Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16292

[5.5-10.2] Server crashes in Item_func::print upon CREATE VIEW with functions and rollup

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 5.5, 10.0, 10.1, 10.2
    • Fix Version/s: 5.5, 10.0, 10.1, 10.2
    • Component/s: Views
    • Labels:
      None

      Description

      CREATE TABLE t (a CHAR(8));
      CREATE OR REPLACE VIEW v AS SELECT ELT( BIT_OR(1), BINARY a ) AS f FROM t GROUP BY BINARY a WITH ROLLUP;
       
      # Cleanup
      DROP VIEW v;
      DROP TABLE t;
      

      5.5 1ada4afb0a5

      #3  <signal handler called>
      #4  strlen () at ../sysdeps/x86_64/strlen.S:106
      #5  0x00000000007d023a in Item_ref::print (this=0x7f8e51980218, str=0x7f8e586fa550, query_type=QT_VIEW_INTERNAL) at /data/src/5.5/sql/item.cc:7363
      #6  0x000000000080ad45 in Item_func::print_args (this=0x7f8e51948c30, str=0x7f8e586fa550, from=0, query_type=QT_VIEW_INTERNAL) at /data/src/5.5/sql/item_func.cc:482
      #7  0x000000000080acb3 in Item_func::print (this=0x7f8e51948c30, str=0x7f8e586fa550, query_type=QT_VIEW_INTERNAL) at /data/src/5.5/sql/item_func.cc:471
      #8  0x00000000007be2ed in Item::print_item_w_name (this=0x7f8e51948c30, str=0x7f8e586fa550, query_type=QT_VIEW_INTERNAL) at /data/src/5.5/sql/item.cc:622
      #9  0x000000000066a5c7 in st_select_lex::print (this=0x7f8e52a56a68, thd=0x7f8e52a53060, str=0x7f8e586fa550, query_type=QT_VIEW_INTERNAL) at /data/src/5.5/sql/sql_select.cc:23594
      #10 0x00000000005f52ba in st_select_lex_unit::print (this=0x7f8e52a56388, str=0x7f8e586fa550, query_type=QT_VIEW_INTERNAL) at /data/src/5.5/sql/sql_lex.cc:2391
      #11 0x00000000006bcd8f in mysql_register_view (thd=0x7f8e52a53060, view=0x7f8e519481f0, mode=VIEW_CREATE_OR_REPLACE) at /data/src/5.5/sql/sql_view.cc:944
      #12 0x00000000006bc30d in mysql_create_view (thd=0x7f8e52a53060, views=0x7f8e519481f0, mode=VIEW_CREATE_OR_REPLACE) at /data/src/5.5/sql/sql_view.cc:669
      #13 0x0000000000606b85 in mysql_execute_command (thd=0x7f8e52a53060) at /data/src/5.5/sql/sql_parse.cc:4338
      #14 0x000000000060a6aa in mysql_parse (thd=0x7f8e52a53060, rawbuf=0x7f8e51948078 "CREATE OR REPLACE VIEW v AS SELECT ELT( BIT_OR(1), BINARY a ) AS f FROM t GROUP BY BINARY a WITH ROLLUP", length=103, parser_state=0x7f8e586fd640) at /data/src/5.5/sql/sql_parse.cc:5923
      #15 0x00000000005fe3bf in dispatch_command (command=COM_QUERY, thd=0x7f8e52a53060, packet=0x7f8e55749061 "CREATE OR REPLACE VIEW v AS SELECT ELT( BIT_OR(1), BINARY a ) AS f FROM t GROUP BY BINARY a WITH ROLLUP", packet_length=103) at /data/src/5.5/sql/sql_parse.cc:1066
      #16 0x00000000005fd5b1 in do_command (thd=0x7f8e52a53060) at /data/src/5.5/sql/sql_parse.cc:793
      #17 0x0000000000700849 in do_handle_one_connection (thd_arg=0x7f8e52a53060) at /data/src/5.5/sql/sql_connect.cc:1268
      #18 0x00000000007005d6 in handle_one_connection (arg=0x7f8e52a53060) at /data/src/5.5/sql/sql_connect.cc:1184
      #19 0x0000000000942eb9 in pfs_spawn_thread (arg=0x7f8e5377b080) at /data/src/5.5/storage/perfschema/pfs.cc:1015
      #20 0x00007f8e5833a064 in start_thread (arg=0x7f8e586fe700) at pthread_create.c:309
      #21 0x00007f8e56dbd62d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
      

      Reproducible on all of 5.5-10.2, debug and non-debug builds.
      Doesn't crash on 10.3 for me, and ASAN doesn't say anything.
      Not reproducible on MySQL 5.6.33, I didn't check other MySQL versions.

        Attachments

          Activity

            People

            • Assignee:
              sanja Oleksandr Byelkin
              Reporter:
              elenst Elena Stepanova
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: