Use test;

INSTALL PLUGIN spider SONAME 'ha_spider.so';

CREATE SERVER d FOREIGN DATA WRAPPER mysql OPTIONS (HOST'',DATABASE'',USER'',PORT 10000,PASSWORD'');

SET SESSION spider_same_server_link=ON;

CREATE TABLE t (id INT AUTO_INCREMENT,i INT,KEY(id)) ENGINE=SPIDER;

EXPLAIN SELECT * FROM t AS nt2 WHERE 1 IN (SELECT it.a FROM t AS it JOIN t AS it3 ON it.a=it3.a);

ALTER TABLE t CHANGE c c FLOAT UNSIGNED ZEROFILL;

CREATE TEMPORARY TABLE tm1 (c INT) ENGINE=SPIDER UNION=(t);

==2175739==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f79a9e25261 at pc 0x55902fa30b1c bp 0x7f79aa21e220 sp 0x7f79aa21e210

READ of size 1 at 0x7f79a9e25261 thread T12

    #0 0x55902fa30b1b in my_charlen_utf8mb3 /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/strings/ctype-utf8.c:5205

    #1 0x55902fa30b1b in my_well_formed_char_length_utf8mb3 /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/strings/ctype-mb.ic:187

    #2 0x55902f9dd6cd in my_ci_well_formed_char_length /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/include/m_ctype.h:1021

    #3 0x55902f9dd6cd in my_copy_fix_mb /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/strings/ctype-mb.c:406

    #4 0x55902e29bc2a in charset_info_st::copy_fix(char*, unsigned long, char const*, unsigned long, unsigned long, MY_STRCOPY_STATUS*) const /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/include/m_ctype.h:761

    #5 0x55902e29bc2a in String_copier::well_formed_copy(charset_info_st const*, char*, unsigned long, charset_info_st const*, char const*, unsigned long, unsigned long) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/sql_string.cc:1115

    #6 0x55902e740233 in Field_longstr::well_formed_copy_with_check(char*, unsigned long, charset_info_st const*, char const*, unsigned long, unsigned long, bool, unsigned int*) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/field.h:2178

    #7 0x55902e740233 in Field_string::store(char const*, unsigned long, charset_info_st const*) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/field.cc:7291

    #8 0x7f79a9c170e6 in spider_sys_get_table_sts(THD*, char const*, unsigned int, ha_statistics*, bool) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/storage/spider/spd_sys_table.cc:3442

    #9 0x7f79a9cdf902 in spider_get_sts(st_spider_share*, int, long, ha_spider*, double, int, int, int, unsigned int) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/storage/spider/spd_table.cc:8006

    #10 0x7f79a9d03798 in spider_get_share(char const*, TABLE*, THD*, ha_spider*, int*) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/storage/spider/spd_table.cc:5505

    #11 0x7f79a9d7bd61 in ha_spider::open(char const*, int, unsigned int) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/storage/spider/ha_spider.cc:441

    #12 0x55902e7775c3 in handler::ha_open(TABLE*, char const*, int, unsigned int, st_mem_root*, List<String>*) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/handler.cc:2997

    #13 0x55902e381fb9 in open_table_from_share(THD*, TABLE_SHARE*, st_mysql_const_lex_string const*, unsigned int, unsigned int, unsigned int, TABLE*, bool, List<String>*) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/table.cc:4242

    #14 0x55902e60d51c in THD::open_temporary_table(TMP_TABLE_SHARE*, char const*) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/temporary_tables.cc:1117

    #15 0x55902e6122ba in THD::create_and_open_tmp_table(st_mysql_const_unsigned_lex_string*, char const*, char const*, char const*, bool) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/temporary_tables.cc:74

    #16 0x55902e2d0191 in create_table_impl /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/sql_table.cc:5424

    #17 0x55902e2d12c9 in mysql_create_table_no_lock(THD*, st_mysql_const_lex_string const*, st_mysql_const_lex_string const*, Table_specification_st*, Alter_info*, bool*, int, TABLE_LIST*) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/sql_table.cc:5496

    #18 0x55902e2d1b93 in mysql_create_table(THD*, TABLE_LIST*, Table_specification_st*, Alter_info*) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/sql_table.cc:5600

    #19 0x55902e2e1f0e in Sql_cmd_create_table_like::execute(THD*) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/sql_table.cc:12238

    #20 0x55902e08ec0b in mysql_execute_command(THD*) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/sql_parse.cc:6056

    #21 0x55902e09bf01 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/sql_parse.cc:8100

    #22 0x55902e0a2f64 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/sql_parse.cc:1891

    #23 0x55902e0a7c04 in do_command(THD*) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/sql_parse.cc:1370

    #24 0x55902e41c9c6 in do_handle_one_connection(CONNECT*, bool) /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/sql_connect.cc:1418

    #25 0x55902e41d074 in handle_one_connection /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/sql/sql_connect.cc:1312

    #26 0x55902efa4c58 in pfs_spawn_thread /home/nayuta_mariadb/repo/mariadb-server/bb-10.5-MDEV-27240/storage/perfschema/pfs.cc:2201

    #27 0x7f79baf6b44f in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x944f)

    #28 0x7f79bab02d52 in clone (/lib/x86_64-linux-gnu/libc.so.6+0x117d52)