Type:
Priority:
Resolution:
Fixed
Affects Version/s:
10.2(EOL) , 10.3(EOL) , 10.4(EOL) , 10.5 , 10.6 , 10.9(EOL) , 10.10(EOL) , 10.11 , 11.0(EOL) , 11.1(EOL) , 11.2(EOL) , 11.3(EOL)
These (intentionally incorrect) queries crash the server:
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT ;
EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING IGNORE ;
I didn't check binding the same constants in the client-server protocol, but most likely they'll also crash.
10.2 73af8af094
#3 <signal handler called>
#4 0x0000562f979d290a in TABLE_LIST::top_table (this=0x0) at /data/src/10.2/sql/table.h:2214
#5 0x0000562f97cc55f7 in Item_param::save_in_field (this=0x7f3268158770, field=0x7f32680133d8, no_conversions=true) at /data/src/10.2/sql/item.cc:3803
#6 0x0000562f97b51d83 in make_empty_rec (thd=0x7f3268000b00, buff=0x7f3268008086 "\001", table_options=8, create_fields=..., reclength=5, data_offset=1) at /data/src/10.2/sql/unireg.cc:998
#7 0x0000562f97b4f4d5 in build_frm_image (thd=0x7f3268000b00, table=0x7f3268158048 "t1", create_info=0x7f327a8a7630, create_fields=..., keys=0, key_info=0x7f32680133c8, db_file=0x7f3268012ce8) at /data/src/10.2/sql/unireg.cc:308
#8 0x0000562f97afd73b in mysql_create_frm_image (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4660
#9 0x0000562f97afe0ec in create_table_impl (thd=0x7f3268000b00, orig_db=0x7f3268158690 "test", orig_table_name=0x7f3268158048 "t1", db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", path=0x7f327a8a7030 "./test/t1", options=..., create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, create_table_mode=0, is_trans=0x7f327a8a728e, key_info=0x7f327a8a7010, key_count=0x7f327a8a7004, frm=0x7f327a8a7020) at /data/src/10.2/sql/sql_table.cc:4896
#10 0x0000562f97afe73b in mysql_create_table_no_lock (thd=0x7f3268000b00, db=0x7f3268158690 "test", table_name=0x7f3268158048 "t1", create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580, is_trans=0x7f327a8a728e, create_table_mode=0) at /data/src/10.2/sql/sql_table.cc:5012
#11 0x0000562f97afe9af in mysql_create_table (thd=0x7f3268000b00, create_table=0x7f3268158080, create_info=0x7f327a8a7630, alter_info=0x7f327a8a7580) at /data/src/10.2/sql/sql_table.cc:5075
#12 0x0000562f97a36e9b in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3983
#13 0x0000562f97a60b18 in Prepared_statement::execute (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false) at /data/src/10.2/sql/sql_prepare.cc:4774
#14 0x0000562f97a5ee73 in Prepared_statement::execute_loop (this=0x7f32680066b0, expanded_query=0x7f327a8a83d0, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.2/sql/sql_prepare.cc:4203
#15 0x0000562f97a6106e in Prepared_statement::execute_immediate (this=0x7f32680066b0, query=0x7f3268012750 "CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)", query_len=44) at /data/src/10.2/sql/sql_prepare.cc:4898
#16 0x0000562f97a5bc0f in mysql_sql_stmt_execute_immediate (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_prepare.cc:2893
#17 0x0000562f97a35a04 in mysql_execute_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:3485
#18 0x0000562f97a433a8 in mysql_parse (thd=0x7f3268000b00, rawbuf=0x7f3268012640 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", length=78, parser_state=0x7f327a8a9200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7914
#19 0x0000562f97a31263 in dispatch_command (command=COM_QUERY, thd=0x7f3268000b00, packet=0x7f326816b521 "EXECUTE IMMEDIATE 'CREATE OR REPLACE TABLE t1 (a INT DEFAULT ?)' USING DEFAULT", packet_length=78, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1815
#20 0x0000562f97a2fbc6 in do_command (thd=0x7f3268000b00) at /data/src/10.2/sql/sql_parse.cc:1369
#21 0x0000562f97b7e480 in do_handle_one_connection (connect=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1335
#22 0x0000562f97b7e20d in handle_one_connection (arg=0x562f99f6c400) at /data/src/10.2/sql/sql_connect.cc:1241
#23 0x0000562f97f9e3de in pfs_spawn_thread (arg=0x562f99f46ec0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#24 0x00007f32822a4494 in start_thread (arg=0x7f327a8aa700) at pthread_create.c:333
#25 0x00007f328068a93f in clone () from /lib/x86_64-linux-gnu/libc.so.6
Note, the queries are incorrect. DEFAULT/IGNORE should not be allowed as bind parameters in this context.
The expected behaviour should be to return an error, e.g. like this query does:
MariaDB [test]> EXECUTE IMMEDIATE 'SELECT 1=?' USING DEFAULT ;
ERROR 4032 (HY000): Default / ignore value is not supported for such parameter usage
relates to
MDEV-21028
Server crashes in Query_arena::set_query_arena upon SELECT from view
Closed
{"report":{"fcp":975.8999996185303,"ttfb":234.69999980926514,"pageVisibility":"visible","entityId":66560,"key":"jira.project.issue.view-issue","isInitial":true,"threshold":1000,"elementTimings":{},"userDeviceMemory":8,"userDeviceProcessors":32,"apdex":0.5,"journeyId":"3e5ffdb3-0e05-40f0-ae85-b5d450b357f0","navigationType":0,"readyForUser":1055.0999994277954,"redirectCount":0,"resourceLoadedEnd":1470.1999998092651,"resourceLoadedStart":240.30000019073486,"resourceTiming":[{"duration":233.39999961853027,"initiatorType":"link","name":"https://jira.mariadb.org/s/2c21342762a6a02add1c328bed317ffd-CDN/lu2cib/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/css/_super/batch.css","startTime":240.30000019073486,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":240.30000019073486,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":473.69999980926514,"responseStart":0,"secureConnectionStart":0},{"duration":233.5999994277954,"initiatorType":"link","name":"https://jira.mariadb.org/s/7ebd35e77e471bc30ff0eba799ebc151-CDN/lu2cib/820016/12ta74/494e4c556ecbb29f90a3d3b4f09cb99c/_/download/contextbatch/css/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true&whisper-enabled=true","startTime":240.5,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":240.5,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":474.0999994277954,"responseStart":0,"secureConnectionStart":0},{"duration":242.80000019073486,"initiatorType":"script","name":"https://jira.mariadb.org/s/0917945aaa57108d00c5076fea35e069-CDN/lu2cib/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/js/_super/batch.js?locale=en","startTime":240.69999980926514,"connectEnd":240.69999980926514,"connectStart":240.69999980926514,"domainLookupEnd":240.69999980926514,"domainLookupStart":240.69999980926514,"fetchStart":240.69999980926514,"redirectEnd":0,"redirectStart":0,"requestStart":240.69999980926514,"responseEnd":483.5,"responseStart":483.5,"secureConnectionStart":240.69999980926514},{"duration":275.69999980926514,"initiatorType":"script","name":"https://jira.mariadb.org/s/2d8175ec2fa4c816e8023260bd8c1786-CDN/lu2cib/820016/12ta74/494e4c556ecbb29f90a3d3b4f09cb99c/_/download/contextbatch/js/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en&slack-enabled=true&whisper-enabled=true","startTime":240.80000019073486,"connectEnd":240.80000019073486,"connectStart":240.80000019073486,"domainLookupEnd":240.80000019073486,"domainLookupStart":240.80000019073486,"fetchStart":240.80000019073486,"redirectEnd":0,"redirectStart":0,"requestStart":240.80000019073486,"responseEnd":516.5,"responseStart":516.5,"secureConnectionStart":240.80000019073486},{"duration":279.4000005722046,"initiatorType":"script","name":"https://jira.mariadb.org/s/a9324d6758d385eb45c462685ad88f1d-CDN/lu2cib/820016/12ta74/c92c0caa9a024ae85b0ebdbed7fb4bd7/_/download/contextbatch/js/atl.global,-_super/batch.js?locale=en","startTime":241.0999994277954,"connectEnd":241.0999994277954,"connectStart":241.0999994277954,"domainLookupEnd":241.0999994277954,"domainLookupStart":241.0999994277954,"fetchStart":241.0999994277954,"redirectEnd":0,"redirectStart":0,"requestStart":241.0999994277954,"responseEnd":520.5,"responseStart":520.5,"secureConnectionStart":241.0999994277954},{"duration":280,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2cib/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-en/jira.webresources:calendar-en.js","startTime":241.19999980926514,"connectEnd":241.19999980926514,"connectStart":241.19999980926514,"domainLookupEnd":241.19999980926514,"domainLookupStart":241.19999980926514,"fetchStart":241.19999980926514,"redirectEnd":0,"redirectStart":0,"requestStart":241.19999980926514,"responseEnd":521.1999998092651,"responseStart":521.1999998092651,"secureConnectionStart":241.19999980926514},{"duration":280.6000003814697,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2cib/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-localisation-moment/jira.webresources:calendar-localisation-moment.js","startTime":241.39999961853027,"connectEnd":241.39999961853027,"connectStart":241.39999961853027,"domainLookupEnd":241.39999961853027,"domainLookupStart":241.39999961853027,"fetchStart":241.39999961853027,"redirectEnd":0,"redirectStart":0,"requestStart":241.39999961853027,"responseEnd":522,"responseStart":522,"secureConnectionStart":241.39999961853027},{"duration":282.30000019073486,"initiatorType":"link","name":"https://jira.mariadb.org/s/b04b06a02d1959df322d9cded3aeecc1-CDN/lu2cib/820016/12ta74/a2ff6aa845ffc9a1d22fe23d9ee791fc/_/download/contextbatch/css/jira.global.look-and-feel,-_super/batch.css","startTime":241.5,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":241.5,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":523.8000001907349,"responseStart":0,"secureConnectionStart":0},{"duration":281.4000005722046,"initiatorType":"script","name":"https://jira.mariadb.org/rest/api/1.0/shortcuts/820016/47140b6e0a9bc2e4913da06536125810/shortcuts.js?context=issuenavigation&context=issueaction","startTime":241.5999994277954,"connectEnd":241.5999994277954,"connectStart":241.5999994277954,"domainLookupEnd":241.5999994277954,"domainLookupStart":241.5999994277954,"fetchStart":241.5999994277954,"redirectEnd":0,"redirectStart":0,"requestStart":241.5999994277954,"responseEnd":523,"responseStart":523,"secureConnectionStart":241.5999994277954},{"duration":282.19999980926514,"initiatorType":"link","name":"https://jira.mariadb.org/s/3ac36323ba5e4eb0af2aa7ac7211b4bb-CDN/lu2cib/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/css/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.css?jira.create.linked.issue=true","startTime":241.80000019073486,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":241.80000019073486,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":524,"responseStart":0,"secureConnectionStart":0},{"duration":284.3999996185303,"initiatorType":"script","name":"https://jira.mariadb.org/s/5d5e8fe91fbc506585e83ea3b62ccc4b-CDN/lu2cib/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/js/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.js?jira.create.linked.issue=true&locale=en","startTime":242,"connectEnd":242,"connectStart":242,"domainLookupEnd":242,"domainLookupStart":242,"fetchStart":242,"redirectEnd":0,"redirectStart":0,"requestStart":242,"responseEnd":526.3999996185303,"responseStart":526.3999996185303,"secureConnectionStart":242},{"duration":870.4000005722046,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2cib/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-js/jira.webresources:bigpipe-js.js","startTime":242.89999961853027,"connectEnd":242.89999961853027,"connectStart":242.89999961853027,"domainLookupEnd":242.89999961853027,"domainLookupStart":242.89999961853027,"fetchStart":242.89999961853027,"redirectEnd":0,"redirectStart":0,"requestStart":242.89999961853027,"responseEnd":1113.3000001907349,"responseStart":1113.3000001907349,"secureConnectionStart":242.89999961853027},{"duration":1223,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2cib/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-init/jira.webresources:bigpipe-init.js","startTime":247.19999980926514,"connectEnd":247.19999980926514,"connectStart":247.19999980926514,"domainLookupEnd":247.19999980926514,"domainLookupStart":247.19999980926514,"fetchStart":247.19999980926514,"redirectEnd":0,"redirectStart":0,"requestStart":247.19999980926514,"responseEnd":1470.1999998092651,"responseStart":1470.1999998092651,"secureConnectionStart":247.19999980926514},{"duration":696.8000001907349,"initiatorType":"xmlhttprequest","name":"https://jira.mariadb.org/rest/webResources/1.0/resources","startTime":745.8999996185303,"connectEnd":745.8999996185303,"connectStart":745.8999996185303,"domainLookupEnd":745.8999996185303,"domainLookupStart":745.8999996185303,"fetchStart":745.8999996185303,"redirectEnd":0,"redirectStart":0,"requestStart":745.8999996185303,"responseEnd":1442.6999998092651,"responseStart":1442.6999998092651,"secureConnectionStart":745.8999996185303},{"duration":534.6999998092651,"initiatorType":"script","name":"https://www.google-analytics.com/analytics.js","startTime":970.1999998092651,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":970.1999998092651,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":1504.8999996185303,"responseStart":0,"secureConnectionStart":0}],"fetchStart":1,"domainLookupStart":1,"domainLookupEnd":1,"connectStart":1,"connectEnd":1,"requestStart":76,"responseStart":235,"responseEnd":240,"domLoading":238,"domInteractive":1507,"domContentLoadedEventStart":1507,"domContentLoadedEventEnd":1554,"domComplete":2587,"loadEventStart":2587,"loadEventEnd":2589,"userAgent":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)","marks":[{"name":"bigPipe.sidebar-id.start","time":1472.3999996185303},{"name":"bigPipe.sidebar-id.end","time":1473.3000001907349},{"name":"bigPipe.activity-panel-pipe-id.start","time":1473.5},{"name":"bigPipe.activity-panel-pipe-id.end","time":1475.8999996185303},{"name":"activityTabFullyLoaded","time":1605.3999996185303}],"measures":[],"correlationId":"3cda75fb546b33","effectiveType":"4g","downlink":9.7,"rtt":0,"serverDuration":94,"dbReadsTimeInMs":12,"dbConnsTimeInMs":21,"applicationHash":"9d11dbea5f4be3d4cc21f03a88dd11d8c8687422","experiments":[]}}
Bug
Critical
