Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16039

Crash when selecting virtual columns generated using functions with DAYNAME()

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Fixed
    • 10.2.14, 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5
    • 10.2.33, 10.3.24, 10.4.14, 10.5.5
    • Virtual Columns
    • None
    • CentOS virtual machine running on XenServer
    • 10.4.0-1

    Description

      Good Afternoon,

      I have encountered a crash on a number of operations after a small amount of time has passed, where that table has a virtual column, where in its expression it uses the JSON_VALUE function, with the JSON value selected by a CONCAT to get '$.'<Current Day Name>. (Please see example).

      Commands crash occurs on:

      • SELECT on table
      • Insert/Update on table
      • DROP TABLE
      • SHOW FULL TABLES FROM <database table is in> WHERE table_type = 'BASE TABLE';

      If I don't use both JSON_VALUE and DAYNAME(), it works fine.

      I have attached my debug machine's error log, showing all the crashes occurred while testing

      Thanks,
      Robert

      Attachments

        1. error.sql
          0.5 kB
        2. errorLog.txt
          99 kB

        Issue Links

          Activity

            nikitamalyavin Nikita Malyavin added a comment - - edited

            bar the commit has following:

            --echo # (duplicate) MDEV-20380 Server crash during update
            CREATE TABLE gafld (
              nuigafld INTEGER NOT NULL,
              ucrgafld VARCHAR(30) COLLATE UTF8_BIN NOT NULL
                       DEFAULT SUBSTRING_INDEX(USER(),'@',1)
            );
            EXPLAIN UPDATE gafld SET nuigafld = 0 WHERE nuigafld = 10;
            EXPLAIN UPDATE gafld SET nuigafld = 0 WHERE nuigafld = 10;
            DROP TABLE gafld;
            

            it uses DEFAULT expression

            and another one has DEFAULT (REVERSE(SUBSTRING_INDEX(REVERSE(user()), '@', 1)))

            nikitamalyavin Nikita Malyavin added a comment - - edited bar the commit has following: --echo # (duplicate) MDEV-20380 Server crash during update CREATE TABLE gafld ( nuigafld INTEGER NOT NULL , ucrgafld VARCHAR (30) COLLATE UTF8_BIN NOT NULL DEFAULT SUBSTRING_INDEX( USER (), '@' ,1) ); EXPLAIN UPDATE gafld SET nuigafld = 0 WHERE nuigafld = 10; EXPLAIN UPDATE gafld SET nuigafld = 0 WHERE nuigafld = 10; DROP TABLE gafld; it uses DEFAULT expression and another one has DEFAULT (REVERSE(SUBSTRING_INDEX(REVERSE(user()), '@', 1)))
            nikitamalyavin Nikita Malyavin added a comment - bar I have managed to make the leak fix, it's here https://github.com/MariaDB/server/commit/6621be137f1807303c967329f536231a510ee3c0

            IMHO all approach to set arena before fixing (i.e. prepare phase is incorrect)

            All works like this:

            1. set arena to some permanent (statement/table etc.)
            2. make parse/allocate
            3. reset arena to run-time arena
            4. make prepare
            5. make execute and so on...

            So here it should be the same.

            When items during prepare need to make some permanent changes they refer thd->stmt_arena, maybe you should assign it, but also there are other tests (leke if it is prepared statements) so it is better to check all such cases.

            Also I think Field::set_default() arena switching is a memory leak.

            sanja Oleksandr Byelkin added a comment - IMHO all approach to set arena before fixing (i.e. prepare phase is incorrect) All works like this: set arena to some permanent (statement/table etc.) make parse/allocate reset arena to run-time arena make prepare make execute and so on... So here it should be the same. When items during prepare need to make some permanent changes they refer thd->stmt_arena, maybe you should assign it, but also there are other tests (leke if it is prepared statements) so it is better to check all such cases. Also I think Field::set_default() arena switching is a memory leak.

            OK to push

            sanja Oleksandr Byelkin added a comment - OK to push
            midenok Aleksey Midenkov added a comment - - edited

            nikitamalyavin you made expr_arena usage in fix_all_session_vcol_exprs(). Did you care that it is memory leak until table flush? I'm just preoccupied with similar problem of MDEV-25672 but I don't like continuous allocations on TABLE::mem_root.

            The proper fix is to make expr_arena a separate mem_root and reallocate it each time of expr refresh. But this is a lot of various problems like delayed insert, items clone (with String::copy() for all properties), cached_table cleanup, proper name resolution context and what else (no one can tell the complete list).

            midenok Aleksey Midenkov added a comment - - edited nikitamalyavin you made expr_arena usage in fix_all_session_vcol_exprs(). Did you care that it is memory leak until table flush? I'm just preoccupied with similar problem of MDEV-25672 but I don't like continuous allocations on TABLE::mem_root. The proper fix is to make expr_arena a separate mem_root and reallocate it each time of expr refresh. But this is a lot of various problems like delayed insert, items clone (with String::copy() for all properties), cached_table cleanup, proper name resolution context and what else (no one can tell the complete list).

            People

              nikitamalyavin Nikita Malyavin
              rmhumphries Robert Humphries
              Votes:
              3 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.