Details
-
Bug
-
Status: Closed (View Workflow)
-
Blocker
-
Resolution: Fixed
-
12.3, 13.0
-
Can result in unexpected behaviour
-
ST_COLLECT under some circumstances could return an empty result because of an incorrect marking of a cached value.
Description
CREATE TABLE t (c INT) ENGINE=MyISAM; |
SELECT ST_COLLECT(c) FROM t; |
Leads to:
|
CS 13.0.1 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 (Debug, UBASAN, Clang 21.1.3-20250923) Build 10/04/2026 |
/test/13.0_dbg_san/sql/item_sum.cc:4734:7: runtime error: load of value 165, which is not a valid value for type 'bool'
|
#0 0x59437908e4e5 in Item_func_collect::val_str(String*) /test/13.0_dbg_san/sql/item_sum.cc:4734:7
|
#1 0x59437a77adcc in Type_handler::Item_send_str(Item*, Protocol*, st_value*) const /test/13.0_dbg_san/sql/sql_type.cc:7664:19
|
#2 0x594379481408 in Protocol::send_result_set_row(List<Item>*) /test/13.0_dbg_san/sql/protocol.cc:1358:15
|
#3 0x59437974c328 in select_send::send_data(List<Item>&) /test/13.0_dbg_san/sql/sql_class.cc:3410:17
|
#4 0x59437974b41b in select_result_sink::send_data_with_check(List<Item>&, st_select_lex_unit*, unsigned long long) /test/13.0_dbg_san/sql/sql_class.cc:3308:11
|
#5 0x594379ddfe45 in return_zero_rows(JOIN*, select_result*, List<TABLE_LIST>*, List<Item>*, bool, unsigned long long, char const*, Item*, List<Item>*) /test/13.0_dbg_san/sql/sql_select.cc:17948:27
|
#6 0x594379ddfe45 in JOIN::exec_inner() /test/13.0_dbg_san/sql/sql_select.cc:5050:14
|
#7 0x594379dde318 in JOIN::exec() /test/13.0_dbg_san/sql/sql_select.cc:4913:8
|
#8 0x594379d3a5c9 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/13.0_dbg_san/sql/sql_select.cc:5439:21
|
#9 0x594379d392fa in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/13.0_dbg_san/sql/sql_select.cc:636:10
|
#10 0x594379bde9ed in execute_sqlcom_select(THD*, TABLE_LIST*) /test/13.0_dbg_san/sql/sql_parse.cc:6213:12
|
#11 0x594379bc9535 in mysql_execute_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:3989:12
|
#12 0x594379ba321d in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/13.0_dbg_san/sql/sql_parse.cc:7941:18
|
#13 0x594379b9afee in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1898:7
|
#14 0x594379ba55c4 in do_command(THD*, bool) /test/13.0_dbg_san/sql/sql_parse.cc:1432:17
|
#15 0x59437a3dd84c in do_handle_one_connection(CONNECT*, bool) /test/13.0_dbg_san/sql/sql_connect.cc:1503:11
|
#16 0x59437a3dd355 in handle_one_connection /test/13.0_dbg_san/sql/sql_connect.cc:1415:5
|
#17 0x594378a9b6ca in asan_thread_start(void*) crtstuff.c
|
#18 0x79e90e69ca93 in start_thread nptl/pthread_create.c:447:8
|
#19 0x79e90e729c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
 |
SUMMARY: UndefinedBehaviorSanitizer: invalid-bool-load /test/13.0_dbg_san/sql/item_sum.cc:4734:7
|
Setup:
Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:
|
# Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref dpkg --list | grep -iE 'clang|llvm' and use apt purge and dpkg --purge to remove the packages), before installing Clang/LLVM 18
|
sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18
|
Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
|
-DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
|
Set before execution:
|
export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1 # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter
|
|
SAN Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.6 dbg 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 No bug found
|
CS 10.6 opt 100426 f39b634db715cd9dc1835653d1ce544df2aa1613 No bug found
|
CS 10.11 dbg 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 No bug found
|
CS 10.11 opt 100426 ba774a0a90fac0163babe9d7a964aa36503e1711 No bug found
|
CS 11.4 dbg 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de No bug found
|
CS 11.4 opt 100426 dc89915ad9bf3dcb67e66d2844c77ec0403373de No bug found
|
CS 11.8 dbg 100426 e47db94aea7f0d6e0177e948486fc8860331f05f No bug found
|
CS 11.8 opt 100426 e47db94aea7f0d6e0177e948486fc8860331f05f No bug found
|
CS 12.3 dbg 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_sum.cc|Item_func_collect::val_str|Type_handler::Item_send_str|Protocol::send_result_set_row|select_send::send_data
|
CS 12.3 opt 100426 f5bb9922107672e88f7b5cbdb3d25151cc5744bb UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_sum.cc|Item_func_collect::val_str|Type_handler::Item_send_str|Protocol::send_result_set_row|select_send::send_data
|
CS 13.0 dbg 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_sum.cc|Item_func_collect::val_str|Type_handler::Item_send_str|Protocol::send_result_set_row|select_send::send_data
|
CS 13.0 opt 100426 3a2f8e27981b76b99d2b87cc3bcec5ef022b2b23 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_sum.cc|Item_func_collect::val_str|Type_handler::Item_send_str|Protocol::send_result_set_row|select_send::send_data
|
ES 10.6 dbg 100426 84a80c8b38208d362225496da08d86d8d454e453 No bug found
|
ES 10.6 opt 100426 84a80c8b38208d362225496da08d86d8d454e453 No bug found
|
ES 11.4 dbg 100426 8b2bf17b733262409422ce7d039a0c021fc47077 No bug found
|
ES 11.4 opt 100426 8b2bf17b733262409422ce7d039a0c021fc47077 No bug found
|
ES 11.8 dbg 100426 854cae81f52e477c7777a51db26ba640d8755b81 No bug found
|
ES 11.8 opt 100426 854cae81f52e477c7777a51db26ba640d8755b81 No bug found
|
ES 12.3 dbg 220426 613a6253fe9efc12e166f83a97663ba263db8317 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_sum.cc|Item_func_collect::val_str|Type_handler::Item_send_str|Protocol::send_result_set_row|select_send::send_data
|
ES 12.3 opt 220426 613a6253fe9efc12e166f83a97663ba263db8317 UBSAN|load of value X, which is not a valid value for type 'bool'|sql/item_sum.cc|Item_func_collect::val_str|Type_handler::Item_send_str|Protocol::send_result_set_row|select_send::send_data
|