[#MDEV-33232] [Draft] ASAN negative-size-param in TYPVAL upon ALTER on Connect table

INSTALL SONAME 'ha_connect';

CREATE DATABASE IF NOT EXISTS oltp_connect_db;

USE oltp_connect_db;

CREATE TABLE oltp10 (id int(10) unsigned NOT NULL,

c char(120) NOT NULL default '',

k int(10) unsigned NOT NULL default '0',

pad char(60) NOT NULL default '',

PRIMARY KEY (id)) ENGINE=connect table_type=fix;

INSERT /*! IGNORE */ INTO oltp10 VALUES (null, '"yccuwuqdqc"', -599195648, 'n') , (312868864, '"ccuwuqdqcnu"', 3, '"cuwuqdqcnu"') , (-1672740864, '"uwuqdqcnuyb"', 1055064064, 'c') , (248381440, '"wuqdqcnuybu"', null, '"uqdqcnu"') , (-358744064, 'x', 2, '"qdqcnuy"') , (6, '"prayer"', 9, 'f') , (-1341259776, 'f', 5, '"most"') , (1716322304, '"dqcnuybuzwu"', 33095680, '"qcnuyb"') , (null, 'z', 2, '"c"') , (null, 'h', -122814464, '"nuybuz"') , (546701312, 'n', null, '"bullet"') , (null, 'r', null, '"uybuzwufnizc"') , (null, '"inventory"', 4, '"y"') , (-794886144, '"buzwufn"', 5, '"increasing"') , (-627900416, 'x', -1246167040, '"politically"') , (-499515392, '"privacy"', null, '"doorway"') , (-1128333312, '"uz"', 6, '"soldier"') , (null, '"shed"', 1203306496, '"pleasant"') , (null, '"zwufnizcljik"', 7, '"wufnizcljik"') , (null, 'o', 113311744, '"comment"') , (807206912, 'o', 1266155520, '"uf"') , (8, '"silent"', null, 'y') , (6, 'h', -1564147712, '"f"') , (1327693824, '"nizclj"', 2021130240, '"i"') , (1, 'k', null, '"zcljikxq"') , (null, '"center"', 1, '"vanish"') , (null, '"cljikxqs"', 1, 'v') , (5, 'w', null, '"lji"') , (null, '"jikxqsjlkdft"', null, '"ikxq"') , (null, '"kxqsjlkdftki"', 1736245248, '"remove"') , (-964952064, 'a', null, '"xqs"') , (705691648, '"peace"', 526581760, '"southern"') , (120258560, 'l', null, '"qsjlkdftkigl"') , (null, 'd', -1211957248, '"square"') , (null, '"export"', 323878912, '"sjlkdftkigl"') , (null, '"jlkdftkiglqo"', 2, '"lk"') , (null, 'b', 3, '"existence"') , (-1445134336, '"bonus"', null, '"kdftkiglqon"') , (-329580544, '"dftki"', 8, '"deep"') , (549257216, '"ftki"', null, 'w') , (4, '"shareholder"', -2014642176, '"regain"') , (-688717824, '"tkiglqon"', null, 'q') , (3, '"ourselves"', 1, '"dirt"') , (5, '"round"', 8, 'a') , (9, '"statue"', null, '"kiglqonbw"') , (6, '"play"', null, '"would"') , (4, 'z', 3, 'i') , (7, '"ad"', null, 'l') , (0, 'g', -172359680, '"sofa"') , (null, '"i"', null, 't');

SET STATEMENT SYSTEM_VERSIONING_ALTER_HISTORY=KEEP FOR ALTER TABLE oltp_connect_db.oltp10 WAIT 2 AUTO_INCREMENT = 4291756032, DROP PRIMARY KEY, ORDER BY pad, k;

--error 0,ER_TOO_MANY_KEYS

SET STATEMENT SYSTEM_VERSIONING_ALTER_HISTORY=KEEP FOR ALTER TABLE oltp_connect_db.oltp10 ADD UNIQUE INDEX(id, c);

SET STATEMENT SYSTEM_VERSIONING_ALTER_HISTORY=KEEP FOR ALTER TABLE oltp_connect_db.oltp10 MODIFY COLUMN IF EXISTS id VARCHAR(10529) NOT NULL, ALGORITHM=COPY;

SET STATEMENT SYSTEM_VERSIONING_ALTER_HISTORY=KEEP FOR ALTER ONLINE TABLE simple_db.D ALTER COLUMN pk DROP DEFAULT, AUTO_INCREMENT 1769865216;

10.4 87a5d16911bb94d383480fdd49e20876ed1400f2
==206911==ERROR: AddressSanitizer: negative-size-param: (size=-15665)
#0 0x7fcad8270bc0 in __interceptor_strncpy ../../../../src/libsanitizer/asan/asan_interceptors.cpp:470
#1 0x7fcacdc9e69d in TYPVAL<char>::SetValue_char(char const, int) /data/bld/10.4-asan/storage/connect/value.cpp:1385
#2 0x7fcacdb3c5a8 in CntIndexRead(_global, TDB, OPVAL, st_key_range const*, bool) /data/bld/10.4-asan/storage/connect/connect.cc:792
#3 0x7fcacdb18f53 in ha_connect::ReadIndexed(unsigned char, OPVAL, st_key_range const) /data/bld/10.4-asan/storage/connect/ha_connect.cc:3899
#4 0x7fcacdb19546 in ha_connect::index_read(unsigned char, unsigned char const, unsigned int, ha_rkey_function) /data/bld/10.4-asan/storage/connect/ha_connect.cc:3970
#5 0x7fcacdb32980 in handler::index_read_map(unsigned char, unsigned char const, unsigned long, ha_rkey_function) (/mnt8t/bld/10.4-asan/mysql-test/var/plugins/ha_connect.so+0x132980)
#6 0x562e05515ab2 in handler::ha_index_read_map(unsigned char, unsigned char const, unsigned long, ha_rkey_function) /data/bld/10.4-asan/sql/handler.cc:2961
#7 0x562e055332a5 in check_duplicate_long_entry_key /data/bld/10.4-asan/sql/handler.cc:6681
#8 0x562e055347fd in check_duplicate_long_entries /data/bld/10.4-asan/sql/handler.cc:6761
#9 0x562e0553517f in handler::ha_write_row(unsigned char const*) /data/bld/10.4-asan/sql/handler.cc:6857
#10 0x562e04fe55ae in copy_data_between_tables /data/bld/10.4-asan/sql/sql_table.cc:11223
#11 0x562e04fe073d in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Recreate_info, Alter_info, unsigned int, st_order, bool) /data/bld/10.4-asan/sql/sql_table.cc:10643
#12 0x562e05166e24 in Sql_cmd_alter_table::execute(THD*) /data/bld/10.4-asan/sql/sql_alter.cc:535
#13 0x562e04d6909f in mysql_execute_command(THD*) /data/bld/10.4-asan/sql/sql_parse.cc:6266
#14 0x562e04d749f2 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/bld/10.4-asan/sql/sql_parse.cc:8062
#15 0x562e04d4aa4d in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/bld/10.4-asan/sql/sql_parse.cc:1857
#16 0x562e04d475bc in do_command(THD*) /data/bld/10.4-asan/sql/sql_parse.cc:1378
#17 0x562e0514e134 in do_handle_one_connection(CONNECT*) /data/bld/10.4-asan/sql/sql_connect.cc:1419
#18 0x562e0514da4b in handle_one_connection /data/bld/10.4-asan/sql/sql_connect.cc:1323
#19 0x562e05db2991 in pfs_spawn_thread /data/bld/10.4-asan/storage/perfschema/pfs.cc:1869
#20 0x7fcad7bc9043 in start_thread nptl/pthread_create.c:442
#21 0x7fcad7c4961b in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

0x7fcabb9095a0 is located 1113504 bytes inside of 67108864-byte region [0x7fcabb7f9800,0x7fcabf7f9800)
allocated by thread T5 here:
#0 0x7fcad82b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7fcacdbed039 in AllocSarea /data/bld/10.4-asan/storage/connect/plugutil.cpp:481
#2 0x7fcacdbec290 in PlugInit /data/bld/10.4-asan/storage/connect/plugutil.cpp:175
#3 0x7fcacdb3e63a in user_connect::user_init() /data/bld/10.4-asan/storage/connect/user_connect.cc:107
#4 0x7fcacdb03aa6 in GetUser /data/bld/10.4-asan/storage/connect/ha_connect.cc:1056
#5 0x7fcacdb16413 in ha_connect::open(char const*, int, unsigned int) /data/bld/10.4-asan/storage/connect/ha_connect.cc:3540
#6 0x562e05512ed7 in handler::ha_open(TABLE, char const, int, unsigned int, st_mem_root, List<String>) /data/bld/10.4-asan/sql/handler.cc:2824
#7 0x562e0507e037 in open_table_from_share(THD, TABLE_SHARE, st_mysql_const_lex_string const, unsigned int, unsigned int, unsigned int, TABLE, bool, List<String>*) /data/bld/10.4-asan/sql/table.cc:4137
#8 0x562e04bc29ef in open_table(THD, TABLE_LIST, Open_table_context*) /data/bld/10.4-asan/sql/sql_base.cc:2116
#9 0x562e04fcd3d4 in mysql_inplace_alter_table /data/bld/10.4-asan/sql/sql_table.cc:8052
#10 0x562e04fdfcd2 in mysql_alter_table(THD, st_mysql_const_lex_string const, st_mysql_const_lex_string const, HA_CREATE_INFO, TABLE_LIST, Recreate_info, Alter_info, unsigned int, st_order, bool) /data/bld/10.4-asan/sql/sql_table.cc:10538
#11 0x562e05166e24 in Sql_cmd_alter_table::execute(THD*) /data/bld/10.4-asan/sql/sql_alter.cc:535
#12 0x562e04d6909f in mysql_execute_command(THD*) /data/bld/10.4-asan/sql/sql_parse.cc:6266
#13 0x562e04d749f2 in mysql_parse(THD, char, unsigned int, Parser_state*, bool, bool) /data/bld/10.4-asan/sql/sql_parse.cc:8062
#14 0x562e04d4aa4d in dispatch_command(enum_server_command, THD, char, unsigned int, bool, bool) /data/bld/10.4-asan/sql/sql_parse.cc:1857
#15 0x562e04d475bc in do_command(THD*) /data/bld/10.4-asan/sql/sql_parse.cc:1378
#16 0x562e0514e134 in do_handle_one_connection(CONNECT*) /data/bld/10.4-asan/sql/sql_connect.cc:1419
#17 0x562e0514da4b in handle_one_connection /data/bld/10.4-asan/sql/sql_connect.cc:1323
#18 0x562e05db2991 in pfs_spawn_thread /data/bld/10.4-asan/storage/perfschema/pfs.cc:1869
#19 0x7fcad7bc9043 in start_thread nptl/pthread_create.c:442

Thread T5 created by T0 here:
#0 0x7fcad8249726 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cpp:207
#1 0x562e05db2d7e in spawn_thread_v1 /data/bld/10.4-asan/storage/perfschema/pfs.cc:1919
#2 0x562e04a4df89 in inline_mysql_thread_create /data/bld/10.4-asan/include/mysql/psi/mysql_thread.h:1275
#3 0x562e04a65714 in create_thread_to_handle_connection(CONNECT*) /data/bld/10.4-asan/sql/mysqld.cc:6296
#4 0x562e04a65e5f in create_new_thread(CONNECT*) /data/bld/10.4-asan/sql/mysqld.cc:6366
#5 0x562e04a6632d in handle_accepted_socket(st_mysql_socket, st_mysql_socket) /data/bld/10.4-asan/sql/mysqld.cc:6464
#6 0x562e04a671d9 in handle_connections_sockets() /data/bld/10.4-asan/sql/mysqld.cc:6622
#7 0x562e04a64e77 in mysqld_main(int, char**) /data/bld/10.4-asan/sql/mysqld.cc:5954
#8 0x562e04a4c0b8 in main /data/bld/10.4-asan/sql/main.cc:25
#9 0x7fcad7b671c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

SUMMARY: AddressSanitizer: negative-size-param ../../../../src/libsanitizer/asan/asan_interceptors.cpp:470 in __interceptor_strncpy
==206911==ABORTING

[MDEV-33232] [Draft] ASAN negative-size-param in TYPVAL upon ALTER on Connect table Created: 2024-01-13 Updated: 2024-01-13
Status:	Open
Project:	MariaDB Server
Component/s:	Storage Engine - Connect
Affects Version/s:	10.4, 10.5, 10.6, 10.11, 11.0, 11.1, 11.2, 11.3
Fix Version/s:	10.4, 10.5, 10.6, 10.11, 11.0, 11.1, 11.2, 11.3

[MDEV-33232] [Draft] ASAN negative-size-param in TYPVAL upon ALTER on Connect table Created: 2024-01-13 Updated: 2024-01-13