Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-21997

Server crashes in LEX::create_item_ident_sp upon use of unknown identifier

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Blocker
    • Resolution: Fixed
    • 10.4, 10.5
    • 10.4.14, 10.5.5
    • Parser
    • None

    Description

      For MySQL client

      		 
      IF 1 IN ( SELECT 2 ) OR foo = 3 THEN SELECT 4; END IF ;

      For MTR

      		 
      query
      		 
      IF 1 IN ( SELECT 2 ) OR foo = 3 THEN SELECT 4; END IF ;

      10.4 81f70001

      		 
      #3  <signal handler called>
      		 
      #4  0x000055a446b1a616 in LEX::create_item_ident_sp (this=0x7fc63412f178, thd=0x7fc634000af0, name=0x7fc646b01450, start=0x7fc634013308 "foo = 3 THEN SELECT 4", end=0x7fc63401330b " = 3 THEN SELECT 4") at /data/src/10.4/sql/sql_lex.cc:7587
      		 
      #5  0x000055a446e16bbc in LEX::create_item_ident (this=0x7fc63412f178, thd=0x7fc634000af0, cname=0x7fc646b025b0) at /data/src/10.4/sql/sql_lex.h:3847
      		 
      #6  0x000055a446e04e3e in MYSQLparse (thd=0x7fc634000af0) at /data/src/10.4/sql/sql_yacc.yy:15561
      		 
      #7  0x000055a446b5503a in parse_sql (thd=0x7fc634000af0, parser_state=0x7fc646b03160, creation_ctx=0x0, do_pfs_digest=true) at /data/src/10.4/sql/sql_parse.cc:10206
      		 
      #8  0x000055a446b4f85e in mysql_parse (thd=0x7fc634000af0, rawbuf=0x7fc6340132f0 "IF 1 IN ( SELECT 2 ) OR foo = 3 THEN SELECT 4", length=45, parser_state=0x7fc646b03160, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7853
      		 
      #9  0x000055a446b3abd0 in dispatch_command (command=COM_QUERY, thd=0x7fc634000af0, packet=0x7fc634136171 "IF 1 IN ( SELECT 2 ) OR foo = 3 THEN SELECT 4", packet_length=45, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1842
      		 
      #10 0x000055a446b3925d in do_command (thd=0x7fc634000af0) at /data/src/10.4/sql/sql_parse.cc:1360
      		 
      #11 0x000055a446cc270f in do_handle_one_connection (connect=0x55a44a48f500) at /data/src/10.4/sql/sql_connect.cc:1412
      		 
      #12 0x000055a446cc245e in handle_one_connection (arg=0x55a44a48f500) at /data/src/10.4/sql/sql_connect.cc:1316
      		 
      #13 0x000055a4476cad6d in pfs_spawn_thread (arg=0x55a44a3a3490) at /data/src/10.4/storage/perfschema/pfs.cc:1869
      		 
      #14 0x00007fc64e8e24a4 in start_thread (arg=0x7fc646b04700) at pthread_create.c:456
      		 
      #15 0x00007fc64ca16d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

      Reproducible on 10.4-10.5, on debug and non-debug alike.
      Also crashes if the structure is used upon creation of a traditional (named) stored procedure, e.g.

      --delimiter $
      		 
      CREATE PROCEDURE pr()
      		 
      BEGIN
      		 
        IF 1 IN ( SELECT 2 ) OR foo = 3
      		 
        THEN SELECT 4;
      		 
        END IF ;
      		 
      END $
      		 
      --delimiter ;
      		 
       
      		 
      # Cleanup
      		 
      DROP PROCEDURE pr;

      10.3 does not crash, but it doesn't detect the unknown identifier, either, which might be wrong.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-23518 Syntax error in ond SP results in misleading message on SHOW CREATE PROCEDURE

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              sanja Oleksandr Byelkin
              elenst Elena Stepanova
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.