[MDEV-15703] Crash in EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT, UBSAN runtime error: member call on null pointer of type 'struct TABLE_LIST' in Item_param::save_in_field - Jira

Alexander Barkov created issue - 2018-03-28 06:58

Alexander Barkov made changes - 2018-03-28 07:01

Field	Original Value	New Value
Description	These queries crash the server: {code:sql} EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT; {code} {code:sql} EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING IGNORE; {code}	These queries crash the server: {code:sql} EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT; {code} {code:sql} EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING IGNORE; {code} I didn't check binding the same constants in the client-server protocol, but most likely they'll also crash.

Alexander Barkov made changes - 2018-03-28 07:07

Assignee

Oleksandr Byelkin [ sanja ]

Elena Stepanova made changes - 2018-03-28 09:54

Description

These queries crash the server:

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT;
{code}

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING IGNORE;
{code}

I didn't check binding the same constants in the client-server protocol, but most likely they'll also crash.

These queries crash the server:

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT;
{code}

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING IGNORE;
{code}

I didn't check binding the same constants in the client-server protocol, but most likely they'll also crash.

{noformat:title=10.2 73af8af094}
#3 <signal handler called>
#4 0x0000562f979d290a in TABLE_LIST::top_table (this=0x0) at /data/src/10.2/sql/table.h:2214
#5 0x0000562f97cc55f7 in Item_param::save_in_field (this=0x7f3268158770, field=0x7f32680133d8, no_conversions=true) at /data/src/10.2/sql/item.cc:3803
#6 0x0000562f97b51d83 in make_empty_rec (thd=0x7f3268000b00, buff=0x7f3268008086 "\001", table_options=8, create_fields=..., reclength=5, data_offset=1) at /data/src/10.2/sql/unireg.cc:998
#7 0x0000562f97b4f4d5 in build_frm_image (thd=0x7f3268000b00, table=0x7f3268158048 "t1", create_info=0x7f327a8a7630, create_fields=..., keys=0, key_info=0x7f32680133c8, db_file=0x7f3268012ce8) at /data/src/10.2/sql/unireg.cc:308
#8 0x0000562f97afd73b in mysql_create_frm_image (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4660
#9 0x0000562f97afe0ec in create_table_impl (thd=0x7f3268000b00, orig_db=0x7f3268158690 "test", orig_table_name=0x7f3268158048 "t1", db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", path=0x7f327a8a7030 "./test/t1", options=..., create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, is_trans=0x7f327a8a728e, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4896
#10 0x0000562f97afe73b in mysql_create_table_no_lock (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, is_trans=0x7f327a8a728e, create_table_mode=0) at /data/src/10.2/sql/sql_table.cc:5012
#11 0x0000562f97afe9af in mysql_create_table (thd=0x7f3268000b00, create_table=0x7f3268158080, create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580) at /data/src/10.2/sql/sql_table.cc:5075
#12 0x0000562f97a36e9b in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3983
#13 0x0000562f97a60b18 in Prepared_statement::execute (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:4774
#14 0x0000562f97a5ee73 in Prepared_statement::execute_loop (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:4203
#15 0x0000562f97a6106e in Prepared_statement::execute_immediate (this=0x7f32680066b0, query=0x7f3268012750 "CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)", query_len=44) at /data/src/10.2/sql/sql_prepare.cc:4898
#16 0x0000562f97a5bc0f in mysql_sql_stmt_execute_immediate (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_prepare.cc:2893
#17 0x0000562f97a35a04 in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3485
#18 0x0000562f97a433a8 in mysql_parse (thd=0x7f3268000b00, rawbuf=0x7f3268012640 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", length=78, parser_state=0x7f327a8a9200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7914
#19 0x0000562f97a31263 in dispatch_command (command=COM_QUERY, thd=0x7f3268000b00, packet=0x7f326816b521 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", packet_length=78, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1815
#20 0x0000562f97a2fbc6 in do_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:1369
#21 0x0000562f97b7e480 in do_handle_one_connection (connect=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1335
#22 0x0000562f97b7e20d in handle_one_connection (arg=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1241
#23 0x0000562f97f9e3de in pfs_spawn_thread (arg=0x562f99f46ec0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#24 0x00007f32822a4494 in start_thread (arg=0x7f327a8aa700) at pthread_create.c:333
#25 0x00007f328068a93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
{noformat}

