[MDEV-32240] UBSAN: downcast of address X which does not point to an object of type 'Field_num' in field_longlong::get_opt_type | sql/sql_analyse.cc Created: 2023-09-25  Updated: 2023-11-28

Status: Open
Project: MariaDB Server
Component/s: None
Affects Version/s: 10.4, 10.5, 10.6, 10.9, 10.10, 10.11, 11.0, 11.1, 11.2, 11.3
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0, 11.1, 11.2

Type: Bug Priority: Major
Reporter: Ramesh Sivaraman Assignee: Alexander Barkov
Resolution: Unresolved Votes: 0
Labels: None


 Description    

CREATE TABLE t (c BIT(10));
 
INSERT INTO t VALUES ('a');
 
SELECT * FROM t PROCEDURE ANALYSE(2);

Leads to

11.3.0 fa64a7a10cb23475c3008ff3d935d12659d2a81f (Optimized, UBASAN)

 
/test/mtest/MDEV-31606/11.3_opt_san/sql/sql_analyse.cc:968:51: runtime error: member access within address 0x619000093900 which does not point to an object of type 'Field_num'
 
0x619000093900: note: object is of type 'Field_bit_as_char'
 
 be be be be  f8 bd 58 85 96 55 00 00  c9 38 09 00 90 61 00 00  c8 38 09 00 90 61 00 00  98 33 09 00
 
              ^~~~~~~~~~~~~~~~~~~~~~~
 
              vptr for 'Field_bit_as_char'
 
    #0 0x5596828decab in field_longlong::get_opt_type(String*, unsigned long long) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_analyse.cc:968
 
    #1 0x5596828ece16 in analyse::end_of_records() /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_analyse.cc:792
 
    #2 0x5596807224c4 in end_send /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_select.cc:24674
 
    #3 0x55968084cc0d in do_select /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_select.cc:22963
 
    #4 0x55968084cc0d in JOIN::exec_inner() /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_select.cc:4941
 
    #5 0x559680852129 in JOIN::exec() /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_select.cc:4718
 
    #6 0x55968083f4bc in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_select.cc:5249
 
    #7 0x559680843153 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_select.cc:628
 
    #8 0x55968041dd4f in execute_sqlcom_select /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_parse.cc:6012
 
    #9 0x55968046d305 in mysql_execute_command(THD*, bool) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_parse.cc:3911
 
    #10 0x5596803ecfb0 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_parse.cc:7732
 
    #11 0x559680443d28 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_parse.cc:1893
 
    #12 0x55968044f42d in do_command(THD*, bool) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_parse.cc:1406
 
    #13 0x559680d8f71d in do_handle_one_connection(CONNECT*, bool) /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_connect.cc:1445
 
    #14 0x559680d91d8c in handle_one_connection /test/mtest/MDEV-31606/11.3_opt_san/sql/sql_connect.cc:1347
 
    #15 0x14e539faa608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
 
    #16 0x14e53921f132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)


Generated at Thu Feb 08 10:29:53 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.