[MDEV-13707] Server in ORACLE mode crashes on ALTER with wrong DEFAULT clause Created: 2017-09-01  Updated: 2017-09-13  Resolved: 2017-09-13

Status: Closed
Project: MariaDB Server
Component/s: Server
Affects Version/s: 10.2, 10.3
Fix Version/s: 10.2.9

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Alexander Barkov
Resolution: Fixed Votes: 0
Labels: None
Environment:

Debian Jessie x864_64



 Description    

set sql_mode=ORACLE;
 
create table t (i int);
 
alter table t add b char(255) default "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
 
 
 
# Cleanup
 
drop table t;

10.3 debug fdc47792354c820aa4a8542d7c00d434424a63fb

 
#5  0x00007f7abdcff3fa in abort () from /lib/x86_64-linux-gnu/libc.so.6
 
#6  0x00007f7abdd3bbd0 in __libc_message () from /lib/x86_64-linux-gnu/libc.so.6
 
#7  0x00007f7abddc4037 in __fortify_fail () from /lib/x86_64-linux-gnu/libc.so.6
 
#8  0x00007f7abddc4000 in __stack_chk_fail () from /lib/x86_64-linux-gnu/libc.so.6
 
#9  0x0000560dc6600553 in mark_unsupported_func (where=0x7f7aa4015298 'a' <repeats 46 times>, processor_name=0x560dc6f92356 "check_vcol_func_processor") at /data/src/10.3/sql/item.cc:1497
 
#10 0x0000560dc6600594 in mark_unsupported_function (where=0x7f7aa4015298 'a' <repeats 46 times>, store=0x7f7ab3f682b0, result=1) at /data/src/10.3/sql/item.cc:1507
 
#11 0x0000560dc661b2c7 in Item_field::check_vcol_func_processor (this=0x7f7aa4015328, arg=0x7f7ab3f682b0) at /data/src/10.3/sql/item.h:2833
 
#12 0x0000560dc6254611 in Item::walk (this=0x7f7aa4015328, processor=&virtual table offset 1016, walk_subquery=false, arg=0x7f7ab3f682b0) at /data/src/10.3/sql/item.h:1449
 
#13 0x0000560dc65d2e9f in check_expression (vcol=0x7f7aa4015430, name=0x7f7aa4015180, type=VCOL_DEFAULT) at /data/src/10.3/sql/field.cc:10029
 
#14 0x0000560dc65d34a5 in Column_definition::check (this=0x7f7aa4015170, thd=0x7f7aa4000b00) at /data/src/10.3/sql/field.cc:10163
 
#15 0x0000560dc6579ed8 in ORAparse (thd=0x7f7aa4000b00) at /data/src/10.3/sql/sql_yacc_ora.yy:6029
 
#16 0x0000560dc633b361 in parse_sql (thd=0x7f7aa4000b00, parser_state=0x7f7ab3f6a610, creation_ctx=0x0, do_pfs_digest=true) at /data/src/10.3/sql/sql_parse.cc:9961
 
#17 0x0000560dc6336656 in mysql_parse (thd=0x7f7aa4000b00, rawbuf=0x7f7aa40149f8 "alter table t add b char(255) default \"", 'a' <repeats 46 times>, "\"", length=86, parser_state=0x7f7ab3f6a610, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7883
 
#18 0x0000560dc6324282 in dispatch_command (command=COM_QUERY, thd=0x7f7aa4000b00, packet=0x7f7aa4149c41 "alter table t add b char(255) default \"", 'a' <repeats 46 times>, "\"", packet_length=86, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1819
 
#19 0x0000560dc6322ce4 in do_command (thd=0x7f7aa4000b00) at /data/src/10.3/sql/sql_parse.cc:1370
 
#20 0x0000560dc647901a in do_handle_one_connection (connect=0x560dc9e65260) at /data/src/10.3/sql/sql_connect.cc:1418
 
#21 0x0000560dc6478da7 in handle_one_connection (arg=0x560dc9e65260) at /data/src/10.3/sql/sql_connect.cc:1324
 
#22 0x0000560dc68f0720 in pfs_spawn_thread (arg=0x560dc9efe240) at /data/src/10.3/storage/perfschema/pfs.cc:1862
 
#23 0x00007f7abfc3b494 in start_thread (arg=0x7f7ab3f6b700) at pthread_create.c:333
 
#24 0x00007f7abddb393f in clone () from /lib/x86_64-linux-gnu/libc.so.6

A longer value causes SIGSEGV:

alter table t add b char(255) default "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";


#4  0x0000560297982ee3 in handle_fatal_signal (sig=11) at /data/src/10.3/sql/signal_handler.cc:166
 
#5  <signal handler called>
 
#6  0x00007f45915f2498 in ?? () from /lib/x86_64-linux-gnu/libgcc_s.so.1
 
#7  0x00007f45915f36ed in _Unwind_Backtrace () from /lib/x86_64-linux-gnu/libgcc_s.so.1
 
#8  0x00007f459133aaaf in backtrace () from /lib/x86_64-linux-gnu/libc.so.6
 
#9  0x00007f45912649c6 in backtrace_and_maps () from /lib/x86_64-linux-gnu/libc.so.6
 
#10 0x00007f45912b5bcb in __libc_message () from /lib/x86_64-linux-gnu/libc.so.6
 
#11 0x00007f459133e037 in __fortify_fail () from /lib/x86_64-linux-gnu/libc.so.6
 
#12 0x00007f459133e000 in __stack_chk_fail () from /lib/x86_64-linux-gnu/libc.so.6
 
#13 0x000056029799c553 in mark_unsupported_func (where=0x7f45700152e0 'a' <repeats 71 times>, processor_name=0x56029832e356 "check_vcol_func_processor") at /data/src/10.3/sql/item.cc:1497
 
#14 0x000056029799c594 in mark_unsupported_function (where=<error reading variable: Cannot access memory at address 0x7f4587007257>, store=<error reading variable: Cannot access memory at address 0x7f458700724f>, result=<error reading variable: Cannot access memory at address 0x7f458700724b>) at /data/src/10.3/sql/item.cc:1507
 
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Release build returns ER_BAD_FIELD_ERROR as it apparently should.

 Comments   
Comment by Alexander Barkov [ 2017-09-13 ]

Also reproducible with the default sql_mode:

CREATE OR REPLACE TABLE t1(i int);
 
ALTER TABLE t1 ADD b CHAR(255) DEFAULT `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa`;

Generated at Thu Feb 08 08:07:44 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.