Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-16994

Server crashes in base_list_iterator::next upon TRUNCATE PARTITION through SPs or Assertion `!alloced || !Ptr || !Alloced_length || (Alloced_length >= (str_length + 1))' fails in String::c_ptr

    XMLWordPrintable

    Details

      Description

      --source include/have_partition.inc
       
      CREATE TABLE t1 (a INT) PARTITION BY HASH (a) PARTITIONS 4;
      CREATE PROCEDURE sp1() ALTER TABLE t1 TRUNCATE PARTITION p3;
      CREATE PROCEDURE sp2() CALL sp1;
      CALL sp1;
      CALL sp2;
       
      # Cleanup
      DROP PROCEDURE sp2;
      DROP PROCEDURE sp1;
      DROP TABLE t1;
      

      10.1 68eb9b1a784

      #3  <signal handler called>
      #4  0x0000555c0acfcf3c in base_list_iterator::next (this=0x7fba7d9fc080) at /data/src/10.1/sql/sql_list.h:451
      #5  0x0000555c0ad17ef3 in List_iterator<String>::operator++ (this=0x7fba7d9fc080) at /data/src/10.1/sql/sql_list.h:551
      #6  0x0000555c0ae828a3 in partition_info::prune_partition_bitmaps (this=0x7fba72ca0bf8, table_list=0x7fba72d5ed10) at /data/src/10.1/sql/partition_info.cc:227
      #7  0x0000555c0ae82a69 in partition_info::set_partition_bitmaps (this=0x7fba72ca0bf8, table_list=0x7fba72d5ed10) at /data/src/10.1/sql/partition_info.cc:268
      #8  0x0000555c0ad05ad3 in open_table (thd=0x7fba748d5070, table_list=0x7fba72d5ed10, ot_ctx=0x7fba7d9fc5b0) at /data/src/10.1/sql/sql_base.cc:2613
      #9  0x0000555c0ad0820d in open_and_process_table (thd=0x7fba748d5070, lex=0x7fba72d61088, tables=0x7fba72d5ed10, counter=0x7fba7d9fc678, flags=0, prelocking_strategy=0x7fba7d9fc630, has_prelocking_list=false, ot_ctx=0x7fba7d9fc5b0) at /data/src/10.1/sql/sql_base.cc:4091
      #10 0x0000555c0ad09288 in open_tables (thd=0x7fba748d5070, options=..., start=0x7fba7d9fc688, counter=0x7fba7d9fc678, flags=0, prelocking_strategy=0x7fba7d9fc630) at /data/src/10.1/sql/sql_base.cc:4602
      #11 0x0000555c0ad49d2d in open_tables (thd=0x7fba748d5070, tables=0x7fba7d9fc688, counter=0x7fba7d9fc678, flags=0) at /data/src/10.1/sql/sql_base.h:510
      #12 0x0000555c0b14aede in Sql_cmd_alter_table_truncate_partition::execute (this=0x7fba72d5f320, thd=0x7fba748d5070) at /data/src/10.1/sql/sql_partition_admin.cc:803
      #13 0x0000555c0ad77411 in mysql_execute_command (thd=0x7fba748d5070) at /data/src/10.1/sql/sql_parse.cc:5699
      #14 0x0000555c0b1026c6 in sp_instr_stmt::exec_core (this=0x7fba72d5f330, thd=0x7fba748d5070, nextp=0x7fba7d9fd694) at /data/src/10.1/sql/sp_head.cc:3218
      #15 0x0000555c0b101db8 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7fba72d5f370, thd=0x7fba748d5070, nextp=0x7fba7d9fd694, open_tables=false, instr=0x7fba72d5f330) at /data/src/10.1/sql/sp_head.cc:2984
      #16 0x0000555c0b10238c in sp_instr_stmt::execute (this=0x7fba72d5f330, thd=0x7fba748d5070, nextp=0x7fba7d9fd694) at /data/src/10.1/sql/sp_head.cc:3134
      #17 0x0000555c0b0fdbfe in sp_head::execute (this=0x7fba72d5e088, thd=0x7fba748d5070, merge_da_on_success=true) at /data/src/10.1/sql/sp_head.cc:1315
      #18 0x0000555c0b0ffa98 in sp_head::execute_procedure (this=0x7fba72d5e088, thd=0x7fba748d5070, args=0x7fba72e5fde0) at /data/src/10.1/sql/sp_head.cc:2102
      #19 0x0000555c0ad6cb36 in do_execute_sp (thd=0x7fba748d5070, sp=0x7fba72d5e088) at /data/src/10.1/sql/sql_parse.cc:2425
      #20 0x0000555c0ad75ce9 in mysql_execute_command (thd=0x7fba748d5070) at /data/src/10.1/sql/sql_parse.cc:5299
      #21 0x0000555c0b1026c6 in sp_instr_stmt::exec_core (this=0x7fba72e29e50, thd=0x7fba748d5070, nextp=0x7fba7d9fe614) at /data/src/10.1/sql/sp_head.cc:3218
      #22 0x0000555c0b101db8 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7fba72e29e90, thd=0x7fba748d5070, nextp=0x7fba7d9fe614, open_tables=false, instr=0x7fba72e29e50) at /data/src/10.1/sql/sp_head.cc:2984
      #23 0x0000555c0b10238c in sp_instr_stmt::execute (this=0x7fba72e29e50, thd=0x7fba748d5070, nextp=0x7fba7d9fe614) at /data/src/10.1/sql/sp_head.cc:3134
      #24 0x0000555c0b0fdbfe in sp_head::execute (this=0x7fba72e29088, thd=0x7fba748d5070, merge_da_on_success=true) at /data/src/10.1/sql/sp_head.cc:1315
      #25 0x0000555c0b0ffa98 in sp_head::execute_procedure (this=0x7fba72e29088, thd=0x7fba748d5070, args=0x7fba748d9838) at /data/src/10.1/sql/sp_head.cc:2102
      #26 0x0000555c0ad6cb36 in do_execute_sp (thd=0x7fba748d5070, sp=0x7fba72e29088) at /data/src/10.1/sql/sql_parse.cc:2425
      #27 0x0000555c0ad75ce9 in mysql_execute_command (thd=0x7fba748d5070) at /data/src/10.1/sql/sql_parse.cc:5299
      #28 0x0000555c0ad7bc40 in mysql_parse (thd=0x7fba748d5070, rawbuf=0x7fba72c43088 "CALL sp2", length=8, parser_state=0x7fba7d9ff5e0) at /data/src/10.1/sql/sql_parse.cc:7463
      #29 0x0000555c0ad6a5d5 in dispatch_command (command=COM_QUERY, thd=0x7fba748d5070, packet=0x7fba773f9071 "CALL sp2", packet_length=8) at /data/src/10.1/sql/sql_parse.cc:1495
      #30 0x0000555c0ad6935a in do_command (thd=0x7fba748d5070) at /data/src/10.1/sql/sql_parse.cc:1124
      #31 0x0000555c0aea3773 in do_handle_one_connection (thd_arg=0x7fba748d5070) at /data/src/10.1/sql/sql_connect.cc:1330
      #32 0x0000555c0aea34d7 in handle_one_connection (arg=0x7fba748d5070) at /data/src/10.1/sql/sql_connect.cc:1242
      #33 0x0000555c0b260ec6 in pfs_spawn_thread (arg=0x7fba7b03a170) at /data/src/10.1/storage/perfschema/pfs.cc:1861
      #34 0x00007fba7d67f494 in start_thread (arg=0x7fba7da00b00) at pthread_create.c:333
      #35 0x00007fba7ba3893f in clone () from /lib/x86_64-linux-gnu/libc.so.6
      

      Reproducible on 10.1, 10.2 with at least MyISAM and InnoDB.
      Couldn't reproduce on 10.0, 10.3, 10.4.

        Attachments

          Activity

            People

            Assignee:
            sanja Oleksandr Byelkin
            Reporter:
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: