Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22560

Crash on a table value constructor with an SP variable

    XMLWordPrintable

Details

    Description

      The problem happens with a debug build.

      This script:

      DELIMITER $$
      		 
      BEGIN NOT ATOMIC
      		 
        DECLARE a INT DEFAULT 0;
      		 
        VALUES (a) UNION SELECT 1;
      		 
      END;
      		 
      $$
      		 
      DELIMITER ;

      crashes the server with the following stack trace:

      #0  0x00007ffff76ce625 in raise () from /lib64/libc.so.6
      		 
      #1  0x00007ffff76b78d9 in abort () from /lib64/libc.so.6
      		 
      #2  0x00007ffff76b77a9 in __assert_fail_base.cold () from /lib64/libc.so.6
      		 
      #3  0x00007ffff76c6a66 in __assert_fail () from /lib64/libc.so.6
      		 
      #4  0x0000000000a95ffd in Item_splocal::fix_fields (this=0x7fff6801a860, 
          thd=0x7fff68000d90, ref=0x0)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/item.cc:1872
      		 
      #5  0x0000000000983df1 in fix_fields_for_tvc (thd=0x7fff68000d90, li=...)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_tvc.cc:55
      		 
      #6  0x000000000098444b in table_value_constr::prepare (this=0x7fff6801a960, 
          thd=0x7fff68000d90, sl=0x7fff6801e1a0, tmp_result=0x7fff68020418, 
          unit_arg=0x7fff6801da18)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_tvc.cc:230
      		 
      #7  0x000000000086c3da in st_select_lex_unit::prepare (this=0x7fff6801da18, 
          derived_arg=0x0, sel_result=0x7fff680203f0, additional_options=268435456)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_union.cc:1018
      		 
      #8  0x0000000000868eee in mysql_union (thd=0x7fff68000d90, lex=0x7fff6801d958, 
          result=0x7fff680203f0, unit=0x7fff6801da18, setup_tables_done_option=0)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_union.cc:39
      		 
      #9  0x00000000007b7baa in handle_select (thd=0x7fff68000d90, 
          lex=0x7fff6801d958, result=0x7fff680203f0, setup_tables_done_option=0)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_select.cc:360
      		 
      #10 0x00000000007817e9 in execute_sqlcom_select (thd=0x7fff68000d90, 
          all_tables=0x0)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_parse.cc:6293
      		 
      #11 0x0000000000778302 in mysql_execute_command (thd=0x7fff68000d90)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_parse.cc:3820
      		 
      #12 0x00000000006a07e6 in sp_instr_stmt::exec_core (this=0x7fff6801b280, 
          thd=0x7fff68000d90, nextp=0x7ffff412ebc8)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sp_head.cc:3609
      		 
      #13 0x000000000069fcca in sp_lex_keeper::reset_lex_and_exec_core (
      		 
          this=0x7fff6801b2c8, thd=0x7fff68000d90, nextp=0x7ffff412ebc8, 
          open_tables=false, instr=0x7fff6801b280)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sp_head.cc:3341
      		 
      #14 0x00000000006a03e0 in sp_instr_stmt::execute (this=0x7fff6801b280, 
          thd=0x7fff68000d90, nextp=0x7ffff412ebc8)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sp_head.cc:3515
      		 
      #15 0x000000000069a3f4 in sp_head::execute (this=0x7fff68019858, 
          thd=0x7fff68000d90, merge_da_on_success=true)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sp_head.cc:1371
      		 
      #16 0x000000000069cc6c in sp_head::execute_procedure (this=0x7fff68019858, 
          thd=0x7fff68000d90, args=0x7fff68005a10)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sp_head.cc:2311
      		 
      #17 0x0000000000775ac9 in do_execute_sp (thd=0x7fff68000d90, sp=0x7fff68019858)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_parse.cc:2991
      		 
      #18 0x000000000077eda3 in mysql_execute_command (thd=0x7fff68000d90)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_parse.cc:5642
      		 
      #19 0x00000000007858ee in mysql_parse (thd=0x7fff68000d90, 
          rawbuf=0x7fff680137b8 "BEGIN NOT ATOMIC\n  DECLARE a INT DEFAULT 0;\n  VALUES (a) UNION SELECT 1;\nEND", length=76, parser_state=0x7ffff41305c0, 
          is_com_multi=false, is_next_command=false)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_parse.cc:7817
      		 
      #20 0x0000000000772947 in dispatch_command (command=COM_QUERY, 
          thd=0x7fff68000d90, 
          packet=0x7fff68008e11 "BEGIN NOT ATOMIC\n  DECLARE a INT DEFAULT 0;\n  VALUES (a) UNION SELECT 1;\nEND;", packet_length=77, is_com_multi=false, 
          is_next_command=false)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_parse.cc:1855
      		 
      #21 0x000000000077132a in do_command (thd=0x7fff68000d90)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_parse.cc:1401
      		 
      #22 0x00000000008db1ef in do_handle_one_connection (connect=0x267c9c0)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_connect.cc:1403
      		 
      #23 0x00000000008daf57 in handle_one_connection (arg=0x267c9c0)
      		 
          at /home/bar/maria-git/server.10.3.floor/sql/sql_connect.cc:1308
      		 
      #24 0x00007ffff7f924e2 in start_thread () from /lib64/libpthread.so.0
      		 
      #25 0x00007ffff77936d3 in clone () from /lib64/libc.so.6

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-21995 Server crashes in Item_field::real_type_handler with table value constructor

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22579 No error when inserting DEFAULT(non_virtual_column) into a virtual column

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22591 Debug build crashes on EXECUTE IMMEDIATE '... WHERE ?' USING IGNORE

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22610 Crash in INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT))

          • Major - Major loss of function.
          • Closed

          Activity

            People

              bar Alexander Barkov
              bar Alexander Barkov
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.