Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-12817

Server crashes in Dep_analysis_context::get_field_value




      CREATE TABLE t1 (f1 INT);
      INSERT INTO t1 VALUES (1),(2);
      CREATE TABLE t2 (f2 INT);
      INSERT INTO t2 VALUES (3),(4);
      CREATE TABLE t3 (f3 INT);
      INSERT INTO t3 VALUES (5),(6);
      CREATE TABLE t4 (f4 INT);
      INSERT INTO t4 VALUES (7),(8);
      SELECT f1 FROM t1 LEFT JOIN ( t2 INNER JOIN t3 ON ( 1 IN ( SELECT f4 FROM t4 ) ) ) ON (f1 = f3);

      5.5 2e1428c0b552f2c80aa4b27edaaab8bde8966b22

      #3  <signal handler called>
      #4  0x000000000074676f in Dep_analysis_context::get_field_value (this=0x7f7941cfa000, field=0x7f793ac5cb98) at /data/src/5.5/sql/opt_table_elimination.cc:1619
      #5  0x0000000000745bf8 in build_eq_mods_for_cond (ctx=0x7f7941cfa000, eq_mod=0x7f7941cfa260, and_level=0x7f7941cfa25c, cond=0x7f793ad99d58) at /data/src/5.5/sql/opt_table_elimination.cc:1253
      #6  0x00000000007456e5 in build_eq_mods_for_cond (ctx=0x7f7941cfa000, eq_mod=0x7f7941cfa260, and_level=0x7f7941cfa25c, cond=0x7f793ad99890) at /data/src/5.5/sql/opt_table_elimination.cc:1166
      #7  0x0000000000744e63 in check_func_dependency (join=0x7f793ad986b0, dep_tables=14, it=0x7f7941cfa2d0, oj_tbl=0x0, cond=0x7f793ad99890) at /data/src/5.5/sql/opt_table_elimination.cc:849
      #8  0x0000000000744bfe in eliminate_tables_for_list (join=0x7f793ad986b0, join_list=0x7f793ad815d0, list_tables=14, on_expr=0x7f793ad99890, tables_used_elsewhere=1) at /data/src/5.5/sql/opt_table_elimination.cc:771
      #9  0x0000000000744a49 in eliminate_tables_for_list (join=0x7f793ad986b0, join_list=0x7f793be67bf8, list_tables=15, on_expr=0x0, tables_used_elsewhere=1) at /data/src/5.5/sql/opt_table_elimination.cc:731
      #10 0x000000000074495e in eliminate_tables (join=0x7f793ad986b0) at /data/src/5.5/sql/opt_table_elimination.cc:670
      #11 0x0000000000637991 in make_join_statistics (join=0x7f793ad986b0, tables_list=..., conds=0x0, keyuse_array=0x7f793ad989d0) at /data/src/5.5/sql/sql_select.cc:3399
      #12 0x00000000006300ce in JOIN::optimize (this=0x7f793ad986b0) at /data/src/5.5/sql/sql_select.cc:1234
      #13 0x0000000000636a65 in mysql_select (thd=0x7f793be64060, rref_pointer_array=0x7f793be67cf0, tables=0x7f793ad48300, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f793ad81b50, unit=0x7f793be67388, select_lex=0x7f793be67a68) at /data/src/5.5/sql/sql_select.cc:3085
      #14 0x000000000062d352 in handle_select (thd=0x7f793be64060, lex=0x7f793be672d8, result=0x7f793ad81b50, setup_tables_done_option=0) at /data/src/5.5/sql/sql_select.cc:319
      #15 0x00000000006067b3 in execute_sqlcom_select (thd=0x7f793be64060, all_tables=0x7f793ad48300) at /data/src/5.5/sql/sql_parse.cc:4686
      #16 0x00000000005ffb26 in mysql_execute_command (thd=0x7f793be64060) at /data/src/5.5/sql/sql_parse.cc:2234
      #17 0x000000000060937e in mysql_parse (thd=0x7f793be64060, rawbuf=0x7f793ad48078 "SELECT f1 FROM t1 LEFT JOIN ( t2 INNER JOIN t3 ON ( 1 IN ( SELECT f4 FROM t4 ) ) ) ON (f1 = f3)", length=95, parser_state=0x7f7941cfb650) at /data/src/5.5/sql/sql_parse.cc:5931
      #18 0x00000000005fd0b5 in dispatch_command (command=COM_QUERY, thd=0x7f793be64060, packet=0x7f793fb5b061 "SELECT f1 FROM t1 LEFT JOIN ( t2 INNER JOIN t3 ON ( 1 IN ( SELECT f4 FROM t4 ) ) ) ON (f1 = f3)", packet_length=95) at /data/src/5.5/sql/sql_parse.cc:1079
      #19 0x00000000005fc26f in do_command (thd=0x7f793be64060) at /data/src/5.5/sql/sql_parse.cc:793
      #20 0x00000000006fe951 in do_handle_one_connection (thd_arg=0x7f793be64060) at /data/src/5.5/sql/sql_connect.cc:1268
      #21 0x00000000006fe6de in handle_one_connection (arg=0x7f793be64060) at /data/src/5.5/sql/sql_connect.cc:1184
      #22 0x0000000000a0bae7 in pfs_spawn_thread (arg=0x7f793cb76fc0) at /data/src/5.5/storage/perfschema/pfs.cc:1015
      #23 0x00007f794192e494 in start_thread (arg=0x7f7941cfc700) at pthread_create.c:333
      #24 0x00007f794034493f in clone () from /lib/x86_64-linux-gnu/libc.so.6

      The problem appeared in 5.5 tree with this revision:

      commit 6b97fe067db1b1d8e8dee56508e6d78a36e92481
      Author: Igor Babaev
      Date:   Tue May 9 00:41:45 2017 -0700
          Fixed the bugs mdev-12670 and mdev-12675.
          The code that blocked conversion of a IN subselect pedicate to a semi-join
          if it occurred in the ON expression of an outer join did not do it correctly.
          As a result, the conversion was blocked for IN subselect predicates
          encountered in ON expressions of INNER joins or in WHERE conditions
          of mergeable views / derived tables. This patch fixes this problem.




            igor Igor Babaev
            elenst Elena Stepanova
            0 Vote for this issue
            2 Start watching this issue