642b401c2b0, last = 0x7642b401c2b0, elements = 1}, <No data fields>}, cursor_managers=@0x7e43b41b2458: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7642b401ce78, last = 0x7642b401ce78, elements = 1}, <No data fields>}, tbl=tbl@entry=0x7642b4055eb0, filesort_result=filesort_result@entry=0x7642b40135a0)at /test/13.0_opt/sql/sql_window.cc:2964
      		 
      #6  0x00005d72289e23fa in Window_func_runner::exec (this=this@entry=0x7642b401c288, thd=thd@entry=0x7642b4000c68, tbl=0x7642b4055eb0, filesort_result=0x7642b40135a0)at /test/13.0_opt/sql/sql_window.cc:3080
      		 
      #7  0x00005d72289e3533 in Window_funcs_sort::exec (this=<optimized out>, join=0x7642b40196b8, keep_filesort_result=<optimized out>)at /test/13.0_opt/sql/sql_window.cc:3108
      		 
      #8  Window_funcs_computation::exec (this=0x7642b401c260, join=0x7642b40196b8, keep_last_filesort_result=<optimized out>)at /test/13.0_opt/sql/sql_window.cc:3237
      		 
      #9  0x00005d7228818808 in AGGR_OP::end_send (this=0x7642b401c108)at /test/13.0_opt/sql/sql_select.cc:33902
      		 
      #10 0x00005d72287f8997 in sub_select_postjoin_aggr (join=0x7642b40196b8, join_tab=0x7642b401b328, end_of_records=false)at /test/13.0_opt/sql/sql_select.cc:24398
      		 
      #11 0x00005d72287fca80 in do_select (join=join@entry=0x7642b40196b8, procedure=<optimized out>) at /test/13.0_opt/sql/sql_select.cc:24233
      		 
      #12 0x00005d72287fc4ca in JOIN::exec_inner (this=this@entry=0x7642b40196b8)at /test/13.0_opt/sql/sql_select.cc:5125
      		 
      #13 0x00005d72287e1b73 in JOIN::exec (this=0x7642b40196b8)at /test/13.0_opt/sql/sql_select.cc:4913
      		 
      #14 mysql_select (thd=thd@entry=0x7642b4000c68, tables=<optimized out>, fields=@0x7642b4017c98: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7642b4018508, last = 0x7642b4018508, elements = 1}, <No data fields>}, conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x7642b4019690, unit=0x7642b40051a8, select_lex=0x7642b40179e0)at /test/13.0_opt/sql/sql_select.cc:5439
      		 
      #15 0x00005d72287e1740 in handle_select (thd=thd@entry=0x7642b4000c68, lex=lex@entry=0x7642b40050c8, result=result@entry=0x7642b4019690, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/13.0_opt/sql/sql_select.cc:636
      		 
      #16 0x00005d72287a7b66 in execute_sqlcom_select (thd=thd@entry=0x7642b4000c68, all_tables=0x7642b40185d8) at /test/13.0_opt/sql/sql_parse.cc:6213
      		 
      #17 0x00005d72287a6399 in mysql_execute_command (thd=thd@entry=0x7642b4000c68, is_called_from_prepared_stmt=false) at /test/13.0_opt/sql/sql_parse.cc:3989
      		 
      #18 0x00005d722879e534 in mysql_parse (thd=thd@entry=0x7642b4000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7e43b41b3410)at /test/13.0_opt/sql/sql_parse.cc:7941
      		 
      #19 0x00005d722879cc22 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7642b4000c68, packet=packet@entry=0x7642b4008cb9 "", packet_length=packet_length@entry=56, blocking=true)at /test/13.0_opt/sql/sql_parse.cc:1898
      		 
      #20 0x00005d722879e9b1 in do_command (thd=thd@entry=0x7642b4000c68, blocking=true) at /test/13.0_opt/sql/sql_parse.cc:1432
      		 
      #21 0x00005d722890224d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5d722ac8b6a8, put_in_cache=true)at /test/13.0_opt/sql/sql_connect.cc:1503
      		 
      #22 0x00005d722890200f in handle_one_connection (arg=arg@entry=0x5d722ac8b6a8)at /test/13.0_opt/sql/sql_connect.cc:1415
      		 
      #23 0x00005d7228ad8ab3 in pfs_spawn_thread (arg=0x5d722ac31118)at /test/13.0_opt/storage/perfschema/pfs.cc:2198
      		 
      #24 0x00007e43b849ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #25 0x00007e43b8529c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      CS 13.0.1 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 (Debug, Clang 21.1.3-20250923) Build 10/04/2026

      		 
      Core was generated by `/test/MD100426-mariadb-13.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
      		 
      Program terminated with signal SIGFPE, Arithmetic exception.
      		 
      #0  0x00005b5d44fe33a4 in Item_sum_ntile::val_int (this=0x6b6fe401a748)at /test/13.0_dbg/sql/item_windowfunc.h:710
      		 
       
      		 
      [Current thread is 1 (LWP 1592404)]
      		 
      (gdb) bt
      		 
      #0  0x00005b5d44fe33a4 in Item_sum_ntile::val_int (this=0x6b6fe401a748)at /test/13.0_dbg/sql/item_windowfunc.h:710
      		 
      #1  0x00005b5d453f5fc8 in Item_window_func::val_int (this=0x6b6fe401ac30)at /test/13.0_dbg/sql/item_windowfunc.h:1307
      		 
      #2  0x00005b5d44cb5198 in Item::save_int_in_field (this=0x6b6fe401ac30, field=0x6b6fe407b688, no_conversions=true)at /test/13.0_dbg/sql/item.cc:7310
      		 
      #3  0x00005b5d453c8f50 in Type_handler_int_result::Item_save_in_field (this=0x5b5d461c5ed8 <type_handler_slonglong>, item=0x6b6fe401ac30, field=0x6b6fe407b688, no_conversions=true)at /test/13.0_dbg/sql/sql_type.cc:4511
      		 
      #4  0x00005b5d44cb52d5 in Item::save_in_field (this=0x6b6fe401ac30, field=0x6b6fe407b688, no_conversions=true)at /test/13.0_dbg/sql/item.cc:7330
      		 
      #5  0x00005b5d453fa29c in save_window_function_values (window_functions=@0x6b6fe401ebd8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6b6fe401ebf8, last = 0x6b6fe401ebf8, elements = 1}, <No data fields>}, tbl=0x6b6fe407a6e0, rowid_buf=0x6b6fe4019cc8 "")at /test/13.0_dbg/sql/sql_window.cc:2805
      		 
      #6  0x00005b5d453fa115 in compute_window_func (thd=0x6b6fe4000d58, window_functions=@0x6b6fe401ebd8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6b6fe401ebf8, last = 0x6b6fe401ebf8, elements = 1}, <No data fields>}, cursor_managers=@0x737140699380: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6b6fe401f7d0, last = 0x6b6fe401f7d0, elements = 1}, <No data fields>}, tbl=0x6b6fe407a6e0, filesort_result=0x6b6fe4019090)at /test/13.0_dbg/sql/sql_window.cc:2964
      		 
      #7  0x00005b5d453fa584 in Window_func_runner::exec (this=0x6b6fe401ebd0, thd=0x6b6fe4000d58, tbl=0x6b6fe407a6e0, filesort_result=0x6b6fe4019090)at /test/13.0_dbg/sql/sql_window.cc:3080
      		 
      #8  0x00005b5d453fa6a2 in Window_funcs_sort::exec (this=0x6b6fe401ebc8, join=0x6b6fe401beb8, keep_filesort_result=true)at /test/13.0_dbg/sql/sql_window.cc:3108
      		 
      #9  0x00005b5d453fafe9 in Window_funcs_computation::exec (this=0x6b6fe401eba8, join=0x6b6fe401beb8, keep_last_filesort_result=true)at /test/13.0_dbg/sql/sql_window.cc:3237
      		 
      #10 0x00005b5d4516e6e6 in AGGR_OP::end_send (this=0x6b6fe401ea50)at /test/13.0_dbg/sql/sql_select.cc:33902
      		 
      #11 0x00005b5d45146ad0 in sub_select_postjoin_aggr (join=0x6b6fe401beb8, join_tab=0x6b6fe401db70, end_of_records=true)at /test/13.0_dbg/sql/sql_select.cc:24398
      		 
      #12 0x00005b5d45127dcb in sub_select (join=0x6b6fe401beb8, join_tab=0x6b6fe401d6f8, end_of_records=true)at /test/13.0_dbg/sql/sql_select.cc:24653
      		 
      #13 0x00005b5d4514bff2 in do_select (join=0x6b6fe401beb8, procedure=0x0)at /test/13.0_dbg/sql/sql_select.cc:24233
      		 
      #14 0x00005b5d4514b496 in JOIN::exec_inner (this=0x6b6fe401beb8)at /test/13.0_dbg/sql/sql_select.cc:5125
      		 
