[MDEV-20770] Server crashes in JOIN::transform_in_predicates_into_in_subq upon 2nd execution of PS/SP comparing GEOMETRY with other types - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.3(EOL), 10.4(EOL), 10.5, 10.6
Fix Version/s: 10.3.33, 10.4.23, 10.5.14, 10.6.6, 10.7.2, 10.8.1
Component/s: Data types, GIS, Prepared Statements, Stored routines
Labels:
- affects-tests

Description

CREATE TABLE t1 (a GEOMETRY);

CREATE TABLE t2 (b INT);

# Data does not make any difference, it fails with empty tables too

INSERT INTO t1 VALUES (GeomFromText('POINT(0 0)')),(GeomFromText('POINT(1 1)'));

INSERT INTO t2 VALUES (1),(2);

PREPARE stmt FROM "SELECT * from t1 WHERE a IN (SELECT b FROM t2)";

--error ER_ILLEGAL_PARAMETER_DATA_TYPES2_FOR_OPERATION

EXECUTE stmt;

--error ER_ILLEGAL_PARAMETER_DATA_TYPES2_FOR_OPERATION

EXECUTE stmt;

# Cleanup

DROP TABLE t1, t2;

10.3 5b2fa078
#3 <signal handler called>
#4 0x000056270cb51df7 in JOIN::transform_in_predicates_into_in_subq (this=0x0, thd=0x7f4f5c000b00) at /data/src/10.3/sql/sql_tvc.cc:1001
#5 0x000056270cafae06 in convert_join_subqueries_to_semijoins (join=0x7f4f5c012a58) at /data/src/10.3/sql/opt_subselect.cc:1068
#6 0x000056270c979785 in JOIN::optimize_inner (this=0x7f4f5c012a58) at /data/src/10.3/sql/sql_select.cc:1565
#7 0x000056270c97920b in JOIN::optimize (this=0x7f4f5c012a58) at /data/src/10.3/sql/sql_select.cc:1449
#8 0x000056270c98312a in mysql_select (thd=0x7f4f5c000b00, tables=0x7f4f5c16e908, wild_num=0, fields=..., conds=0x7f4f5c1703e8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416184064, result=0x7f4f5c170630, unit=0x7f4f5c16d068, select_lex=0x7f4f5c16d7e8) at /data/src/10.3/sql/sql_select.cc:4225
#9 0x000056270c974c4a in handle_select (thd=0x7f4f5c000b00, lex=0x7f4f5c16cfa0, result=0x7f4f5c170630, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:370
#10 0x000056270c93c9b9 in execute_sqlcom_select (thd=0x7f4f5c000b00, all_tables=0x7f4f5c16e908) at /data/src/10.3/sql/sql_parse.cc:6286
#11 0x000056270c9333ee in mysql_execute_command (thd=0x7f4f5c000b00) at /data/src/10.3/sql/sql_parse.cc:3816
#12 0x000056270c96006a in Prepared_statement::execute (this=0x7f4f5c16cb40, expanded_query=0x7f4f6cf1bc70, open_cursor=false) at /data/src/10.3/sql/sql_prepare.cc:4807
#13 0x000056270c95e2e8 in Prepared_statement::execute_loop (this=0x7f4f5c16cb40, expanded_query=0x7f4f6cf1bc70, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.3/sql/sql_prepare.cc:4235
#14 0x000056270c95bd9d in mysql_sql_stmt_execute (thd=0x7f4f5c000b00) at /data/src/10.3/sql/sql_prepare.cc:3343
#15 0x000056270c933433 in mysql_execute_command (thd=0x7f4f5c000b00) at /data/src/10.3/sql/sql_parse.cc:3832
#16 0x000056270c940cc3 in mysql_parse (thd=0x7f4f5c000b00, rawbuf=0x7f4f5c012818 "EXECUTE stmt", length=12, parser_state=0x7f4f6cf1c5e0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7829
#17 0x000056270c92d8fd in dispatch_command (command=COM_QUERY, thd=0x7f4f5c000b00, packet=0x7f4f5c008c71 "EXECUTE stmt", packet_length=12, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1855
#18 0x000056270c92c245 in do_command (thd=0x7f4f5c000b00) at /data/src/10.3/sql/sql_parse.cc:1400
#19 0x000056270caa2c18 in do_handle_one_connection (connect=0x5627106421b0) at /data/src/10.3/sql/sql_connect.cc:1403
#20 0x000056270caa297a in handle_one_connection (arg=0x5627106421b0) at /data/src/10.3/sql/sql_connect.cc:1308
#21 0x000056270d44d86e in pfs_spawn_thread (arg=0x56271065d170) at /data/src/10.3/storage/perfschema/pfs.cc:1862
#22 0x00007f4f748934a4 in start_thread (arg=0x7f4f6cf1d700) at pthread_create.c:456
#23 0x00007f4f72ddad0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Reproducible on 10.3-10.5, all of debug, non-debug, ASAN, with at least InnoDB, MyISAM, Aria.
Earlier 10.3 versions are also affected.
Not reproducible on 10.2.

Same failure with SP instead of PS.

#3  <signal handler called>

#4  0x00005654ec749df7 in JOIN::transform_in_predicates_into_in_subq (this=0x0, thd=0x7f59d4000b00) at /data/src/10.3/sql/sql_tvc.cc:1001

#5  0x00005654ec6f2e06 in convert_join_subqueries_to_semijoins (join=0x7f59d403cfc8) at /data/src/10.3/sql/opt_subselect.cc:1068

#6  0x00005654ec571785 in JOIN::optimize_inner (this=0x7f59d403cfc8) at /data/src/10.3/sql/sql_select.cc:1565

#7  0x00005654ec57120b in JOIN::optimize (this=0x7f59d403cfc8) at /data/src/10.3/sql/sql_select.cc:1449

#8  0x00005654ec57b12a in mysql_select (thd=0x7f59d4000b00, tables=0x7f59d416d998, wild_num=0, fields=..., conds=0x7f59d416e6b0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147749632, result=0x7f59d403cfa0, unit=0x7f59d416ecc0, select_lex=0x7f59d416f440) at /data/src/10.3/sql/sql_select.cc:4225

#9  0x00005654ec56cc4a in handle_select (thd=0x7f59d4000b00, lex=0x7f59d416ebf8, result=0x7f59d403cfa0, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:370

#10 0x00005654ec5349b9 in execute_sqlcom_select (thd=0x7f59d4000b00, all_tables=0x7f59d416d998) at /data/src/10.3/sql/sql_parse.cc:6286

#11 0x00005654ec52b3ee in mysql_execute_command (thd=0x7f59d4000b00) at /data/src/10.3/sql/sql_parse.cc:3816

#12 0x00005654ec44e98e in sp_instr_stmt::exec_core (this=0x7f59d416e8f8, thd=0x7f59d4000b00, nextp=0x7f59e69321c4) at /data/src/10.3/sql/sp_head.cc:3596

#13 0x00005654ec44dddc in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f59d416e940, thd=0x7f59d4000b00, nextp=0x7f59e69321c4, open_tables=false, instr=0x7f59d416e8f8) at /data/src/10.3/sql/sp_head.cc:3324

#14 0x00005654ec44e56e in sp_instr_stmt::execute (this=0x7f59d416e8f8, thd=0x7f59d4000b00, nextp=0x7f59e69321c4) at /data/src/10.3/sql/sp_head.cc:3502

#15 0x00005654ec44813c in sp_head::execute (this=0x7f59d416cb58, thd=0x7f59d4000b00, merge_da_on_success=true) at /data/src/10.3/sql/sp_head.cc:1356

#16 0x00005654ec44abf4 in sp_head::execute_procedure (this=0x7f59d416cb58, thd=0x7f59d4000b00, args=0x7f59d4005780) at /data/src/10.3/sql/sp_head.cc:2296

#17 0x00005654ec528b3c in do_execute_sp (thd=0x7f59d4000b00, sp=0x7f59d416cb58) at /data/src/10.3/sql/sql_parse.cc:2991

#18 0x00005654ec5297b2 in Sql_cmd_call::execute (this=0x7f59d40128d0, thd=0x7f59d4000b00) at /data/src/10.3/sql/sql_parse.cc:3231

#19 0x00005654ec533550 in mysql_execute_command (thd=0x7f59d4000b00) at /data/src/10.3/sql/sql_parse.cc:6023

#20 0x00005654ec538cc3 in mysql_parse (thd=0x7f59d4000b00, rawbuf=0x7f59d4012818 "CALL p", length=6, parser_state=0x7f59e69335e0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7829

#21 0x00005654ec5258fd in dispatch_command (command=COM_QUERY, thd=0x7f59d4000b00, packet=0x7f59d4008c71 "CALL p", packet_length=6, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1855

#22 0x00005654ec524245 in do_command (thd=0x7f59d4000b00) at /data/src/10.3/sql/sql_parse.cc:1400

#23 0x00005654ec69ac18 in do_handle_one_connection (connect=0x5654effbb1b0) at /data/src/10.3/sql/sql_connect.cc:1403

#24 0x00005654ec69a97a in handle_one_connection (arg=0x5654effbb1b0) at /data/src/10.3/sql/sql_connect.cc:1308

#25 0x00005654ed04586e in pfs_spawn_thread (arg=0x5654effd6170) at /data/src/10.3/storage/perfschema/pfs.cc:1862

#26 0x00007f59ee2aa4a4 in start_thread (arg=0x7f59e6934700) at pthread_create.c:456

#27 0x00007f59ec7f1d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Attachments

Issue Links

relates to

MDEV-31551 [Draft] Assortment of crashes in convert_join_subqueries_to_semijoins with GIS

Closed

Server crashes in JOIN::transform_in_predicates_into_in_subq upon 2nd execution of PS/SP comparing GEOMETRY with other types

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration