[MDEV-28835] Assertion `(length % 4) == 0' failed in my_lengthsp_utf32 on INSERT Created: 2022-06-14  Updated: 2023-10-04  Resolved: 2023-10-04

Status: Closed
Project: MariaDB Server
Component/s: Character Sets, Data Manipulation - Insert
Affects Version/s: 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11, 11.0
Fix Version/s: 10.4.32, 10.5.23, 10.6.16, 10.10.7, 10.11.6, 11.0.4, 11.1.3, 11.2.2, 11.3.1

Type: Bug Priority: Major
Reporter: Roel Van de Paar Assignee: Alexander Barkov
Resolution: Fixed Votes: 0
Labels: regression-10.4, upstream-5.5, upstream-5.6, upstream-5.7, upstream-8.0

Issue Links:
Relates
relates to MDEV-23210 Assertion `(length % 4) == 0' failed ... Closed

 Description   

Ref MDEV-23210. Debug regression in 10.4, and this one is also present in all MySQL debug versions.

SET sql_mode='',character_set_connection=utf32;
 
CREATE TABLE t (c ENUM ('','')) CHARACTER SET utf32 ENGINE=InnoDB;
 
INSERT INTO t VALUES (DATE_FORMAT('2004-02-02','%W'));

Leads to:

10.10.0 081a284712bb661349e2e3802077b12211cede3e (Debug)

 
mysqld: /test/10.10_dbg/strings/ctype-ucs2.c:2226: my_lengthsp_utf32: Assertion `(length % 4) == 0' failed.

10.10.0 081a284712bb661349e2e3802077b12211cede3e (Debug)

 
Core was generated by `/test/MD310522-mariadb-10.10.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
[Current thread is 1 (Thread 0x14c822175700 (LWP 3559645))]
 
(gdb) bt
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#1  0x000014c840b20859 in __GI_abort () at abort.c:79
 
#2  0x000014c840b20729 in __assert_fail_base (fmt=0x14c840cb6588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x56289155baba "(length % 4) == 0", file=0x56289155ba48 "/test/10.10_dbg/strings/ctype-ucs2.c", line=2226, function=<optimized out>) at assert.c:92
 
#3  0x000014c840b31fd6 in __GI___assert_fail (assertion=assertion@entry=0x56289155baba "(length % 4) == 0", file=file@entry=0x56289155ba48 "/test/10.10_dbg/strings/ctype-ucs2.c", line=line@entry=2226, function=function@entry=0x56289155c1b0 <__PRETTY_FUNCTION__.17507> "my_lengthsp_utf32") at assert.c:101
 
#4  0x0000562890f469a7 in my_lengthsp_utf32 (cs=<optimized out>, ptr=<optimized out>, length=<optimized out>) at /test/10.10_dbg/strings/ctype-ucs2.c:2226
 
#5  0x000056289078ff5a in charset_info_st::lengthsp (length=7, str=0x14c822173840 "", this=<optimized out>) at /test/10.10_dbg/include/m_ctype.h:699
 
#6  Field_enum::store (this=0x14c79c027eb8, from=0x14c822173840 "", length=7, cs=0x56289196b100 <my_charset_utf32_general_ci>) at /test/10.10_dbg/sql/field.cc:9230
 
#7  0x00005628907e1fb5 in Item::save_str_in_field (this=0x14c79c014a98, field=0x14c79c027eb8, no_conversions=<optimized out>) at /test/10.10_dbg/sql/sql_string.h:278
 
#8  0x00005628906c15f8 in Type_handler_string_result::Item_save_in_field (this=<optimized out>, item=<optimized out>, field=<optimized out>, no_conversions=<optimized out>) at /test/10.10_dbg/sql/sql_type.cc:4338
 
#9  0x00005628907c88d3 in Item::save_in_field (this=0x14c79c014a98, field=0x14c79c027eb8, no_conversions=<optimized out>) at /test/10.10_dbg/sql/item.cc:6836
 
#10 0x000056289044b13b in fill_record (thd=thd@entry=0x14c79c000db8, table=table@entry=0x14c79c0210f8, ptr=0x14c79c027eb0, ptr@entry=0x14c79c027ea8, values=@0x14c79c0148a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c79c014b78, last = 0x14c79c014b78, elements = 1}, <No data fields>}, ignore_errors=ignore_errors@entry=false, use_value=use_value@entry=false) at /test/10.10_dbg/sql/sql_base.cc:9104
 
#11 0x000056289044b1fe in fill_record_n_invoke_before_triggers (thd=thd@entry=0x14c79c000db8, table=table@entry=0x14c79c0210f8, ptr=0x14c79c027ea8, values=@0x14c79c0148a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c79c014b78, last = 0x14c79c014b78, elements = 1}, <No data fields>}, ignore_errors=ignore_errors@entry=false, event=event@entry=TRG_EVENT_INSERT) at /test/10.10_dbg/sql/sql_base.cc:9159
 
#12 0x000056289048e479 in mysql_insert (thd=thd@entry=0x14c79c000db8, table_list=<optimized out>, fields=@0x14c79c005e90: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5628919a5a00 <end_of_list>, last = 0x14c79c005e90, elements = 0}, <No data fields>}, values_list=@0x14c79c005ed8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c79c014be8, last = 0x14c79c014be8, elements = 1}, <No data fields>}, update_fields=@0x14c79c005ec0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5628919a5a00 <end_of_list>, last = 0x14c79c005ec0, elements = 0}, <No data fields>}, update_values=@0x14c79c005ea8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5628919a5a00 <end_of_list>, last = 0x14c79c005ea8, elements = 0}, <No data fields>}, duplic=DUP_ERROR, ignore=false, result=0x0) at /test/10.10_dbg/sql/sql_insert.cc:1075
 
#13 0x00005628904d0803 in mysql_execute_command (thd=thd@entry=0x14c79c000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:4562
 
#14 0x00005628904bce3a in mysql_parse (thd=thd@entry=0x14c79c000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14c822174470) at /test/10.10_dbg/sql/sql_parse.cc:8036
 
#15 0x00005628904ca422 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14c79c000db8, packet=packet@entry=0x14c79c00b6d9 "INSERT INTO t VALUES (DATE_FORMAT('2004-02-02','%W'))", packet_length=packet_length@entry=53, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1364
 
#16 0x00005628904ccb2c in do_command (thd=0x14c79c000db8, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
 
#17 0x000056289062c3c0 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562893699288, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1418
 
#18 0x000056289062c8c9 in handle_one_connection (arg=0x562893699288) at /test/10.10_dbg/sql/sql_connect.cc:1312
 
#19 0x000014c841031609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#20 0x000014c840c1d133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.4.26 (dbg), 10.5.17 (dbg), 10.6.9 (dbg), 10.7.5 (dbg), 10.8.4 (dbg), 10.9.2 (dbg), 10.10.0 (dbg)
MySQL: 5.5.62 (dbg), 5.6.51 (dbg), 5.7.38 (dbg), 8.0.29 (dbg)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.36 (dbg), 10.3.36 (opt), 10.4.26 (opt), 10.5.17 (opt), 10.6.9 (opt), 10.7.5 (opt), 10.8.4 (opt), 10.9.2 (opt), 10.10.0 (opt)
MySQL: 5.5.62 (opt), 5.6.51 (opt), 5.7.38 (opt), 8.0.29 (opt)

 Comments   
Comment by Roel Van de Paar [ 2022-06-14 ]

All UniqueID's/stacks seen

(length % 4) == 0|SIGABRT|my_lengthsp_utf32|Field_enum::store|Item::save_in_field_inner|Item::save_in_field
 
(length % 4) == 0|SIGABRT|my_lengthsp_utf32|Field_enum::store|Item::save_in_field|fill_record
 
(length % 4) == 0|SIGABRT|my_lengthsp_utf32|Field_enum::store|Item::save_str_in_field|Type_handler_string_result::Item_save_in_field
 
(length % 4) == 0|SIGABRT|my_lengthsp_utf32|charset_info_st::lengthsp|Field_enum::store|Item::save_str_in_field

Comment by Roel Van de Paar [ 2023-03-21 ]

An additional testcase with a partially new stack, and this one will crash 10.3 also.

SET collation_connection=utf32_unicode_520_ci;
 
CREATE TABLE t (a SET('') CHARACTER SET utf32);
 
INSERT INTO t VALUES (DATE_FORMAT(0,0));

Leads to:

11.0.1 f2dc4d4c10ac36a73b5c1eb765352d3aee808d66 (Debug)

 
mariadbd: /test/11.0_dbg/strings/ctype-ucs2.c:2242: my_lengthsp_utf32: Assertion `(length % 4) == 0' failed.

11.0.1 f2dc4d4c10ac36a73b5c1eb765352d3aee808d66 (Debug)

 
Core was generated by `/test/MD180223-mariadb-11.0.1-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=22628909745728)
 
    at ./nptl/pthread_kill.c:44
 
[Current thread is 1 (Thread 0x1494b4208640 (LWP 737379))]
 
(gdb) bt
 
#0  __pthread_kill_implementation (no_tid=0, signo=6, threadid=22628909745728) at ./nptl/pthread_kill.c:44
 
#1  __pthread_kill_internal (signo=6, threadid=22628909745728) at ./nptl/pthread_kill.c:78
 
#2  __GI___pthread_kill (threadid=22628909745728, signo=signo@entry=6) at ./nptl/pthread_kill.c:89
 
#3  0x00001494cd894476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
 
#4  0x00001494cd87a7f3 in __GI_abort () at ./stdlib/abort.c:79
 
#5  0x00001494cd87a71b in __assert_fail_base (fmt=0x1494cda2f150 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55de30ca9b72 "(length % 4) == 0", file=0x55de30ca9b00 "/test/11.0_dbg/strings/ctype-ucs2.c", line=2242, function=<optimized out>) at ./assert/assert.c:92
 
#6  0x00001494cd88be96 in __GI___assert_fail (assertion=assertion@entry=0x55de30ca9b72 "(length % 4) == 0", file=file@entry=0x55de30ca9b00 "/test/11.0_dbg/strings/ctype-ucs2.c", line=line@entry=2242, function=function@entry=0x55de30caa270 <__PRETTY_FUNCTION__.32> "my_lengthsp_utf32") at ./assert/assert.c:101
 
#7  0x000055de3061495a in my_lengthsp_utf32 (cs=<optimized out>, ptr=<optimized out>, length=<optimized out>) at /test/11.0_dbg/strings/ctype-ucs2.c:2242
 
#8  0x000055de2fd8d92e in charset_info_st::lengthsp (length=1, str=0x1494b4206570 "0e \264\224\024", this=<optimized out>) at /test/11.0_dbg/include/m_ctype.h:810
 
#9  find_set (lib=0x149460028340, str=str@entry=0x1494b4206570 "0e \264\224\024", length=length@entry=1, cs=0x55de311239a0 <my_charset_utf32_general_ci>, err_pos=err_pos@entry=0x1494b42064a0, err_len=err_len@entry=0x1494b420649c, set_warning=0x1494b4206497) at /test/11.0_dbg/sql/strfunc.cc:54
 
#10 0x000055de2ff32304 in Field_set::store (this=0x14946002f408, from=0x1494b4206570 "0e \264\224\024", length=1, cs=0x55de310f2160 <my_charset_utf32_unicode_520_ci>) at /test/11.0_dbg/sql/field.h:2118
 
#11 0x000055de2ff7b0ad in Item::save_str_in_field (this=0x149460013f28, field=0x14946002f408, no_conversions=<optimized out>) at /test/11.0_dbg/sql/item.cc:6834
 
#12 0x000055de2fe6fc9a in Type_handler_string_result::Item_save_in_field (this=<optimized out>, item=<optimized out>, field=<optimized out>, no_conversions=<optimized out>) at /test/11.0_dbg/sql/sql_type.cc:4329
 
#13 0x000055de2ff637db in Item::save_in_field (this=0x149460013f28, field=0x14946002f408, no_conversions=<optimized out>) at /test/11.0_dbg/sql/item.cc:6872
 
#14 0x000055de2fc0b5c2 in fill_record (thd=thd@entry=0x149460000d58, table=table@entry=0x14946002efe8, ptr=0x14946002f400, ptr@entry=0x14946002f3f8, values=@0x149460013e00: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149460014010, last = 0x149460014010, elements = 1}, <No data fields>}, ignore_errors=ignore_errors@entry=false, use_value=use_value@entry=false) at /test/11.0_dbg/sql/sql_base.cc:9238
 
#15 0x000055de2fc0b722 in fill_record_n_invoke_before_triggers (thd=thd@entry=0x149460000d58, table=table@entry=0x14946002efe8, ptr=0x14946002f3f8, values=@0x149460013e00: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149460014010, last = 0x149460014010, elements = 1}, <No data fields>}, ignore_errors=ignore_errors@entry=false, event=event@entry=TRG_EVENT_INSERT) at /test/11.0_dbg/sql/sql_base.cc:9293
 
#16 0x000055de2fc4748f in mysql_insert (thd=thd@entry=0x149460000d58, table_list=<optimized out>, fields=@0x149460005ec0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55de3115e440 <end_of_list>, last = 0x149460005ec0, elements = 0}, <No data fields>}, values_list=@0x149460005f08: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149460014058, last = 0x149460014058, elements = 1}, <No data fields>}, update_fields=@0x149460005ef0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55de3115e440 <end_of_list>, last = 0x149460005ef0, elements = 0}, <No data fields>}, update_values=@0x149460005ed8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55de3115e440 <end_of_list>, last = 0x149460005ed8, elements = 0}, <No data fields>}, duplic=DUP_ERROR, ignore=false, result=0x0) at /test/11.0_dbg/sql/sql_insert.cc:1096
 
#17 0x000055de2fc80e0b in mysql_execute_command (thd=thd@entry=0x149460000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.0_dbg/sql/sql_parse.cc:4569
 
#18 0x000055de2fc867cf in mysql_parse (thd=thd@entry=0x149460000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1494b42072c0) at /test/11.0_dbg/sql/sql_parse.cc:8002
 
#19 0x000055de2fc88963 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x149460000d58, packet=packet@entry=0x14946000ae19 "INSERT INTO t VALUES (DATE_FORMAT(0,0))", packet_length=packet_length@entry=39, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_class.h:242
 
#20 0x000055de2fc8a7bc in do_command (thd=0x149460000d58, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_parse.cc:1407
 
#21 0x000055de2fddb6e2 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55de325f9168, put_in_cache=put_in_cache@entry=true) at /test/11.0_dbg/sql/sql_connect.cc:1416
 
#22 0x000055de2fddb941 in handle_one_connection (arg=0x55de325f9168) at /test/11.0_dbg/sql/sql_connect.cc:1318
 
#23 0x00001494cd8e6b43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
 
#24 0x00001494cd978a00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Bug confirmed present in:
MariaDB: 10.3.38 (dbg), 10.4.29 (dbg), 10.5.20 (dbg), 10.6.13 (dbg), 10.7.8 (dbg), 10.8.8 (dbg), 10.9.6 (dbg), 10.10.4 (dbg), 10.11.2 (dbg), 11.0.1 (dbg)
MySQL: 5.6.51 (dbg), 5.7.40 (dbg), 8.0.31 (dbg)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.38 (opt), 10.4.29 (opt), 10.5.20 (opt), 10.6.13 (opt), 10.7.8 (opt), 10.8.8 (opt), 10.9.6 (opt), 10.10.4 (opt), 10.11.2 (opt), 11.0.1 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (opt), 5.7.40 (opt), 8.0.31 (opt)

All new UniqueID's observed with this testcase accross versions:

(length % 4) == 0|SIGABRT|my_lengthsp_utf32|charset_info_st::lengthsp|find_set|Field_set::store
 
(length % 4) == 0|SIGABRT|my_lengthsp_utf32|find_set|Field_set::store|Item::save_in_field
 
(length % 4) == 0|SIGABRT|my_lengthsp_utf32|find_set|Field_set::store|Item::save_in_field_inner
 
(length % 4) == 0|SIGABRT|my_lengthsp_utf32|find_set|Field_set::store|Item::save_str_in_field

Comment by Alexander Barkov [ 2023-07-19 ]

holyfoot, can you please review a patch:
https://github.com/MariaDB/server/commit/b481954378c24d76aec592775402df2f6b74240c
?
Thanks.

Comment by Alexey Botchkov [ 2023-09-12 ]

ok to push.

Generated at Thu Feb 08 10:03:50 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.