Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-14388

Server crashes in handle_select / val_uint in ORACLE mode

    XMLWordPrintable

Details

    Description

      --source include/have_innodb.inc
      		 
       
      		 
      DROP TABLE IF EXISTS t;
      		 
      DROP FUNCTION IF EXISTS f;
      		 
       
      		 
      SET sql_mode='ORACLE';
      		 
       
      		 
      CREATE TABLE t (id INT) ENGINE=InnoDB;
      		 
       
      		 
      --delimiter $$
      		 
      CREATE FUNCTION f() RETURN INT
      		 
      is
      		 
        v1 INT;
      		 
        v2 INT;
      		 
      BEGIN
      		 
        FOR v1 in (select id from t)
      		 
        loop
      		 
          select 1 into v2;
      		 
        end loop;
      		 
        RETURN 1;
      		 
       
      		 
      END $$
      		 
      --delimiter ;
      		 
       
      		 
      select f();

      10.3 c2a868b18cdffc

      		 
      #3  <signal handler called>
      		 
      #4  0x0000556acb95a9d0 in Item::val_uint (this=0x0) at /data/src/10.3/sql/item.h:947
      		 
      #5  0x0000556acb9a9a52 in handle_select (thd=0x7fd130000b00, lex=0x7fd130004730, result=0x7fd1300168e0, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:395
      		 
      #6  0x0000556acb974e05 in execute_sqlcom_select (thd=0x7fd130000b00, all_tables=0x0) at /data/src/10.3/sql/sql_parse.cc:6468
      		 
      #7  0x0000556acb96b6ac in mysql_execute_command (thd=0x7fd130000b00) at /data/src/10.3/sql/sql_parse.cc:3740
      		 
      #8  0x0000556acb97871e in mysql_parse (thd=0x7fd130000b00, rawbuf=0x7fd130014a68 "select f()", length=10, parser_state=0x7fd17c34b610, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7922
      		 
      #9  0x0000556acb9661f4 in dispatch_command (command=COM_QUERY, thd=0x7fd130000b00, packet=0x7fd13008f8b1 "", packet_length=10, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1828
      		 
      #10 0x0000556acb964c15 in do_command (thd=0x7fd130000b00) at /data/src/10.3/sql/sql_parse.cc:1370
      		 
      #11 0x0000556acbabc0ca in do_handle_one_connection (connect=0x556acef16290) at /data/src/10.3/sql/sql_connect.cc:1418
      		 
      #12 0x0000556acbabbe57 in handle_one_connection (arg=0x556acef16290) at /data/src/10.3/sql/sql_connect.cc:1324
      		 
      #13 0x0000556acbf3cbdc in pfs_spawn_thread (arg=0x556acef1e950) at /data/src/10.3/storage/perfschema/pfs.cc:1863
      		 
      #14 0x00007fd184bf9494 in start_thread (arg=0x7fd17c34c700) at pthread_create.c:333
      		 
      #15 0x00007fd182fdf93f in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-14228 MariaDB crashes with function

          • Major - Major loss of function.
          • Closed

          Activity

            People

              bar Alexander Barkov
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.