[MDEV-19699] Server crashes in Item_null_result::field_type upon SELECT with ROLLUP on constant table - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.1, 10.2
Fix Version/s: 10.2.27, 10.1.42
Component/s: Data types
Labels:
- not-10.3
- not-10.4

Description

CREATE TABLE t1 (d DATE) ENGINE=MyISAM;

INSERT INTO t1 VALUES ('1999-11-04');

SELECT d FROM t1 GROUP BY d WITH ROLLUP HAVING d > '1990-01-01';

10.1 b003b0c9
#3 <signal handler called>
#4 0x00005600ac2e353f in Item_null_result::field_type (this=0x7f8809847f20) at /data/src/10.1/sql/item.h:2658
#5 0x00005600ac20b1d1 in Item_ref::field_type (this=0x7f8809845a20) at /data/src/10.1/sql/item.h:3995
#6 0x00005600ac4b9a96 in Item::get_date_with_conversion (this=0x7f8809845a20, ltime=0x7f88140b8c90, fuzzydate=33554433) at /data/src/10.1/sql/item.cc:131
#7 0x00005600ac1adbdd in Item::val_datetime_packed (this=0x7f8809845a20) at /data/src/10.1/sql/item.h:1298
#8 0x00005600ac4ee9cb in Item::val_temporal_packed (this=0x7f8809845a20, f_type=MYSQL_TYPE_DATETIME) at /data/src/10.1/sql/item.h:1310
#9 0x00005600ac4dbe87 in get_datetime_value (thd=0x0, item_arg=0x7f8809845c88, cache_arg=0x7f8809845cd8, f_type=MYSQL_TYPE_DATETIME, is_null=0x7f88140b8d7e) at /data/src/10.1/sql/item_cmpfunc.cc:770
#10 0x00005600ac4dbff1 in Arg_comparator::compare_temporal (this=0x7f8809845c88, type=MYSQL_TYPE_DATETIME) at /data/src/10.1/sql/item_cmpfunc.cc:814
#11 0x00005600ac1a18c3 in Arg_comparator::compare_datetime (this=0x7f8809845c88) at /data/src/10.1/sql/item_cmpfunc.h:105
#12 0x00005600ac4ef230 in Arg_comparator::compare (this=0x7f8809845c88) at /data/src/10.1/sql/item_cmpfunc.h:87
#13 0x00005600ac4df053 in Item_func_gt::val_int (this=0x7f8809845bc8) at /data/src/10.1/sql/item_cmpfunc.cc:1836
#14 0x00005600ac2db204 in JOIN::rollup_send_data (this=0x7f8809845e10, idx=0) at /data/src/10.1/sql/sql_select.cc:24065
#15 0x00005600ac2d0d58 in end_send_group (join=0x7f8809845e10, join_tab=0x0, end_of_records=true) at /data/src/10.1/sql/sql_select.cc:19804
#16 0x00005600ac2cd1c8 in do_select (join=0x7f8809845e10, fields=0x7f8809846210, table=0x0, procedure=0x0) at /data/src/10.1/sql/sql_select.cc:18124
#17 0x00005600ac2a74c8 in JOIN::exec_inner (this=0x7f8809845e10) at /data/src/10.1/sql/sql_select.cc:3275
#18 0x00005600ac2a475b in JOIN::exec (this=0x7f8809845e10) at /data/src/10.1/sql/sql_select.cc:2562
#19 0x00005600ac2a7ce9 in mysql_select (thd=0x7f880b7d0070, rref_pointer_array=0x7f880b7d4560, tables=0x7f88098452c0, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7f88098459c8, having=0x7f8809845bc8, proc_param=0x0, select_options=2147748608, result=0x7f8809845df0, unit=0x7f880b7d3bb8, select_lex=0x7f880b7d42b8) at /data/src/10.1/sql/sql_select.cc:3499
#20 0x00005600ac29d3d3 in handle_select (thd=0x7f880b7d0070, lex=0x7f880b7d3af0, result=0x7f8809845df0, setup_tables_done_option=0) at /data/src/10.1/sql/sql_select.cc:376
#21 0x00005600ac26cd26 in execute_sqlcom_select (thd=0x7f880b7d0070, all_tables=0x7f88098452c0) at /data/src/10.1/sql/sql_parse.cc:5691
#22 0x00005600ac263b43 in mysql_execute_command (thd=0x7f880b7d0070) at /data/src/10.1/sql/sql_parse.cc:3038
#23 0x00005600ac27099f in mysql_parse (thd=0x7f880b7d0070, rawbuf=0x7f8809845088 "SELECT d FROM t1 GROUP BY d WITH ROLLUP HAVING d > '1990-01-01'", length=63, parser_state=0x7f88140ba1e0) at /data/src/10.1/sql/sql_parse.cc:7209
#24 0x00005600ac25fb55 in dispatch_command (command=COM_QUERY, thd=0x7f880b7d0070, packet=0x7f880d7f0071 "", packet_length=63) at /data/src/10.1/sql/sql_parse.cc:1499
#25 0x00005600ac25e913 in do_command (thd=0x7f880b7d0070) at /data/src/10.1/sql/sql_parse.cc:1131
#26 0x00005600ac39ae21 in do_handle_one_connection (thd_arg=0x7f880b7d0070) at /data/src/10.1/sql/sql_connect.cc:1330
#27 0x00005600ac39ab67 in handle_one_connection (arg=0x7f880b7d0070) at /data/src/10.1/sql/sql_connect.cc:1242
#28 0x00005600ac7cee2a in pfs_spawn_thread (arg=0x7f8811c39c70) at /data/src/10.1/storage/perfschema/pfs.cc:1861
#29 0x00007f8813d384a4 in start_thread (arg=0x7f88140bb700) at pthread_create.c:456
#30 0x00007f881274ed0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

All of debug, ASAN and non-debug builds crash with SEGV.
Reproducible with MyISAM and Aria. Not reproducible with InnoDB.
Couldn't reproduce with the provided test case on 10.3 and 10.4.

Attachments

Issue Links

causes

MDEV-21319 COUNT(*) returns 1, actual SELECT returns no result in 10.3.21, but 1 result in 10.1.41

Closed

relates to

MDEV-15011 Server crash, hang, buffer overrun, memory corruption or ASAN failure upon SELECT with a mix of data types and GROUP BY / ROLLUP

Closed

MDEV-22772 Server crashes in Item_null_result::field_type upon query with ROLLUP

Closed

MDEV-20431 GREATEST(int_col,date_col) returns wrong results in a view

Closed

Activity

People

Assignee:: Alexander Barkov

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2019-06-05 11:40

Updated:: 2020-06-02 01:03

Resolved:: 2019-08-27 05:14

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.