Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Critical
-
Resolution: Unresolved
-
10.11, 11.4, 11.8
-
None
-
Can result in hang or crash
Description
SET @@SESSION.div_precision_increment=0; |
SELECT (CRC32(1)=LOCALTIME) + (('') & (LEAST(0,546)=TAN((273 / 941) * (-299 / 450))) ); |
Leads to:
|
CS 10.11.18 6f1204ad849b72a997fd34ce44a522d76716c24d (Debug, Clang 18.1.3-11) Build 22/05/2026 |
mariadbd: /test/10.11_dbg/strings/decimal.c:2194: int decimal_mul(const decimal_t *, const decimal_t *, decimal_t *): Assertion `buf != end' failed.
|
|
CS 10.11.18 6f1204ad849b72a997fd34ce44a522d76716c24d (Debug, Clang 18.1.3-11) Build 22/05/2026 |
Core was generated by `/test/MD220526-mariadb-10.11.18-linux-x86_64-dbg/bin/mariadbd --no-defaults --l'.
|
Program terminated with signal SIGABRT, Aborted.
|
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
|
 |
[Current thread is 1 (LWP 561688)]
|
(gdb) bt
|
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:44
|
#1 __pthread_kill_internal (signo=6, threadid=<optimized out>)at ./nptl/pthread_kill.c:78
|
#2 __GI___pthread_kill (threadid=<optimized out>, signo=signo@entry=6)at ./nptl/pthread_kill.c:89
|
#3 0x0000736554c4527e in __GI_raise (sig=sig@entry=6)at ../sysdeps/posix/raise.c:26
|
#4 0x0000736554c288ff in __GI_abort () at ./stdlib/abort.c:79
|
#5 0x0000736554c2881b in __assert_fail_base (fmt=0x736554dd01e8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x5baf6ad34f7d "buf != end", file=file@entry=0x5baf6ad349bc "/test/10.11_dbg/strings/decimal.c", line=line@entry=2194, function=function@entry=0x5baf6ad34f3a "int decimal_mul(const decimal_t *, const decimal_t *, decimal_t *)") at ./assert/assert.c:96
|
#6 0x0000736554c3b517 in __assert_fail (assertion=0x5baf6ad34f7d "buf != end", file=0x5baf6ad349bc "/test/10.11_dbg/strings/decimal.c", line=2194, function=0x5baf6ad34f3a "int decimal_mul(const decimal_t *, const decimal_t *, decimal_t *)") at ./assert/assert.c:105
|
#7 0x00005baf6a96fe26 in decimal_mul (from1=0x736177664510, from2=0x736177664560, to=0x736177664650)at /test/10.11_dbg/strings/decimal.c:2194
|
#8 0x00005baf6a0772ce in my_decimal_mul (mask=28, res=0x736177664650, a=0x736177664510, b=0x736177664560) at /test/10.11_dbg/sql/my_decimal.h:504
|
#9 0x00005baf6a05ecbf in Item_func_mul::decimal_op (this=0x6b4e24014930, decimal_value=0x736177664650) at /test/10.11_dbg/sql/item_func.cc:1459
|
#10 0x00005baf69e75dc5 in VDec_op::VDec_op (this=0x736177664648, item=0x6b4e24014930) at /test/10.11_dbg/sql/sql_type.cc:383
|
#11 0x00005baf69e877c4 in Type_handler_decimal_result::Item_func_hybrid_field_type_val_real (this=0x5baf6b75f4f0 <type_handler_newdecimal>, item=0x6b4e24014930) at /test/10.11_dbg/sql/sql_type.cc:5502
|
#12 0x00005baf69bc7faa in Item_func_hybrid_field_type::val_real (this=0x6b4e24014930) at /test/10.11_dbg/sql/item_func.h:975
|
#13 0x00005baf6a0624a5 in Item_func_tan::val_real (this=0x6b4e24014a58)at /test/10.11_dbg/sql/item_func.cc:2163
|
#14 0x00005baf6a017bb0 in Arg_comparator::compare_real (this=0x6b4e24014bb0)at /test/10.11_dbg/sql/item_cmpfunc.cc:896
|
#15 0x00005baf6a030d5f in Arg_comparator::compare (this=0x6b4e24014bb0)at /test/10.11_dbg/sql/item_cmpfunc.h:117
|
#16 0x00005baf6a01a3d1 in Item_func_eq::val_bool (this=0x6b4e24014b00)at /test/10.11_dbg/sql/item_cmpfunc.cc:1845
|
#17 0x00005baf69a81cf2 in Item_bool_func::val_int (this=0x6b4e24014b00)at /test/10.11_dbg/sql/item_cmpfunc.h:248
|
#18 0x00005baf6a05c3cd in Item_int_func::val_real (this=0x6b4e24014b00)at /test/10.11_dbg/sql/item_func.cc:805
|
#19 0x00005baf6a060165 in Item_func_mod::real_op (this=0x6b4e24014e90)at /test/10.11_dbg/sql/item_func.cc:1689
|
#20 0x00005baf69e9e4d9 in Item_func_hybrid_field_type::val_real_from_real_op (this=0x6b4e24014e90) at /test/10.11_dbg/sql/item_func.h:929
|
#21 0x00005baf69e88079 in Type_handler_real_result::Item_func_hybrid_field_type_val_real (this=0x5baf6b75f4a8 <type_handler_double>, item=0x6b4e24014e90)at /test/10.11_dbg/sql/sql_type.cc:5630
|
#22 0x00005baf69bc7faa in Item_func_hybrid_field_type::val_real (this=0x6b4e24014e90) at /test/10.11_dbg/sql/item_func.h:975
|
#23 0x00005baf6a05e364 in Item_func_minus::real_op (this=0x6b4e24014fc0)at /test/10.11_dbg/sql/item_func.cc:1321
|
#24 0x00005baf6a05caf1 in Item_func_hybrid_field_type::val_decimal_from_real_op(this=0x6b4e24014fc0, dec=0x736177664a30)at /test/10.11_dbg/sql/item_func.cc:911
|
#25 0x00005baf69e880c1 in Type_handler_real_result::Item_func_hybrid_field_type_val_decimal (this=0x5baf6b75f4a8 <type_handler_double>, item=0x6b4e24014fc0, dec=0x736177664a30) at /test/10.11_dbg/sql/sql_type.cc:5648
|
#26 0x00005baf69bc83c2 in Item_func_hybrid_field_type::val_decimal (this=0x6b4e24014fc0, dec=0x736177664a30)at /test/10.11_dbg/sql/item_func.h:988
|
#27 0x00005baf69e75c95 in VDec::VDec (this=0x736177664a28, item=0x6b4e24014fc0)at /test/10.11_dbg/sql/sql_type.cc:376
|
#28 0x00005baf6a037874 in Func_handler_bit_and_dec_to_ulonglong::to_longlong_null (this=0x5baf6b51e980 <Item_func_bit_and::fix_length_and_dec(THD*)::ha_dec_to_ull>, item=0x6b4e24015078) at /test/10.11_dbg/sql/item_cmpfunc.cc:4980
|
#29 0x00005baf6a036f5e in Item_handled_func::Handler_int::val_int (this=0x5baf6b51e980 <Item_func_bit_and::fix_length_and_dec(THD*)::ha_dec_to_ull>, item=0x6b4e24015078) at /test/10.11_dbg/sql/item_func.h:771
|
#30 0x00005baf69ea88bd in Item_handled_func::val_int (this=0x6b4e24015078)at /test/10.11_dbg/sql/item_func.h:858
|
#31 0x00005baf6a017383 in Arg_comparator::compare_int_unsigned_signed (this=0x6b4e24015258) at /test/10.11_dbg/sql/item_cmpfunc.cc:1063
|
#32 0x00005baf6a030d5f in Arg_comparator::compare (this=0x6b4e24015258)at /test/10.11_dbg/sql/item_cmpfunc.h:117
|
#33 0x00005baf6a01a3d1 in Item_func_eq::val_bool (this=0x6b4e240151a8)at /test/10.11_dbg/sql/item_cmpfunc.cc:1845
