[MDEV-11230] PS: crash in Item_func_nullif::fix_length_and_dec - Jira

XML

Word

Printable

This is very similar to ~~MDEV-10347~~, but now with character set conversion:

DROP TABLE IF EXISTS t1,t2;

CREATE TABLE t1 (f1 VARCHAR(10), f2 VARCHAR(40));

CREATE TABLE t2 (f3 VARCHAR(20));

PREPARE stmt FROM "

  SELECT (

    SELECT IFNULL(f3,4) FROM t2

    WHERE IFNULL(NULLIF(f1,_utf8'' COLLATE utf8_bin),1)

  ) AS sq

  FROM t1

  GROUP BY f2

";

EXECUTE stmt;

Stack trace:

#0  0x0000555555cc1907 in Item_func_nullif::fix_length_and_dec (

    this=0x7ffece149d18)

    at /home/bar/maria-git/server-10.1/sql/item_cmpfunc.cc:2701

#1  0x0000555555ce9de8 in Item_func::fix_fields (this=0x7ffece149d18, thd=

    0x7ffed7e4c070, ref=0x7ffece14a038)

    at /home/bar/maria-git/server-10.1/sql/item_func.cc:234

#2  0x0000555555ce9bce in Item_func::fix_fields (this=0x7ffece149fb0,

    thd=0x7ffed7e4c070, ref=0x7ffece022bf8)

    at /home/bar/maria-git/server-10.1/sql/item_func.cc:208

#3  0x00005555559f1553 in setup_conds (thd=0x7ffed7e4c070,

    tables=0x7ffece1493c8, leaves=..., conds=0x7ffece022bf8)

    at /home/bar/maria-git/server-10.1/sql/sql_base.cc:8636

#4  0x0000555555acffb2 in setup_without_group (thd=0x7ffed7e4c070,

    ref_pointer_array=0x7ffece14ab50, tables=0x7ffece1493c8, leaves=...,

    fields=..., all_fields=..., conds=0x7ffece022bf8, order=0x0, group=0x0,

    hidden_group_fields=0x7ffece022ad8, reserved=0x7ffece14890c)

    at /home/bar/maria-git/server-10.1/sql/sql_select.cc:645

#5  0x0000555555a87ddf in JOIN::prepare (this=0x7ffece0227b0,

    rref_pointer_array=0x7ffece1488e8, tables_init=0x7ffece1493c8, wild_num=0,

    conds_init=0x7ffece149fb0, og_num=0, order_init=0x0, skip_order_by=false,

    group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=

    0x7ffece148670, unit_arg=0x7ffece1489d0)

    at /home/bar/maria-git/server-10.1/sql/sql_select.cc:796

#6  0x0000555555d3259d in subselect_single_select_engine::prepare (

    this=0x7ffece14a1b8, thd=0x7ffed7e4c070)

    at /home/bar/maria-git/server-10.1/sql/item_subselect.cc:3570

#7  0x0000555555d284fe in Item_subselect::fix_fields (this=0x7ffece14a080,

    thd_param=0x7ffed7e4c070, ref=0x7ffece14a208)

    at /home/bar/maria-git/server-10.1/sql/item_subselect.cc:262

#8  0x00005555559ef66c in setup_fields (thd=0x7ffed7e4c070,

    ref_pointer_array=0x7ffece14a9c0, fields=...,

    mark_used_columns=MARK_COLUMNS_READ, sum_func_list=0x7ffece022588,

    allow_sum_func=true)

    at /home/bar/maria-git/server-10.1/sql/sql_base.cc:7908

#9  0x0000555555a87d1a in JOIN::prepare (this=0x7ffece022228,

    rref_pointer_array=0x7ffece147ad0, tables_init=0x7ffece14a250, wild_num=0,

    conds_init=0x0, og_num=1, order_init=0x0, skip_order_by=false,

    group_init=0x7ffece14a950, having_init=0x0, proc_param_init=0x0,

    select_lex_arg=0x7ffece147858, unit_arg=0x7ffece147158)

    at /home/bar/maria-git/server-10.1/sql/sql_select.cc:794

#10 0x0000555555a91419 in mysql_select (thd=0x7ffed7e4c070,

    rref_pointer_array=0x7ffece147ad0, tables=0x7ffece14a250, wild_num=0,

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.