Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-15940

Crash when using CURSOR with VALUES()

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • 10.3(EOL)
    • 10.3.7
    • Optimizer
    • None

    Description

      This script crashes the server:

      DELIMITER $$
      		 
      BEGIN NOT ATOMIC
      		 
        DECLARE v INT;
      		 
        DECLARE cur CURSOR FOR VALUES(7);
      		 
        OPEN cur;
      		 
        FETCH cur INTO v;
      		 
        SELECT v;
      		 
      END; 
      $$
      		 
      DELIMITER $$;

      The same crash happens with an implicit CURSOR in a FOR loop:

      DELIMITER $$
      		 
      BEGIN NOT ATOMIC
      		 
      DECLARE v INT DEFAULT 0;
      		 
      FOR a IN (VALUES (7)) DO SET v = v + 1; END FOR;
      		 
      SELECT v;
      		 
      END; 
      $$
      		 
      DELIMITER $$;

      10.3 d71a8855eef3

      		 
      #3  <signal handler called>
      		 
      #4  0x000055f2d94978d2 in st_select_lex_unit::get_column_types (this=0x7f8fec023d20, for_cursor=true) at /data/src/10.3/sql/sql_union.cc:1877
      		 
      #5  0x000055f2d9356e2a in Select_materialize::send_result_set_metadata (this=0x7f8fec027d18, list=..., flags=5) at /data/src/10.3/sql/sql_cursor.cc:443
      		 
      #6  0x000055f2d9492928 in select_union_direct::send_result_set_metadata (this=0x7f8fec027ea0, list=..., flags=5) at /data/src/10.3/sql/sql_union.cc:538
      		 
      #7  0x000055f2d95a503d in table_value_constr::exec (this=0x7f8fec020e78, sl=0x7f8fec024498) at /data/src/10.3/sql/sql_tvc.cc:345
      		 
      #8  0x000055f2d949613b in st_select_lex_unit::exec (this=0x7f8fec023d20) at /data/src/10.3/sql/sql_union.cc:1430
      		 
      #9  0x000055f2d9491362 in mysql_union (thd=0x7f8fec000b00, lex=0x7f8fec023c58, result=0x7f8fec027d18, unit=0x7f8fec023d20, setup_tables_done_option=0) at /data/src/10.3/sql/sql_union.cc:41
      		 
      #10 0x000055f2d93e2d31 in handle_select (thd=0x7f8fec000b00, lex=0x7f8fec023c58, result=0x7f8fec027d18, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:360
      		 
      #11 0x000055f2d93ae2e3 in execute_sqlcom_select (thd=0x7f8fec000b00, all_tables=0x0) at /data/src/10.3/sql/sql_parse.cc:6539
      		 
      #12 0x000055f2d93a4a44 in mysql_execute_command (thd=0x7f8fec000b00) at /data/src/10.3/sql/sql_parse.cc:3768
      		 
      #13 0x000055f2d935604c in mysql_open_cursor (thd=0x7f8fec000b00, result=0x7f8fec0161b0, pcursor=0x7f8fec0161e8) at /data/src/10.3/sql/sql_cursor.cc:145
      		 
      #14 0x000055f2d92e4bf8 in sp_cursor::open (this=0x7f8fec0161a8, thd=0x7f8fec000b00) at /data/src/10.3/sql/sp_rcontext.cc:772
      		 
      #15 0x000055f2d92d6653 in sp_instr_copen::exec_core (this=0x7f8fec020f38, thd=0x7f8fec000b00, nextp=0x7f90593329bc) at /data/src/10.3/sql/sp_head.cc:4283
      		 
      #16 0x000055f2d92d3e98 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f8fec020f00, thd=0x7f8fec000b00, nextp=0x7f90593329bc, open_tables=false, instr=0x7f8fec020f38) at /data/src/10.3/sql/sp_head.cc:3311
      		 
      #17 0x000055f2d92d4266 in sp_lex_keeper::cursor_reset_lex_and_exec_core (this=0x7f8fec020f00, thd=0x7f8fec000b00, nextp=0x7f90593329bc, open_tables=false, instr=0x7f8fec020f38) at /data/src/10.3/sql/sp_head.cc:3410
      		 
      #18 0x000055f2d92d65ce in sp_instr_copen::execute (this=0x7f8fec020f38, thd=0x7f8fec000b00, nextp=0x7f90593329bc) at /data/src/10.3/sql/sp_head.cc:4272
      		 
      #19 0x000055f2d92ce405 in sp_head::execute (this=0x7f8fec01fb58, thd=0x7f8fec000b00, merge_da_on_success=true) at /data/src/10.3/sql/sp_head.cc:1349
      		 
      #20 0x000055f2d92d0daa in sp_head::execute_procedure (this=0x7f8fec01fb58, thd=0x7f8fec000b00, args=0x7f8fec0056e0) at /data/src/10.3/sql/sp_head.cc:2287
      		 
