Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16512

Server crashes in find_field_in_table_ref on 2nd execution of SP referring to non-existing field

Details

    Description

      CREATE TABLE t (i INT);
      		 
      CREATE PROCEDURE p() SELECT t1.f FROM t AS t1 JOIN t AS t2 USING (f);
      		 
      --error ER_BAD_FIELD_ERROR
      		 
      CALL p;
      		 
      --error ER_BAD_FIELD_ERROR
      		 
      CALL p;
      		 
       
      		 
      # Cleanup
      		 
      DROP PROCEDURE p;
      		 
      DROP TABLE t;

      5.5 e425216045c

      		 
      #3  <signal handler called>
      		 
      #4  0x00000000005a9ae9 in find_field_in_table_ref (thd=0x7f2bfe664060, table_list=0xa5a5a5a5a5a5a5a5, name=0x7f2bfd599d48 "f", length=1, item_name=0x7f2bfd599d48 "f", db_name=0x0, table_name=0x7f2bfd599d38 "t1", ref=0x7f2bfd599e68, check_privileges=true, allow_rowid=true, cached_field_index_ptr=0x7f2bfd599e1c, register_tree_change=true, actual_table=0x7f2c043457d8) at /data/src/5.5/sql/sql_base.cc:6628
      		 
      #5  0x00000000005aa809 in find_field_in_tables (thd=0x7f2bfe664060, item=0x7f2bfd599d58, first_table=0xa5a5a5a5a5a5a5a5, last_table=0x0, ref=0x7f2bfd599e68, report_error=IGNORE_EXCEPT_NON_UNIQUE, check_privileges=true, register_tree_change=true) at /data/src/5.5/sql/sql_base.cc:6980
      		 
      #6  0x00000000007ca82e in Item_field::fix_fields (this=0x7f2bfd599d58, thd=0x7f2bfe664060, reference=0x7f2bfd599e68) at /data/src/5.5/sql/item.cc:5260
      		 
      #7  0x00000000005ad1b9 in setup_fields (thd=0x7f2bfe664060, ref_pointer_array=0x7f2bfd581708, fields=..., mark_used_columns=MARK_COLUMNS_READ, sum_func_list=0x7f2bfd578520, pre_fix=0x7f2bfd599298, allow_sum_func=true) at /data/src/5.5/sql/sql_base.cc:8192
      		 
      #8  0x000000000062f31f in JOIN::prepare (this=0x7f2bfd5781d0, rref_pointer_array=0x7f2bfd599408, tables_init=0x7f2bfd580078, wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f2bfd599168, unit_arg=0x7f2bfd598a88) at /data/src/5.5/sql/sql_select.cc:733
      		 
      #9  0x0000000000637d0a in mysql_select (thd=0x7f2bfe664060, rref_pointer_array=0x7f2bfd599408, tables=0x7f2bfd580078, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147749632, result=0x7f2bfd5781b0, unit=0x7f2bfd598a88, select_lex=0x7f2bfd599168) at /data/src/5.5/sql/sql_select.cc:3106
      		 
      #10 0x000000000062e51a in handle_select (thd=0x7f2bfe664060, lex=0x7f2bfd5989d8, result=0x7f2bfd5781b0, setup_tables_done_option=0) at /data/src/5.5/sql/sql_select.cc:323
      		 
      #11 0x0000000000607932 in execute_sqlcom_select (thd=0x7f2bfe664060, all_tables=0x7f2bfd580078) at /data/src/5.5/sql/sql_parse.cc:4678
      		 
      #12 0x0000000000600cb3 in mysql_execute_command (thd=0x7f2bfe664060) at /data/src/5.5/sql/sql_parse.cc:2224
      		 
      #13 0x00000000008e1f10 in sp_instr_stmt::exec_core (this=0x7f2bfd599fc8, thd=0x7f2bfe664060, nextp=0x7f2c04346c28) at /data/src/5.5/sql/sp_head.cc:3220
      		 
      #14 0x00000000008e16b7 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f2bfd59a008, thd=0x7f2bfe664060, nextp=0x7f2c04346c28, open_tables=false, instr=0x7f2bfd599fc8) at /data/src/5.5/sql/sp_head.cc:2998
      		 
      #15 0x00000000008e1c38 in sp_instr_stmt::execute (this=0x7f2bfd599fc8, thd=0x7f2bfe664060, nextp=0x7f2c04346c28) at /data/src/5.5/sql/sp_head.cc:3144
      		 
      #16 0x00000000008ddaa1 in sp_head::execute (this=0x7f2bfd598078, thd=0x7f2bfe664060, merge_da_on_success=true) at /data/src/5.5/sql/sp_head.cc:1431
      		 
      #17 0x00000000008df807 in sp_head::execute_procedure (this=0x7f2bfd598078, thd=0x7f2bfe664060, args=0x7f2bfe668020) at /data/src/5.5/sql/sp_head.cc:2197
      		 
      #18 0x0000000000605f8f in mysql_execute_command (thd=0x7f2bfe664060) at /data/src/5.5/sql/sql_parse.cc:4115
      		 
      #19 0x000000000060a4fe in mysql_parse (thd=0x7f2bfe664060, rawbuf=0x7f2bfd548078 "CALL p", length=6, parser_state=0x7f2c04347640) at /data/src/5.5/sql/sql_parse.cc:5923
      		 
      #20 0x00000000005fe213 in dispatch_command (command=COM_QUERY, thd=0x7f2bfe664060, packet=0x7f2c0235b061 "CALL p", packet_length=6) at /data/src/5.5/sql/sql_parse.cc:1066
      		 
      #21 0x00000000005fd405 in do_command (thd=0x7f2bfe664060) at /data/src/5.5/sql/sql_parse.cc:793
      		 
      #22 0x0000000000700677 in do_handle_one_connection (thd_arg=0x7f2bfe664060) at /data/src/5.5/sql/sql_connect.cc:1268
      		 
      #23 0x0000000000700404 in handle_one_connection (arg=0x7f2bfe664060) at /data/src/5.5/sql/sql_connect.cc:1184
      		 
      #24 0x0000000000a0f939 in pfs_spawn_thread (arg=0x7f2bff3933a0) at /data/src/5.5/storage/perfschema/pfs.cc:1015
      		 
      #25 0x00007f2c03f7a494 in start_thread (arg=0x7f2c04348700) at pthread_create.c:333
      		 
      #26 0x00007f2c0299093f in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          monty Michael Widenius added a comment -

          Problem was in the natural join code that it changed TABLE_LIST and
          Item_fields but didn't restore changed things if things goes wrong
          and was not able to re-execute after failure.
          Some of the problems could have been avoided if we would have run
          fix_fields before doing natural join transformations.

          Fixed by marking functions complete AFTER they had executed, instead of at start.
          I had also to change some tests that checked if Item_fields are usable.

          This doesn't fix all known problems, but at least avoids some crashes.
          What should be done in the near future is to mark the statement in the SP
          as 'not re-executable' and force a reparse of it on next execution.

          monty Michael Widenius added a comment - Problem was in the natural join code that it changed TABLE_LIST and Item_fields but didn't restore changed things if things goes wrong and was not able to re-execute after failure. Some of the problems could have been avoided if we would have run fix_fields before doing natural join transformations. Fixed by marking functions complete AFTER they had executed, instead of at start. I had also to change some tests that checked if Item_fields are usable. This doesn't fix all known problems, but at least avoids some crashes. What should be done in the near future is to mark the statement in the SP as 'not re-executable' and force a reparse of it on next execution.
          monty Michael Widenius added a comment -

          Pushed into 5.5

          monty Michael Widenius added a comment - Pushed into 5.5

          People

            monty Michael Widenius
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.