[MDEV-31598] UBSAN: runtime error: null pointer passed as argument 2, which is declared to never be null in binlog_defragment Created: 2023-07-01  Updated: 2023-11-28

Status: Open
Project: MariaDB Server
Component/s: Binary Protocol, Replication
Affects Version/s: 10.4, 10.5, 10.6, 10.9, 10.10, 10.11, 11.0, 11.1
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0, 11.1

Type: Bug Priority: Major
Reporter: Roel Van de Paar Assignee: Andrei Elkin
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-22520 Assertion `gathered_length == thd->le... Closed

 Description    

SET @a=NULL;
 
BINLOG @a,@a;

Leads to:

11.0.2 368dd22a816f3b437bccd0b9ff28b9de9b1abf0a (Debug)

 
/test/11.0_dbg_san/sql/sql_binlog.cc:160:11: runtime error: null pointer passed as argument 2, which is declared to never be null

11.0.2 368dd22a816f3b437bccd0b9ff28b9de9b1abf0a (Debug)

 
    #0 0x56078f365bde in binlog_defragment(THD*) /test/11.0_dbg_san/sql/sql_binlog.cc:160
 
    #1 0x56078f368434 in mysql_client_binlog_statement(THD*) /test/11.0_dbg_san/sql/sql_binlog.cc:287
 
    #2 0x56078ea74061 in mysql_execute_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:5929
 
    #3 0x56078ea7e973 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_dbg_san/sql/sql_parse.cc:8014
 
    #4 0x56078ea8e707 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1894
 
    #5 0x56078ea9c542 in do_command(THD*, bool) /test/11.0_dbg_san/sql/sql_parse.cc:1407
 
    #6 0x56078f4718b5 in do_handle_one_connection(CONNECT*, bool) /test/11.0_dbg_san/sql/sql_connect.cc:1416
 
    #7 0x56078f472dd0 in handle_one_connection /test/11.0_dbg_san/sql/sql_connect.cc:1318
 
    #8 0x14df32e94b42 in start_thread nptl/pthread_create.c:442
 
    #9 0x14df32f269ff  (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)

Setup:

Compiled with GCC >=7.5.0 (I use GCC 11.3.0) and:
 
    -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWITH_RAPID=OFF -DWSREP_LIB_WITH_ASAN=ON
 
Set before execution:
 
    export UBSAN_OPTIONS=print_stacktrace=1

Bug confirmed present in:
MariaDB: 10.4.30 (dbg), 10.4.30 (opt), 10.5.21 (dbg), 10.5.21 (opt), 10.6.14 (dbg), 10.6.14 (opt), 10.9.7 (dbg), 10.9.7 (opt), 10.10.5 (dbg), 10.10.5 (opt), 10.11.4 (dbg), 10.11.4 (opt), 11.0.2 (dbg), 11.0.2 (opt), 11.1.0 (dbg), 11.1.0 (opt)
Generated at Thu Feb 08 10:25:04 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.