      #21 0x000055f2d93a240b in do_execute_sp (thd=0x7f8fec000b00, sp=0x7f8fec01fb58) at /data/src/10.3/sql/sql_parse.cc:2944
      		 
      #22 0x000055f2d93abc6a in mysql_execute_command (thd=0x7f8fec000b00) at /data/src/10.3/sql/sql_parse.cc:5894
      		 
      #23 0x000055f2d93b1cf4 in mysql_parse (thd=0x7f8fec000b00, rawbuf=0x7f8fec013888 "BEGIN NOT ATOMIC\n  DECLARE v INT;\n  DECLARE cur CURSOR FOR VALUES(7);\n  OPEN cur;\n  FETCH cur INTO v;\n  SELECT v;\nEND", length=117, parser_state=0x7f9059334620, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8001
      		 
      #24 0x000055f2d939f4d7 in dispatch_command (command=COM_QUERY, thd=0x7f8fec000b00, packet=0x7f8fec01bab1 "BEGIN NOT ATOMIC\n  DECLARE v INT;\n  DECLARE cur CURSOR FOR VALUES(7);\n  OPEN cur;\n  FETCH cur INTO v;\n  SELECT v;\nEND;", packet_length=118, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1846
      		 
      #25 0x000055f2d939df16 in do_command (thd=0x7f8fec000b00) at /data/src/10.3/sql/sql_parse.cc:1391
      		 
      #26 0x000055f2d9500a13 in do_handle_one_connection (connect=0x55f2dcd89fb0) at /data/src/10.3/sql/sql_connect.cc:1402
      		 
      #27 0x000055f2d95007a0 in handle_one_connection (arg=0x55f2dcd89fb0) at /data/src/10.3/sql/sql_connect.cc:1308
      		 
      #28 0x00007f905e492494 in start_thread (arg=0x7f9059335700) at pthread_create.c:333
      		 
      #29 0x00007f905c87893f in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          bar Alexander Barkov created issue -
          elenst Elena Stepanova made changes -
          Field Original Value New Value
          Description This script crashes the server:
          {code:sql}
          DELIMITER $$
          BEGIN NOT ATOMIC
            DECLARE v INT;
            DECLARE cur CURSOR FOR VALUES(7);
            OPEN cur;
            FETCH cur INTO v;
            SELECT v;
          END;
          $$
          DELIMITER $$;
          {code}

          The same crash happens with an implicit CURSOR in a FOR loop:
          {code:sql}
          DELIMITER $$
          BEGIN NOT ATOMIC
          DECLARE v INT DEFAULT 0;
          FOR a IN (VALUES (7)) DO SET v = v + 1; END FOR;
          SELECT v;
          END;
          $$
          DELIMITER $$;
          {code}
          		This script crashes the server:
          {code:sql}
          DELIMITER $$
          BEGIN NOT ATOMIC
            DECLARE v INT;
            DECLARE cur CURSOR FOR VALUES(7);
            OPEN cur;
            FETCH cur INTO v;
            SELECT v;
          END;
          $$
          DELIMITER $$;
          {code}

          The same crash happens with an implicit CURSOR in a FOR loop:
          {code:sql}
          DELIMITER $$
          BEGIN NOT ATOMIC
          DECLARE v INT DEFAULT 0;
          FOR a IN (VALUES (7)) DO SET v = v + 1; END FOR;
          SELECT v;
          END;
          $$
          DELIMITER $$;
          {code}

