Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-15161

Server crashes in get_addon_fields upon using combination of functions

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Won't Fix
    • 5.5(EOL), 10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL)
    • N/A
    • Server
    • None

    Description

      Note: The test case below doesn't crash anymore, see comments instead.

      --source include/have_innodb.inc
      		 
       
      		 
      CREATE TABLE t1 (i INT) ENGINE=InnoDB;
      		 
      SELECT DISTINCT INSERT( ExtractValue( NULL, '/bar' ), UUID_SHORT(), 1, 'foo' ) FROM t1 ORDER BY 1;
      		 
       
      		 
      # Cleanup
      		 
      DROP TABLE t1;

      10.2 b56f9fbe2f6a83

      		 
      #3  <signal handler called>
      		 
      #4  0x0000563d79bf6529 in get_addon_fields (max_length_for_sort_data=1024, ptabfield=0x7f40f8151638, sortlength=1025, addon_buf=0x7f413855c918) at /data/src/10.2/sql/filesort.cc:2031
      		 
      #5  0x0000563d79bf117c in Sort_param::init_for_filesort (this=0x7f413855c8d0, sortlen=1025, table=0x7f40f81505c8, max_length_for_sort_data=1024, maxrows=18446744073709551615, sort_positions=false) at /data/src/10.2/sql/filesort.cc:93
      		 
      #6  0x0000563d79bf1555 in filesort (thd=0x7f40f8000b00, table=0x7f40f81505c8, filesort=0x7f40f8015a08, tracker=0x7f40f8015cf8, join=0x7f40f80134d0, first_table_bit=1) at /data/src/10.2/sql/filesort.cc:196
      		 
      #7  0x0000563d799fe3da in create_sort_index (thd=0x7f40f8000b00, join=0x7f40f80134d0, tab=0x7f40f8014c30, fsort=0x7f40f8015a08) at /data/src/10.2/sql/sql_select.cc:21790
      		 
      #8  0x0000563d799f8e67 in st_join_table::sort_table (this=0x7f40f8014c30) at /data/src/10.2/sql/sql_select.cc:19625
      		 
      #9  0x0000563d799f8ab5 in join_init_read_record (tab=0x7f40f8014c30) at /data/src/10.2/sql/sql_select.cc:19566
      		 
      #10 0x0000563d79a0b3de in AGGR_OP::end_send (this=0x7f40f80158c0) at /data/src/10.2/sql/sql_select.cc:26553
      		 
      #11 0x0000563d799f65b0 in sub_select_postjoin_aggr (join=0x7f40f80134d0, join_tab=0x7f40f8014c30, end_of_records=true) at /data/src/10.2/sql/sql_select.cc:18379
      		 
      #12 0x0000563d799f68d6 in sub_select (join=0x7f40f80134d0, join_tab=0x7f40f8014880, end_of_records=true) at /data/src/10.2/sql/sql_select.cc:18615
      		 
      #13 0x0000563d799f60ec in do_select (join=0x7f40f80134d0, procedure=0x0) at /data/src/10.2/sql/sql_select.cc:18210
      		 
      #14 0x0000563d799d079d in JOIN::exec_inner (this=0x7f40f80134d0) at /data/src/10.2/sql/sql_select.cc:3540
      		 
      #15 0x0000563d799cfc4c in JOIN::exec (this=0x7f40f80134d0) at /data/src/10.2/sql/sql_select.cc:3335
      		 
      #16 0x0000563d799d0e15 in mysql_select (thd=0x7f40f8000b00, tables=0x7f40f8012ce0, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x7f40f80133a0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748609, result=0x7f40f80134b0, unit=0x7f40f80046a0, select_lex=0x7f40f8004dd8) at /data/src/10.2/sql/sql_select.cc:3735
      		 
      #17 0x0000563d799c558a in handle_select (thd=0x7f40f8000b00, lex=0x7f40f80045d8, result=0x7f40f80134b0, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:373
      		 
      #18 0x0000563d7999139f in execute_sqlcom_select (thd=0x7f40f8000b00, all_tables=0x7f40f8012ce0) at /data/src/10.2/sql/sql_parse.cc:6456
      		 
      #19 0x0000563d79987426 in mysql_execute_command (thd=0x7f40f8000b00) at /data/src/10.2/sql/sql_parse.cc:3467
      		 
      #20 0x0000563d79994d5d in mysql_parse (thd=0x7f40f8000b00, rawbuf=0x7f40f80124e8 "SELECT DISTINCT INSERT( ExtractValue( NULL, '/bar' ), UUID_SHORT(), 1, 'foo' ) FROM t1 ORDER BY 1", length=97, parser_state=0x7f413855e200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7898
      		 
      #21 0x0000563d79982cf7 in dispatch_command (command=COM_QUERY, thd=0x7f40f8000b00, packet=0x7f40f808d0e1 "", packet_length=97, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1806
      		 
      #22 0x0000563d7998165a in do_command (thd=0x7f40f8000b00) at /data/src/10.2/sql/sql_parse.cc:1360
      		 
      #23 0x0000563d79acf8c4 in do_handle_one_connection (connect=0x563d7c20beb0) at /data/src/10.2/sql/sql_connect.cc:1335
      		 
      #24 0x0000563d79acf651 in handle_one_connection (arg=0x563d7c20beb0) at /data/src/10.2/sql/sql_connect.cc:1241
      		 
      #25 0x0000563d79eeee10 in pfs_spawn_thread (arg=0x563d7c16f800) at /data/src/10.2/storage/perfschema/pfs.cc:1862
      		 
      #26 0x00007f4148e07494 in start_thread (arg=0x7f413855f700) at pthread_create.c:333
      		 
      #27 0x00007f41471ed93f in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Also reproducible on 10.3. Couldn't reproduce on 10.1.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28503 SIGSEGV in get_addon_fields and UBSAN: runtime error: member access within null pointer of type 'struct Field' in get_addon_fields

          • Major - Major loss of function.
          • Closed

          Activity

            People

              cvicentiu Vicențiu Ciorbaru
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.