|
#34 0x00005baf69a81cf2 in Item_bool_func::val_int (this=0x6b4e240151a8)at /test/10.11_dbg/sql/item_cmpfunc.h:248
|
#35 0x00005baf6a05da70 in Item_func_plus::int_op (this=0x6b4e240153d0)at /test/10.11_dbg/sql/item_func.cc:1169
|
#36 0x00005baf69e9e1d9 in Item_func_hybrid_field_type::val_int_from_int_op (this=0x6b4e240153d0) at /test/10.11_dbg/sql/item_func.h:925
|
#37 0x00005baf69e87e39 in Type_handler_int_result::Item_func_hybrid_field_type_val_int (this=0x5baf6b75f3a0 <type_handler_slong>, item=0x6b4e240153d0)at /test/10.11_dbg/sql/sql_type.cc:5578
|
#38 0x00005baf69bc80e0 in Item_func_hybrid_field_type::val_int (this=0x6b4e240153d0) at /test/10.11_dbg/sql/item_func.h:982
|
#39 0x00005baf69ff78b8 in Item::save_int_in_field (this=0x6b4e240153d0, field=0x6b4e24028450, no_conversions=false)at /test/10.11_dbg/sql/item.cc:7121
|
#40 0x00005baf69e845e0 in Type_handler_int_result::Item_save_in_field (this=0x5baf6b75f3a0 <type_handler_slong>, item=0x6b4e240153d0, field=0x6b4e24028450, no_conversions=false)at /test/10.11_dbg/sql/sql_type.cc:4433
|
#41 0x00005baf69ff79f5 in Item::save_in_field (this=0x6b4e240153d0, field=0x6b4e24028450, no_conversions=false)at /test/10.11_dbg/sql/item.cc:7141
|
#42 0x00005baf69b34787 in fill_record (thd=0x6b4e24000d58, table_arg=0x6b4e24007fd8, fields=@0x6b4e24005f70: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6b4e24015480, last = 0x6b4e24015480, elements = 1}, <No data fields>}, values=@0x6b4e24013d40: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6b4e24015490, last = 0x6b4e24015490, elements = 1}, <No data fields>}, ignore_errors=false, update=false) at /test/10.11_dbg/sql/sql_base.cc:9166
|
#43 0x00005baf69b34fa3 in fill_record_n_invoke_before_triggers (thd=0x6b4e24000d58, table=0x6b4e24007fd8, fields=@0x6b4e24005f70: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6b4e24015480, last = 0x6b4e24015480, elements = 1}, <No data fields>}, values=@0x6b4e24013d40: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6b4e24015490, last = 0x6b4e24015490, elements = 1}, <No data fields>}, ignore_errors=false, event=TRG_EVENT_INSERT)at /test/10.11_dbg/sql/sql_base.cc:9335
|
#44 0x00005baf69b85be0 in mysql_insert (thd=0x6b4e24000d58, table_list=0x6b4e24013620, fields=@0x6b4e24005f70: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6b4e24015480, last = 0x6b4e24015480, elements = 1}, <No data fields>}, values_list=@0x6b4e24005fb8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x6b4e24013d58, last = 0x6b4e24013d58, elements = 1}, <No data fields>}, update_fields=@0x6b4e24005fa0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5baf6b735520 <end_of_list>, last = 0x6b4e24005fa0, elements = 0}, <No data fields>}, update_values=@0x6b4e24005f88: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5baf6b735520 <end_of_list>, last = 0x6b4e24005f88, elements = 0}, <No data fields>}, duplic=DUP_ERROR, ignore=false, result=0x0)at /test/10.11_dbg/sql/sql_insert.cc:1130
