[MDEV-19188] Server Crash When Using a Trigger With A Number of Virtual Columns on INSERT/UPDATE - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.3.14, 10.3.15, 10.2(EOL), 10.3(EOL), 10.4(EOL)
Fix Version/s: 10.2.24, 10.3.15, 10.4.5
Component/s: Triggers, Virtual Columns
Labels:
- triggers
- virtual_columns
Environment:
Production: Ubuntu 16.04 LTS
Development: Centos 7, using 10.3.15-MariaDB-debug

Description

When you have a table that has 9 (or more) virtual columns, with any type (tested VARCHAR and INT) or expression (initially found the bug where JSON_VALID was used, then tested with referring to another column or just a constant expression) and a BEFORE INSERT or BEFORE UPDATE trigger (with any content or where the trigger is empty); then any INSERT or UPDATE will crash the server; even if the trigger is a BEFORE INSERT trigger and an UPDATE is run, or the other way round, or an INSERT is run with the trigger being a BEFORE INSERT trigger, etc.

In the event that the INSERT is done via an INSERT INTO ... SELECT statement, no crash occurs.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

setup.sql
2019-04-05 13:42
2 kB
Robert Humphries
setup.txt
2019-04-05 13:42
3 kB
Robert Humphries
test1.txt
2019-04-05 13:42
6 kB
Robert Humphries
test2.txt
2019-04-05 13:42
6 kB
Robert Humphries
test3.txt
2019-04-05 13:42
6 kB
Robert Humphries
test4.txt
2019-04-05 13:42
6 kB
Robert Humphries
tests.sql
2019-04-05 13:42
0.3 kB
Robert Humphries

Activity

Elena Stepanova added a comment - 2019-04-06 15:10

Thanks for the report and test case. Reproducible as described.

Test case - same as in attachments, only wrapped up for MTR.

--source include/have_innodb.inc

CREATE TABLE `testBeforeInsert` (

  `str` VARCHAR(16) NOT NULL,

  `virt1` INT(11) GENERATED ALWAYS AS (0) VIRTUAL,

  `virt2` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,

  `virt3` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,

  `virt4` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,

  `virt5` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,

  `virt6` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,

  `virt7` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,

  `virt8` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,

  `virt9` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,

  PRIMARY KEY (`str`)

) ENGINE=INNODB DEFAULT CHARSET=utf8;

INSERT INTO `testBeforeInsert` (`str`) VALUES ('test');

CREATE

    TRIGGER `testBeforeInsertTrigger` BEFORE INSERT ON `testBeforeInsert`

    FOR EACH ROW BEGIN

    END;

INSERT INTO `testBeforeInsert` (`str`) VALUES ("testcrash");

10.2 b4a7bde7
#3 <signal handler called>
#4 0x00007f4fcd30504d in __memset_avx2_erms () from /lib/x86_64-linux-gnu/libc.so.6
#5 0x000055ce4b2dde47 in Table_triggers_list::reset_extra_null_bitmap (this=0x7f4f70092d98) at /data/src/10.2/sql/sql_trigger.h:279
#6 0x000055ce4b2db3b6 in switch_to_nullable_trigger_fields (items=..., table=0x7f4f70009960) at /data/src/10.2/sql/sql_base.cc:8092
#7 0x000055ce4b31ab1e in mysql_insert (thd=0x7f4f70000b00, table_list=0x7f4f700125d8, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false) at /data/src/10.2/sql/sql_insert.cc:798
#8 0x000055ce4b342fba in mysql_execute_command (thd=0x7f4f70000b00) at /data/src/10.2/sql/sql_parse.cc:4438
#9 0x000055ce4b34e475 in mysql_parse (thd=0x7f4f70000b00, rawbuf=0x7f4f70012458 "INSERT INTO `testBeforeInsert` (`str`) VALUES (\"testcrash\")", length=59, parser_state=0x7f4fb85f2200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:8013
#10 0x000055ce4b33bf72 in dispatch_command (command=COM_QUERY, thd=0x7f4f70000b00, packet=0x7f4f700968b1 "", packet_length=59, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1832
#11 0x000055ce4b33a88f in do_command (thd=0x7f4f70000b00) at /data/src/10.2/sql/sql_parse.cc:1386
#12 0x000055ce4b48df79 in do_handle_one_connection (connect=0x55ce4daa9df0) at /data/src/10.2/sql/sql_connect.cc:1335
#13 0x000055ce4b48dd06 in handle_one_connection (arg=0x55ce4daa9df0) at /data/src/10.2/sql/sql_connect.cc:1241
#14 0x000055ce4b8b600a in pfs_spawn_thread (arg=0x55ce4daafc00) at /data/src/10.2/storage/perfschema/pfs.cc:1862
#15 0x00007f4fcf0f6494 in start_thread (arg=0x7f4fb85f3700) at pthread_create.c:333
#16 0x00007f4fcd2c493f in clone () from /lib/x86_64-linux-gnu/libc.so.6

Elena Stepanova added a comment - 2019-04-06 15:10 Thanks for the report and test case. Reproducible as described. Test case - same as in attachments, only wrapped up for MTR. --source include/have_innodb.inc CREATE TABLE `testBeforeInsert` ( `str` VARCHAR (16) NOT NULL , `virt1` INT (11) GENERATED ALWAYS AS (0) VIRTUAL, `virt2` VARCHAR (128) GENERATED ALWAYS AS ( 'a' ) VIRTUAL, `virt3` VARCHAR (128) GENERATED ALWAYS AS ( 'a' ) VIRTUAL, `virt4` VARCHAR (128) GENERATED ALWAYS AS ( 'a' ) VIRTUAL, `virt5` VARCHAR (128) GENERATED ALWAYS AS ( 'a' ) VIRTUAL, `virt6` VARCHAR (128) GENERATED ALWAYS AS ( 'a' ) VIRTUAL, `virt7` VARCHAR (128) GENERATED ALWAYS AS ( 'a' ) VIRTUAL, `virt8` VARCHAR (128) GENERATED ALWAYS AS ( 'a' ) VIRTUAL, `virt9` VARCHAR (128) GENERATED ALWAYS AS ( 'a' ) VIRTUAL, PRIMARY KEY (`str`) ) ENGINE=INNODB DEFAULT CHARSET=utf8; INSERT INTO `testBeforeInsert` (`str`) VALUES ( 'test' ); CREATE TRIGGER `testBeforeInsertTrigger` BEFORE INSERT ON `testBeforeInsert` FOR EACH ROW BEGIN END ; INSERT INTO `testBeforeInsert` (`str`) VALUES ( "testcrash" ); 10.2 b4a7bde7 #3 <signal handler called> #4 0x00007f4fcd30504d in __memset_avx2_erms () from /lib/x86_64-linux-gnu/libc.so.6 #5 0x000055ce4b2dde47 in Table_triggers_list::reset_extra_null_bitmap (this=0x7f4f70092d98) at /data/src/10.2/sql/sql_trigger.h:279 #6 0x000055ce4b2db3b6 in switch_to_nullable_trigger_fields (items=..., table=0x7f4f70009960) at /data/src/10.2/sql/sql_base.cc:8092 #7 0x000055ce4b31ab1e in mysql_insert (thd=0x7f4f70000b00, table_list=0x7f4f700125d8, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false) at /data/src/10.2/sql/sql_insert.cc:798 #8 0x000055ce4b342fba in mysql_execute_command (thd=0x7f4f70000b00) at /data/src/10.2/sql/sql_parse.cc:4438 #9 0x000055ce4b34e475 in mysql_parse (thd=0x7f4f70000b00, rawbuf=0x7f4f70012458 "INSERT INTO `testBeforeInsert` (`str`) VALUES (\"testcrash\")", length=59, parser_state=0x7f4fb85f2200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:8013 #10 0x000055ce4b33bf72 in dispatch_command (command=COM_QUERY, thd=0x7f4f70000b00, packet=0x7f4f700968b1 "", packet_length=59, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1832 #11 0x000055ce4b33a88f in do_command (thd=0x7f4f70000b00) at /data/src/10.2/sql/sql_parse.cc:1386 #12 0x000055ce4b48df79 in do_handle_one_connection (connect=0x55ce4daa9df0) at /data/src/10.2/sql/sql_connect.cc:1335 #13 0x000055ce4b48dd06 in handle_one_connection (arg=0x55ce4daa9df0) at /data/src/10.2/sql/sql_connect.cc:1241 #14 0x000055ce4b8b600a in pfs_spawn_thread (arg=0x55ce4daafc00) at /data/src/10.2/storage/perfschema/pfs.cc:1862 #15 0x00007f4fcf0f6494 in start_thread (arg=0x7f4fb85f3700) at pthread_create.c:333 #16 0x00007f4fcd2c493f in clone () from /lib/x86_64-linux-gnu/libc.so.6

MariaDB Server

Server Crash When Using a Trigger With A Number of Virtual Columns on INSERT/UPDATE

Details

Description

Attachments

Attachments

Activity

People

Dates

Git Integration