Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 10.3.10
    • 10.3.11
    • N/A
    • None
    • CentOS 7

    Description

      Server crash after execute simple but long WHERE IN query - crash.sql.

      I tested it on the test database:

      CREATE TABLE `test` (
      `text` varchar(30) CHARACTER SET cp1250 COLLATE cp1250_czech_cs DEFAULT NULL,
      `id` varbinary(16) NOT NULL
      ) ENGINE=MyISAM DEFAULT CHARSET=binary;
      ALTER TABLE `test`
      ADD UNIQUE KEY `id` (`id`);

      with some test data:

      INSERT INTO `test` (`text`, `id`) VALUES
      ('332969.613019', 0x3131),
      ('332967.579999.580003', 0x3132),
      ('332967.579999.580002', 0x3133),
      ('332967.580000', 0x3134),
      ('332967.579999', 0x3135),
      ('abe', 0x3535),
      ('aaa', 0x33),
      ('zku', 0x3333),
      ('dddd', 0x3432343234),
      ('churu', 0x33353235),
      ('czrt', 0x333235);

      After query I have got server crash - mysqld.log.

      Attachments

        1. crash.sql
          379 kB
        2. mysqld.log
          142 kB

        Issue Links

          Activity

            alice Alice Sherepa added a comment -

            Thanks for the report!
            from mysqld.log

            mysys/stacktrace.c:270(my_print_stacktrace)[0x5654ce4541de]
            sql/signal_handler.cc:168(handle_fatal_signal)[0x5654cdeee6d7]
            sigaction.c:0(__restore_rt)[0x7f24f1a966d0]
            :0(__strlen_sse42)[0x7f24efe7a67f]
            sql/sql_explain.cc:1389(String_list::append_str(st_mem_root*, char const*))[0x5654cde13672]
            sql/sql_explain.cc:1161(Explain_index_use::set(st_mem_root*, st_key*, unsigned int))[0x5654cde13747]
            sql/sql_select.cc:25113(st_join_table::save_explain_data(Explain_table_access*, unsigned long long, bool, st_join_table*))[0x5654cdd68e85]
            sql/sql_select.cc:25624(JOIN::save_explain_data_intern(Explain_query*, bool, bool, bool, char const*))[0x5654cdd6a8c8]
            sql/sql_select.cc:3790(JOIN::save_explain_data(Explain_query*, bool, bool, bool, bool))[0x5654cdd6aa20]
            sql/sql_select.cc:1410(JOIN::build_explain())[0x5654cdd6ac6d]
            sql/sql_select.cc:1454(JOIN::optimize())[0x5654cdd714e7]
            sql/sql_select.cc:4220(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x5654cdd72a94]
            sql/sql_select.cc:382(handle_select(THD*, LEX*, select_result*, unsigned long))[0x5654cdd7362c]
            sql/sql_parse.cc:6548(execute_sqlcom_select(THD*, TABLE_LIST*))[0x5654cdc29cd9]
            sql/sql_parse.cc:3769(mysql_execute_command(THD*))[0x5654cdd1fb74]
            sql/sql_parse.cc:8092(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5654cdd2232b]
            sql/sql_parse.cc:1850(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5654cdd24e95]
            sql/sql_parse.cc:1397(do_command(THD*))[0x5654cdd25cfe]
            sql/sql_connect.cc:1402(do_handle_one_connection(CONNECT*))[0x5654cddf61aa]
            sql/sql_connect.cc:1310(handle_one_connection)[0x5654cddf62cd]
            pthread_create.c:0(start_thread)[0x7f24f1a8ee25]
            /lib64/libc.so.6(clone+0x6d)[0x7f24efe32bad]
            

            It is the same problem as MDEV-17222, fixed by 103b1df5105992 commit by Igor Babaev

            MDEV-17222 Reproducible server crash in String_list::append_str or
             
                       in Field_iterator_table::create_item
             
            When IN predicate is converted to IN subquery we have to ensure that
            any item from the select list of the subquery has some name and this name
            is unique across the select list.
            This was not guaranteed by the code before the patch for MDEV-17222.
            If the name of an item of the select list was not set, and this happened
            for binary constants, then the server crashed. If the first row in the IN
            list contained the same constant in two different positions then the server
            returned an error message.
            This was fixed by providing all constants in the first row of the IN list
            with generated names.
            

            alice Alice Sherepa added a comment - Thanks for the report! from mysqld.log mysys/stacktrace.c:270(my_print_stacktrace)[0x5654ce4541de] sql/signal_handler.cc:168(handle_fatal_signal)[0x5654cdeee6d7] sigaction.c:0(__restore_rt)[0x7f24f1a966d0] :0(__strlen_sse42)[0x7f24efe7a67f] sql/sql_explain.cc:1389(String_list::append_str(st_mem_root*, char const*))[0x5654cde13672] sql/sql_explain.cc:1161(Explain_index_use::set(st_mem_root*, st_key*, unsigned int))[0x5654cde13747] sql/sql_select.cc:25113(st_join_table::save_explain_data(Explain_table_access*, unsigned long long, bool, st_join_table*))[0x5654cdd68e85] sql/sql_select.cc:25624(JOIN::save_explain_data_intern(Explain_query*, bool, bool, bool, char const*))[0x5654cdd6a8c8] sql/sql_select.cc:3790(JOIN::save_explain_data(Explain_query*, bool, bool, bool, bool))[0x5654cdd6aa20] sql/sql_select.cc:1410(JOIN::build_explain())[0x5654cdd6ac6d] sql/sql_select.cc:1454(JOIN::optimize())[0x5654cdd714e7] sql/sql_select.cc:4220(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x5654cdd72a94] sql/sql_select.cc:382(handle_select(THD*, LEX*, select_result*, unsigned long))[0x5654cdd7362c] sql/sql_parse.cc:6548(execute_sqlcom_select(THD*, TABLE_LIST*))[0x5654cdc29cd9] sql/sql_parse.cc:3769(mysql_execute_command(THD*))[0x5654cdd1fb74] sql/sql_parse.cc:8092(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5654cdd2232b] sql/sql_parse.cc:1850(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5654cdd24e95] sql/sql_parse.cc:1397(do_command(THD*))[0x5654cdd25cfe] sql/sql_connect.cc:1402(do_handle_one_connection(CONNECT*))[0x5654cddf61aa] sql/sql_connect.cc:1310(handle_one_connection)[0x5654cddf62cd] pthread_create.c:0(start_thread)[0x7f24f1a8ee25] /lib64/libc.so.6(clone+0x6d)[0x7f24efe32bad] It is the same problem as MDEV-17222 , fixed by 103b1df5105992 commit by Igor Babaev MDEV-17222 Reproducible server crash in String_list::append_str or   in Field_iterator_table::create_item   When IN predicate is converted to IN subquery we have to ensure that any item from the select list of the subquery has some name and this name is unique across the select list. This was not guaranteed by the code before the patch for MDEV-17222. If the name of an item of the select list was not set, and this happened for binary constants, then the server crashed. If the first row in the IN list contained the same constant in two different positions then the server returned an error message. This was fixed by providing all constants in the first row of the IN list with generated names.

            People

              Unassigned Unassigned
              jirka Jiri Reischig
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.