Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
10.3.10
-
None
-
CentOS 7
Description
Server crash after execute simple but long WHERE IN query - crash.sql.
I tested it on the test database:
CREATE TABLE `test` (
`text` varchar(30) CHARACTER SET cp1250 COLLATE cp1250_czech_cs DEFAULT NULL,
`id` varbinary(16) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=binary;
ALTER TABLE `test`
ADD UNIQUE KEY `id` (`id`);
with some test data:
INSERT INTO `test` (`text`, `id`) VALUES
('332969.613019', 0x3131),
('332967.579999.580003', 0x3132),
('332967.579999.580002', 0x3133),
('332967.580000', 0x3134),
('332967.579999', 0x3135),
('abe', 0x3535),
('aaa', 0x33),
('zku', 0x3333),
('dddd', 0x3432343234),
('churu', 0x33353235),
('czrt', 0x333235);
After query I have got server crash - mysqld.log.
Attachments
Issue Links
- duplicates
-
MDEV-17222 Reproducible server crash in String_list::append_str or in Field_iterator_table::create_item
-
- Closed
-
Thanks for the report!
from mysqld.log
mysys/stacktrace.c:270(my_print_stacktrace)[0x5654ce4541de]
sql/signal_handler.cc:168(handle_fatal_signal)[0x5654cdeee6d7]
sigaction.c:0(__restore_rt)[0x7f24f1a966d0]
:0(__strlen_sse42)[0x7f24efe7a67f]
sql/sql_explain.cc:1389(String_list::append_str(st_mem_root*, char const*))[0x5654cde13672]
sql/sql_explain.cc:1161(Explain_index_use::set(st_mem_root*, st_key*, unsigned int))[0x5654cde13747]
sql/sql_select.cc:25113(st_join_table::save_explain_data(Explain_table_access*, unsigned long long, bool, st_join_table*))[0x5654cdd68e85]
sql/sql_select.cc:25624(JOIN::save_explain_data_intern(Explain_query*, bool, bool, bool, char const*))[0x5654cdd6a8c8]
sql/sql_select.cc:3790(JOIN::save_explain_data(Explain_query*, bool, bool, bool, bool))[0x5654cdd6aa20]
sql/sql_select.cc:1410(JOIN::build_explain())[0x5654cdd6ac6d]
sql/sql_select.cc:1454(JOIN::optimize())[0x5654cdd714e7]
sql/sql_select.cc:4220(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x5654cdd72a94]
sql/sql_select.cc:382(handle_select(THD*, LEX*, select_result*, unsigned long))[0x5654cdd7362c]
sql/sql_parse.cc:6548(execute_sqlcom_select(THD*, TABLE_LIST*))[0x5654cdc29cd9]
sql/sql_parse.cc:3769(mysql_execute_command(THD*))[0x5654cdd1fb74]
sql/sql_parse.cc:8092(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5654cdd2232b]
sql/sql_parse.cc:1850(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5654cdd24e95]
sql/sql_parse.cc:1397(do_command(THD*))[0x5654cdd25cfe]
sql/sql_connect.cc:1402(do_handle_one_connection(CONNECT*))[0x5654cddf61aa]
sql/sql_connect.cc:1310(handle_one_connection)[0x5654cddf62cd]
pthread_create.c:0(start_thread)[0x7f24f1a8ee25]
/lib64/libc.so.6(clone+0x6d)[0x7f24efe32bad]
It is the same problem as
MDEV-17222, fixed by 103b1df5105992 commit by Igor BabaevMDEV-17222 Reproducible server crash in String_list::append_str or
in Field_iterator_table::create_item
When IN predicate is converted to IN subquery we have to ensure that
any item from the select list of the subquery has some name and this name
is unique across the select list.
This was not guaranteed by the code before the patch for MDEV-17222.
If the name of an item of the select list was not set, and this happened
for binary constants, then the server crashed. If the first row in the IN
list contained the same constant in two different positions then the server
returned an error message.
This was fixed by providing all constants in the first row of the IN list
with generated names.