Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-12365

Server crashes in in sf_malloc_usable_size / my_free / String::free upon UPDATE with JSON_SEARCH and binlog enabled

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.2(EOL)
    • 10.2.6
    • JSON
    • Debian 8.7 Jessie x86_64

    Description

      --source include/have_log_bin.inc
      		 
       
      		 
      CREATE TABLE t1 (f TEXT) ENGINE=MyISAM;
      		 
      INSERT INTO t1 VALUES ('');
      		 
      SET @str = 'qux', @path = '$.foobar';
      		 
      UPDATE t1 SET f = JSON_SEARCH( '{"foo":"bar"}', 'all' , @str , '%' , @path );

      10.2 1ca8637ae3506

      		 
      #3  <signal handler called>
      		 
      #4  0x00007f2872aa58d7 in sf_malloc_usable_size (ptr=0x8, is_thread_specific=0x7f2873212ca7 "") at /data/src/10.2/mysys/safemalloc.c:215
      		 
      #5  0x00007f2872a9334a in my_free (ptr=0x8) at /data/src/10.2/mysys/my_malloc.c:215
      		 
      #6  0x00007f2871ff5e7d in String::free (this=0x7f2866c65a48) at /data/src/10.2/sql/sql_string.h:351
      		 
      #7  0x00007f287217d4ab in String::real_alloc (this=0x7f2866c65a48, length=8) at /data/src/10.2/sql/sql_string.cc:44
      		 
      #8  0x00007f28720022b3 in String::alloc (this=0x7f2866c65a48, arg_length=8) at /data/src/10.2/sql/sql_string.h:361
      		 
      #9  0x00007f287217d992 in String::copy (this=0x7f2866c65a48, str=0x7f2866daffd0 "$.foobar", arg_length=8, cs=0x7f28734eabc0 <my_charset_latin1>) at /data/src/10.2/sql/sql_string.cc:185
      		 
      #10 0x00007f28723b740c in user_var_entry::val_str (this=0x7f2866de0330, null_value=0x7f2866c64d22, str=0x7f2866c65a48, decimals=39) at /data/src/10.2/sql/item_func.cc:4962
      		 
      #11 0x00007f28723b89c8 in Item_func_get_user_var::val_str (this=0x7f2866c64cb0, str=0x7f2866c65a48) at /data/src/10.2/sql/item_func.cc:5392
      		 
      #12 0x00007f2872516288 in Item_func_json_search::val_str (this=0x7f2866c64dc0, str=0x7f2866c64df0) at /data/src/10.2/sql/item_jsonfunc.cc:2901
      		 
      #13 0x00007f2872355259 in Item::save_in_field (this=0x7f2866c64dc0, field=0x7f2866c27ab8, no_conversions=false) at /data/src/10.2/sql/item.cc:6376
      		 
      #14 0x00007f2872062efa in fill_record (thd=0x7f2866c16070, table_arg=0x7f2866cd7870, fields=..., values=..., ignore_errors=false, update=true) at /data/src/10.2/sql/sql_base.cc:7908
      		 
      #15 0x00007f2872063495 in fill_record_n_invoke_before_triggers (thd=0x7f2866c16070, table=0x7f2866cd7870, fields=..., values=..., ignore_errors=false, event=TRG_EVENT_UPDATE) at /data/src/10.2/sql/sql_base.cc:8050
      		 
      #16 0x00007f28721af090 in mysql_update (thd=0x7f2866c16070, table_list=0x7f2866c641d0, fields=..., values=..., conds=0x0, order_num=0, order=0x0, limit=18446744073709551615, handle_duplicates=DUP_ERROR, ignore=false, found_return=0x7f2873214450, updated_return=0x7f2873214500) at /data/src/10.2/sql/sql_update.cc:746
      		 
      #17 0x00007f28720c8e91 in mysql_execute_command (thd=0x7f2866c16070) at /data/src/10.2/sql/sql_parse.cc:4241
      		 
      #18 0x00007f28720d452c in mysql_parse (thd=0x7f2866c16070, rawbuf=0x7f2866c64088 "UPDATE t1 SET f = JSON_SEARCH( '{\"foo\":\"bar\"}', 'all' , @str , '%' , @path )", length=76, parser_state=0x7f2873214dd0, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7858
      		 
      #19 0x00007f28720c25f2 in dispatch_command (command=COM_QUERY, thd=0x7f2866c16070, packet=0x7f2866c58071 "UPDATE t1 SET f = JSON_SEARCH( '{\"foo\":\"bar\"}', 'all' , @str , '%' , @path )", packet_length=76, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1812
      		 
      #20 0x00007f28720c0f62 in do_command (thd=0x7f2866c16070) at /data/src/10.2/sql/sql_parse.cc:1362
      		 
      #21 0x00007f2872209f3f in do_handle_one_connection (connect=0x7f286ec654f0) at /data/src/10.2/sql/sql_connect.cc:1358
      		 
      #22 0x00007f2872209ccc in handle_one_connection (arg=0x7f286ec654f0) at /data/src/10.2/sql/sql_connect.cc:1264
      		 
      #23 0x00007f2872622658 in pfs_spawn_thread (arg=0x7f286ec4d5f0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
      		 
      #24 0x00007f28716eb064 in start_thread (arg=0x7f2873216300) at pthread_create.c:309
      		 
      #25 0x00007f286f8a362d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

      Probably related to MDEV-12364.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-12364 Server crashes in __memcpy_sse2_unaligned / String::copy on JSON_SEARCH with variables

          • Major - Major loss of function.
          • Closed

          Activity

            People

              holyfoot Alexey Botchkov
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.