          {noformat:title=10.3 d71a8855eef3}
          #3 <signal handler called>
          #4 0x000055f2d94978d2 in st_select_lex_unit::get_column_types (this=0x7f8fec023d20, for_cursor=true) at /data/src/10.3/sql/sql_union.cc:1877
          #5 0x000055f2d9356e2a in Select_materialize::send_result_set_metadata (this=0x7f8fec027d18, list=..., flags=5) at /data/src/10.3/sql/sql_cursor.cc:443
          #6 0x000055f2d9492928 in select_union_direct::send_result_set_metadata (this=0x7f8fec027ea0, list=..., flags=5) at /data/src/10.3/sql/sql_union.cc:538
          #7 0x000055f2d95a503d in table_value_constr::exec (this=0x7f8fec020e78, sl=0x7f8fec024498) at /data/src/10.3/sql/sql_tvc.cc:345
          #8 0x000055f2d949613b in st_select_lex_unit::exec (this=0x7f8fec023d20) at /data/src/10.3/sql/sql_union.cc:1430
          #9 0x000055f2d9491362 in mysql_union (thd=0x7f8fec000b00, lex=0x7f8fec023c58, result=0x7f8fec027d18, unit=0x7f8fec023d20, setup_tables_done_option=0) at /data/src/10.3/sql/sql_union.cc:41
          #10 0x000055f2d93e2d31 in handle_select (thd=0x7f8fec000b00, lex=0x7f8fec023c58, result=0x7f8fec027d18, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:360
          #11 0x000055f2d93ae2e3 in execute_sqlcom_select (thd=0x7f8fec000b00, all_tables=0x0) at /data/src/10.3/sql/sql_parse.cc:6539
          #12 0x000055f2d93a4a44 in mysql_execute_command (thd=0x7f8fec000b00) at /data/src/10.3/sql/sql_parse.cc:3768
          #13 0x000055f2d935604c in mysql_open_cursor (thd=0x7f8fec000b00, result=0x7f8fec0161b0, pcursor=0x7f8fec0161e8) at /data/src/10.3/sql/sql_cursor.cc:145
          #14 0x000055f2d92e4bf8 in sp_cursor::open (this=0x7f8fec0161a8, thd=0x7f8fec000b00) at /data/src/10.3/sql/sp_rcontext.cc:772
          #15 0x000055f2d92d6653 in sp_instr_copen::exec_core (this=0x7f8fec020f38, thd=0x7f8fec000b00, nextp=0x7f90593329bc) at /data/src/10.3/sql/sp_head.cc:4283
          #16 0x000055f2d92d3e98 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f8fec020f00, thd=0x7f8fec000b00, nextp=0x7f90593329bc, open_tables=false, instr=0x7f8fec020f38) at /data/src/10.3/sql/sp_head.cc:3311
          #17 0x000055f2d92d4266 in sp_lex_keeper::cursor_reset_lex_and_exec_core (this=0x7f8fec020f00, thd=0x7f8fec000b00, nextp=0x7f90593329bc, open_tables=false, instr=0x7f8fec020f38) at /data/src/10.3/sql/sp_head.cc:3410
          #18 0x000055f2d92d65ce in sp_instr_copen::execute (this=0x7f8fec020f38, thd=0x7f8fec000b00, nextp=0x7f90593329bc) at /data/src/10.3/sql/sp_head.cc:4272
          #19 0x000055f2d92ce405 in sp_head::execute (this=0x7f8fec01fb58, thd=0x7f8fec000b00, merge_da_on_success=true) at /data/src/10.3/sql/sp_head.cc:1349
          #20 0x000055f2d92d0daa in sp_head::execute_procedure (this=0x7f8fec01fb58, thd=0x7f8fec000b00, args=0x7f8fec0056e0) at /data/src/10.3/sql/sp_head.cc:2287
          #21 0x000055f2d93a240b in do_execute_sp (thd=0x7f8fec000b00, sp=0x7f8fec01fb58) at /data/src/10.3/sql/sql_parse.cc:2944
          #22 0x000055f2d93abc6a in mysql_execute_command (thd=0x7f8fec000b00) at /data/src/10.3/sql/sql_parse.cc:5894
          #23 0x000055f2d93b1cf4 in mysql_parse (thd=0x7f8fec000b00, rawbuf=0x7f8fec013888 "BEGIN NOT ATOMIC\n DECLARE v INT;\n DECLARE cur CURSOR FOR VALUES(7);\n OPEN cur;\n FETCH cur INTO v;\n SELECT v;\nEND", length=117, parser_state=0x7f9059334620, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8001
          #24 0x000055f2d939f4d7 in dispatch_command (command=COM_QUERY, thd=0x7f8fec000b00, packet=0x7f8fec01bab1 "BEGIN NOT ATOMIC\n DECLARE v INT;\n DECLARE cur CURSOR FOR VALUES(7);\n OPEN cur;\n FETCH cur INTO v;\n SELECT v;\nEND;", packet_length=118, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1846
          #25 0x000055f2d939df16 in do_command (thd=0x7f8fec000b00) at /data/src/10.3/sql/sql_parse.cc:1391
          #26 0x000055f2d9500a13 in do_handle_one_connection (connect=0x55f2dcd89fb0) at /data/src/10.3/sql/sql_connect.cc:1402
          #27 0x000055f2d95007a0 in handle_one_connection (arg=0x55f2dcd89fb0) at /data/src/10.3/sql/sql_connect.cc:1308
          #28 0x00007f905e492494 in start_thread (arg=0x7f9059335700) at pthread_create.c:333
          #29 0x00007f905c87893f in clone () from /lib/x86_64-linux-gnu/libc.so.6
          {noformat}
          igor Igor Babaev (Inactive) added a comment -

          A fix for this bug was pushed into 10.3

          igor Igor Babaev (Inactive) added a comment - A fix for this bug was pushed into 10.3
          igor Igor Babaev (Inactive) made changes -
          Component/s Optimizer [ 10200 ]
          Fix Version/s 10.3.7 [ 23005 ]
          Fix Version/s 10.3 [ 22126 ]
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Closed [ 6 ]
          serg Sergei Golubchik made changes -
          Workflow MariaDB v3 [ 86667 ] MariaDB v4 [ 154195 ]

          People

            igor Igor Babaev (Inactive)
            bar Alexander Barkov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.