Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22610

Crash in INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT))

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 10.4(EOL), 10.5
    • 10.5.4, 10.4.14
    • OTHER
    • None

    Description

      This scrip crashes the server:

      CREATE OR REPLACE TABLE t1 (a INT DEFAULT 10);
      		 
      INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT));


      #0  Item_field::real_type_handler (this=0x7fffb0015c50)
      		 
          at /home/bar/maria-git/server.10.5/sql/item.h:3395
      		 
      #1  0x0000000000ad3fb3 in join_type_handlers_for_tvc (thd=0x7fffb0000db8, 
          li=..., holders=0x7fffb0017348, first_list_el_count=1)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_tvc.cc:112
      		 
      #2  0x0000000000ad4536 in table_value_constr::prepare (this=0x7fffb0015dc8, 
          thd=0x7fffb0000db8, sl=0x7fffb00157c8, tmp_result=0x7fffb0017260, 
          unit_arg=0x7fffb0004dc8)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_tvc.cc:234
      		 
      #3  0x0000000000984054 in st_select_lex_unit::prepare (this=0x7fffb0004dc8, 
          derived_arg=0x0, sel_result=0x7fffb00171a8, 
          additional_options=2200096997376)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_union.cc:1543
      		 
      #4  0x000000000097ee44 in mysql_union (thd=0x7fffb0000db8, lex=0x7fffb0004d00, 
          result=0x7fffb00171a8, unit=0x7fffb0004dc8, 
          setup_tables_done_option=1073741824)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_union.cc:39
      		 
      #5  0x00000000008b1862 in handle_select (thd=0x7fffb0000db8, 
          lex=0x7fffb0004d00, result=0x7fffb00171a8, 
          setup_tables_done_option=1073741824)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_select.cc:407
      		 
      #6  0x00000000008733ba in mysql_execute_command (thd=0x7fffb0000db8)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:4661
      		 
      #7  0x000000000087deab in mysql_parse (thd=0x7fffb0000db8, 
          rawbuf=0x7fffb0014fd0 "INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT))", length=56, parser_state=0x7ffff480f4c0, is_com_multi=false, 
          is_next_command=false)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:7957
      		 
      #8  0x000000000086ab3a in dispatch_command (command=COM_QUERY, 
          thd=0x7fffb0000db8, 
          packet=0x7fffb0008e89 "INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT))", packet_length=56, is_com_multi=false, is_next_command=false)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:1839
      		 
      #9  0x00000000008693dd in do_command (thd=0x7fffb0000db8)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:1358
      		 
      #10 0x0000000000a01423 in do_handle_one_connection (connect=0x3904278, 
          put_in_cache=true)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_connect.cc:1411
      		 
      #11 0x0000000000a01192 in handle_one_connection (arg=0x3904278)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_connect.cc:1313

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-21995 Server crashes in Item_field::real_type_handler with table value constructor

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22560 Crash on a table value constructor with an SP variable

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22579 No error when inserting DEFAULT(non_virtual_column) into a virtual column

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22591 Debug build crashes on EXECUTE IMMEDIATE '... WHERE ?' USING IGNORE

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            elenst Elena Stepanova added a comment -

            Isn't it the exact same crash as MDEV-21995? Surely if it crashes upon just VALUES ( DEFAULT ), it has no problem crashing upon UNION of VALUES( DEFAULT )?

            elenst Elena Stepanova added a comment - Isn't it the exact same crash as MDEV-21995 ? Surely if it crashes upon just VALUES ( DEFAULT ) , it has no problem crashing upon UNION of VALUES( DEFAULT ) ?
            bar Alexander Barkov added a comment -

            MDEV-21995 is repeatable starting from 10.3, while MDEV-22610 is repeatable starting from 10.4

            We will know if this is the same problem when the fix for MDEV-21995 is merged to 10.4

            bar Alexander Barkov added a comment - MDEV-21995 is repeatable starting from 10.3, while MDEV-22610 is repeatable starting from 10.4 We will know if this is the same problem when the fix for MDEV-21995 is merged to 10.4
            bar Alexander Barkov added a comment -

            The fix for MDEV-21995 fixed MDEV-22610 indeed.

            bar Alexander Barkov added a comment - The fix for MDEV-21995 fixed MDEV-22610 indeed.

            People

              bar Alexander Barkov
              bar Alexander Barkov
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.