      #15 0x00005b5d4514a7b3 in JOIN::exec (this=0x6b6fe401beb8)at /test/13.0_dbg/sql/sql_select.cc:4913
      		 
      #16 0x00005b5d451288bb in mysql_select (thd=0x6b6fe4000d58, tables=0x6b6fe401add8, fields=@0x6b6fe401a498: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6b6fe401ad08, last = 0x6b6fe401ad08, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x6b6fe401be90, unit=0x6b6fe4005270, select_lex=0x6b6fe401a1e0) at /test/13.0_dbg/sql/sql_select.cc:5439
      		 
      #17 0x00005b5d4512841d in handle_select (thd=0x6b6fe4000d58, lex=0x6b6fe4005190, result=0x6b6fe401be90, setup_tables_done_option=0)at /test/13.0_dbg/sql/sql_select.cc:636
      		 
      #18 0x00005b5d450cf6fa in execute_sqlcom_select (thd=0x6b6fe4000d58, all_tables=0x6b6fe401add8) at /test/13.0_dbg/sql/sql_parse.cc:6213
      		 
      #19 0x00005b5d450c5b63 in mysql_execute_command (thd=0x6b6fe4000d58, is_called_from_prepared_stmt=false) at /test/13.0_dbg/sql/sql_parse.cc:3989
      		 
      #20 0x00005b5d450be9c8 in mysql_parse (thd=0x6b6fe4000d58, rawbuf=0x6b6fe401a110 "SELECT NTILE(2)OVER (PARTITION BY c2 ORDER BY c2) FROM t", length=56, parser_state=0x73714069b9f0)at /test/13.0_dbg/sql/sql_parse.cc:7941
      		 
      #21 0x00005b5d450bc11e in dispatch_command (command=COM_QUERY, thd=0x6b6fe4000d58, packet=0x6b6fe400b4b9 "", packet_length=56, blocking=true) at /test/13.0_dbg/sql/sql_parse.cc:1898
      		 
      #22 0x00005b5d450bf44a in do_command (thd=0x6b6fe4000d58, blocking=true)at /test/13.0_dbg/sql/sql_parse.cc:1432
      		 
      #23 0x00005b5d452c270e in do_handle_one_connection (connect=0x5b5d47eec828, put_in_cache=true) at /test/13.0_dbg/sql/sql_connect.cc:1503
      		 
      #24 0x00005b5d452c24f1 in handle_one_connection (arg=0x5b5d47eb0b58)at /test/13.0_dbg/sql/sql_connect.cc:1415
      		 
      #25 0x000073714b09ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #26 0x000073714b129c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      Bug Detection Matrix

      		 
          Rel    o/d  Build   Commit                                    UniqueID observed             
      CS  10.6   dbg  100426  f39b634db715cd9dc1835653d1ce544df2aa1613  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Type_handler_int_result::Item_save_in_field
      		 
      CS  10.6   opt  100426  f39b634db715cd9dc1835653d1ce544df2aa1613  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  10.11  dbg  100426  ba774a0a90fac0163babe9d7a964aa36503e1711  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Type_handler_int_result::Item_save_in_field
      		 
      CS  10.11  opt  100426  ba774a0a90fac0163babe9d7a964aa36503e1711  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  11.4   dbg  100426  dc89915ad9bf3dcb67e66d2844c77ec0403373de  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Type_handler_int_result::Item_save_in_field
      		 
      CS  11.4   opt  100426  dc89915ad9bf3dcb67e66d2844c77ec0403373de  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  11.8   dbg  100426  e47db94aea7f0d6e0177e948486fc8860331f05f  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Type_handler_int_result::Item_save_in_field
      		 
      CS  11.8   opt  100426  e47db94aea7f0d6e0177e948486fc8860331f05f  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  12.3   dbg  100426  f5bb9922107672e88f7b5cbdb3d25151cc5744bb  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Type_handler_int_result::Item_save_in_field
      		 
      CS  12.3   opt  100426  f5bb9922107672e88f7b5cbdb3d25151cc5744bb  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  13.0   dbg  100426  3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Type_handler_int_result::Item_save_in_field
      		 
      CS  13.0   opt  100426  3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      ES  10.6   dbg  100426  84a80c8b38208d362225496da08d86d8d454e453  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Type_handler_int_result::Item_save_in_field
      		 
