Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22772

Server crashes in Item_null_result::field_type upon query with ROLLUP

    XMLWordPrintable

Details

    Description

      CREATE TABLE t1 (a BLOB);
      		 
      INSERT INTO t1 VALUES (0);
      		 
      SELECT FIELD( CONVERT( a, SIGNED ), '01' ) AS f FROM t1 GROUP BY a WITH ROLLUP;
      		 
       
      		 
      # Cleanup
      		 
      DROP TABLE t1;

      10.1 49854811

      		 
      #3  <signal handler called>
      		 
      #4  0x000055fced944b33 in Item_null_result::field_type (this=0x7fdf919c4060) at /data/src/10.1/sql/item.h:2673
      		 
      #5  0x000055fced86cc0d in Item_ref::field_type (this=0x7fdf919c2630) at /data/src/10.1/sql/item.h:4014
      		 
      #6  0x000055fcedb170b5 in Item::cmp_type (this=0x7fdf919c2630) at /data/src/10.1/sql/item.cc:671
      		 
      #7  0x000055fced7fe5c9 in Item::cast_to_int_type (this=0x7fdf919c2630) at /data/src/10.1/sql/item.h:815
      		 
      #8  0x000055fcedb69349 in Item_func_signed::val_int (this=0x7fdf919c12a0) at /data/src/10.1/sql/item_func.cc:1100
      		 
      #9  0x000055fcedb67b04 in Item_int_func::val_real (this=0x7fdf919c12a0) at /data/src/10.1/sql/item_func.cc:707
      		 
      #10 0x000055fcedb7127d in Item_func_field::val_int (this=0x7fdf919c1480) at /data/src/10.1/sql/item_func.cc:3236
      		 
      #11 0x000055fcedb26764 in Item::send (this=0x7fdf919c1480, protocol=0x7fdf937ce600, buffer=0x7fdf9c114e20) at /data/src/10.1/sql/item.cc:6460
      		 
      #12 0x000055fced7fbc07 in Protocol::send_result_set_row (this=0x7fdf937ce600, row_items=0x7fdf919c2560) at /data/src/10.1/sql/protocol.cc:914
      		 
      #13 0x000055fced884e68 in select_send::send_data (this=0x7fdf919c1e18, items=...) at /data/src/10.1/sql/sql_class.cc:2762
      		 
      #14 0x000055fced93c907 in JOIN::rollup_send_data (this=0x7fdf919c1e38, idx=0) at /data/src/10.1/sql/sql_select.cc:24184
      		 
      #15 0x000055fced932264 in end_send_group (join=0x7fdf919c1e38, join_tab=0x0, end_of_records=true) at /data/src/10.1/sql/sql_select.cc:19887
      		 
      #16 0x000055fced92e6d4 in do_select (join=0x7fdf919c1e38, fields=0x7fdf919c2238, table=0x0, procedure=0x0) at /data/src/10.1/sql/sql_select.cc:18207
      		 
      #17 0x000055fced908510 in JOIN::exec_inner (this=0x7fdf919c1e38) at /data/src/10.1/sql/sql_select.cc:3277
      		 
      #18 0x000055fced90583b in JOIN::exec (this=0x7fdf919c1e38) at /data/src/10.1/sql/sql_select.cc:2564
      		 
      #19 0x000055fced908d31 in mysql_select (thd=0x7fdf937ce070, rref_pointer_array=0x7fdf937d2568, tables=0x7fdf919c15f0, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7fdf919c1d00, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fdf919c1e18, unit=0x7fdf937d1bb8, select_lex=0x7fdf937d22c0) at /data/src/10.1/sql/sql_select.cc:3501
      		 
      #20 0x000055fced8fe4a0 in handle_select (thd=0x7fdf937ce070, lex=0x7fdf937d1af8, result=0x7fdf919c1e18, setup_tables_done_option=0) at /data/src/10.1/sql/sql_select.cc:377
      		 
      #21 0x000055fced8cdf86 in execute_sqlcom_select (thd=0x7fdf937ce070, all_tables=0x7fdf919c15f0) at /data/src/10.1/sql/sql_parse.cc:5690
      		 
      #22 0x000055fced8c4c52 in mysql_execute_command (thd=0x7fdf937ce070) at /data/src/10.1/sql/sql_parse.cc:3037
      		 
      #23 0x000055fced8d1a94 in mysql_parse (thd=0x7fdf937ce070, rawbuf=0x7fdf919c1088 "SELECT FIELD( CONVERT( a, SIGNED ), '01' ) AS f FROM t1 GROUP BY a WITH ROLLUP", length=78, parser_state=0x7fdf9c1165f0) at /data/src/10.1/sql/sql_parse.cc:7208
      		 
      #24 0x000055fced8c0c6a in dispatch_command (command=COM_QUERY, thd=0x7fdf937ce070, packet=0x7fdf957ee071 "", packet_length=78) at /data/src/10.1/sql/sql_parse.cc:1499
      		 
      #25 0x000055fced8bfb4f in do_command (thd=0x7fdf937ce070) at /data/src/10.1/sql/sql_parse.cc:1131
      		 
      #26 0x000055fced9fd827 in do_handle_one_connection (thd_arg=0x7fdf937ce070) at /data/src/10.1/sql/sql_connect.cc:1331
      		 
      #27 0x000055fced9fd558 in handle_one_connection (arg=0x7fdf937ce070) at /data/src/10.1/sql/sql_connect.cc:1242
      		 
      #28 0x000055fcede1b1ac in pfs_spawn_thread (arg=0x7fdf99c39c70) at /data/src/10.1/storage/perfschema/pfs.cc:1868
      		 
      #29 0x00007fdf9bd994a4 in start_thread (arg=0x7fdf9c117700) at pthread_create.c:456
      		 
      #30 0x00007fdf9a5a7d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

      Reproducible on 10.1, 10.2, release-, debug- and asan builds alike, with at least MyISAM and InnoDB.
      Not reproducible on 10.3+.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-16190 Server crashes in Item_null_result::field_type on SELECT with time field, ROLLUP and HAVING

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-17830 Server crashes in Item_null_result::field_type upon SELECT with CHARSET(date) and ROLLUP

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-19699 Server crashes in Item_null_result::field_type upon SELECT with ROLLUP on constant table

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              bar Alexander Barkov
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.