[MDEV-16940] Server crashes in unsafe_key_update upon attempt to update view through 2nd execution of SP - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 5.5(EOL), 10.0(EOL), 10.1(EOL), 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5(EOL)
Fix Version/s: 10.2.37, 10.3.28, 10.4.18, 10.5.9
Component/s: Stored routines, Views
Labels:
- affects-tests

Description

CREATE TABLE t1 (a INT);

CREATE TABLE t2 (b INT);

CREATE VIEW v AS SELECT a, b FROM t1 JOIN t2;

CREATE PROCEDURE sp() UPDATE v SET a = 8, b = 9;

--error ER_VIEW_MULTIUPDATE

CALL sp;

--error ER_VIEW_MULTIUPDATE

CALL sp;

# Cleanup

DROP PROCEDURE sp;

DROP VIEW v;

DROP TABLE t1, t2;

5.5 ad577091ed
#3 <signal handler called>
#4 0x00000000006b6d07 in unsafe_key_update (leaves=..., tables_for_update=3) at /data/src/5.5/sql/sql_update.cc:1122
#5 0x00000000006b7412 in mysql_multi_update_prepare (thd=0x7f514a264060) at /data/src/5.5/sql/sql_update.cc:1278
#6 0x000000000060237c in mysql_execute_command (thd=0x7f514a264060) at /data/src/5.5/sql/sql_parse.cc:2858
#7 0x00000000008e22c0 in sp_instr_stmt::exec_core (this=0x7f51491806e0, thd=0x7f514a264060, nextp=0x7f5150071c28) at /data/src/5.5/sql/sp_head.cc:3220
#8 0x00000000008e1a67 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f5149180720, thd=0x7f514a264060, nextp=0x7f5150071c28, open_tables=false, instr=0x7f51491806e0) at /data/src/5.5/sql/sp_head.cc:2998
#9 0x00000000008e1fe8 in sp_instr_stmt::execute (this=0x7f51491806e0, thd=0x7f514a264060, nextp=0x7f5150071c28) at /data/src/5.5/sql/sp_head.cc:3144
#10 0x00000000008dde51 in sp_head::execute (this=0x7f5149198078, thd=0x7f514a264060, merge_da_on_success=true) at /data/src/5.5/sql/sp_head.cc:1431
#11 0x00000000008dfbb7 in sp_head::execute_procedure (this=0x7f5149198078, thd=0x7f514a264060, args=0x7f514a268020) at /data/src/5.5/sql/sp_head.cc:2197
#12 0x0000000000605edf in mysql_execute_command (thd=0x7f514a264060) at /data/src/5.5/sql/sql_parse.cc:4115
#13 0x000000000060a44e in mysql_parse (thd=0x7f514a264060, rawbuf=0x7f5149148078 "CALL sp", length=7, parser_state=0x7f5150072640) at /data/src/5.5/sql/sql_parse.cc:5923
#14 0x00000000005fe163 in dispatch_command (command=COM_QUERY, thd=0x7f514a264060, packet=0x7f514df5b061 "CALL sp", packet_length=7) at /data/src/5.5/sql/sql_parse.cc:1066
#15 0x00000000005fd355 in do_command (thd=0x7f514a264060) at /data/src/5.5/sql/sql_parse.cc:793
#16 0x00000000007008e3 in do_handle_one_connection (thd_arg=0x7f514a264060) at /data/src/5.5/sql/sql_connect.cc:1268
#17 0x0000000000700670 in handle_one_connection (arg=0x7f514a264060) at /data/src/5.5/sql/sql_connect.cc:1184
#18 0x0000000000a0fce9 in pfs_spawn_thread (arg=0x7f514af76fc0) at /data/src/5.5/storage/perfschema/pfs.cc:1015
#19 0x00007f514fca5494 in start_thread (arg=0x7f5150073700) at pthread_create.c:333
#20 0x00007f514e6bb93f in clone () from /lib/x86_64-linux-gnu/libc.so.6

All of 5.5-10.3 crash in the same fashion, both debug and non-debug.
Didn't get the crash on MySQL 5.5, 5.6, 5.7.

Attachments

Issue Links

relates to

MDEV-18624 ASAN heap-use-after-free in mysql_derived_prepare upon attempt to UPDATE view through the 3rd execution of SP

Closed

MDEV-17435 Server crashes inst_select_lex::get_free_table_map upon attempt to update view through 2nd execution of SP

Closed

MDEV-24823 Crash with invalid multi-table update of view in 2nd execution of SP

Closed

Activity

People

Assignee:: Igor Babaev (Inactive)

Reporter:: Elena Stepanova

Votes:: 1 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 2018-08-11 18:05

Updated:: 2024-07-07 23:41

Resolved:: 2021-01-20 07:02