MySQL Bugs: #90968: Several incorrect function type indirect call UBSan errors

Bug #90968	Several incorrect function type indirect call UBSan errors
Submitted:	22 May 2018 11:41	Modified:	23 May 2018 17:12
Reporter:	Laurynas Biveinis (OCA)	Email Updates:
Status:	Verified	Impact on me:	None
Category:	MySQL Server: Compiling	Severity:	S3 (Non-critical)
Version:	8.0.11	OS:	Any
Assigned to:		CPU Architecture:	Any

Description:
XCode 9.3.1 UBsan reports several "runtime error: call to function ... through pointer to incorrect function type '...'" errors on main.1st testcase.

/Users/laurynas/percona/mysql-server/storage/innobase/handler/ha_innodb.cc:10595:33: runtime error: call to function mysql_sys_var_bool(THD*, int) through pointer to incorrect function type 'char *(*)(THD *, int)'
sql_plugin.cc:2733: note: mysql_sys_var_bool(THD*, int) defined here
    #0 0x1085bb995 in create_table_info_t::create_options_are_invalid() ha_innodb.cc:10595

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/laurynas/percona/mysql-server/storage/innobase/handler/ha_innodb.cc:10595:33 in 
...
/Users/laurynas/percona/mysql-server/sql/sql_list.h:278:13: runtime error: call to function compare_fields_by_table_order(Item_field*, Item_field*, void*) through pointer to incorrect function type 'int (*)(void *, void *, void *)'
sql_optimizer.cc:3906: note: compare_fields_by_table_order(Item_field*, Item_field*, void*) defined here
    #0 0x101f65d08 in base_list::sort(int (*)(void*, void*, void*), void*) sql_list.h:278

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/laurynas/percona/mysql-server/sql/sql_list.h:278:13 in 
/Users/laurynas/percona/mysql-server/mysys/lf_dynarray.cc:184:22: runtime error: call to function match_and_save(LF_PINS*, st_match_and_save_arg*) through pointer to incorrect function type 'int (*)(void *, void *)'
lf_alloc-pin.cc:283: note: match_and_save(LF_PINS*, st_match_and_save_arg*) defined here
    #0 0x107a8d8e8 in recursive_iterate(LF_DYNARRAY*, void*, int, int (*)(void*, void*), void*) lf_dynarray.cc:184

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/laurynas/percona/mysql-server/mysys/lf_dynarray.cc:184:22 in 
/Users/laurynas/percona/mysql-server/mysys/lf_alloc-pin.cc:330:5: runtime error: call to function alloc_free(unsigned char*, unsigned char*, LF_ALLOCATOR*) through pointer to incorrect function type 'void (*)(void *, void *, void *)'
lf_alloc-pin.cc:354: note: alloc_free(unsigned char*, unsigned char*, LF_ALLOCATOR*) defined here
    #0 0x107a88586 in lf_pinbox_real_free(LF_PINS*) lf_alloc-pin.cc:330

SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /Users/laurynas/percona/mysql-server/mysys/lf_alloc-pin.cc:330:5 in 

How to repeat:
The exact cmake options are

../mysql-server -DBUILD_CONFIG=mysql_release -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DWITH_ZLIB=system -DENABLE_DOWNLOADS=ON -DWITH_SSL=/usr/local/opt/openssl/ -DWITH_LIBEVENT=system -DDOWNLOAD_BOOST=ON -DWITH_BOOST=~/percona/mysql-boost/ -DWITH_AUTHENTICATION_LDAP=ON -DWITH_SYSTEM_LIBS=ON -DWITH_INNODB_EXTRA_DEBUG=ON -DWITH_ICU=/usr/local/opt/icu4c

Then

./mtr --debug-server 1st --sanitize

Hello Laurynas,

Thank you for the report and feedback.
I didn't observe exact reported runtime error on 8.0.12 ubsan build(avoided due to Bug #89961 and Bug#87201) but other issues.

Thanks,
Umesh

Results

Attachment: Bug90968_90883.rtf (text/rtf), 148.98 KiB.

Posted by developer:
 
Hi Laurynas, thank you for your bugreport. We are in the process of fixing all ubsan failures now (patches in the working), and only have a few left. Several of your reported issues in this bugreport is fixed by the "basebug". Therefore I close your report as a duplicate.