[MDEV-22043] Special character leads to assertion in my_wc_to_printable_generic on 10.5.2 (debug) Created: 2020-03-26  Updated: 2020-05-09  Resolved: 2020-05-09

Status: Closed
Project: MariaDB Server
Component/s: Character Sets, Parser
Affects Version/s: 10.5
Fix Version/s: 10.5.3

Type: Bug Priority: Major
Reporter: Roel Van de Paar Assignee: Alexander Barkov
Resolution: Fixed Votes: 0
Labels: not-10.1, not-10.2, not-10.3, not-10.4, regression


 Description    

SET NAMES sjis;
 
SET @@CHARACTER_SET_CLIENT='cp1257';
 
(a(b 'т'));

Leads to:

mysqld: /data/git/10.5_dbg/strings/ctype.c:1072: my_wc_to_printable_generic: Assertion `0' failed.


Core was generated by `/data/MD180320-mariadb-10.5.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
57	../sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.
 
[Current thread is 1 (Thread 0x7f95613b7700 (LWP 11593))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
#1  0x00005612a90737d4 in my_write_core (sig=sig@entry=6) at /data/git/10.5_dbg/mysys/stacktrace.c:518
 
#2  0x00005612a881cb5f in handle_fatal_signal (sig=6) at /data/git/10.5_dbg/sql/signal_handler.cc:325
 
#3  <signal handler called>
 
#4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
 
#5  0x00007f955fafb801 in __GI_abort () at abort.c:79
 
#6  0x00007f955faeb39a in __assert_fail_base (
 
    fmt=0x7f955fc727d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", 
    assertion=assertion@entry=0x5612a93a1fcd "0", 
    file=file@entry=0x5612a97d93d0 "/data/git/10.5_dbg/strings/ctype.c", line=line@entry=1072, 
    function=function@entry=0x5612a97da460 <__PRETTY_FUNCTION__.12805> "my_wc_to_printable_generic")
 
    at assert.c:92
 
#7  0x00007f955faeb412 in __GI___assert_fail (assertion=assertion@entry=0x5612a93a1fcd "0", 
    file=file@entry=0x5612a97d93d0 "/data/git/10.5_dbg/strings/ctype.c", line=line@entry=1072, 
    function=function@entry=0x5612a97da460 <__PRETTY_FUNCTION__.12805> "my_wc_to_printable_generic")
 
    at assert.c:101
 
#8  0x00005612a90babd1 in my_wc_to_printable_generic (cs=0x5612a9d5aa60 <my_charset_sjis_japanese_ci>, 
    wc=<optimized out>, str=0x7f95613b5cfe "\201_ ];a\225\177", end=0x7f95613b5e6f "")
 
    at /data/git/10.5_dbg/strings/ctype.c:1072
 
#9  0x00005612a90bac42 in my_convert_using_func (to=0x7f95613b5cfe "\201_ ];a\225\177", 
    to@entry=0x7f95613b5c70 "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'a(b '\201_ ];a\225\177", 
    to_length=to_length@entry=511, to_cs=to_cs@entry=0x5612a9d5aa60 <my_charset_sjis_japanese_ci>, 
    wc_mb=0x5612a90baa77 <my_wc_to_printable_generic>, from=0x7f9534c1ac1b "‚'))' at line 1", 
    from@entry=0x7f9534c1ab8b "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'a(b 'Ń‚'))' at line 1", 
    from_length=from_length@entry=161, from_cs=0x5612a9d9d040 <my_charset_utf8mb3_general_ci>, 
    mb_wc=0x5612a90b3131 <my_utf8mb3_uni>, errors=0x7f95613b5c4c)
 
    at /data/git/10.5_dbg/strings/ctype.c:1141
 
#10 0x00005612a852d095 in convert_error_message (
 
    to=to@entry=0x7f95613b5c70 "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'a(b '\201_ ];a\225\177", to_length=511, 
    to_length@entry=512, to_cs=0x5612a9d5aa60 <my_charset_sjis_japanese_ci>, 
    from=from@entry=0x7f9534c1ab8b "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'a(b 'Ń‚'))' at line 1", 
    from_length=161, from_cs=0x5612a9d9d040 <my_charset_utf8mb3_general_ci>, errors=0x7f95613b5c4c)
 
    at /data/git/10.5_dbg/sql/sql_error.cc:957
 
#11 0x00005612a84834f2 in net_send_error_packet (thd=0x7f9534c15088, sql_errno=sql_errno@entry=1064, 
    err=<optimized out>, 
    err@entry=0x7f9534c1ab8b "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'a(b 'Ń‚'))' at line 1", 
    sqlstate=sqlstate@entry=0x7f9534c1ab70 "42000") at /data/git/10.5_dbg/sql/protocol.cc:452
 
#12 0x00005612a84837cb in Protocol::send_error (this=0x7f9534c15650, sql_errno=1064, 
    err_msg=0x7f9534c1ab8b "You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'a(b 'Ń‚'))' at line 1", 
    sql_state=0x7f9534c1ab70 "42000") at /data/git/10.5_dbg/sql/protocol.cc:672
 
#13 0x00005612a84839f6 in Protocol::end_statement (this=0x7f9534c15650)
 
    at /data/git/10.5_dbg/sql/protocol.cc:596
 
#14 0x00005612a8570aab in dispatch_command (command=command@entry=COM_QUERY, 
    thd=thd@entry=0x7f9534c15088, packet=<optimized out>, packet@entry=0x7f9534c67089 "(a(b 'т'))", 
    packet_length=<optimized out>, packet_length@entry=11, is_com_multi=is_com_multi@entry=false, 
    is_next_command=is_next_command@entry=false) at /data/git/10.5_dbg/sql/sql_parse.cc:2430
 
#15 0x00005612a856ceaf in do_command (thd=0x7f9534c15088) at /data/git/10.5_dbg/sql/sql_parse.cc:1358
 
#16 0x00005612a86c6a09 in do_handle_one_connection (connect=<optimized out>, 
    connect@entry=0x7f953da2b3a8, put_in_cache=put_in_cache@entry=true)
 
    at /data/git/10.5_dbg/sql/sql_connect.cc:1422
 
#17 0x00005612a86c6d38 in handle_one_connection (arg=arg@entry=0x7f953da2b3a8)
 
    at /data/git/10.5_dbg/sql/sql_connect.cc:1319
 
#18 0x00005612a8b23cfc in pfs_spawn_thread (arg=0x7f955f045888)
 
    at /data/git/10.5_dbg/storage/perfschema/pfs.cc:2201
 
#19 0x00007f95607de6db in start_thread (arg=0x7f95613b7700) at pthread_create.c:463
 
#20 0x00007f955fbdc88f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.2 (dbg)

Bug confirmed not present in:
MariaDB: 10.1.45 (dbg), 10.1.45 (opt), 10.2.32 (dbg), 10.2.32 (opt), 10.3.23 (dbg), 10.3.23 (opt), 10.4.13 (dbg), 10.4.13 (opt), 10.5.2 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

 Comments   
Comment by Roel Van de Paar [ 2020-04-24 ]

Additional testcase

SET NAMES swe7;
 
SELECT `T`;

Leads to:

10.5.3 98003440c2f8d20164a191ced1b7d92b283bb68f

 
mysqld: /test/10.5_dbg/strings/ctype.c:1072: my_wc_to_printable_generic: Assertion `0' failed.

10.5.3 98003440c2f8d20164a191ced1b7d92b283bb68f

 
Core was generated by `/test/MD210420-mariadb-10.5.3-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6)
 
    at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
[Current thread is 1 (Thread 0x7f7589b3f700 (LWP 3664845))]
 
(gdb) bt
 
#0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=6) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
 
#1  0x000055db541bf03d in my_write_core (sig=sig@entry=6) at /test/10.5_dbg/mysys/stacktrace.c:518
 
#2  0x000055db53964d7b in handle_fatal_signal (sig=6) at /test/10.5_dbg/sql/signal_handler.cc:329
 
#3  <signal handler called>
 
#4  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
 
#5  0x00007f7588283801 in __GI_abort () at abort.c:79
 
#6  0x00007f758827339a in __assert_fail_base (fmt=0x7f75883fa7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x55db544efd21 "0", file=file@entry=0x55db54927650 "/test/10.5_dbg/strings/ctype.c", line=line@entry=1072, function=function@entry=0x55db549286d0 <__PRETTY_FUNCTION__.12805> "my_wc_to_printable_generic") at assert.c:92
 
#7  0x00007f7588273412 in __GI___assert_fail (assertion=assertion@entry=0x55db544efd21 "0", file=file@entry=0x55db54927650 "/test/10.5_dbg/strings/ctype.c", line=line@entry=1072, function=function@entry=0x55db549286d0 <__PRETTY_FUNCTION__.12805> "my_wc_to_printable_generic") at assert.c:101
 
#8  0x000055db54206526 in my_wc_to_printable_generic (cs=0x55db54e9a0b0 <compiled_charsets+1104>, wc=<optimized out>, str=0x7f7589b3dc90 "", end=0x7f7589b3de6f "") at /test/10.5_dbg/strings/ctype.c:1072
 
#9  0x000055db54206597 in my_convert_using_func (to=0x7f7589b3dc90 "", to@entry=0x7f7589b3dc70 "Invalid swe7 character string: '", to_length=to_length@entry=511, to_cs=to_cs@entry=0x55db54e9a0b0 <compiled_charsets+1104>, wc_mb=0x55db542063cc <my_wc_to_printable_generic>, from=0x7f755a01abc4 "xEF\\xBC\\xB4'", from@entry=0x7f755a01aba3 "Invalid swe7 character string: '\\xEF\\xBC\\xB4'", from_length=from_length@entry=45, from_cs=0x55db54eec8e0 <my_charset_utf8mb3_general_ci>, mb_wc=0x55db541fea86 <my_utf8mb3_uni>, errors=0x7f7589b3dc4c) at /test/10.5_dbg/strings/ctype.c:1141
 
#10 0x000055db536722bf in convert_error_message (to=to@entry=0x7f7589b3dc70 "Invalid swe7 character string: '", to_length=511, to_length@entry=512, to_cs=0x55db54e9a0b0 <compiled_charsets+1104>, from=from@entry=0x7f755a01aba3 "Invalid swe7 character string: '\\xEF\\xBC\\xB4'", from_length=45, from_cs=0x55db54eec8e0 <my_charset_utf8mb3_general_ci>, errors=0x7f7589b3dc4c) at /test/10.5_dbg/sql/sql_error.cc:957
 
#11 0x000055db535c88bc in net_send_error_packet (thd=0x7f755a015088, sql_errno=sql_errno@entry=1300, err=<optimized out>, err@entry=0x7f755a01aba3 "Invalid swe7 character string: '\\xEF\\xBC\\xB4'", sqlstate=sqlstate@entry=0x7f755a01ab88 "HY000") at /test/10.5_dbg/sql/protocol.cc:452
 
#12 0x000055db535c8b95 in Protocol::send_error (this=0x7f755a015650, sql_errno=1300, err_msg=0x7f755a01aba3 "Invalid swe7 character string: '\\xEF\\xBC\\xB4'", sql_state=0x7f755a01ab88 "HY000") at /test/10.5_dbg/sql/protocol.cc:672
 
#13 0x000055db535c8dc0 in Protocol::end_statement (this=0x7f755a015650) at /test/10.5_dbg/sql/protocol.cc:596
 
#14 0x000055db536b608c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f755a015088, packet=<optimized out>, packet@entry=0x7f755a067089 "SELECT `T`", packet_length=<optimized out>, packet_length@entry=12, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:2430
 
#15 0x000055db536b249b in do_command (thd=0x7f755a015088) at /test/10.5_dbg/sql/sql_parse.cc:1358
 
#16 0x000055db5380d415 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x7f7567fc53a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1422
 
#17 0x000055db5380d744 in handle_one_connection (arg=arg@entry=0x7f7567fc53a8) at /test/10.5_dbg/sql/sql_connect.cc:1319
 
#18 0x000055db53c6dfb0 in pfs_spawn_thread (arg=0x7f7587845b08) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
 
#19 0x00007f7588f666db in start_thread (arg=0x7f7589b3f700) at pthread_create.c:463
 
#20 0x00007f758836488f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.5.2 (dbg), 10.5.3 (dbg)

Bug confirmed not present in:
MariaDB: 10.1.45 (dbg), 10.1.45 (opt), 10.2.32 (dbg), 10.2.32 (opt), 10.3.23 (dbg), 10.3.23 (opt), 10.4.13 (dbg), 10.4.13 (opt), 10.5.2 (opt), 10.5.3 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

Same outcome for this one too (i.e. character itself does not matter);

SET NAMES swe7;
 
SELECT `龔`;

Comment by Roel Van de Paar [ 2020-04-24 ]

MariaDB 10.4.13:

10.4.13>SET NAMES swe7;
 
Query OK, 0 rows affected (0.000 sec)
 
10.4.13>SELECT `T`;
 
ERROR 1300 (HY000): Invalid swe7 character string: '\005CxEF\005CxBC\005CxB4'

Comment by Roel Van de Paar [ 2020-04-24 ]

Would this bug apply to many different situations (whenever there is an invalid character string for a given client charset)?

Comment by Alexander Barkov [ 2020-05-06 ]

Also repeatable with:

SET NAMES sjis;
 
SET @@CHARACTER_SET_CLIENT='cp1257';
 
'т';

Comment by Alexander Barkov [ 2020-05-06 ]

More scripts:

SET NAMES sjis;
 
SET @@CHARACTER_SET_CLIENT='cp1257';
 
EXECUTE IMMEDIATE _cp1257 0xD182;

Comment by Alexander Barkov [ 2020-05-07 ] 

SET NAMES swe7;
 
EXECUTE IMMEDIATE _swe7 0x01;

Comment by Alexander Barkov [ 2020-05-07 ] 

SET NAMES filename;
 
EXECUTE IMMEDIATE _latin1 0x01;

Generated at Thu Feb 08 09:11:45 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.