Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22236

JSON_ARRAYAGG query leads to SIGSEGV in Charset::swap on optimized builds

    XMLWordPrintable

    Details

      Description

      USE test;
      CREATE TABLE t (c INT);
      SELECT JSON_ARRAYAGG(TRUE) FROM t;
      

      Changing the last query from "TRUE" to "0" or "1" produces the same result.

      Leads to:

      10.5.3 364e7a9ae6b5fbf69494cec30733b5ad28738cbb

      Core was generated by `/test/MD110420-mariadb-10.5.3-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11)
          at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      [Current thread is 1 (Thread 0x7f162a68d700 (LWP 23097))]
      (gdb) bt
      #0  __pthread_kill (threadid=<optimized out>, signo=signo@entry=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:57
      #1  0x000055f2a39a121e in my_write_core (sig=sig@entry=11) at /test/10.5_dbg/mysys/stacktrace.c:518
      #2  0x000055f2a314708f in handle_fatal_signal (sig=11) at /test/10.5_dbg/sql/signal_handler.cc:329
      #3  <signal handler called>
      #4  0x000055f2a3344f72 in Charset::swap (other=..., this=0x7f162a68af20) at /test/10.5_dbg/sql/sql_string.h:182
      #5  String::swap (s=..., this=0x7f162a68af20) at /test/10.5_dbg/sql/sql_string.h:987
      #6  Item_func_json_arrayagg::val_str (this=<optimized out>, str=0x0) at /test/10.5_dbg/sql/item_jsonfunc.cc:3638
      #7  0x000055f2a308296c in Type_handler::Item_send_str (this=<optimized out>, item=0x7f15fc874698, protocol=0x7f15fc815650, buf=<optimized out>) at /test/10.5_dbg/sql/sql_type.cc:7137
      #8  0x000055f2a2fd7a0f in Type_handler_string_result::Item_send (this=<optimized out>, item=<optimized out>, protocol=<optimized out>, buf=<optimized out>) at /test/10.5_dbg/sql/sql_type.h:5180
      #9  0x000055f2a2daf23f in Item::send (this=0x7f15fc874698, protocol=0x7f15fc815650, buffer=0x7f162a68b020) at /test/10.5_dbg/sql/item.h:1054
      #10 0x000055f2a2dacfaf in Protocol::send_result_set_row (this=this@entry=0x7f15fc815650, row_items=row_items@entry=0x7f15fc875fa8) at /test/10.5_dbg/sql/protocol.cc:1082
      #11 0x000055f2a2e3efa8 in select_send::send_data (this=0x7f15fc875bc8, items=...) at /test/10.5_dbg/sql/sql_class.cc:3006
      #12 0x000055f2a2ef6de0 in select_result_sink::send_data_with_check (sent=<optimized out>, u=<optimized out>, items=..., this=<optimized out>) at /test/10.5_dbg/sql/sql_class.h:5236
      #13 end_send_group (join=0x7f15fc875bf0, join_tab=<optimized out>, end_of_records=<optimized out>) at /test/10.5_dbg/sql/sql_select.cc:21947
      #14 0x000055f2a2ee36e5 in sub_select (join=0x7f15fc875bf0, join_tab=0x7f15fc876e68, end_of_records=<optimized out>) at /test/10.5_dbg/sql/sql_select.cc:20550
      #15 0x000055f2a2f1b902 in do_select (procedure=<optimized out>, join=0x7f15fc875bf0) at /test/10.5_dbg/sql/sql_select.cc:20141
      #16 JOIN::exec_inner (this=this@entry=0x7f15fc875bf0) at /test/10.5_dbg/sql/sql_select.cc:4463
      #17 0x000055f2a2f1bc6b in JOIN::exec (this=this@entry=0x7f15fc875bf0) at /test/10.5_dbg/sql/sql_select.cc:4244
      #18 0x000055f2a2f19f80 in mysql_select (thd=thd@entry=0x7f15fc815088, tables=<optimized out>, fields=..., conds=0x0, og_num=0, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f15fc875bc8, unit=0x7f15fc819090, select_lex=0x7f15fc874148) at /test/10.5_dbg/sql/sql_select.cc:4668
      #19 0x000055f2a2f1a2af in handle_select (thd=thd@entry=0x7f15fc815088, lex=lex@entry=0x7f15fc818fc8, result=result@entry=0x7f15fc875bc8, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_dbg/sql/sql_select.cc:417
      #20 0x000055f2a2ea499a in execute_sqlcom_select (thd=thd@entry=0x7f15fc815088, all_tables=0x7f15fc874b78) at /test/10.5_dbg/sql/sql_parse.cc:6168
      #21 0x000055f2a2e9d3ed in mysql_execute_command (thd=thd@entry=0x7f15fc815088) at /test/10.5_dbg/sql/sql_parse.cc:3901
      #22 0x000055f2a2eaa9d1 in mysql_parse (thd=thd@entry=0x7f15fc815088, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7f162a68c450, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:7953
      #23 0x000055f2a2e96719 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f15fc815088, packet=packet@entry=0x7f15fc867089 "", packet_length=packet_length@entry=33, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /test/10.5_dbg/sql/sql_parse.cc:1839
      #24 0x000055f2a2e94f6f in do_command (thd=0x7f15fc815088) at /test/10.5_dbg/sql/sql_parse.cc:1358
      #25 0x000055f2a2fefa53 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x7f16010433a8, put_in_cache=put_in_cache@entry=true) at /test/10.5_dbg/sql/sql_connect.cc:1422
      #26 0x000055f2a2fefd82 in handle_one_connection (arg=arg@entry=0x7f16010433a8) at /test/10.5_dbg/sql/sql_connect.cc:1319
      #27 0x000055f2a3450080 in pfs_spawn_thread (arg=0x7f1628045888) at /test/10.5_dbg/storage/perfschema/pfs.cc:2201
      #28 0x00007f1629ab46db in start_thread (arg=0x7f162a68d700) at pthread_create.c:463
      #29 0x00007f1628eb288f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      Bug confirmed present in:
      MariaDB: 10.5.2 (dbg), 10.5.2 (opt), 10.5.3 (dbg), 10.5.3 (opt)

      Bug confirmed not present in:
      MariaDB: 10.1.45 (dbg), 10.1.45 (opt), 10.2.32 (dbg), 10.2.32 (opt), 10.3.23 (dbg), 10.3.23 (opt), 10.4.13 (dbg), 10.4.13 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.47 (dbg), 5.6.47 (opt), 5.7.29 (dbg), 5.7.29 (opt), 8.0.19 (dbg), 8.0.19 (opt)

      Syntax is not valid in MariaDB 10.4.13:

      10.4.13

      10.4.13>SELECT JSON_ARRAYAGG(TRUE) FROM t;
      ERROR 1305 (42000): FUNCTION test.JSON_ARRAYAGG does not exist
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              holyfoot Alexey Botchkov
              Reporter:
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: