Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16549

Server crashes in Item_field::fix_fields on query with view and subquery, Assertion `context' failed, Assertion `field' failed

Details

    Description

      CREATE TABLE t1 (a DECIMAL, b INT);
      		 
      INSERT INTO t1 VALUES (1,1),(2,2); # optional
      		 
      CREATE VIEW v1 AS SELECT * FROM ( SELECT * FROM t1 WHERE a <> RAND() ) sq;
      		 
       
      		 
      SELECT * FROM v1 WHERE b > 0;
      		 
       
      		 
      # Cleanup
      		 
      DROP VIEW v1;
      		 
      DROP TABLE t1;

      10.2 635c5e32815

      		 
      #3  <signal handler called>
      		 
      #4  0x000055e719cdef41 in Item_field::fix_fields (this=0x7ffb90141d68, thd=0x7ffb90000b00, reference=0x7ffb90141d60) at /data/src/10.2/sql/item.cc:5536
      		 
      #5  0x000055e719ce82e7 in Item_direct_view_ref::fix_fields (this=0x7ffb90141c58, thd=0x7ffb90000b00, reference=0x7ffb90141a00) at /data/src/10.2/sql/item.cc:8639
      		 
      #6  0x000055e719d340d1 in Item_func::fix_fields (this=0x7ffb90141970, thd=0x7ffb90000b00, ref=0x7ffb90018248) at /data/src/10.2/sql/item_func.cc:212
      		 
      #7  0x000055e719a8abab in JOIN::optimize_inner (this=0x7ffb90017e40) at /data/src/10.2/sql/sql_select.cc:1344
      		 
      #8  0x000055e719a89fad in JOIN::optimize (this=0x7ffb90017e40) at /data/src/10.2/sql/sql_select.cc:1115
      		 
      #9  0x000055e719a19dd9 in mysql_derived_optimize (thd=0x7ffb90000b00, lex=0x7ffb900045d8, derived=0x7ffb90012638) at /data/src/10.2/sql/sql_derived.cc:926
      		 
      #10 0x000055e719a18477 in mysql_handle_single_derived (lex=0x7ffb900045d8, derived=0x7ffb90012638, phases=4) at /data/src/10.2/sql/sql_derived.cc:197
      		 
      #11 0x000055e719a8ae80 in JOIN::optimize_inner (this=0x7ffb90016f70) at /data/src/10.2/sql/sql_select.cc:1386
      		 
      #12 0x000055e719a89fad in JOIN::optimize (this=0x7ffb90016f70) at /data/src/10.2/sql/sql_select.cc:1115
      		 
      #13 0x000055e719a931e0 in mysql_select (thd=0x7ffb90000b00, tables=0x7ffb90012638, wild_num=1, fields=..., conds=0x7ffb90012df8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7ffb90016f50, unit=0x7ffb900046a0, select_lex=0x7ffb90004dd8) at /data/src/10.2/sql/sql_select.cc:3768
      		 
      #14 0x000055e719a87761 in handle_select (thd=0x7ffb90000b00, lex=0x7ffb900045d8, result=0x7ffb90016f50, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:376
      		 
      #15 0x000055e719a52f4d in execute_sqlcom_select (thd=0x7ffb90000b00, all_tables=0x7ffb90012638) at /data/src/10.2/sql/sql_parse.cc:6474
      		 
      #16 0x000055e719a48f7a in mysql_execute_command (thd=0x7ffb90000b00) at /data/src/10.2/sql/sql_parse.cc:3480
      		 
      #17 0x000055e719a56d77 in mysql_parse (thd=0x7ffb90000b00, rawbuf=0x7ffb90012448 "SELECT * FROM v1 WHERE b > 0", length=28, parser_state=0x7ffba0c3e200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7999
      		 
      #18 0x000055e719a44820 in dispatch_command (command=COM_QUERY, thd=0x7ffb90000b00, packet=0x7ffb90177341 "SELECT * FROM v1 WHERE b > 0", packet_length=28, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1821
      		 
      #19 0x000055e719a43183 in do_command (thd=0x7ffb90000b00) at /data/src/10.2/sql/sql_parse.cc:1375
      		 
      #20 0x000055e719b93c40 in do_handle_one_connection (connect=0x55e71d918370) at /data/src/10.2/sql/sql_connect.cc:1335
      		 
      #21 0x000055e719b939cd in handle_one_connection (arg=0x55e71d918370) at /data/src/10.2/sql/sql_connect.cc:1241
      		 
      #22 0x000055e719fb4ee2 in pfs_spawn_thread (arg=0x55e71d8f2ee0) at /data/src/10.2/storage/perfschema/pfs.cc:1862
      		 
      #23 0x00007ffba8639494 in start_thread (arg=0x7ffba0c3f700) at pthread_create.c:333
      		 
      #24 0x00007ffba6a1f93f in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Reproducible on 10.3 and on previous 10.2 as well.
      10.1 and earlier versions don't allow such views.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-16846 [Draft] Assertion `context' failed in Item_field::fix_fields

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-16927 Signal 11 Crash

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-20437 mysqld got signal 11 in Item_field::fix_fields()

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-24950 Server crash on select with st_distance and where clause

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28624 Server crash in /sql/item.cc:6192: virtual bool Item_field::fix_fields(THD*, Item**)

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22464 Server crash on UPDATE with nested subquery

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            View 10 older comments
            sanja Oleksandr Byelkin added a comment -

            The cause of above is cloning temporary table field which never supposed to be resolved.

            sanja Oleksandr Byelkin added a comment - The cause of above is cloning temporary table field which never supposed to be resolved.
            sanja Oleksandr Byelkin added a comment - - edited

            The Item was cloned from the other one (created for materialized derived table TABLE_LIST::change_refs_to_fields() ) had no context, because it should not be resolved. But the condition push-down procedure first cleanup items then prepare them again (why?).

            sanja Oleksandr Byelkin added a comment - - edited The Item was cloned from the other one (created for materialized derived table TABLE_LIST::change_refs_to_fields() ) had no context, because it should not be resolved. But the condition push-down procedure first cleanup items then prepare them again (why?).
            sanja Oleksandr Byelkin added a comment - 

            commit edf0449cfd955516391e874ca8a4846ce7cd8f1a (HEAD -> bb-10.3-MDEV-16549, origin/bb-10.3-MDEV-16549)
            		 
            Author: Oleksandr Byelkin <sanja@mariadb.com>
            		 
            Date:   Fri Oct 21 13:47:17 2022 +0200
            		 
             
            		 
                MDEV-16549 Server crashes in Item_field::fix_fields on query with view and subquery, Assertion `context' failed, Assertion `field' failed
            		 
                
                Add one-table-resolve context for items created to switching to
            		 
                temporary table because thex can be cloned in push-down-condition.

            sanja Oleksandr Byelkin added a comment - commit edf0449cfd955516391e874ca8a4846ce7cd8f1a (HEAD -> bb-10.3-MDEV-16549, origin/bb-10.3-MDEV-16549) Author: Oleksandr Byelkin <sanja@mariadb.com> Date: Fri Oct 21 13:47:17 2022 +0200   MDEV-16549 Server crashes in Item_field::fix_fields on query with view and subquery, Assertion `context' failed, Assertion `field' failed Add one-table-resolve context for items created to switching to temporary table because thex can be cloned in push-down-condition.
            sanja Oleksandr Byelkin added a comment - - edited 

            commit c369335918759b7ea8423ae86aef4a1b5950ef2d (HEAD -> bb-10.3-MDEV-16549, origin/bb-10.3-MDEV-16549)
            		 
            Author: Oleksandr Byelkin <sanja@mariadb.com>
            		 
            Date:   Fri Oct 21 13:47:17 2022 +0200
            		 
             
            		 
                MDEV-16549 Server crashes in Item_field::fix_fields on query with view and subquery, Assertion `context' failed, Assertion `field' failed
            		 
                
                Add one-table-resolve context for items created to switching to
            		 
                temporary table because thex can be cloned in push-down-condition.

            sanja Oleksandr Byelkin added a comment - - edited commit c369335918759b7ea8423ae86aef4a1b5950ef2d (HEAD -> bb-10.3-MDEV-16549, origin/bb-10.3-MDEV-16549) Author: Oleksandr Byelkin <sanja@mariadb.com> Date: Fri Oct 21 13:47:17 2022 +0200   MDEV-16549 Server crashes in Item_field::fix_fields on query with view and subquery, Assertion `context' failed, Assertion `field' failed Add one-table-resolve context for items created to switching to temporary table because thex can be cloned in push-down-condition.
            marko Marko Mäkelä added a comment -

            The test case revealed that the MDEV-25202 Name_resolution_context::ignored_tables was not being initialized in the non-default constructor nor the init() member function. I fixed that on the merge to 10.6.

            marko Marko Mäkelä added a comment - The test case revealed that the MDEV-25202 Name_resolution_context::ignored_tables was not being initialized in the non-default constructor nor the init() member function. I fixed that on the merge to 10.6.

            People

              sanja Oleksandr Byelkin
              elenst Elena Stepanova
              Votes:
              3 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.