      ES  10.6   opt  100426  84a80c8b38208d362225496da08d86d8d454e453  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      ES  11.4   dbg  100426  8b2bf17b733262409422ce7d039a0c021fc47077  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Type_handler_int_result::Item_save_in_field
      		 
      ES  11.4   opt  100426  8b2bf17b733262409422ce7d039a0c021fc47077  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      ES  11.8   dbg  100426  854cae81f52e477c7777a51db26ba640d8755b81  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Type_handler_int_result::Item_save_in_field
      		 
      ES  11.8   opt  100426  854cae81f52e477c7777a51db26ba640d8755b81  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      ES  12.3   dbg  220426  613a6253fe9efc12e166f83a97663ba263db8317  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Type_handler_int_result::Item_save_in_field
      		 
      ES  12.3   opt  220426  613a6253fe9efc12e166f83a97663ba263db8317  SIGFPE|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      MS  5.5    dbg  070123  bac287c315b1792e7ae33f91add6a60292f9bae8  No bug found                  
      MS  5.5    opt  070123  bac287c315b1792e7ae33f91add6a60292f9bae8  No bug found                  
      MS  5.6    dbg  070123  dab95781a1244104d6b87020ac2fc4d190ba2946  No bug found                  
      MS  5.6    opt  070123  dab95781a1244104d6b87020ac2fc4d190ba2946  No bug found                  
      MS  5.7    dbg  070525  f7680e98b6bbe3500399fbad465d08a6b75d7a5c  No bug found                  
      MS  5.7    opt  070525  f7680e98b6bbe3500399fbad465d08a6b75d7a5c  No bug found                  
      MS  8.0    dbg  060224  49ef33f7edadef3ae04665e73d1babd40179a4f1  No bug found                  
      MS  8.0    opt  060224  49ef33f7edadef3ae04665e73d1babd40179a4f1  No bug found                  
      MS  9.1    dbg  211024  61a3a1d8ef15512396b4c2af46e922a19bf2b174  No bug found                  
      MS  9.1    opt  211024  61a3a1d8ef15512396b4c2af46e922a19bf2b174  No bug found

      CS 13.0.1 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 (Debug, UBASAN, Clang 21.1.3-20250923) Build 10/04/2026

      		 
      /test/13.0_dbg_san/sql/item_windowfunc.h:710:50: runtime error: division by zero
      		 
          #0 0x5966a59c6f43 in Item_sum_ntile::val_int() /test/13.0_dbg_san/sql/item_windowfunc.h:710:50
      		 
          #1 0x5966a6911b0a in Item_window_func::val_int() /test/13.0_dbg_san/sql/item_windowfunc.h:1307:27
      		 
          #2 0x5966a4ebae7b in Item::save_int_in_field(Field*, bool) /test/13.0_dbg_san/sql/item.cc:7310:16
      		 
          #3 0x5966a4ebb38d in Item::save_in_field(Field*, bool) /test/13.0_dbg_san/sql/item.cc:7330:30
      		 
          #4 0x5966a69240f5 in save_window_function_values(List<Item_window_func>&, TABLE*, unsigned char*) /test/13.0_dbg_san/sql/sql_window.cc:2805:15
      		 
          #5 0x5966a69240f5 in compute_window_func(THD*, List<Item_window_func>&, List<Cursor_manager>&, TABLE*, SORT_INFO*) /test/13.0_dbg_san/sql/sql_window.cc:2964:9
      		 
          #6 0x5966a69254fc in Window_func_runner::exec(THD*, TABLE*, SORT_INFO*) /test/13.0_dbg_san/sql/sql_window.cc:3080:18
      		 
          #7 0x5966a692599c in Window_funcs_sort::exec(JOIN*, bool) /test/13.0_dbg_san/sql/sql_window.cc:3108:25
      		 
          #8 0x5966a6928d27 in Window_funcs_computation::exec(JOIN*, bool) /test/13.0_dbg_san/sql/sql_window.cc:3237:14
      		 
          #9 0x5966a5fd1865 in AGGR_OP::end_send() /test/13.0_dbg_san/sql/sql_select.cc:33902:38
      		 
          #10 0x5966a5f0c071 in sub_select_postjoin_aggr(JOIN*, st_join_table*, bool) /test/13.0_dbg_san/sql/sql_select.cc:24398:15
      		 
          #11 0x5966a5e75503 in sub_select(JOIN*, st_join_table*, bool) /test/13.0_dbg_san/sql/sql_select.cc:24653:7
      		 
          #12 0x5966a5f2424f in do_select(JOIN*, Procedure*) /test/13.0_dbg_san/sql/sql_select.cc:24233:14
      		 
          #13 0x5966a5f2114f in JOIN::exec_inner() /test/13.0_dbg_san/sql/sql_select.cc:5125:50
      		 
          #14 0x5966a5f1e318 in JOIN::exec() /test/13.0_dbg_san/sql/sql_select.cc:4913:8
      		 
          #15 0x5966a5e7a5c9 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/13.0_dbg_san/sql/sql_select.cc:5439:21
      		 
          #16 0x5966a5e792fa in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/13.0_dbg_san/sql/sql_select.cc:636:10
      		 
          #17 0x5966a5d1e9ed in execute_sqlcom_select(THD*, TABLE_LIST*) /test/13.0_dbg_san/sql/sql_parse.cc:6213:12
      		 
          #18 0x5966a5d09535 in mysql_execute_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:3989:12
      		 
          #19 0x5966a5ce321d in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/13.0_dbg_san/sql/sql_parse.cc:7941:18
      		 
          #20 0x5966a5cdafee in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1898:7
      		 
          #21 0x5966a5ce55c4 in do_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1432:17
      		 
          #22 0x5966a651d84c in do_handle_one_connection(CONNECT*, bool) /test/13.0_dbg_san/sql/sql_connect.cc:1503:11
      		 
          #23 0x5966a651d355 in handle_one_connection /test/13.0_dbg_san/sql/sql_connect.cc:1415:5
      		 
          #24 0x5966a4bdb6ca in asan_thread_start(void*) crtstuff.c
      		 
          #25 0x71e04749ca93 in start_thread nptl/pthread_create.c:447:8
      		 
          #26 0x71e047529c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
      		 
       
      		 
      SUMMARY: UndefinedBehaviorSanitizer: integer-divide-by-zero /test/13.0_dbg_san/sql/item_windowfunc.h:710:50

      Setup:

      Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:
      		 
        # Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref  dpkg --list | grep -iE 'clang|llvm'  and use  apt purge  and  dpkg --purge  to remove the packages), before installing Clang/LLVM 18
      		 
           sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18
      		 
      Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
      		 
          -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
      		 
      Set before execution:
      		 
          export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1   # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter

      SAN Bug Detection Matrix

      		 
          Rel    o/d  Build   Commit                                    UniqueID observed             
      CS  10.6   dbg  100426  f39b634db715cd9dc1835653d1ce544df2aa1613  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  10.6   opt  100426  f39b634db715cd9dc1835653d1ce544df2aa1613  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  10.11  dbg  100426  ba774a0a90fac0163babe9d7a964aa36503e1711  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  10.11  opt  100426  ba774a0a90fac0163babe9d7a964aa36503e1711  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  11.4   dbg  100426  dc89915ad9bf3dcb67e66d2844c77ec0403373de  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  11.4   opt  100426  dc89915ad9bf3dcb67e66d2844c77ec0403373de  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  11.8   dbg  100426  e47db94aea7f0d6e0177e948486fc8860331f05f  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  11.8   opt  100426  e47db94aea7f0d6e0177e948486fc8860331f05f  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  12.3   dbg  100426  f5bb9922107672e88f7b5cbdb3d25151cc5744bb  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  12.3   opt  100426  f5bb9922107672e88f7b5cbdb3d25151cc5744bb  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  13.0   dbg  100426  3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      CS  13.0   opt  100426  3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      ES  10.6   dbg  100426  84a80c8b38208d362225496da08d86d8d454e453  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      ES  10.6   opt  100426  84a80c8b38208d362225496da08d86d8d454e453  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      ES  11.4   dbg  100426  8b2bf17b733262409422ce7d039a0c021fc47077  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      ES  11.4   opt  100426  8b2bf17b733262409422ce7d039a0c021fc47077  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      ES  11.8   dbg  100426  854cae81f52e477c7777a51db26ba640d8755b81  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      ES  11.8   opt  100426  854cae81f52e477c7777a51db26ba640d8755b81  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      ES  12.3   dbg  220426  613a6253fe9efc12e166f83a97663ba263db8317  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field
      		 
      ES  12.3   opt  220426  613a6253fe9efc12e166f83a97663ba263db8317  UBSAN|division by zero|sql/item_windowfunc.h|Item_sum_ntile::val_int|Item_window_func::val_int|Item::save_int_in_field|Item::save_in_field

      Attachments

        Activity

          People

            ycp Yuchen Pei
            Roel Roel Van de Paar
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.