MDEV-37320 ASAN errors in Field::is_null / Item_param::assign_default

don't construct a "default value field" by moving
field's ptr/null_ptr. Field can have its null_ptr moved to
extra_null_bitmap for BEFORE triggers. Perhaps there can be other
reasons for null_ptr and ptr not to be at the right offset to each other.

Instead, use pointers from TABLE_SHARE::field, which always point
to default values. Except when there's no TABLE_SHARE::field,
which can happen for TEMPTABLE views, for example, but these views
are not updatable anyway.

Add an assert to Field::move_field_offset() to ensure it's only
used for appropriately set ptr/null_ptr pairs.

Author: vuvova

mysql-test/main/default.result

@@ -3432,10 +3432,8 @@ DEFAULT(a)	CASE a WHEN 0 THEN 1 ELSE 2 END
 NULL	2
 DROP TABLE t;
 DROP VIEW v;
-#
 # End of 10.2 test
 #
-#
 # MDEV-22703 DEFAULT() on a BLOB column can overwrite the default
 # record, which can cause crashes when accessing already released
 # memory.
@@ -3450,10 +3448,8 @@ length(DEFAULT(h))
 25
 INSERT INTO t1 () VALUES ();
 drop table t1;
-#
 # End of 10.3 test
 #
-#
 # MDEV-26423: MariaDB server crash in Create_tmp_table::finalize
 #
 CREATE TABLE t1 (pk text DEFAULT length(uuid()));
@@ -3483,6 +3479,14 @@ column_name	column_default	has_default	is_nullable
 a	NULL	1	YES
 drop view v1;
 drop table t1;
-#
 # End of 10.4 test
 #
+# MDEV-37320 ASAN errors in Field::is_null / Item_param::assign_default
+#
+create table t1 (f01 timestamp, f03 timestamp);
+insert into t1 () values ();
+create trigger tr before insert on t1 for each row set @a=1;
+prepare stmt from "update t1 set f03 = ?";
+execute stmt using default;
+drop table t1;
+# End of 10.6 test

mysql-test/main/default.test

@@ -2137,9 +2137,8 @@ CREATE ALGORITHM=TEMPTABLE VIEW v AS SELECT * FROM t;
 SELECT DISTINCT DEFAULT(a), CASE a WHEN 0 THEN 1 ELSE 2 END FROM v GROUP BY a WITH ROLLUP;
 DROP TABLE t;
 DROP VIEW v;
---echo #
+
 --echo # End of 10.2 test
---echo #
 
 --echo #
 --echo # MDEV-22703 DEFAULT() on a BLOB column can overwrite the default
@@ -2157,9 +2156,7 @@ SELECT length(DEFAULT(h)) FROM t1;
 INSERT INTO t1 () VALUES ();
 drop table t1;
 
---echo #
 --echo # End of 10.3 test
---echo #
 
 --echo #
 --echo # MDEV-26423: MariaDB server crash in Create_tmp_table::finalize
@@ -2183,6 +2180,16 @@ select column_name, column_default, column_default is not null as 'has_default',
 drop view v1;
 drop table t1;
 
---echo #
 --echo # End of 10.4 test
+
+--echo #
+--echo # MDEV-37320 ASAN errors in Field::is_null / Item_param::assign_default
 --echo #
+create table t1 (f01 timestamp, f03 timestamp);
+insert into t1 () values ();
+create trigger tr before insert on t1 for each row set @a=1;
+prepare stmt from "update t1 set f03 = ?";
+execute stmt using default;
+drop table t1;
+
+--echo # End of 10.6 test

sql/field.h

@@ -1537,7 +1537,14 @@ class Field: public Value_source
   {
     ptr=ADD_TO_PTR(ptr,ptr_diff, uchar*);
     if (null_ptr)
+    {
       null_ptr=ADD_TO_PTR(null_ptr,ptr_diff,uchar*);
+      if (table)
+      {
+        DBUG_ASSERT(null_ptr < ptr);
+        DBUG_ASSERT(ptr - null_ptr <= (int)table->s->rec_buff_length);
+      }
+    }
   }
   void get_image(uchar *buff, uint length, CHARSET_INFO *cs) const
   { get_image(buff, length, ptr, cs); }

sql/item.cc

@@ -5231,10 +5231,17 @@ static Field *make_default_field(THD *thd, Field *field_arg)
       def_field->default_value->expr->update_used_tables();
     def_field->move_field(newptr + 1, def_field->maybe_null() ? newptr : 0, 1);
   }
-  else
+  else if (field_arg->table && field_arg->table->s->field)
+  {
+    Field *def_val= field_arg->table->s->field[field_arg->field_index];
+    def_field->move_field(def_val->ptr, def_val->null_ptr, def_val->null_bit);
+  }
+  else /* e.g. non-updatable view */
+  {
     def_field->move_field_offset((my_ptrdiff_t)
                                  (def_field->table->s->default_values -
                                   def_field->table->record[0]));
+  }
   return def_field;
 }