Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.2(EOL), 10.3(EOL)
-
None
Description
I run this script:
CREATE OR REPLACE PROCEDURE p1 (a VARCHAR(10)) SELECT 1; |
CALL p1(AE);
|
It crashes the server with this stack trace:
#0 0x0000555555e9e8d2 in Item_field::fix_fields (this=0x7fff64011810, thd=0x7fff64000a98, reference=0x7fff64010290)
|
at /home/bar/maria-git/server.10.2-compatibility/sql/item.cc:5842
|
#1 0x0000555555aeed4b in sp_prepare_func_item (thd=0x7fff64000a98, it_addr=0x7fff64010290, cols=1)
|
at /home/bar/maria-git/server.10.2-compatibility/sql/sp_head.cc:363
|
#2 0x0000555555aeef5f in sp_eval_expr (thd=0x7fff64000a98, result_item=0x7fff64029020, result_field=0x7fff64028ea0,
|
expr_item_ptr=0x7fff64010290) at /home/bar/maria-git/server.10.2-compatibility/sql/sp_head.cc:409
|
#3 0x0000555555b06b47 in sp_rcontext::set_variable (this=0x7fff64027b00, thd=0x7fff64000a98, idx=0, value=0x7fff64010290)
|
at /home/bar/maria-git/server.10.2-compatibility/sql/sp_rcontext.cc:649
|
#4 0x0000555555af3e89 in sp_head::execute_procedure (this=0x7fff64010740, thd=0x7fff64000a98, args=0x7fff64005588)
|
at /home/bar/maria-git/server.10.2-compatibility/sql/sp_head.cc:2244
|
#5 0x0000555555bb6a3e in do_execute_sp (thd=0x7fff64000a98, sp=0x7fff64010740)
|
at /home/bar/maria-git/server.10.2-compatibility/sql/sql_parse.cc:2928
|
#6 0x0000555555bb7564 in Sql_cmd_call::execute (this=0x7fff640112b0, thd=0x7fff64000a98)
|
at /home/bar/maria-git/server.10.2-compatibility/sql/sql_parse.cc:3168
|
#7 0x0000555555bc15d2 in mysql_execute_command (thd=0x7fff64000a98)
|
at /home/bar/maria-git/server.10.2-compatibility/sql/sql_parse.cc:6253
|
#8 0x0000555555bc6387 in mysql_parse (thd=0x7fff64000a98, rawbuf=0x7fff64011ca0 "CALL p1(AE)", length=11,
|
parser_state=0x7fffe054b230, is_com_multi=false, is_next_command=false)
|
at /home/bar/maria-git/server.10.2-compatibility/sql/sql_parse.cc:7973
|
#9 0x0000555555bb3c62 in dispatch_command (command=COM_QUERY, thd=0x7fff64000a98, packet=0x7fff640081e9 "CALL p1(AE)",
|
packet_length=11, is_com_multi=false, is_next_command=false)
|
at /home/bar/maria-git/server.10.2-compatibility/sql/sql_parse.cc:1834
|
#10 0x0000555555bb25e1 in do_command (thd=0x7fff64000a98) at /home/bar/maria-git/server.10.2-compatibility/sql/sql_parse.cc:1382
|
#11 0x0000555555d0782c in do_handle_one_connection (connect=0x55555863be18)
|
at /home/bar/maria-git/server.10.2-compatibility/sql/sql_connect.cc:1335
|
#12 0x0000555555d075ac in handle_one_connection (arg=0x55555863be18)
|
at /home/bar/maria-git/server.10.2-compatibility/sql/sql_connect.cc:1241
|
#13 0x00007ffff7bbe36d in start_thread () from /lib64/libpthread.so.0
|
#14 0x00007ffff62f9b9f in clone () from /lib64/libc.so.6
|
Here's the line that causes the crash:
(gdb) f 0
|
#0 0x0000555555e9e8d2 in Item_field::fix_fields (this=0x7fff64011810, thd=0x7fff64000a98, reference=0x7fff64010290)
|
at /home/bar/maria-git/server.10.2-compatibility/sql/item.cc:5842
|
5842 if (thd->lex->current_select->is_item_list_lookup)
|
(gdb) p thd->lex->current_select
|
$1 = (SELECT_LEX *) 0x0
|
The crash was most likely caused by this change:
commit 6b7dcefdc83c4444ac8a4623b46810ff940528db
|
Author: Monty <monty@mariadb.org>
|
Date: Sun Jan 21 20:16:22 2018 +0200
|
 |
Reset thd->lex->current_select for SP
|
Attachments
Issue Links
- relates to
-
-
- Closed
-
-
-
- Closed
-