|
#45 0x00005baf69be3f85 in mysql_execute_command (thd=0x6b4e24000d58, is_called_from_prepared_stmt=false)at /test/10.11_dbg/sql/sql_parse.cc:4660
|
#46 0x00005baf69bd9404 in mysql_parse (thd=0x6b4e24000d58, rawbuf=0x6b4e24013480 "INSERT INTO t1 SET c1=(CRC32(1)=LOCALTIME) + (('') & (LEAST(0,546)=TAN((273 / 941) * (-299 / 450))) % COT(-971) - 1=-854)", length=121, parser_state=0x736177666a20)at /test/10.11_dbg/sql/sql_parse.cc:8221
|
#47 0x00005baf69bd6859 in dispatch_command (command=COM_QUERY, thd=0x6b4e24000d58, packet=0x6b4e2400af09 "INSERT INTO t1 SET c1=(CRC32(1)=LOCALTIME) + (('') & (LEAST(0,546)=TAN((273 / 941) * (-299 / 450))) % COT(-971) - 1=-854)", packet_length=121, blocking=true) at /test/10.11_dbg/sql/sql_parse.cc:1924
|
#48 0x00005baf69bd9fb3 in do_command (thd=0x6b4e24000d58, blocking=true)at /test/10.11_dbg/sql/sql_parse.cc:1434
|
#49 0x00005baf69db8889 in do_handle_one_connection (connect=0x5baf6e17f178, put_in_cache=true) at /test/10.11_dbg/sql/sql_connect.cc:1475
|
#50 0x00005baf69db8622 in handle_one_connection (arg=0x5baf6e17f108)at /test/10.11_dbg/sql/sql_connect.cc:1387
|
#51 0x0000736554c9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
|
#52 0x0000736554d29c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
|
|
Bug Detection Matrix |
Rel o/d Build Commit UniqueID observed
|
CS 10.11 dbg 220526 6f1204ad849b72a997fd34ce44a522d76716c24d buf != end|SIGABRT|decimal_mul|my_decimal_mul|Item_func_mul::decimal_op|VDec_op::VDec_op
|
CS 10.11 opt 220526 6f1204ad849b72a997fd34ce44a522d76716c24d No bug found
|
CS 11.4 dbg 220526 19c59f2c79637cc360cc6d6b219ed9131124500d buf != end|SIGABRT|decimal_mul|my_decimal_mul|Item_func_mul::decimal_op|VDec_op::VDec_op
|
CS 11.4 opt 220526 19c59f2c79637cc360cc6d6b219ed9131124500d No bug found
|
CS 11.8 dbg 220526 b494164767979072713fdeccc175ce3b3f5b1983 buf != end|SIGABRT|decimal_mul|my_decimal_mul|Item_func_mul::decimal_op|VDec_op::VDec_op
|
CS 11.8 opt 220526 b494164767979072713fdeccc175ce3b3f5b1983 No bug found
|
CS 12.3 dbg 220526 66b3c6784689fbb65110a5b21efcb815a8bcde24 No bug found
|
CS 12.3 opt 220526 66b3c6784689fbb65110a5b21efcb815a8bcde24 No bug found
|
CS 13.0 dbg 220526 c8e8d33309606e682c98675d594dbd23ebc2ddf6 No bug found
|
CS 13.0 opt 220526 c8e8d33309606e682c98675d594dbd23ebc2ddf6 No bug found
|
ES 10.6 dbg 040825 9b794f34b48fb7eee490b6da44edc0f33a947447 No bug found
|
ES 10.6 opt 040825 9b794f34b48fb7eee490b6da44edc0f33a947447 No bug found
|
ES 11.4 dbg 040825 a1c03ccd54b582e75506687ee19b273ca897f261 No bug found
|
ES 11.4 opt 040825 a1c03ccd54b582e75506687ee19b273ca897f261 No bug found
|
ES 11.8 dbg 151025 780565c207e9ce0ebf7d8e3d59f223801447b619 No bug found
|
ES 11.8 opt 151025 780565c207e9ce0ebf7d8e3d59f223801447b619 No bug found
|
Attachments
Issue Links
- relates to
-
-
- Closed
-