[MDEV-20589] Server still crashes in Field::set_warning_truncated_wrong_value Created: 2019-09-13  Updated: 2019-10-17  Resolved: 2019-09-18

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 10.3.17
Fix Version/s: 10.2.28, 10.3.19, 10.4.9

Type: Bug Priority: Major
Reporter: Geoff Montee (Inactive) Assignee: Varun Gupta (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-18899 Server crashes in Field::set_warning_... Closed

 Description   

MDEV-18899 was fixed in MariaDB 10.3.14, but a user is seeing a similar crash in MariaDB 10.3.17:

190914  2:59:31 [ERROR] mysqld got signal 11 ;
 
This could be because you hit a bug. It is also possible that this binary
 
or one of the libraries it was linked against is corrupt, improperly built,
 
or misconfigured. This error can also be caused by malfunctioning hardware.
 
 
 
To report this bug, see https://mariadb.com/kb/en/reporting-bugs
 
 
 
We will try our best to scrape up some info that will hopefully help
 
diagnose the problem, but since we have already crashed, 
something is definitely wrong and this may fail.
 
 
 
Server version: 10.3.17-MariaDB-log
 
key_buffer_size=67108864
 
read_buffer_size=131072
 
max_used_connections=1007
 
max_threads=10002
 
thread_count=1006
 
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 22055066 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x7f72e4060568
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x7f758aba0d30 thread_stack 0x40000
 
*** buffer overflow detected ***: /usr/sbin/mysqld terminated
 
======= Backtrace: =========
 
/lib64/libc.so.6(__fortify_fail+0x37)[0x7f85c6774677]
 
/lib64/libc.so.6(+0x1167f2)[0x7f85c67727f2]
 
/lib64/libc.so.6(+0x1185d7)[0x7f85c67745d7]
 
/usr/sbin/mysqld(my_addr_resolve+0xda)[0x562d950486da]
 
/usr/sbin/mysqld(my_print_stacktrace+0x1c2)[0x562d95031ad2]
 
/usr/sbin/mysqld(handle_fatal_signal+0x30f)[0x562d94ad12af]
 
/lib64/libpthread.so.0(+0xf680)[0x7f85c83be680]
 
/usr/sbin/mysqld(_ZN5Field33set_warning_truncated_wrong_valueEPKcS1_+0x1b)[0x562d94ac48eb]
 
/usr/sbin/mysqld(_ZN13Field_longstr23check_string_copy_errorEPK13String_copierPKcPK15charset_info_st+0x97)[0x562d94ac5437]
 
/usr/sbin/mysqld(_ZN15Field_varstring5storeEPKcmPK15charset_info_st+0x79)[0x562d94ac5949]
 
/usr/sbin/mysqld(_Z36read_statistics_for_tables_if_neededP3THDP10TABLE_LIST+0xbf1)[0x562d9496f2d1]
 
/usr/sbin/mysqld(_Z20open_and_lock_tablesP3THDRK14DDL_options_stP10TABLE_LISTbjP19Prelocking_strategy+0x9d)[0x562d9489d6cd]
 
/usr/sbin/mysqld(+0x4bcbd8)[0x562d94804bd8]
 
/usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x33f2)[0x562d948f6432]
 
/usr/sbin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_statebb+0x22b)[0x562d948fbc2b]
 
/usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcjbb+0x1c9f)[0x562d948fe80f]
 
/usr/sbin/mysqld(_Z10do_commandP3THD+0x13e)[0x562d948ff74e]
 
/usr/sbin/mysqld(_Z24do_handle_one_connectionP7CONNECT+0x221)[0x562d949d2f61]
 
/usr/sbin/mysqld(handle_one_connection+0x3d)[0x562d949d302d]
 
/lib64/libpthread.so.0(+0x7dd5)[0x7f85c83b6dd5]
 
/lib64/libc.so.6(clone+0x6d)[0x7f85c675ab3d]



 Comments   
Comment by Varun Gupta (Inactive) [ 2019-09-17 ]

Managed to reproduce this

set names utf8;
 
 
 
create table t1 ( a varchar(255) character set utf8);
 
insert into t1 values (REPEAT('ӥ',255)), (REPEAT('ç',255));
 
 
 
set @save_use_stat_tables=@@use_stat_tables;
 
set use_stat_tables='preferably';
 
analyze table t1 persistent for all;
 
 
 
set @save_sql_mode= @@sql_mode;
 
set sql_mode='ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION';
 
update mysql.column_stats set min_value= REPEAT('ӥ',256) where db_name='test' and table_name='t1';
 
set @@sql_mode= @save_sql_mode;
 
 
 
select length(a) from t1 where a=REPEAT('ӥ',255);

Stacktrace

0  __pthread_kill (threadid=<optimized out>, signo=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
#1  0x000055db34167fdb in my_write_core (sig=11) at /home/varunraiko/MariaDB/maria-dev2/mysys/stacktrace.c:518
 
#2  0x000055db337f2d5b in handle_fatal_signal (sig=11) at /home/varunraiko/MariaDB/maria-dev2/sql/signal_handler.cc:343
 
#3  <signal handler called>
 
#4  0x000055db337dff04 in Field::set_warning_truncated_wrong_value (this=0x7f7a38115d10, type_arg=0x55db343e8a9f "string", value=0x7f7a4ede2b40 "\\xD3") at /home/varunraiko/MariaDB/maria-dev2/sql/field.cc:10941
 
#5  0x000055db337d2119 in Field_longstr::check_string_copy_error (this=0x7f7a38115d10, copier=0x7f7a4ede2c10, end=0x7f7a3807cbd4 "\376\323\245\323\245\323\323"..., cs=0x55db34d5f100 <my_charset_bin>) at /home/varunraiko/MariaDB/maria-dev2/sql/field.cc:7047
 
#6  0x000055db337e2b7b in Field_longstr::check_conversion_status (this=0x7f7a38115d10, copier=0x7f7a4ede2c10, end=0x7f7a3807cbd4 "\376\323\245\323\245\323\245\3233"..., cs=0x55db34d5f100 <my_charset_bin>, count_spaces=true) at /home/varunraiko/MariaDB/maria-dev2/sql/field.h:2053
 
#7  0x000055db337e2c4b in Field_longstr::well_formed_copy_with_check (this=0x7f7a38115d10, to=0x7f7a38150ee3 "\323\245\323\245\323\245\"..., to_length=765, from_cs=0x55db34d5f100 <my_charset_bin>, from=0x7f7a3807cad5 "\323\245\323\245\323\245\323\245\323"..., from_length=255, nchars=255, count_spaces=true, copy_length=0x7f7a4ede2c88) at /home/varunraiko/MariaDB/maria-dev2/sql/field.h:2070
 
#8  0x000055db337d4836 in Field_varstring::store (this=0x7f7a38115d10, from=0x7f7a3807cad5 "\323\245\323\245\323"..., length=255, cs=0x55db34d5f100 <my_charset_bin>) at /home/varunraiko/MariaDB/maria-dev2/sql/field.cc:7703
 
#9  0x000055db3357f909 in Column_stat::get_stat_values (this=0x7f7a4ede31a0) at /home/varunraiko/MariaDB/maria-dev2/sql/sql_statistics.cc:1135
 
#10 0x000055db3357a7c7 in read_statistics_for_table (thd=0x7f7a38000d08, table=0x7f7a38124408, stat_tables=0x7f7a4ede3370) at /home/varunraiko/MariaDB/maria-dev2/sql/sql_statistics.cc:3066

Comment by Varun Gupta (Inactive) [ 2019-09-18 ]

Asked Bar to review this and he said OK to push

Also did a small refactoring for Field::clone

Comment by Varun Gupta (Inactive) [ 2019-09-23 ]

Reverted the patch as Monty suggested and backported his patch to 10.2

This is Monty's patch in 10.3, that is now backported to 10.2
https://github.com/MariaDB/server/commit/1bbe8c5e0f6823acd4780d7563e8c02f8b4c5a01

Generated at Thu Feb 08 09:00:38 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.