[MDEV-22772] Server crashes in Item_null_result::field_type upon query with ROLLUP - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Won't Fix
Affects Version/s: 10.1(EOL), 10.2(EOL)
Fix Version/s: N/A
Component/s: Data types
Labels:

Description

CREATE TABLE t1 (a BLOB);

INSERT INTO t1 VALUES (0);

SELECT FIELD( CONVERT( a, SIGNED ), '01' ) AS f FROM t1 GROUP BY a WITH ROLLUP;

# Cleanup

DROP TABLE t1;

10.1 49854811
#3 <signal handler called>
#4 0x000055fced944b33 in Item_null_result::field_type (this=0x7fdf919c4060) at /data/src/10.1/sql/item.h:2673
#5 0x000055fced86cc0d in Item_ref::field_type (this=0x7fdf919c2630) at /data/src/10.1/sql/item.h:4014
#6 0x000055fcedb170b5 in Item::cmp_type (this=0x7fdf919c2630) at /data/src/10.1/sql/item.cc:671
#7 0x000055fced7fe5c9 in Item::cast_to_int_type (this=0x7fdf919c2630) at /data/src/10.1/sql/item.h:815
#8 0x000055fcedb69349 in Item_func_signed::val_int (this=0x7fdf919c12a0) at /data/src/10.1/sql/item_func.cc:1100
#9 0x000055fcedb67b04 in Item_int_func::val_real (this=0x7fdf919c12a0) at /data/src/10.1/sql/item_func.cc:707
#10 0x000055fcedb7127d in Item_func_field::val_int (this=0x7fdf919c1480) at /data/src/10.1/sql/item_func.cc:3236
#11 0x000055fcedb26764 in Item::send (this=0x7fdf919c1480, protocol=0x7fdf937ce600, buffer=0x7fdf9c114e20) at /data/src/10.1/sql/item.cc:6460
#12 0x000055fced7fbc07 in Protocol::send_result_set_row (this=0x7fdf937ce600, row_items=0x7fdf919c2560) at /data/src/10.1/sql/protocol.cc:914
#13 0x000055fced884e68 in select_send::send_data (this=0x7fdf919c1e18, items=...) at /data/src/10.1/sql/sql_class.cc:2762
#14 0x000055fced93c907 in JOIN::rollup_send_data (this=0x7fdf919c1e38, idx=0) at /data/src/10.1/sql/sql_select.cc:24184
#15 0x000055fced932264 in end_send_group (join=0x7fdf919c1e38, join_tab=0x0, end_of_records=true) at /data/src/10.1/sql/sql_select.cc:19887
#16 0x000055fced92e6d4 in do_select (join=0x7fdf919c1e38, fields=0x7fdf919c2238, table=0x0, procedure=0x0) at /data/src/10.1/sql/sql_select.cc:18207
#17 0x000055fced908510 in JOIN::exec_inner (this=0x7fdf919c1e38) at /data/src/10.1/sql/sql_select.cc:3277
#18 0x000055fced90583b in JOIN::exec (this=0x7fdf919c1e38) at /data/src/10.1/sql/sql_select.cc:2564
#19 0x000055fced908d31 in mysql_select (thd=0x7fdf937ce070, rref_pointer_array=0x7fdf937d2568, tables=0x7fdf919c15f0, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7fdf919c1d00, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fdf919c1e18, unit=0x7fdf937d1bb8, select_lex=0x7fdf937d22c0) at /data/src/10.1/sql/sql_select.cc:3501
#20 0x000055fced8fe4a0 in handle_select (thd=0x7fdf937ce070, lex=0x7fdf937d1af8, result=0x7fdf919c1e18, setup_tables_done_option=0) at /data/src/10.1/sql/sql_select.cc:377
#21 0x000055fced8cdf86 in execute_sqlcom_select (thd=0x7fdf937ce070, all_tables=0x7fdf919c15f0) at /data/src/10.1/sql/sql_parse.cc:5690
#22 0x000055fced8c4c52 in mysql_execute_command (thd=0x7fdf937ce070) at /data/src/10.1/sql/sql_parse.cc:3037
#23 0x000055fced8d1a94 in mysql_parse (thd=0x7fdf937ce070, rawbuf=0x7fdf919c1088 "SELECT FIELD( CONVERT( a, SIGNED ), '01' ) AS f FROM t1 GROUP BY a WITH ROLLUP", length=78, parser_state=0x7fdf9c1165f0) at /data/src/10.1/sql/sql_parse.cc:7208
#24 0x000055fced8c0c6a in dispatch_command (command=COM_QUERY, thd=0x7fdf937ce070, packet=0x7fdf957ee071 "", packet_length=78) at /data/src/10.1/sql/sql_parse.cc:1499
#25 0x000055fced8bfb4f in do_command (thd=0x7fdf937ce070) at /data/src/10.1/sql/sql_parse.cc:1131
#26 0x000055fced9fd827 in do_handle_one_connection (thd_arg=0x7fdf937ce070) at /data/src/10.1/sql/sql_connect.cc:1331
#27 0x000055fced9fd558 in handle_one_connection (arg=0x7fdf937ce070) at /data/src/10.1/sql/sql_connect.cc:1242
#28 0x000055fcede1b1ac in pfs_spawn_thread (arg=0x7fdf99c39c70) at /data/src/10.1/storage/perfschema/pfs.cc:1868
#29 0x00007fdf9bd994a4 in start_thread (arg=0x7fdf9c117700) at pthread_create.c:456
#30 0x00007fdf9a5a7d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Reproducible on 10.1, 10.2, release-, debug- and asan builds alike, with at least MyISAM and InnoDB.
Not reproducible on 10.3+.

Attachments

Issue Links

relates to

MDEV-16190 Server crashes in Item_null_result::field_type on SELECT with time field, ROLLUP and HAVING

Closed

MDEV-17830 Server crashes in Item_null_result::field_type upon SELECT with CHARSET(date) and ROLLUP

Closed

MDEV-19699 Server crashes in Item_null_result::field_type upon SELECT with ROLLUP on constant table

Closed

Activity

Ascending order - Click to sort in descending order

Elena Stepanova added a comment - 2020-07-28 23:14

A similar one, with a slightly different stack trace

CREATE TABLE t1 (a VARCHAR(10)) ENGINE=MyISAM;

INSERT INTO t1 VALUES ('2020-12-12');

SELECT a FROM t1 GROUP BY a WITH ROLLUP HAVING WEEKOFYEAR(a) > 50;

# Cleanup

DROP TABLE t1;

10.2 cae4b3f8
#3 <signal handler called>
#4 0x0000559f6d430bd9 in Item_null_result::field_type (this=0x7fbde00152e0) at /data/src/10.2/sql/item.h:2948
#5 0x0000559f6d34801b in Item_ref::field_type (this=0x7fbde0012e48) at /data/src/10.2/sql/item.h:4485
#6 0x0000559f6d63646a in Item::get_date_with_conversion (this=0x7fbde0012e48, ltime=0x7fbdf19c7170, fuzzydate=25165824) at /data/src/10.2/sql/item.cc:148
#7 0x0000559f6d712b11 in Item_func::get_arg0_date (this=0x7fbde0012ff0, ltime=0x7fbdf19c7170, fuzzy_date=25165824) at /data/src/10.2/sql/item_func.h:170
#8 0x0000559f6d70b7bb in Item_func_week::val_int (this=0x7fbde0012ff0) at /data/src/10.2/sql/item_timefunc.cc:1069
#9 0x0000559f6d661b2d in Arg_comparator::compare_int_signed (this=0x7fbde0013208) at /data/src/10.2/sql/item_cmpfunc.cc:963
#10 0x0000559f6d675564 in Arg_comparator::compare (this=0x7fbde0013208) at /data/src/10.2/sql/item_cmpfunc.h:87
#11 0x0000559f6d664289 in Item_func_gt::val_int (this=0x7fbde0013148) at /data/src/10.2/sql/item_cmpfunc.cc:1836
#12 0x0000559f6d426e59 in JOIN::rollup_send_data (this=0x7fbde0013390, idx=0) at /data/src/10.2/sql/sql_select.cc:24397
#13 0x0000559f6d41c620 in end_send_group (join=0x7fbde0013390, join_tab=0x0, end_of_records=true) at /data/src/10.2/sql/sql_select.cc:20206
#14 0x0000559f6d41848f in do_select (join=0x7fbde0013390, procedure=0x0) at /data/src/10.2/sql/sql_select.cc:18376
#15 0x0000559f6d3f21d7 in JOIN::exec_inner (this=0x7fbde0013390) at /data/src/10.2/sql/sql_select.cc:3638
#16 0x0000559f6d3f1692 in JOIN::exec (this=0x7fbde0013390) at /data/src/10.2/sql/sql_select.cc:3433
#17 0x0000559f6d3f2848 in mysql_select (thd=0x7fbde0000af0, tables=0x7fbde00126a0, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7fbde0012dd8, having=0x7fbde0013148, proc_param=0x0, select_options=2147748608, result=0x7fbde0013370, unit=0x7fbde00046e8, select_lex=0x7fbde0004e28) at /data/src/10.2/sql/sql_select.cc:3833
#18 0x0000559f6d3e6a06 in handle_select (thd=0x7fbde0000af0, lex=0x7fbde0004628, result=0x7fbde0013370, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361
#19 0x0000559f6d3b2472 in execute_sqlcom_select (thd=0x7fbde0000af0, all_tables=0x7fbde00126a0) at /data/src/10.2/sql/sql_parse.cc:6218
#20 0x0000559f6d3a8cf3 in mysql_execute_command (thd=0x7fbde0000af0) at /data/src/10.2/sql/sql_parse.cc:3524
#21 0x0000559f6d3b61a9 in mysql_parse (thd=0x7fbde0000af0, rawbuf=0x7fbde0012458 "SELECT a FROM t1 GROUP BY a WITH ROLLUP HAVING WEEKOFYEAR(a) > 50", length=65, parser_state=0x7fbdf19c8610, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7733
#22 0x0000559f6d3a44d5 in dispatch_command (command=COM_QUERY, thd=0x7fbde0000af0, packet=0x7fbde008cd81 "", packet_length=65, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1824
#23 0x0000559f6d3a2f50 in do_command (thd=0x7fbde0000af0) at /data/src/10.2/sql/sql_parse.cc:1377
#24 0x0000559f6d4f8fb1 in do_handle_one_connection (connect=0x559f6f817140) at /data/src/10.2/sql/sql_connect.cc:1336
#25 0x0000559f6d4f8d1c in handle_one_connection (arg=0x559f6f817140) at /data/src/10.2/sql/sql_connect.cc:1241
#26 0x0000559f6dd0f324 in pfs_spawn_thread (arg=0x559f6f763e50) at /data/src/10.2/storage/perfschema/pfs.cc:1869
#27 0x00007fbdf961d4a4 in start_thread (arg=0x7fbdf19c9700) at pthread_create.c:456
#28 0x00007fbdf7751d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Elena Stepanova added a comment - 2020-07-28 23:14 A similar one, with a slightly different stack trace CREATE TABLE t1 (a VARCHAR (10)) ENGINE=MyISAM; INSERT INTO t1 VALUES ( '2020-12-12' ); SELECT a FROM t1 GROUP BY a WITH ROLLUP HAVING WEEKOFYEAR(a) > 50; # Cleanup DROP TABLE t1; 10.2 cae4b3f8 #3 <signal handler called> #4 0x0000559f6d430bd9 in Item_null_result::field_type (this=0x7fbde00152e0) at /data/src/10.2/sql/item.h:2948 #5 0x0000559f6d34801b in Item_ref::field_type (this=0x7fbde0012e48) at /data/src/10.2/sql/item.h:4485 #6 0x0000559f6d63646a in Item::get_date_with_conversion (this=0x7fbde0012e48, ltime=0x7fbdf19c7170, fuzzydate=25165824) at /data/src/10.2/sql/item.cc:148 #7 0x0000559f6d712b11 in Item_func::get_arg0_date (this=0x7fbde0012ff0, ltime=0x7fbdf19c7170, fuzzy_date=25165824) at /data/src/10.2/sql/item_func.h:170 #8 0x0000559f6d70b7bb in Item_func_week::val_int (this=0x7fbde0012ff0) at /data/src/10.2/sql/item_timefunc.cc:1069 #9 0x0000559f6d661b2d in Arg_comparator::compare_int_signed (this=0x7fbde0013208) at /data/src/10.2/sql/item_cmpfunc.cc:963 #10 0x0000559f6d675564 in Arg_comparator::compare (this=0x7fbde0013208) at /data/src/10.2/sql/item_cmpfunc.h:87 #11 0x0000559f6d664289 in Item_func_gt::val_int (this=0x7fbde0013148) at /data/src/10.2/sql/item_cmpfunc.cc:1836 #12 0x0000559f6d426e59 in JOIN::rollup_send_data (this=0x7fbde0013390, idx=0) at /data/src/10.2/sql/sql_select.cc:24397 #13 0x0000559f6d41c620 in end_send_group (join=0x7fbde0013390, join_tab=0x0, end_of_records=true) at /data/src/10.2/sql/sql_select.cc:20206 #14 0x0000559f6d41848f in do_select (join=0x7fbde0013390, procedure=0x0) at /data/src/10.2/sql/sql_select.cc:18376 #15 0x0000559f6d3f21d7 in JOIN::exec_inner (this=0x7fbde0013390) at /data/src/10.2/sql/sql_select.cc:3638 #16 0x0000559f6d3f1692 in JOIN::exec (this=0x7fbde0013390) at /data/src/10.2/sql/sql_select.cc:3433 #17 0x0000559f6d3f2848 in mysql_select (thd=0x7fbde0000af0, tables=0x7fbde00126a0, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7fbde0012dd8, having=0x7fbde0013148, proc_param=0x0, select_options=2147748608, result=0x7fbde0013370, unit=0x7fbde00046e8, select_lex=0x7fbde0004e28) at /data/src/10.2/sql/sql_select.cc:3833 #18 0x0000559f6d3e6a06 in handle_select (thd=0x7fbde0000af0, lex=0x7fbde0004628, result=0x7fbde0013370, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:361 #19 0x0000559f6d3b2472 in execute_sqlcom_select (thd=0x7fbde0000af0, all_tables=0x7fbde00126a0) at /data/src/10.2/sql/sql_parse.cc:6218 #20 0x0000559f6d3a8cf3 in mysql_execute_command (thd=0x7fbde0000af0) at /data/src/10.2/sql/sql_parse.cc:3524 #21 0x0000559f6d3b61a9 in mysql_parse (thd=0x7fbde0000af0, rawbuf=0x7fbde0012458 "SELECT a FROM t1 GROUP BY a WITH ROLLUP HAVING WEEKOFYEAR(a) > 50", length=65, parser_state=0x7fbdf19c8610, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:7733 #22 0x0000559f6d3a44d5 in dispatch_command (command=COM_QUERY, thd=0x7fbde0000af0, packet=0x7fbde008cd81 "", packet_length=65, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1824 #23 0x0000559f6d3a2f50 in do_command (thd=0x7fbde0000af0) at /data/src/10.2/sql/sql_parse.cc:1377 #24 0x0000559f6d4f8fb1 in do_handle_one_connection (connect=0x559f6f817140) at /data/src/10.2/sql/sql_connect.cc:1336 #25 0x0000559f6d4f8d1c in handle_one_connection (arg=0x559f6f817140) at /data/src/10.2/sql/sql_connect.cc:1241 #26 0x0000559f6dd0f324 in pfs_spawn_thread (arg=0x559f6f763e50) at /data/src/10.2/storage/perfschema/pfs.cc:1869 #27 0x00007fbdf961d4a4 in start_thread (arg=0x7fbdf19c9700) at pthread_create.c:456 #28 0x00007fbdf7751d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Elena Stepanova added a comment - 2023-07-28 22:18

10.2 is EOL

Elena Stepanova added a comment - 2023-07-28 22:18 10.2 is EOL

MariaDB Server

Server crashes in Item_null_result::field_type upon query with ROLLUP

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration