--source plugin/spider/spider/include/init_spider.inc

SET spider_same_server_link = on;

eval create server s foreign data wrapper mysql options (host "127.0.0.1", database "test", user "root", port $MASTER_MYPORT);

CREATE TABLE t1 (a CHAR(8));

INSERT INTO t1 VALUES ('foo'),('bar');

CREATE TABLE t1_SPIDER (a CHAR(8)) ENGINE=SPIDER COMMENT="wrapper 'mysql', srv 's', table 't1'";

SELECT MAX(BINARY a) FROM t1_SPIDER;

# Cleanup

DROP TABLE t1_SPIDER;

DROP TABLE t1;

--source plugin/spider/spider/include/deinit_spider.inc

==4098190==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fafb5cad07b at pc 0x00000071bc17 bp 0x7fafb5cac610 sp 0x7fafb5cabdd8

READ of size 23 at 0x7fafb5cad07b thread T5

    #0 0x71bc16 in __asan_memcpy (/mnt8t/bld/10.3-asan/bin/mysqld+0x71bc16)

    #1 0x7c83b3 in String::q_append(char const*, unsigned long) /data/src/10.3/sql/sql_string.h:598:7

    #2 0x7fafb5739905 in spider_string::q_append(char const*, unsigned int) /data/src/10.3/storage/spider/spd_malloc.cc:1129:7

    #3 0x7fafb58a20ea in spider_db_mbase_util::open_item_func(Item_func*, ha_spider*, spider_string*, char const*, unsigned int, bool, spider_fields*) /data/src/10.3/storage/spider/spd_db_mysql.cc:5317:10

    #4 0x7fafb55937b0 in spider_db_open_item_func(Item_func*, ha_spider*, spider_string*, char const*, unsigned int, unsigned int, bool, spider_fields*) /data/src/10.3/storage/spider/spd_db_conn.cc:9059:3

    #5 0x7fafb5592a8d in spider_db_print_item_type(Item*, Field*, ha_spider*, spider_string*, char const*, unsigned int, unsigned int, bool, spider_fields*) /data/src/10.3/storage/spider/spd_db_conn.cc:8869:7

    #6 0x7fafb58a2cf8 in spider_db_mbase_util::open_item_sum_func(Item_sum*, ha_spider*, spider_string*, char const*, unsigned int, bool, spider_fields*) /data/src/10.3/storage/spider/spd_db_mysql.cc:5370:28

    #7 0x7fafb5593c00 in spider_db_open_item_sum_func(Item_sum*, ha_spider*, spider_string*, char const*, unsigned int, unsigned int, bool, spider_fields*) /data/src/10.3/storage/spider/spd_db_conn.cc:9075:3

    #8 0x7fafb5592b70 in spider_db_print_item_type(Item*, Field*, ha_spider*, spider_string*, char const*, unsigned int, unsigned int, bool, spider_fields*) /data/src/10.3/storage/spider/spd_db_conn.cc:8873:7

    #9 0x7fafb595395b in spider_mbase_handler::append_list_item_select(List<Item>*, spider_string*, char const*, unsigned int, bool, spider_fields*) /data/src/10.3/storage/spider/spd_db_mysql.cc:14395:22

    #10 0x7fafb595333d in spider_mbase_handler::append_list_item_select_part(List<Item>*, char const*, unsigned int, bool, spider_fields*, unsigned long) /data/src/10.3/storage/spider/spd_db_mysql.cc:14366:15

    #11 0x7fafb5978f40 in spider_group_by_handler::init_scan() /data/src/10.3/storage/spider/spd_group_by_handler.cc:1316:33

    #12 0xe071aa in Pushdown_query::execute(JOIN*) /data/src/10.3/sql/group_by_handler.cc:49:22

    #13 0xcc52d4 in do_select(JOIN*, Procedure*) /data/src/10.3/sql/sql_select.cc:19331:36

    #14 0xcc28a5 in JOIN::exec_inner() /data/src/10.3/sql/sql_select.cc:4151:50

    #15 0xcbf33e in JOIN::exec() /data/src/10.3/sql/sql_select.cc:3945:3

    #16 0xc326ec in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.3/sql/sql_select.cc:4354:9

    #17 0xc312d4 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.3/sql/sql_select.cc:372:10

    #18 0xb6f9ed in execute_sqlcom_select(THD*, TABLE_LIST*) /data/src/10.3/sql/sql_parse.cc:6339:12

    #19 0xb52677 in mysql_execute_command(THD*) /data/src/10.3/sql/sql_parse.cc:3870:12

    #20 0xb42226 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.3/sql/sql_parse.cc:7870:18

    #21 0xb32dac in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.3/sql/sql_parse.cc:1852:7

    #22 0xb3c0ac in do_command(THD*) /data/src/10.3/sql/sql_parse.cc:1398:17

    #23 0x10813d6 in do_handle_one_connection(CONNECT*) /data/src/10.3/sql/sql_connect.cc:1403:11

    #24 0x1080aa3 in handle_one_connection /data/src/10.3/sql/sql_connect.cc:1308:3

    #25 0x2e93861 in pfs_spawn_thread /data/src/10.3/storage/perfschema/pfs.cc:1869:3

    #26 0x7fafc07efea6 in start_thread nptl/pthread_create.c:477:8

    #27 0x7fafc06fadee in clone misc/../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Address 0x7fafb5cad07b is located in stack of thread T5 at offset 2171 in frame

    #0 0x7fafb5897c4f in spider_db_mbase_util::open_item_func(Item_func*, ha_spider*, spider_string*, char const*, unsigned int, bool, spider_fields*) /data/src/10.3/storage/spider/spd_db_mysql.cc:4109

  This frame has 8 object(s):

    [32, 64) '_db_stack_frame_' (line 4122)

    [96, 862) 'tmp_buf' (line 4565)

    [992, 1080) 'tmp_str' (line 4566)

    [1120, 1886) 'tmp_buf1112' (line 4699)

    [2016, 2104) 'tmp_str1115' (line 4700)

    [2144, 2910) 'tmp_buf1516' (line 4853) <== Memory access at offset 2171 is inside this variable

    [3040, 3128) 'tmp_str1519' (line 4854)

    [3168, 3200) 'lif' (line 4890)

HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork

      (longjmp and C++ exceptions *are* supported)

Thread T5 created by T0 here:

    #0 0x7071ea in pthread_create (/mnt8t/bld/10.3-asan/bin/mysqld+0x7071ea)

    #1 0x2e99b09 in spawn_thread_v1(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /data/src/10.3/storage/perfschema/pfs.cc:1919:15

    #2 0x757a1a in inline_mysql_thread_create(unsigned int, unsigned long*, pthread_attr_t const*, void* (*)(void*), void*) /data/src/10.3/include/mysql/psi/mysql_thread.h:1275:11

    #3 0x769453 in create_thread_to_handle_connection(CONNECT*) /data/src/10.3/sql/mysqld.cc:6668:15

    #4 0x76ac4a in create_new_thread(CONNECT*) /data/src/10.3/sql/mysqld.cc:6738:3

    #5 0x7689cd in handle_connections_sockets() /data/src/10.3/sql/mysqld.cc:6996:9

    #6 0x75b3de in mysqld_main(int, char**) /data/src/10.3/sql/mysqld.cc:6290:3

    #7 0x74ed61 in main /data/src/10.3/sql/main.cc:25:10

    #8 0x7fafc0623d09 in __libc_start_main csu/../csu/libc-start.c:308:16

SUMMARY: AddressSanitizer: stack-use-after-scope (/mnt8t/bld/10.3-asan/bin/mysqld+0x71bc16) in __asan_memcpy

Shadow bytes around the buggy address:

  0x0ff676b8d9b0: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8

  0x0ff676b8d9c0: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8

  0x0ff676b8d9d0: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8

  0x0ff676b8d9e0: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f2 f2 f2 f2

  0x0ff676b8d9f0: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f8 f8 f8 f8

=>0x0ff676b8da00: f8 f8 f8 f8 f8 f8 f8 f2 f2 f2 f2 f2 f8 f8 f8[f8]

  0x0ff676b8da10: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8

  0x0ff676b8da20: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8

  0x0ff676b8da30: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8

  0x0ff676b8da40: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8

  0x0ff676b8da50: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8

Shadow byte legend (one shadow byte represents 8 application bytes):

  Addressable:           00

  Partially addressable: 01 02 03 04 05 06 07 

  Heap left redzone:       fa

  Freed heap region:       fd

  Stack left redzone:      f1

  Stack mid redzone:       f2

  Stack right redzone:     f3

  Stack after return:      f5

  Stack use after scope:   f8

  Global redzone:          f9

  Global init order:       f6

  Poisoned by user:        f7

  Container overflow:      fc

  Array cookie:            ac

  Intra object redzone:    bb

  ASan internal:           fe

  Left alloca redzone:     ca

  Right alloca redzone:    cb

  Shadow gap:              cc

==4098190==ABORTING