Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-15940

Crash when using CURSOR with VALUES()

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.3
    • 10.3.7
    • Optimizer
    • None

    Description

      This script crashes the server:

      DELIMITER $$
      		 
      BEGIN NOT ATOMIC
      		 
        DECLARE v INT;
      		 
        DECLARE cur CURSOR FOR VALUES(7);
      		 
        OPEN cur;
      		 
        FETCH cur INTO v;
      		 
        SELECT v;
      		 
      END; 
      $$
      		 
      DELIMITER $$;

      The same crash happens with an implicit CURSOR in a FOR loop:

      DELIMITER $$
      		 
      BEGIN NOT ATOMIC
      		 
      DECLARE v INT DEFAULT 0;
      		 
      FOR a IN (VALUES (7)) DO SET v = v + 1; END FOR;
      		 
      SELECT v;
      		 
      END; 
      $$
      		 
      DELIMITER $$;

      10.3 d71a8855eef3

      		 
      #3  <signal handler called>
      		 
      #4  0x000055f2d94978d2 in st_select_lex_unit::get_column_types (this=0x7f8fec023d20, for_cursor=true) at /data/src/10.3/sql/sql_union.cc:1877
      		 
      #5  0x000055f2d9356e2a in Select_materialize::send_result_set_metadata (this=0x7f8fec027d18, list=..., flags=5) at /data/src/10.3/sql/sql_cursor.cc:443
      		 
      #6  0x000055f2d9492928 in select_union_direct::send_result_set_metadata (this=0x7f8fec027ea0, list=..., flags=5) at /data/src/10.3/sql/sql_union.cc:538
      		 
      #7  0x000055f2d95a503d in table_value_constr::exec (this=0x7f8fec020e78, sl=0x7f8fec024498) at /data/src/10.3/sql/sql_tvc.cc:345
      		 
      #8  0x000055f2d949613b in st_select_lex_unit::exec (this=0x7f8fec023d20) at /data/src/10.3/sql/sql_union.cc:1430
      		 
      #9  0x000055f2d9491362 in mysql_union (thd=0x7f8fec000b00, lex=0x7f8fec023c58, result=0x7f8fec027d18, unit=0x7f8fec023d20, setup_tables_done_option=0) at /data/src/10.3/sql/sql_union.cc:41
      		 
      #10 0x000055f2d93e2d31 in handle_select (thd=0x7f8fec000b00, lex=0x7f8fec023c58, result=0x7f8fec027d18, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:360
      		 
      #11 0x000055f2d93ae2e3 in execute_sqlcom_select (thd=0x7f8fec000b00, all_tables=0x0) at /data/src/10.3/sql/sql_parse.cc:6539
      		 
      #12 0x000055f2d93a4a44 in mysql_execute_command (thd=0x7f8fec000b00) at /data/src/10.3/sql/sql_parse.cc:3768
      		 
      #13 0x000055f2d935604c in mysql_open_cursor (thd=0x7f8fec000b00, result=0x7f8fec0161b0, pcursor=0x7f8fec0161e8) at /data/src/10.3/sql/sql_cursor.cc:145
      		 
      #14 0x000055f2d92e4bf8 in sp_cursor::open (this=0x7f8fec0161a8, thd=0x7f8fec000b00) at /data/src/10.3/sql/sp_rcontext.cc:772
      		 
      #15 0x000055f2d92d6653 in sp_instr_copen::exec_core (this=0x7f8fec020f38, thd=0x7f8fec000b00, nextp=0x7f90593329bc) at /data/src/10.3/sql/sp_head.cc:4283
      		 
      #16 0x000055f2d92d3e98 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f8fec020f00, thd=0x7f8fec000b00, nextp=0x7f90593329bc, open_tables=false, instr=0x7f8fec020f38) at /data/src/10.3/sql/sp_head.cc:3311
      		 
      #17 0x000055f2d92d4266 in sp_lex_keeper::cursor_reset_lex_and_exec_core (this=0x7f8fec020f00, thd=0x7f8fec000b00, nextp=0x7f90593329bc, open_tables=false, instr=0x7f8fec020f38) at /data/src/10.3/sql/sp_head.cc:3410
      		 
      #18 0x000055f2d92d65ce in sp_instr_copen::execute (this=0x7f8fec020f38, thd=0x7f8fec000b00, nextp=0x7f90593329bc) at /data/src/10.3/sql/sp_head.cc:4272
      		 
      #19 0x000055f2d92ce405 in sp_head::execute (this=0x7f8fec01fb58, thd=0x7f8fec000b00, merge_da_on_success=true) at /data/src/10.3/sql/sp_head.cc:1349
      		 
      #20 0x000055f2d92d0daa in sp_head::execute_procedure (this=0x7f8fec01fb58, thd=0x7f8fec000b00, args=0x7f8fec0056e0) at /data/src/10.3/sql/sp_head.cc:2287
      		 
      #21 0x000055f2d93a240b in do_execute_sp (thd=0x7f8fec000b00, sp=0x7f8fec01fb58) at /data/src/10.3/sql/sql_parse.cc:2944
      		 
      #22 0x000055f2d93abc6a in mysql_execute_command (thd=0x7f8fec000b00) at /data/src/10.3/sql/sql_parse.cc:5894
      		 
      #23 0x000055f2d93b1cf4 in mysql_parse (thd=0x7f8fec000b00, rawbuf=0x7f8fec013888 "BEGIN NOT ATOMIC\n  DECLARE v INT;\n  DECLARE cur CURSOR FOR VALUES(7);\n  OPEN cur;\n  FETCH cur INTO v;\n  SELECT v;\nEND", length=117, parser_state=0x7f9059334620, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8001
      		 
      #24 0x000055f2d939f4d7 in dispatch_command (command=COM_QUERY, thd=0x7f8fec000b00, packet=0x7f8fec01bab1 "BEGIN NOT ATOMIC\n  DECLARE v INT;\n  DECLARE cur CURSOR FOR VALUES(7);\n  OPEN cur;\n  FETCH cur INTO v;\n  SELECT v;\nEND;", packet_length=118, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1846
      		 
      #25 0x000055f2d939df16 in do_command (thd=0x7f8fec000b00) at /data/src/10.3/sql/sql_parse.cc:1391
      		 
      #26 0x000055f2d9500a13 in do_handle_one_connection (connect=0x55f2dcd89fb0) at /data/src/10.3/sql/sql_connect.cc:1402
      		 
      #27 0x000055f2d95007a0 in handle_one_connection (arg=0x55f2dcd89fb0) at /data/src/10.3/sql/sql_connect.cc:1308
      		 
      #28 0x00007f905e492494 in start_thread (arg=0x7f9059335700) at pthread_create.c:333
      		 
      #29 0x00007f905c87893f in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Activity

          People

            igor Igor Babaev
            bar Alexander Barkov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.