Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22610

Crash in INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT))

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 10.4(EOL), 10.5
    • 10.5.4, 10.4.14
    • OTHER
    • None

    Description

      This scrip crashes the server:

      CREATE OR REPLACE TABLE t1 (a INT DEFAULT 10);
      		 
      INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT));


      #0  Item_field::real_type_handler (this=0x7fffb0015c50)
      		 
          at /home/bar/maria-git/server.10.5/sql/item.h:3395
      		 
      #1  0x0000000000ad3fb3 in join_type_handlers_for_tvc (thd=0x7fffb0000db8, 
          li=..., holders=0x7fffb0017348, first_list_el_count=1)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_tvc.cc:112
      		 
      #2  0x0000000000ad4536 in table_value_constr::prepare (this=0x7fffb0015dc8, 
          thd=0x7fffb0000db8, sl=0x7fffb00157c8, tmp_result=0x7fffb0017260, 
          unit_arg=0x7fffb0004dc8)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_tvc.cc:234
      		 
      #3  0x0000000000984054 in st_select_lex_unit::prepare (this=0x7fffb0004dc8, 
          derived_arg=0x0, sel_result=0x7fffb00171a8, 
          additional_options=2200096997376)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_union.cc:1543
      		 
      #4  0x000000000097ee44 in mysql_union (thd=0x7fffb0000db8, lex=0x7fffb0004d00, 
          result=0x7fffb00171a8, unit=0x7fffb0004dc8, 
          setup_tables_done_option=1073741824)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_union.cc:39
      		 
      #5  0x00000000008b1862 in handle_select (thd=0x7fffb0000db8, 
          lex=0x7fffb0004d00, result=0x7fffb00171a8, 
          setup_tables_done_option=1073741824)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_select.cc:407
      		 
      #6  0x00000000008733ba in mysql_execute_command (thd=0x7fffb0000db8)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:4661
      		 
      #7  0x000000000087deab in mysql_parse (thd=0x7fffb0000db8, 
          rawbuf=0x7fffb0014fd0 "INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT))", length=56, parser_state=0x7ffff480f4c0, is_com_multi=false, 
          is_next_command=false)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:7957
      		 
      #8  0x000000000086ab3a in dispatch_command (command=COM_QUERY, 
          thd=0x7fffb0000db8, 
          packet=0x7fffb0008e89 "INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT))", packet_length=56, is_com_multi=false, is_next_command=false)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:1839
      		 
      #9  0x00000000008693dd in do_command (thd=0x7fffb0000db8)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:1358
      		 
      #10 0x0000000000a01423 in do_handle_one_connection (connect=0x3904278, 
          put_in_cache=true)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_connect.cc:1411
      		 
      #11 0x0000000000a01192 in handle_one_connection (arg=0x3904278)
      		 
          at /home/bar/maria-git/server.10.5/sql/sql_connect.cc:1313

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-21995 Server crashes in Item_field::real_type_handler with table value constructor

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22560 Crash on a table value constructor with an SP variable

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22579 No error when inserting DEFAULT(non_virtual_column) into a virtual column

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22591 Debug build crashes on EXECUTE IMMEDIATE '... WHERE ?' USING IGNORE

          • Major - Major loss of function.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            bar Alexander Barkov created issue -
            bar Alexander Barkov made changes -
            Field Original Value New Value
            bar Alexander Barkov made changes -
            Description A similar crash happens with with query:
            {code:sql}
            CREATE OR REPLACE TABLE t1 (a INT DEFAULT 10);
            INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT));
            {code}

            {noformat}
            #0 Item_field::real_type_handler (this=0x7fffb0015c50)
                at /home/bar/maria-git/server.10.5/sql/item.h:3395
            #1 0x0000000000ad3fb3 in join_type_handlers_for_tvc (thd=0x7fffb0000db8,
                li=..., holders=0x7fffb0017348, first_list_el_count=1)
                at /home/bar/maria-git/server.10.5/sql/sql_tvc.cc:112
            #2 0x0000000000ad4536 in table_value_constr::prepare (this=0x7fffb0015dc8,
                thd=0x7fffb0000db8, sl=0x7fffb00157c8, tmp_result=0x7fffb0017260,
                unit_arg=0x7fffb0004dc8)
                at /home/bar/maria-git/server.10.5/sql/sql_tvc.cc:234
            #3 0x0000000000984054 in st_select_lex_unit::prepare (this=0x7fffb0004dc8,
                derived_arg=0x0, sel_result=0x7fffb00171a8,
                additional_options=2200096997376)
                at /home/bar/maria-git/server.10.5/sql/sql_union.cc:1543
            #4 0x000000000097ee44 in mysql_union (thd=0x7fffb0000db8, lex=0x7fffb0004d00,
                result=0x7fffb00171a8, unit=0x7fffb0004dc8,
                setup_tables_done_option=1073741824)
                at /home/bar/maria-git/server.10.5/sql/sql_union.cc:39
            #5 0x00000000008b1862 in handle_select (thd=0x7fffb0000db8,
                lex=0x7fffb0004d00, result=0x7fffb00171a8,
                setup_tables_done_option=1073741824)
                at /home/bar/maria-git/server.10.5/sql/sql_select.cc:407
            #6 0x00000000008733ba in mysql_execute_command (thd=0x7fffb0000db8)
                at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:4661
            #7 0x000000000087deab in mysql_parse (thd=0x7fffb0000db8,
                rawbuf=0x7fffb0014fd0 "INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT))", length=56, parser_state=0x7ffff480f4c0, is_com_multi=false,
                is_next_command=false)
                at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:7957
            #8 0x000000000086ab3a in dispatch_command (command=COM_QUERY,
                thd=0x7fffb0000db8,
                packet=0x7fffb0008e89 "INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT))", packet_length=56, is_com_multi=false, is_next_command=false)
                at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:1839
            #9 0x00000000008693dd in do_command (thd=0x7fffb0000db8)
                at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:1358
            #10 0x0000000000a01423 in do_handle_one_connection (connect=0x3904278,
                put_in_cache=true)
                at /home/bar/maria-git/server.10.5/sql/sql_connect.cc:1411
            #11 0x0000000000a01192 in handle_one_connection (arg=0x3904278)
                at /home/bar/maria-git/server.10.5/sql/sql_connect.cc:1313
            {noformat}
            		This scrip crashes the server:
            {code:sql}
            CREATE OR REPLACE TABLE t1 (a INT DEFAULT 10);
            INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT));
            {code}

            {noformat}
            #0 Item_field::real_type_handler (this=0x7fffb0015c50)
                at /home/bar/maria-git/server.10.5/sql/item.h:3395
            #1 0x0000000000ad3fb3 in join_type_handlers_for_tvc (thd=0x7fffb0000db8,
                li=..., holders=0x7fffb0017348, first_list_el_count=1)
                at /home/bar/maria-git/server.10.5/sql/sql_tvc.cc:112
            #2 0x0000000000ad4536 in table_value_constr::prepare (this=0x7fffb0015dc8,
                thd=0x7fffb0000db8, sl=0x7fffb00157c8, tmp_result=0x7fffb0017260,
                unit_arg=0x7fffb0004dc8)
                at /home/bar/maria-git/server.10.5/sql/sql_tvc.cc:234
            #3 0x0000000000984054 in st_select_lex_unit::prepare (this=0x7fffb0004dc8,
                derived_arg=0x0, sel_result=0x7fffb00171a8,
                additional_options=2200096997376)
                at /home/bar/maria-git/server.10.5/sql/sql_union.cc:1543
            #4 0x000000000097ee44 in mysql_union (thd=0x7fffb0000db8, lex=0x7fffb0004d00,
                result=0x7fffb00171a8, unit=0x7fffb0004dc8,
                setup_tables_done_option=1073741824)
                at /home/bar/maria-git/server.10.5/sql/sql_union.cc:39
            #5 0x00000000008b1862 in handle_select (thd=0x7fffb0000db8,
                lex=0x7fffb0004d00, result=0x7fffb00171a8,
                setup_tables_done_option=1073741824)
                at /home/bar/maria-git/server.10.5/sql/sql_select.cc:407
            #6 0x00000000008733ba in mysql_execute_command (thd=0x7fffb0000db8)
                at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:4661
            #7 0x000000000087deab in mysql_parse (thd=0x7fffb0000db8,
                rawbuf=0x7fffb0014fd0 "INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT))", length=56, parser_state=0x7ffff480f4c0, is_com_multi=false,
                is_next_command=false)
                at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:7957
            #8 0x000000000086ab3a in dispatch_command (command=COM_QUERY,
                thd=0x7fffb0000db8,
                packet=0x7fffb0008e89 "INSERT INTO t1 (VALUES (DEFAULT) UNION VALUES (DEFAULT))", packet_length=56, is_com_multi=false, is_next_command=false)
                at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:1839
            #9 0x00000000008693dd in do_command (thd=0x7fffb0000db8)
                at /home/bar/maria-git/server.10.5/sql/sql_parse.cc:1358
            #10 0x0000000000a01423 in do_handle_one_connection (connect=0x3904278,
                put_in_cache=true)
                at /home/bar/maria-git/server.10.5/sql/sql_connect.cc:1411
            #11 0x0000000000a01192 in handle_one_connection (arg=0x3904278)
                at /home/bar/maria-git/server.10.5/sql/sql_connect.cc:1313
            {noformat}
            bar Alexander Barkov made changes -
            bar Alexander Barkov made changes -
            bar Alexander Barkov made changes -
            bar Alexander Barkov made changes -
            Affects Version/s 10.3 [ 22126 ]
            bar Alexander Barkov made changes -
            Fix Version/s 10.4 [ 22408 ]
            Fix Version/s 10.3 [ 22126 ]
            bar Alexander Barkov made changes -
            Fix Version/s 10.4.14 [ 24305 ]
            Fix Version/s 10.4 [ 22408 ]
            bar Alexander Barkov made changes -
            issue.field.resolutiondate 2020-05-19 08:42:24.0 2020-05-19 08:42:24.893
            bar Alexander Barkov made changes -
            Resolution Duplicate [ 3 ]
            Status Open [ 1 ] Closed [ 6 ]
            bar Alexander Barkov made changes -
            bar Alexander Barkov made changes -
            bar Alexander Barkov made changes -
            Fix Version/s 10.5.4 [ 24264 ]
            serg Sergei Golubchik made changes -
            Workflow MariaDB v3 [ 108818 ] MariaDB v4 [ 157795 ]

            People

              bar Alexander Barkov
              bar Alexander Barkov
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.