Panic triggered at expression.(*builtinRpadUTF8Sig).evalString (expression/builtin_string.go:2278)

JZuming commented 1 year ago

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

Testcase

select RPAD('1', 4611686018427387904, '1');

2. What did you expect to see? (Required)

No panic.

3. What did you see instead (Required)

ERROR 1105 (HY000): runtime error: makeslice: cap out of range

TiDB log:

[ERROR] [conn.go:1039] ["connection running loop panic"] [conn=2199023256253] [lastSQL="select RPAD('1', 4611686018427387904, '1')"] [err="runtime error: makeslice: cap out of range"] [stack="github.com/pingcap/tidb/server.(*clientConn).Run.func1
    /root/tidb/server/conn.go:1042
runtime.gopanic
    /usr/local/go/src/runtime/panic.go:884
github.com/pingcap/tidb/executor.(*Compiler).Compile.func1
    /root/tidb/executor/compiler.go:54
runtime.gopanic
    /usr/local/go/src/runtime/panic.go:884
runtime.panicmakeslicecap
    /usr/local/go/src/runtime/slice.go:33
runtime.makeslice
    /usr/local/go/src/runtime/slice.go:100
strings.(*Builder).grow
    /usr/local/go/src/strings/builder.go:68
strings.(*Builder).Grow
    /usr/local/go/src/strings/builder.go:82
strings.Repeat
    /usr/local/go/src/strings/strings.go:569
github.com/pingcap/tidb/expression.(*builtinRpadUTF8Sig).evalString
    /root/tidb/expression/builtin_string.go:2278
github.com/pingcap/tidb/expression.(*ScalarFunction).EvalString
    /root/tidb/expression/scalar_function.go:421
github.com/pingcap/tidb/expression.(*ScalarFunction).Eval
    /root/tidb/expression/scalar_function.go:380
github.com/pingcap/tidb/expression.foldConstant
    /root/tidb/expression/constant_fold.go:221
github.com/pingcap/tidb/expression.FoldConstant
    /root/tidb/expression/constant_fold.go:40
github.com/pingcap/tidb/expression.newFunctionImpl
    /root/tidb/expression/scalar_function.go:243
github.com/pingcap/tidb/expression.NewFunction
    /root/tidb/expression/scalar_function.go:261
github.com/pingcap/tidb/planner/core.(*expressionRewriter).newFunction
    /root/tidb/planner/core/expression_rewriter.go:1316
github.com/pingcap/tidb/planner/core.(*expressionRewriter).funcCallToExpression
    /root/tidb/planner/core/expression_rewriter.go:1988
github.com/pingcap/tidb/planner/core.(*expressionRewriter).Leave
    /root/tidb/planner/core/expression_rewriter.go:1161
github.com/pingcap/tidb/parser/ast.(*FuncCallExpr).Accept
    /root/tidb/parser/ast/functions.go:580
github.com/pingcap/tidb/planner/core.(*PlanBuilder).rewriteExprNode
    /root/tidb/planner/core/expression_rewriter.go:200
github.com/pingcap/tidb/planner/core.(*PlanBuilder).rewriteWithPreprocess
    /root/tidb/planner/core/expression_rewriter.go:146
github.com/pingcap/tidb/planner/core.(*PlanBuilder).buildProjection
    /root/tidb/planner/core/logical_plan_builder.go:1446
github.com/pingcap/tidb/planner/core.(*PlanBuilder).buildSelect
    /root/tidb/planner/core/logical_plan_builder.go:4162
github.com/pingcap/tidb/planner/core.(*PlanBuilder).Build
    /root/tidb/planner/core/planbuilder.go:819
github.com/pingcap/tidb/planner.buildLogicalPlan
    /root/tidb/planner/optimize.go:511
github.com/pingcap/tidb/planner.optimize
    /root/tidb/planner/optimize.go:432
github.com/pingcap/tidb/planner.Optimize
    /root/tidb/planner/optimize.go:295
github.com/pingcap/tidb/executor.(*Compiler).Compile
    /root/tidb/executor/compiler.go:98
github.com/pingcap/tidb/session.(*session).ExecuteStmt
    /root/tidb/session/session.go:2139
github.com/pingcap/tidb/server.(*TiDBContext).ExecuteStmt
    /root/tidb/server/driver_tidb.go:252
github.com/pingcap/tidb/server.(*clientConn).handleStmt
    /root/tidb/server/conn.go:2054
github.com/pingcap/tidb/server.(*clientConn).handleQuery
    /root/tidb/server/conn.go:1851
github.com/pingcap/tidb/server.(*clientConn).dispatch
    /root/tidb/server/conn.go:1337
github.com/pingcap/tidb/server.(*clientConn).Run
    /root/tidb/server/conn.go:1120
github.com/pingcap/tidb/server.(*Server).onConn
    /root/tidb/server/server.go:675"]

4. What is your TiDB version? (Required)

+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Release Version: v7.1.0-alpha-27-gf5ca27ef3 Edition: Community Git Commit Hash: f5ca27ef326e94fb29b4ba35a5d59aa575f66880 Git Branch: master UTC Build Time: 2023-03-23 13:57:53 GoVersion: go1.20.2 Race Enabled: false TiKV Min Version: 6.2.0-alpha Check Table Before Drop: false Store: unistore | +------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

zanmato1984 commented 1 year ago

MySQL gives NULL, meaning it checks if the length is reasonable. We should add the same kind of check as well.

However the length 4611686018427387904 is not reasonable, I'll lower the severity.

xuyukeviki commented 1 year ago

/assign

pingcap / tidb