Sergei Golubchik made changes - 2019-03-29 12:04

Fix Version/s

10.4 [ 22408 ]

Roel Van de Paar made changes - 2020-05-11 11:09

Affects Version/s		10.4 [ 22408 ]
Affects Version/s		10.5 [ 23123 ]

Roel Van de Paar made changes - 2020-05-11 11:09

Fix Version/s

10.5 [ 23123 ]

Roel Van de Paar made changes - 2020-05-11 11:09

Priority

Major [ 3 ]

Critical [ 2 ]

Oleksandr Byelkin made changes - 2020-07-09 07:41

Status

Open [ 1 ]

In Progress [ 3 ]

Oleksandr Byelkin made changes - 2020-07-09 13:40

Assignee	Oleksandr Byelkin [ sanja ]	Alexander Barkov [ bar ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Oleksandr Byelkin made changes - 2020-07-17 18:20

Assignee

Alexander Barkov [ bar ]

Oleksandr Byelkin [ sanja ]

Oleksandr Byelkin made changes - 2020-07-17 18:20

Assignee

Oleksandr Byelkin [ sanja ]

Sergei Golubchik [ serg ]

Sergei Golubchik made changes - 2020-07-29 16:33

Assignee	Sergei Golubchik [ serg ]	Oleksandr Byelkin [ sanja ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Oleksandr Byelkin made changes - 2020-10-07 09:07

Status

Stalled [ 10000 ]

In Progress [ 3 ]

Oleksandr Byelkin made changes - 2020-10-07 11:45

Assignee	Oleksandr Byelkin [ sanja ]	Sergei Golubchik [ serg ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Sergei Golubchik made changes - 2020-10-09 20:26

Assignee	Sergei Golubchik [ serg ]	Oleksandr Byelkin [ sanja ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Roel Van de Paar made changes - 2020-10-10 04:21

Link

This issue relates to ~~MDEV-21028~~ [ ~~MDEV-21028~~ ]

Oleksandr Byelkin made changes - 2021-07-12 11:15

Assignee

Oleksandr Byelkin [ sanja ]

Dmitry Shulga [ JIRAUSER47315 ]

Sergei Golubchik made changes - 2021-12-06 21:35

Workflow

MariaDB v3 [ 86263 ]

MariaDB v4 [ 143537 ]

Ralf Gebhardt made changes - 2022-08-04 08:44

Fix Version/s

10.2 [ 14601 ]

Dmitry Shulga made changes - 2022-10-11 04:00

Status

Stalled [ 10000 ]

In Progress [ 3 ]

Alexander Barkov made changes - 2022-10-11 13:12

Description

These queries crash the server:

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT;
{code}

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING IGNORE;
{code}

I didn't check binding the same constants in the client-server protocol, but most likely they'll also crash.

{noformat:title=10.2 73af8af094}
#3 <signal handler called>
#4 0x0000562f979d290a in TABLE_LIST::top_table (this=0x0) at /data/src/10.2/sql/table.h:2214
#5 0x0000562f97cc55f7 in Item_param::save_in_field (this=0x7f3268158770, field=0x7f32680133d8, no_conversions=true) at /data/src/10.2/sql/item.cc:3803
#6 0x0000562f97b51d83 in make_empty_rec (thd=0x7f3268000b00, buff=0x7f3268008086 "\001", table_options=8, create_fields=..., reclength=5, data_offset=1) at /data/src/10.2/sql/unireg.cc:998
#7 0x0000562f97b4f4d5 in build_frm_image (thd=0x7f3268000b00, table=0x7f3268158048 "t1", create_info=0x7f327a8a7630, create_fields=..., keys=0, key_info=0x7f32680133c8, db_file=0x7f3268012ce8) at /data/src/10.2/sql/unireg.cc:308
#8 0x0000562f97afd73b in mysql_create_frm_image (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4660
#9 0x0000562f97afe0ec in create_table_impl (thd=0x7f3268000b00, orig_db=0x7f3268158690 "test", orig_table_name=0x7f3268158048 "t1", db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", path=0x7f327a8a7030 "./test/t1", options=..., create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, is_trans=0x7f327a8a728e, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4896
#10 0x0000562f97afe73b in mysql_create_table_no_lock (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, is_trans=0x7f327a8a728e, create_table_mode=0) at /data/src/10.2/sql/sql_table.cc:5012
#11 0x0000562f97afe9af in mysql_create_table (thd=0x7f3268000b00, create_table=0x7f3268158080, create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580) at /data/src/10.2/sql/sql_table.cc:5075
#12 0x0000562f97a36e9b in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3983
#13 0x0000562f97a60b18 in Prepared_statement::execute (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:4774
#14 0x0000562f97a5ee73 in Prepared_statement::execute_loop (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:4203
#15 0x0000562f97a6106e in Prepared_statement::execute_immediate (this=0x7f32680066b0, query=0x7f3268012750 "CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)", query_len=44) at /data/src/10.2/sql/sql_prepare.cc:4898
#16 0x0000562f97a5bc0f in mysql_sql_stmt_execute_immediate (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_prepare.cc:2893
#17 0x0000562f97a35a04 in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3485
#18 0x0000562f97a433a8 in mysql_parse (thd=0x7f3268000b00, rawbuf=0x7f3268012640 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", length=78, parser_state=0x7f327a8a9200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7914
#19 0x0000562f97a31263 in dispatch_command (command=COM_QUERY, thd=0x7f3268000b00, packet=0x7f326816b521 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", packet_length=78, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1815
#20 0x0000562f97a2fbc6 in do_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:1369
#21 0x0000562f97b7e480 in do_handle_one_connection (connect=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1335
#22 0x0000562f97b7e20d in handle_one_connection (arg=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1241
#23 0x0000562f97f9e3de in pfs_spawn_thread (arg=0x562f99f46ec0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#24 0x00007f32822a4494 in start_thread (arg=0x7f327a8aa700) at pthread_create.c:333
#25 0x00007f328068a93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
{noformat}

These queries crash the server:

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT;
{code}

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING IGNORE;
{code}

I didn't check binding the same constants in the client-server protocol, but most likely they'll also crash.

{noformat:title=10.2 73af8af094}
#3 <signal handler called>
#4 0x0000562f979d290a in TABLE_LIST::top_table (this=0x0) at /data/src/10.2/sql/table.h:2214
#5 0x0000562f97cc55f7 in Item_param::save_in_field (this=0x7f3268158770, field=0x7f32680133d8, no_conversions=true) at /data/src/10.2/sql/item.cc:3803
#6 0x0000562f97b51d83 in make_empty_rec (thd=0x7f3268000b00, buff=0x7f3268008086 "\001", table_options=8, create_fields=..., reclength=5, data_offset=1) at /data/src/10.2/sql/unireg.cc:998
#7 0x0000562f97b4f4d5 in build_frm_image (thd=0x7f3268000b00, table=0x7f3268158048 "t1", create_info=0x7f327a8a7630, create_fields=..., keys=0, key_info=0x7f32680133c8, db_file=0x7f3268012ce8) at /data/src/10.2/sql/unireg.cc:308
#8 0x0000562f97afd73b in mysql_create_frm_image (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4660
#9 0x0000562f97afe0ec in create_table_impl (thd=0x7f3268000b00, orig_db=0x7f3268158690 "test", orig_table_name=0x7f3268158048 "t1", db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", path=0x7f327a8a7030 "./test/t1", options=..., create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, is_trans=0x7f327a8a728e, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4896
#10 0x0000562f97afe73b in mysql_create_table_no_lock (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, is_trans=0x7f327a8a728e, create_table_mode=0) at /data/src/10.2/sql/sql_table.cc:5012
#11 0x0000562f97afe9af in mysql_create_table (thd=0x7f3268000b00, create_table=0x7f3268158080, create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580) at /data/src/10.2/sql/sql_table.cc:5075
#12 0x0000562f97a36e9b in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3983
#13 0x0000562f97a60b18 in Prepared_statement::execute (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:4774
#14 0x0000562f97a5ee73 in Prepared_statement::execute_loop (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:4203
#15 0x0000562f97a6106e in Prepared_statement::execute_immediate (this=0x7f32680066b0, query=0x7f3268012750 "CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)", query_len=44) at /data/src/10.2/sql/sql_prepare.cc:4898
#16 0x0000562f97a5bc0f in mysql_sql_stmt_execute_immediate (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_prepare.cc:2893
#17 0x0000562f97a35a04 in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3485
#18 0x0000562f97a433a8 in mysql_parse (thd=0x7f3268000b00, rawbuf=0x7f3268012640 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", length=78, parser_state=0x7f327a8a9200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7914
#19 0x0000562f97a31263 in dispatch_command (command=COM_QUERY, thd=0x7f3268000b00, packet=0x7f326816b521 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", packet_length=78, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1815
#20 0x0000562f97a2fbc6 in do_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:1369
#21 0x0000562f97b7e480 in do_handle_one_connection (connect=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1335
#22 0x0000562f97b7e20d in handle_one_connection (arg=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1241
#23 0x0000562f97f9e3de in pfs_spawn_thread (arg=0x562f99f46ec0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#24 0x00007f32822a4494 in start_thread (arg=0x7f327a8aa700) at pthread_create.c:333
#25 0x00007f328068a93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
{noformat}

Note, the queries are intentionally incorrect. DEFAULT/IGNORE should not be allowed as bind parameters in this context.

The expected behaviour should be to return an error, e.g. like this query does:
{code:sql}
MariaDB [test]> EXECUTE IMMEDIATE 'SELECT 1=?' USING DEFAULT;
ERROR 4032 (HY000): Default/ignore value is not supported for such parameter usage
{code}

Alexander Barkov made changes - 2022-10-11 13:12

Description

These queries crash the server:

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT;
{code}

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING IGNORE;
{code}

I didn't check binding the same constants in the client-server protocol, but most likely they'll also crash.

{noformat:title=10.2 73af8af094}
#3 <signal handler called>
#4 0x0000562f979d290a in TABLE_LIST::top_table (this=0x0) at /data/src/10.2/sql/table.h:2214
#5 0x0000562f97cc55f7 in Item_param::save_in_field (this=0x7f3268158770, field=0x7f32680133d8, no_conversions=true) at /data/src/10.2/sql/item.cc:3803
#6 0x0000562f97b51d83 in make_empty_rec (thd=0x7f3268000b00, buff=0x7f3268008086 "\001", table_options=8, create_fields=..., reclength=5, data_offset=1) at /data/src/10.2/sql/unireg.cc:998
#7 0x0000562f97b4f4d5 in build_frm_image (thd=0x7f3268000b00, table=0x7f3268158048 "t1", create_info=0x7f327a8a7630, create_fields=..., keys=0, key_info=0x7f32680133c8, db_file=0x7f3268012ce8) at /data/src/10.2/sql/unireg.cc:308
#8 0x0000562f97afd73b in mysql_create_frm_image (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4660
#9 0x0000562f97afe0ec in create_table_impl (thd=0x7f3268000b00, orig_db=0x7f3268158690 "test", orig_table_name=0x7f3268158048 "t1", db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", path=0x7f327a8a7030 "./test/t1", options=..., create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, is_trans=0x7f327a8a728e, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4896
#10 0x0000562f97afe73b in mysql_create_table_no_lock (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, is_trans=0x7f327a8a728e, create_table_mode=0) at /data/src/10.2/sql/sql_table.cc:5012
#11 0x0000562f97afe9af in mysql_create_table (thd=0x7f3268000b00, create_table=0x7f3268158080, create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580) at /data/src/10.2/sql/sql_table.cc:5075
#12 0x0000562f97a36e9b in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3983
#13 0x0000562f97a60b18 in Prepared_statement::execute (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:4774
#14 0x0000562f97a5ee73 in Prepared_statement::execute_loop (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:4203
#15 0x0000562f97a6106e in Prepared_statement::execute_immediate (this=0x7f32680066b0, query=0x7f3268012750 "CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)", query_len=44) at /data/src/10.2/sql/sql_prepare.cc:4898
#16 0x0000562f97a5bc0f in mysql_sql_stmt_execute_immediate (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_prepare.cc:2893
#17 0x0000562f97a35a04 in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3485
#18 0x0000562f97a433a8 in mysql_parse (thd=0x7f3268000b00, rawbuf=0x7f3268012640 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", length=78, parser_state=0x7f327a8a9200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7914
#19 0x0000562f97a31263 in dispatch_command (command=COM_QUERY, thd=0x7f3268000b00, packet=0x7f326816b521 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", packet_length=78, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1815
#20 0x0000562f97a2fbc6 in do_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:1369
#21 0x0000562f97b7e480 in do_handle_one_connection (connect=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1335
#22 0x0000562f97b7e20d in handle_one_connection (arg=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1241
#23 0x0000562f97f9e3de in pfs_spawn_thread (arg=0x562f99f46ec0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#24 0x00007f32822a4494 in start_thread (arg=0x7f327a8aa700) at pthread_create.c:333
#25 0x00007f328068a93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
{noformat}

Note, the queries are intentionally incorrect. DEFAULT/IGNORE should not be allowed as bind parameters in this context.

The expected behaviour should be to return an error, e.g. like this query does:
{code:sql}
MariaDB [test]> EXECUTE IMMEDIATE 'SELECT 1=?' USING DEFAULT;
ERROR 4032 (HY000): Default/ignore value is not supported for such parameter usage
{code}

These (intentionally incorrect) queries crash the server:

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT;
{code}

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING IGNORE;
{code}

I didn't check binding the same constants in the client-server protocol, but most likely they'll also crash.

{noformat:title=10.2 73af8af094}
#3 <signal handler called>
#4 0x0000562f979d290a in TABLE_LIST::top_table (this=0x0) at /data/src/10.2/sql/table.h:2214
#5 0x0000562f97cc55f7 in Item_param::save_in_field (this=0x7f3268158770, field=0x7f32680133d8, no_conversions=true) at /data/src/10.2/sql/item.cc:3803
#6 0x0000562f97b51d83 in make_empty_rec (thd=0x7f3268000b00, buff=0x7f3268008086 "\001", table_options=8, create_fields=..., reclength=5, data_offset=1) at /data/src/10.2/sql/unireg.cc:998
#7 0x0000562f97b4f4d5 in build_frm_image (thd=0x7f3268000b00, table=0x7f3268158048 "t1", create_info=0x7f327a8a7630, create_fields=..., keys=0, key_info=0x7f32680133c8, db_file=0x7f3268012ce8) at /data/src/10.2/sql/unireg.cc:308
#8 0x0000562f97afd73b in mysql_create_frm_image (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4660
#9 0x0000562f97afe0ec in create_table_impl (thd=0x7f3268000b00, orig_db=0x7f3268158690 "test", orig_table_name=0x7f3268158048 "t1", db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", path=0x7f327a8a7030 "./test/t1", options=..., create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, is_trans=0x7f327a8a728e, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4896
#10 0x0000562f97afe73b in mysql_create_table_no_lock (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, is_trans=0x7f327a8a728e, create_table_mode=0) at /data/src/10.2/sql/sql_table.cc:5012
#11 0x0000562f97afe9af in mysql_create_table (thd=0x7f3268000b00, create_table=0x7f3268158080, create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580) at /data/src/10.2/sql/sql_table.cc:5075
#12 0x0000562f97a36e9b in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3983
#13 0x0000562f97a60b18 in Prepared_statement::execute (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:4774
#14 0x0000562f97a5ee73 in Prepared_statement::execute_loop (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:4203
#15 0x0000562f97a6106e in Prepared_statement::execute_immediate (this=0x7f32680066b0, query=0x7f3268012750 "CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)", query_len=44) at /data/src/10.2/sql/sql_prepare.cc:4898
#16 0x0000562f97a5bc0f in mysql_sql_stmt_execute_immediate (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_prepare.cc:2893
#17 0x0000562f97a35a04 in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3485
#18 0x0000562f97a433a8 in mysql_parse (thd=0x7f3268000b00, rawbuf=0x7f3268012640 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", length=78, parser_state=0x7f327a8a9200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7914
#19 0x0000562f97a31263 in dispatch_command (command=COM_QUERY, thd=0x7f3268000b00, packet=0x7f326816b521 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", packet_length=78, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1815
#20 0x0000562f97a2fbc6 in do_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:1369
#21 0x0000562f97b7e480 in do_handle_one_connection (connect=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1335
#22 0x0000562f97b7e20d in handle_one_connection (arg=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1241
#23 0x0000562f97f9e3de in pfs_spawn_thread (arg=0x562f99f46ec0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#24 0x00007f32822a4494 in start_thread (arg=0x7f327a8aa700) at pthread_create.c:333
#25 0x00007f328068a93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
{noformat}

Note, the queries are intentionally incorrect. DEFAULT/IGNORE should not be allowed as bind parameters in this context.

The expected behaviour should be to return an error, e.g. like this query does:
{code:sql}
MariaDB [test]> EXECUTE IMMEDIATE 'SELECT 1=?' USING DEFAULT;
ERROR 4032 (HY000): Default/ignore value is not supported for such parameter usage
{code}

Alexander Barkov made changes - 2022-10-11 13:12

Description

These (intentionally incorrect) queries crash the server:

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT;
{code}

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING IGNORE;
{code}

I didn't check binding the same constants in the client-server protocol, but most likely they'll also crash.

{noformat:title=10.2 73af8af094}
#3 <signal handler called>
#4 0x0000562f979d290a in TABLE_LIST::top_table (this=0x0) at /data/src/10.2/sql/table.h:2214
#5 0x0000562f97cc55f7 in Item_param::save_in_field (this=0x7f3268158770, field=0x7f32680133d8, no_conversions=true) at /data/src/10.2/sql/item.cc:3803
#6 0x0000562f97b51d83 in make_empty_rec (thd=0x7f3268000b00, buff=0x7f3268008086 "\001", table_options=8, create_fields=..., reclength=5, data_offset=1) at /data/src/10.2/sql/unireg.cc:998
#7 0x0000562f97b4f4d5 in build_frm_image (thd=0x7f3268000b00, table=0x7f3268158048 "t1", create_info=0x7f327a8a7630, create_fields=..., keys=0, key_info=0x7f32680133c8, db_file=0x7f3268012ce8) at /data/src/10.2/sql/unireg.cc:308
#8 0x0000562f97afd73b in mysql_create_frm_image (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4660
#9 0x0000562f97afe0ec in create_table_impl (thd=0x7f3268000b00, orig_db=0x7f3268158690 "test", orig_table_name=0x7f3268158048 "t1", db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", path=0x7f327a8a7030 "./test/t1", options=..., create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, is_trans=0x7f327a8a728e, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4896
#10 0x0000562f97afe73b in mysql_create_table_no_lock (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, is_trans=0x7f327a8a728e, create_table_mode=0) at /data/src/10.2/sql/sql_table.cc:5012
#11 0x0000562f97afe9af in mysql_create_table (thd=0x7f3268000b00, create_table=0x7f3268158080, create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580) at /data/src/10.2/sql/sql_table.cc:5075
#12 0x0000562f97a36e9b in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3983
#13 0x0000562f97a60b18 in Prepared_statement::execute (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:4774
#14 0x0000562f97a5ee73 in Prepared_statement::execute_loop (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:4203
#15 0x0000562f97a6106e in Prepared_statement::execute_immediate (this=0x7f32680066b0, query=0x7f3268012750 "CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)", query_len=44) at /data/src/10.2/sql/sql_prepare.cc:4898
#16 0x0000562f97a5bc0f in mysql_sql_stmt_execute_immediate (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_prepare.cc:2893
#17 0x0000562f97a35a04 in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3485
#18 0x0000562f97a433a8 in mysql_parse (thd=0x7f3268000b00, rawbuf=0x7f3268012640 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", length=78, parser_state=0x7f327a8a9200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7914
#19 0x0000562f97a31263 in dispatch_command (command=COM_QUERY, thd=0x7f3268000b00, packet=0x7f326816b521 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", packet_length=78, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1815
#20 0x0000562f97a2fbc6 in do_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:1369
#21 0x0000562f97b7e480 in do_handle_one_connection (connect=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1335
#22 0x0000562f97b7e20d in handle_one_connection (arg=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1241
#23 0x0000562f97f9e3de in pfs_spawn_thread (arg=0x562f99f46ec0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#24 0x00007f32822a4494 in start_thread (arg=0x7f327a8aa700) at pthread_create.c:333
#25 0x00007f328068a93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
{noformat}

Note, the queries are intentionally incorrect. DEFAULT/IGNORE should not be allowed as bind parameters in this context.

The expected behaviour should be to return an error, e.g. like this query does:
{code:sql}
MariaDB [test]> EXECUTE IMMEDIATE 'SELECT 1=?' USING DEFAULT;
ERROR 4032 (HY000): Default/ignore value is not supported for such parameter usage
{code}

These (intentionally incorrect) queries crash the server:

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT;
{code}

{code:sql}
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING IGNORE;
{code}

I didn't check binding the same constants in the client-server protocol, but most likely they'll also crash.

{noformat:title=10.2 73af8af094}
#3 <signal handler called>
#4 0x0000562f979d290a in TABLE_LIST::top_table (this=0x0) at /data/src/10.2/sql/table.h:2214
#5 0x0000562f97cc55f7 in Item_param::save_in_field (this=0x7f3268158770, field=0x7f32680133d8, no_conversions=true) at /data/src/10.2/sql/item.cc:3803
#6 0x0000562f97b51d83 in make_empty_rec (thd=0x7f3268000b00, buff=0x7f3268008086 "\001", table_options=8, create_fields=..., reclength=5, data_offset=1) at /data/src/10.2/sql/unireg.cc:998
#7 0x0000562f97b4f4d5 in build_frm_image (thd=0x7f3268000b00, table=0x7f3268158048 "t1", create_info=0x7f327a8a7630, create_fields=..., keys=0, key_info=0x7f32680133c8, db_file=0x7f3268012ce8) at /data/src/10.2/sql/unireg.cc:308
#8 0x0000562f97afd73b in mysql_create_frm_image (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4660
#9 0x0000562f97afe0ec in create_table_impl (thd=0x7f3268000b00, orig_db=0x7f3268158690 "test", orig_table_name=0x7f3268158048 "t1", db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", path=0x7f327a8a7030 "./test/t1", options=..., create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, is_trans=0x7f327a8a728e, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4896
#10 0x0000562f97afe73b in mysql_create_table_no_lock (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, is_trans=0x7f327a8a728e, create_table_mode=0) at /data/src/10.2/sql/sql_table.cc:5012
#11 0x0000562f97afe9af in mysql_create_table (thd=0x7f3268000b00, create_table=0x7f3268158080, create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580) at /data/src/10.2/sql/sql_table.cc:5075
#12 0x0000562f97a36e9b in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3983
#13 0x0000562f97a60b18 in Prepared_statement::execute (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:4774
#14 0x0000562f97a5ee73 in Prepared_statement::execute_loop (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:4203
#15 0x0000562f97a6106e in Prepared_statement::execute_immediate (this=0x7f32680066b0, query=0x7f3268012750 "CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)", query_len=44) at /data/src/10.2/sql/sql_prepare.cc:4898
#16 0x0000562f97a5bc0f in mysql_sql_stmt_execute_immediate (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_prepare.cc:2893
#17 0x0000562f97a35a04 in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3485
#18 0x0000562f97a433a8 in mysql_parse (thd=0x7f3268000b00, rawbuf=0x7f3268012640 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", length=78, parser_state=0x7f327a8a9200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7914
#19 0x0000562f97a31263 in dispatch_command (command=COM_QUERY, thd=0x7f3268000b00, packet=0x7f326816b521 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", packet_length=78, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1815
#20 0x0000562f97a2fbc6 in do_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:1369
#21 0x0000562f97b7e480 in do_handle_one_connection (connect=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1335
#22 0x0000562f97b7e20d in handle_one_connection (arg=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1241
#23 0x0000562f97f9e3de in pfs_spawn_thread (arg=0x562f99f46ec0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#24 0x00007f32822a4494 in start_thread (arg=0x7f327a8aa700) at pthread_create.c:333
#25 0x00007f328068a93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
{noformat}

Note, the queries are incorrect. DEFAULT/IGNORE should not be allowed as bind parameters in this context.

The expected behaviour should be to return an error, e.g. like this query does:
{code:sql}
MariaDB [test]> EXECUTE IMMEDIATE 'SELECT 1=?' USING DEFAULT;
ERROR 4032 (HY000): Default/ignore value is not supported for such parameter usage
{code}

Julien Fritsch made changes - 2023-04-27 14:23

Fix Version/s

10.3 [ 22126 ]

Roel Van de Paar made changes - 2023-05-13 03:18

Fix Version/s		10.6 [ 24028 ]
Fix Version/s		10.9 [ 26905 ]
Fix Version/s		10.10 [ 27530 ]
Fix Version/s		10.11 [ 27614 ]
Fix Version/s		11.0 [ 28320 ]
Fix Version/s		11.1 [ 28549 ]
Affects Version/s		10.6 [ 24028 ]
Affects Version/s		10.9 [ 26905 ]
Affects Version/s		10.10 [ 27530 ]
Affects Version/s		10.11 [ 27614 ]
Affects Version/s		11.0 [ 28320 ]
Affects Version/s		11.1 [ 28549 ]

Roel Van de Paar made changes - 2023-05-13 03:22

Summary

Crash in EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT

Crash in EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT, UBSAN runtime error: member call on null pointer of type 'struct TABLE_LIST' in Item_param::save_in_field

Roel Van de Paar made changes - 2023-05-13 03:22

Labels

UBSAN

Roel Van de Paar made changes - 2023-10-31 03:18

Labels

UBSAN

UBSAN affects-tests

Roel Van de Paar made changes - 2023-10-31 03:18

Fix Version/s

11.2 [ 28603 ]

Roel Van de Paar made changes - 2023-10-31 03:18

Affects Version/s		11.2 [ 28603 ]
Affects Version/s		11.3 [ 28565 ]

Julien Fritsch made changes - 2023-11-28 10:24

Fix Version/s

10.9 [ 26905 ]

Julien Fritsch made changes - 2023-11-28 10:30

Fix Version/s

10.10 [ 27530 ]

Julien Fritsch made changes - 2023-12-07 10:01

Status

In Progress [ 3 ]

Stalled [ 10000 ]

Dmitry Shulga made changes - 2023-12-11 07:31

Status

Stalled [ 10000 ]

In Progress [ 3 ]

Julien Fritsch made changes - 2023-12-11 19:11

Labels

UBSAN affects-tests

UBSAN affects-tests crash

Dmitry Shulga made changes - 2024-01-16 16:39

Assignee	Dmitry Shulga [ JIRAUSER47315 ]	Oleksandr Byelkin [ sanja ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Oleksandr Byelkin made changes - 2024-02-06 09:03

Assignee	Oleksandr Byelkin [ sanja ]	Dmitry Shulga [ JIRAUSER47315 ]
Status	In Review [ 10002 ]	Stalled [ 10000 ]

Dmitry Shulga made changes - 2024-02-12 09:55

Fix Version/s		11.3.2 [ 29522 ]
Fix Version/s		11.4.1 [ 29523 ]
Fix Version/s		10.4.34 [ 29625 ]
Fix Version/s		10.5.25 [ 29626 ]
Fix Version/s		10.6.18 [ 29627 ]
Fix Version/s		10.11.8 [ 29630 ]
Fix Version/s		11.0.6 [ 29628 ]
Fix Version/s		11.1.5 [ 29629 ]
Fix Version/s		11.2.4 [ 29631 ]
Fix Version/s		11.5.1 [ 29634 ]
Fix Version/s	10.4 [ 22408 ]
Fix Version/s	10.5 [ 23123 ]
Fix Version/s	10.6 [ 24028 ]
Fix Version/s	10.11 [ 27614 ]
Fix Version/s	11.0 [ 28320 ]
Fix Version/s	11.1 [ 28549 ]
Fix Version/s	11.2 [ 28603 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Julien Fritsch made changes - 2024-02-20 13:53

Fix Version/s

11.5.1 [ 29634 ]

MariaDB Server

Crash in EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT, UBSAN runtime error: member call on null pointer of type 'struct TABLE_LIST' in Item_param::save_in_field

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration