Description:
innodb_wl6501 and innodb_wl6501_debug crash in standard C++ library if debug version of libstdc++ is enabled with an out-of-bound std::vector::operator[] access.
How to repeat:
Compile with a debug libstdc++ by adding _GLIBCXX_DEBUG and _GLIBCXX_DEBUG_PEDANTIC preprocessor defines:
$ cmake .. -DWITH_DEBUG=ON -DCMAKE_CXX_FLAGS="-D_GLIBCXX_DEBUG -D_GLIBCXX_DEBUG_PEDANTIC"
$ make
...
$ cd mysql-test
...
$ ./mysql-test-run innodb_wl6501
...
2014-02-02T09:37:40.500148Z 0 [Note] InnoDB: Completing truncate for table with id (38) residing in space with id (0)
/usr/include/c++/4.8/debug/vector:346:error: attempt to subscript container
with out-of-bounds index 0, but container only holds 0 elements.
Objects involved in the operation:
sequence "this" @ 0x0x35ac3f0 {
type = NSt7__debug6vectorIhSaIhEEE;
}
09:37:40 UTC - mysqld got signal 6 ;
...
Program terminated with signal 6, Aborted.
#0 0x00007fb5383daf0c in __pthread_kill (threadid=<optimized out>, signo=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:62
62 ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c: No such file or directory.
#0 0x00007fb5383daf0c in __pthread_kill (threadid=<optimized out>, signo=6) at ../nptl/sysdeps/unix/sysv/linux/pthread_kill.c:62
#1 0x0000000000bc0b1b in my_write_core (sig=6) at /home/laurynas/percona/src/mysql-server/mysys/stacktrace.c:258
#2 0x0000000000716c26 in handle_fatal_signal (sig=6) at /home/laurynas/percona/src/mysql-server/sql/signal_handler.cc:216
#3 <signal handler called>
#4 0x00007fb53781ef77 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#5 0x00007fb5378225e8 in __GI_abort () at abort.c:90
#6 0x00007fb538179cf5 in __gnu_debug::_Error_formatter::_M_error() const () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#7 0x0000000000e02ed8 in std::__debug::vector<unsigned char, std::allocator<unsigned char> >::operator[] (this=0x35ac3f0, __n=0) at /usr/include/c++/4.8/debug/vector:346
#8 0x0000000000dff3f4 in truncate_t::create_indexes (this=0x35abff0, table_name=0x35ac0a0 "test/t1", space_id=0, zip_size=0, flags=0, format_flags=1) at /home/laurynas/percona/src/mysql-server/storage/innobase/row/row0trunc.cc:2626
#9 0x0000000000f3a999 in fil_recreate_table (space_id=0, format_flags=1, flags=0, name=0x35ac0a0 "test/t1", truncate=...) at /home/laurynas/percona/src/mysql-server/storage/innobase/fil/fil0fil.cc:2227
#10 0x0000000000dfdd8a in truncate_t::fixup_tables () at /home/laurynas/percona/src/mysql-server/storage/innobase/row/row0trunc.cc:2064
#11 0x0000000000e32db1 in innobase_start_or_create_for_mysql () at /home/laurynas/percona/src/mysql-server/storage/innobase/srv/srv0start.cc:2049
#12 0x0000000000cbff79 in innobase_init (p=0x3407d10) at /home/laurynas/percona/src/mysql-server/storage/innobase/handler/ha_innodb.cc:3199
#13 0x000000000076ea78 in ha_initialize_handlerton (plugin=0x3405a40) at /home/laurynas/percona/src/mysql-server/sql/handler.cc:667
#14 0x000000000096a461 in plugin_initialize (plugin=0x3405a40) at /home/laurynas/percona/src/mysql-server/sql/sql_plugin.cc:1123
#15 0x000000000096afe9 in plugin_init (argc=0x19f7d20 <remaining_argc>, argv=0x32e6ec0, flags=0) at /home/laurynas/percona/src/mysql-server/sql/sql_plugin.cc:1425
#16 0x00000000006ffee4 in init_server_components () at /home/laurynas/percona/src/mysql-server/sql/mysqld.cc:3916
#17 0x0000000000700e67 in mysqld_main (argc=82, argv=0x32e6ec0) at /home/laurynas/percona/src/mysql-server/sql/mysqld.cc:4437
#18 0x00000000006f900d in main (argc=7, argv=0x7fff5b8f8648) at /home/laurynas/percona/src/mysql-server/sql/main.cc:25
Suggested fix:
Have not analyzed it.