Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-20762

Server crashes in Item_field::type_handler upon 3rd execution of SP deleting from versioned table

    XMLWordPrintable

    Details

      Description

      Note: In the test case below "expected" error codes are set empirically, as they are returned now. They may be incorrect.

      CREATE TABLE t1 (a INT, s DATE, e DATE, PERIOD FOR app(s,e)) ENGINE=MyISAM;
      INSERT INTO t1 VALUES
        (1,'2017-06-15','2022-04-20'),
        (2,'2019-04-12','2021-01-03'),
        (3,'2017-01-29','2021-12-09');
       
      CREATE TABLE t2 (b INT) ENGINE=MyISAM;
       
      CREATE TRIGGER tr1 AFTER DELETE ON t1 FOR EACH ROW DELETE FROM t2 WHERE non_existing_column = 0;
      CREATE TRIGGER tr2 AFTER INSERT ON t1 FOR EACH ROW DELETE FROM non_existing_table;
       
      CREATE PROCEDURE p() DELETE FROM t1 FOR PORTION OF app FROM '2016-01-01' TO '2022-01-01';
       
      --error ER_NO_SUCH_TABLE
      CALL p;
      --error ER_BAD_FIELD_ERROR
      CALL p;
      CALL p;
       
      # Cleanup
      DROP PROCEDURE p;
      DROP TABLE t1, t2;
      

      10.4 37570e84

      #3  <signal handler called>
      #4  0x00005645cca456e1 in Item_field::type_handler (this=0x7f09e41a57f0) at /data/src/10.4/sql/item.h:3359
      #5  0x00005645cc5d06a3 in Item::field_type (this=0x7f09e41a57f0) at /data/src/10.4/sql/item.h:1039
      #6  0x00005645cc8c01be in Temporal_with_date::make_from_item (this=0x7f09f73760f0, thd=0x7f09e4000b00, item=0x7f09e41a57f0, fuzzydate=...) at /data/src/10.4/sql/sql_type.cc:844
      #7  0x00005645cc58958a in Temporal_with_date::Temporal_with_date (this=0x7f09f73760f0, thd=0x7f09e4000b00, item=0x7f09e41a57f0, fuzzydate=...) at /data/src/10.4/sql/sql_type.h:1814
      #8  0x00005645cc589726 in Datetime::Datetime (this=0x7f09f73760f0, thd=0x7f09e4000b00, item=0x7f09e41a57f0, fuzzydate=...) at /data/src/10.4/sql/sql_type.h:2057
      #9  0x00005645cc58a75e in Item::val_datetime_packed (this=0x7f09e41a57f0, thd=0x7f09e4000b00) at /data/src/10.4/sql/item.h:1756
      #10 0x00005645cc7e5e2e in TABLE::insert_portion_of_time (this=0x7f09e4075db0, thd=0x7f09e4000b00, period_conds=..., rows_inserted=0x7f09f7376280) at /data/src/10.4/sql/table.cc:8413
      #11 0x00005645ccbd1893 in mysql_delete (thd=0x7f09e4000b00, table_list=0x7f09e407f2e0, conds=0x7f09e41b0b70, order_list=0x7f09e412c850, limit=18446744073709551615, options=0, result=0x0) at /data/src/10.4/sql/sql_delete.cc:839
      #12 0x00005645cc6af9a9 in mysql_execute_command (thd=0x7f09e4000b00) at /data/src/10.4/sql/sql_parse.cc:4723
      #13 0x00005645cc5be8de in sp_instr_stmt::exec_core (this=0x7f09e407fb18, thd=0x7f09e4000b00, nextp=0x7f09f73776b4) at /data/src/10.4/sql/sp_head.cc:3670
      #14 0x00005645cc5bdc37 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f09e407fb60, thd=0x7f09e4000b00, nextp=0x7f09f73776b4, open_tables=false, instr=0x7f09e407fb18) at /data/src/10.4/sql/sp_head.cc:3398
      #15 0x00005645cc5be4a2 in sp_instr_stmt::execute (this=0x7f09e407fb18, thd=0x7f09e4000b00, nextp=0x7f09f73776b4) at /data/src/10.4/sql/sp_head.cc:3576
      #16 0x00005645cc5b7b47 in sp_head::execute (this=0x7f09e407e538, thd=0x7f09e4000b00, merge_da_on_success=true) at /data/src/10.4/sql/sp_head.cc:1346
      #17 0x00005645cc5ba97b in sp_head::execute_procedure (this=0x7f09e407e538, thd=0x7f09e4000b00, args=0x7f09e40058e8) at /data/src/10.4/sql/sp_head.cc:2351
      #18 0x00005645cc6a9b37 in do_execute_sp (thd=0x7f09e4000b00, sp=0x7f09e407e538) at /data/src/10.4/sql/sql_parse.cc:3014
      #19 0x00005645cc6aa81e in Sql_cmd_call::execute (this=0x7f09e40131d0, thd=0x7f09e4000b00) at /data/src/10.4/sql/sql_parse.cc:3256
      #20 0x00005645cc6b5b13 in mysql_execute_command (thd=0x7f09e4000b00) at /data/src/10.4/sql/sql_parse.cc:6094
      #21 0x00005645cc6bb1e7 in mysql_parse (thd=0x7f09e4000b00, rawbuf=0x7f09e4013128 "CALL p", length=6, parser_state=0x7f09f7379170, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7912
      #22 0x00005645cc6a647a in dispatch_command (command=COM_QUERY, thd=0x7f09e4000b00, packet=0x7f09e4008331 "CALL p", packet_length=6, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1841
      #23 0x00005645cc6a4b07 in do_command (thd=0x7f09e4000b00) at /data/src/10.4/sql/sql_parse.cc:1359
      #24 0x00005645cc82c1bb in do_handle_one_connection (connect=0x5645d0270bc0) at /data/src/10.4/sql/sql_connect.cc:1412
      #25 0x00005645cc82bf0a in handle_one_connection (arg=0x5645d0270bc0) at /data/src/10.4/sql/sql_connect.cc:1316
      #26 0x00005645cd22b209 in pfs_spawn_thread (arg=0x5645d028c650) at /data/src/10.4/storage/perfschema/pfs.cc:1862
      #27 0x00007f09fed1d4a4 in start_thread (arg=0x7f09f737a700) at pthread_create.c:456
      #28 0x00007f09fd264d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
      

      All of debug, non-debug and ASAN builds crash the same way.
      Reproducible on 10.4 and 10.5.
      The test case is not applicable to earlier versions.
      Reproducible with MyISAM and Aria, not with InnoDB.

        Attachments

          Activity

            People

            Assignee:
            bar Alexander Barkov
            Reporter:
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated: