Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-18755

Assertion `inited==INDEX' failed in handler::ha_index_read_map

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.4
    • Fix Version/s: 10.4.4
    • Component/s: Optimizer
    • Labels:
      None

      Description

      Reproducible on 10.4 with Innodb, not with MyIsam.

      --source include/have_innodb.inc
      (v1), key (v2)) encreate table t1 (pk int not null primary key, v1 varchar(10), v2 varchar(30), a int(10), key (v1), key (v2)) engine=innodb;
       
      insert into `t1` values (2,'a','a',2),(3,'a','a',null),(4,'a','a',55),(5,'a','a',4),(6,'a','a',0),(7,'a','a',1),(8,'a','a',4),(9,'a','a',null),(10,'a','a',0),(11,'a','a',0),(12,'a','a',null),(13,'a','a',49778),(14,'a','a',6),(15,'a','a',3),(16,'a','a',233),(17,'a','a',-1),(18,'a','a',5),(19,'a','a',-1),(20,'a','a',null),(21,'a','a',0),(22,'a','a',null),(23,'a','a',53840),(24,'a','a',null),(25,'a','a',null),(26,'a','a',5),(27,'a','a',43454),(28,'a','a',0),(29,'a','a',0),(30,'a','a',null),(59,'a','a',null),(60,'a','a',null),(61,'a','a',-1),(62,'a','a',null),(63,'a','a',0),(64,'a','a',14468),(65,'a','a',0),(66,'a','a',28),(67,'a','a',null),(68,'a','a',14983),(69,'a','a',null),(70,'a','a',3),(71,'a','a',null),(72,'a','a',null),(73,'a','a',237),(74,'a','a',2),(75,'a','a',0),(76,'a','a',6),(77,'a','a',5),(78,'a','a',0),(79,'a','a',1),(80,'a','a',-1),(81,'a','a',20),(82,'a','a',0),(83,'a','a',0),(84,'a','a',null),(85,'a','a',-1),(86,'a','a',5),(87,'a','a',null),(88,'a','a',160),(89,'a','a',null),(90,'a','a',14785),(91,'a','a',0),(92,'a','a',null);
       
      (select * from t1 where (v1 is null and v2 is null) and (v2 between 'a' and 'z' or v1 in ('a'))) 
        union
      (select * from t1 where (v1 is null and v2 is null) and (v2 between 'a' and 'z' or v1 in ('a')));
       
      drop table t1;
      

      10.4 9bd47835d0fcdcf2f041da39

      /10.4/sql/handler.cc:3037: int handler::ha_index_read_map(uchar*, const uchar*, key_part_map, ha_rkey_function): Assertion `inited==INDEX' failed.
      190227 14:33:06 [ERROR] mysqld got signal 6 ;
       
      linux/raise.c:54(__GI_raise)[0x7f08b3e6b428]
      stdlib/abort.c:91(__GI_abort)[0x7f08b3e6d02a]
      assert/assert.c:92(__assert_fail_base)[0x7f08b3e63bd7]
      /lib/x86_64-linux-gnu/libc.so.6(+0x2dc82)[0x7f08b3e63c82]
      sql/handler.cc:3039(handler::ha_index_read_map(unsigned char*, unsigned char const*, unsigned long, ha_rkey_function))[0x56208fb6526d]
      sql/sql_select.cc:20766(join_read_always_key(st_join_table*))[0x56208f517ad7]
      sql/sql_select.cc:20005(sub_select(JOIN*, st_join_table*, bool))[0x56208f51295e]
      sql/sql_select.cc:19546(do_select(JOIN*, Procedure*))[0x56208f510fa7]
      sql/sql_select.cc:4364(JOIN::exec_inner())[0x56208f4acada]
      sql/sql_select.cc:4147(JOIN::exec())[0x56208f4aa454]
      sql/sql_union.cc:1471(st_select_lex_unit::exec())[0x56208f655b51]
      sql/sql_union.cc:41(mysql_union(THD*, LEX*, select_result*, st_select_lex_unit*, unsigned long))[0x56208f6478fb]
      sql/sql_select.cc:402(handle_select(THD*, LEX*, select_result*, unsigned long))[0x56208f484a89]
      sql/sql_parse.cc:6604(execute_sqlcom_select(THD*, TABLE_LIST*))[0x56208f40985d]
      sql/sql_parse.cc:3841(mysql_execute_command(THD*))[0x56208f3f660f]
      sql/sql_parse.cc:8157(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x56208f411d3b]
      sql/sql_parse.cc:1831(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x56208f3ea7e8]
      sql/sql_parse.cc:1358(do_command(THD*))[0x56208f3e76e3]
      sql/sql_connect.cc:1399(do_handle_one_connection(CONNECT*))[0x56208f75babe]
      sql/sql_connect.cc:1303(handle_one_connection)[0x56208f75b488]
      perfschema/pfs.cc:1864(pfs_spawn_thread)[0x562090b18151]
      /lib/x86_64-linux-gnu/libpthread.so.0(+0x76ba)[0x7f08b4cac6ba]
      x86_64/clone.S:111(clone)[0x7f08b3f3d41d]
       
      Query (0x62b00007e288): (select * from t1 where (v1 is null and v2 is null) and (v2 between 'a' and 'z' or v1 in ('a')))  union (select * from t1 where (v1 is null and v2 is null) and (v2 between 'a' and 'z' or v1 in ('a')))
      

      The same case, but no primary key on column pk:

      --source include/have_innodb.inc
      create table t1 (pk int not null , v1 varchar(10), v2 varchar(30), a int(10), key (v1), key (v2)) engine=innodb;
       
      insert into `t1` values (2,'a','a',2),(3,'a','a',null),(4,'a','a',55),(5,'a','a',4),(6,'a','a',0),(7,'a','a',1),(8,'a','a',4),(9,'a','a',null),(10,'a','a',0),(11,'a','a',0),(12,'a','a',null),(13,'a','a',49778),(14,'a','a',6),(15,'a','a',3),(16,'a','a',233),(17,'a','a',-1),(18,'a','a',5),(19,'a','a',-1),(20,'a','a',null),(21,'a','a',0),(22,'a','a',null),(23,'a','a',53840),(24,'a','a',null),(25,'a','a',null),(26,'a','a',5),(27,'a','a',43454),(28,'a','a',0),(29,'a','a',0),(30,'a','a',null),(59,'a','a',null),(60,'a','a',null),(61,'a','a',-1),(62,'a','a',null),(63,'a','a',0),(64,'a','a',14468),(65,'a','a',0),(66,'a','a',28),(67,'a','a',null),(68,'a','a',14983),(69,'a','a',null),(70,'a','a',3),(71,'a','a',null),(72,'a','a',null),(73,'a','a',237),(74,'a','a',2),(75,'a','a',0),(76,'a','a',6),(77,'a','a',5),(78,'a','a',0),(79,'a','a',1),(80,'a','a',-1),(81,'a','a',20),(82,'a','a',0),(83,'a','a',0),(84,'a','a',null),(85,'a','a',-1),(86,'a','a',5),(87,'a','a',null),(88,'a','a',160),(89,'a','a',null),(90,'a','a',14785),(91,'a','a',0),(92,'a','a',null);
       
      (select * from t1 where (v1 is null and v2 is null) and (v2 between 'a' and 'z' or v1 in ('a'))) 
        union
      (select * from t1 where (v1 is null and v2 is null) and (v2 between 'a' and 'z' or v1 in ('a')));
       
      drop table t1;
      

      ==14324==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000115350 at pc 0x559d5894dd22 bp 0x7fe31cdc1e40 sp 0x7fe31cdc1e30
      READ of size 8 at 0x619000115350 thread T27
          #0 0x559d5894dd21 in calculate_key_len(TABLE*, unsigned int, unsigned char const*, unsigned long) /10.4/sql/table.cc:4444
          #1 0x559d58e2ba23 in handler::prepare_index_key_scan_map(unsigned char const*, unsigned long) /10.4/sql/handler.h:3197
          #2 0x559d587bb9af in join_read_always_key /10.4/sql/sql_select.cc:20759
          #3 0x559d587b695d in sub_select(JOIN*, st_join_table*, bool) /10.4/sql/sql_select.cc:20005
          #4 0x559d587b4fa6 in do_select /10.4/sql/sql_select.cc:19546
          #5 0x559d58750ad9 in JOIN::exec_inner() /10.4/sql/sql_select.cc:4364
          #6 0x559d5874e453 in JOIN::exec() /10.4/sql/sql_select.cc:4146
          #7 0x559d588f9b50 in st_select_lex_unit::exec() /10.4/sql/sql_union.cc:1470
          #8 0x559d588eb8fa in mysql_union(THD*, LEX*, select_result*, st_select_lex_unit*, unsigned long) /10.4/sql/sql_union.cc:41
          #9 0x559d58728a88 in handle_select(THD*, LEX*, select_result*, unsigned long) /10.4/sql/sql_select.cc:402
          #10 0x559d586ad85c in execute_sqlcom_select /10.4/sql/sql_parse.cc:6604
          #11 0x559d5869a60e in mysql_execute_command(THD*) /10.4/sql/sql_parse.cc:3841
          #12 0x559d586b5d3a in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /10.4/sql/sql_parse.cc:8157
          #13 0x559d5868e7e7 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /10.4/sql/sql_parse.cc:1829
          #14 0x559d5868b6e2 in do_command(THD*) /10.4/sql/sql_parse.cc:1358
          #15 0x559d589ffabd in do_handle_one_connection(CONNECT*) /10.4/sql/sql_connect.cc:1399
          #16 0x559d589ff487 in handle_one_connection /10.4/sql/sql_connect.cc:1302
          #17 0x559d59dbc150 in pfs_spawn_thread /10.4/storage/perfschema/pfs.cc:1862
          #18 0x7fe3345406b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
          #19 0x7fe3337d141c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x10741c)
      

        Attachments

          Activity

            People

            Assignee:
            igor Igor Babaev
            Reporter:
            alice Alice Sherepa
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: