main.group_min_max fails under ASan on 5.5 only
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Percona Server moved to https://jira.percona.com/projects/PS | Status tracked in 5.7 | |||||
5.5 |
Fix Released
|
High
|
Laurynas Biveinis | |||
5.6 |
Invalid
|
Undecided
|
Unassigned | |||
5.7 |
Invalid
|
Undecided
|
Unassigned |
Bug Description
main.group_min_max w1 [ fail ]
...
mysqltest: At line 348: query 'explain select a1,a2,b, max(c) from t2 where (c < 'a0') group by a1,a2,b' failed: 2013: Lost connection to MySQL server during query
...
=======
==30982==ERROR: AddressSanitizer: global-
READ of size 17 at 0x000001c659e2 thread T494
#0 0x7fc3d1eb4675 in memcmp (/usr/lib/
#1 0xc21f3a in QUICK_GROUP_
#2 0xc22fd5 in TRP_GROUP_
#3 0xc19b20 in SQL_SELECT:
#4 0x72cdfa in get_quick_
#5 0x72cdfa in make_join_
#6 0x735bab in JOIN::optimize() /mnt/workspace/
#7 0x745464 in mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_
#8 0x7462c9 in mysql_explain_
#9 0x66d5b5 in execute_
#10 0x680f1c in mysql_execute_
#11 0x693331 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /mnt/workspace/
#12 0x6970ce in dispatch_
#13 0x69b88d in do_command(THD*) /mnt/workspace/
#14 0x8956ad in do_handle_
#15 0x89594e in handle_
#16 0xd914dc in pfs_spawn_thread /mnt/workspace/
#17 0x7fc3d180b6f9 in start_thread (/lib/x86_
#18 0x7fc3d03b6b5c in clone (/lib/x86_
0x000001c659e2 is located 0 bytes to the right of global variable 'is_null_string' defined in '/mnt/workspace
'is_null_string' is ascii string ''
SUMMARY: AddressSanitizer: global-
Shadow bytes around the buggy address:
0x000080384ae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080384af0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080384b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080384b10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080384b20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x000080384b30: 00 00 00 00 00 00 00 00 00 00 00 00[02]f9 f9 f9
0x000080384b40: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x000080384b50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080384b60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080384b70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x000080384b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Heap right redzone: fb
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack partial redzone: f4
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Thread T494 created by T0 here:
#0 0x7fc3d1e73253 in pthread_create (/usr/lib/
#1 0xd94a99 in spawn_thread_v1 /mnt/workspace/
#2 0x519d5d in inline_
#3 0x519d5d in create_
#4 0x51b4d9 in create_new_thread /mnt/workspace/
#5 0x51b4d9 in handle_
#6 0x51e8c0 in mysqld_main(int, char**) /mnt/workspace/
#7 0x505e3e in main /mnt/workspace/
#8 0x7fc3d02d082f in __libc_start_main (/lib/x86_
==30982==ABORTING
----------SERVER LOG END-------------
This is probably upstream bug 67244 "OUT-OF-BOUND READS IN LOOSE INDEX SCAN", which was fixed in 5.6+ only, and the fix would be to backport
commit 2129981969a9ad2
Author: Tor Didriksen <email address hidden>
Date: Wed Oct 31 12:07:25 2012 +0100
Bug#14771291 OUT-OF-BOUND READS IN LOOSE INDEX SCAN
Prevent reading past-the-end of is_null_string
tags: | added: asan ci upstream |
https:/ /github. com/percona/ percona- server/ pull/574, https:/ /github. com/percona/ percona- server/ pull/575, https:/ /github. com/percona/ percona- server/ pull/576