[MDEV-22786] Crashes with nested table value constructors - Jira

XML

Word

Printable

This statement:

VALUES ((VALUES(1)));

crashes the server with the following stack trace:

#0  Item_field::type_handler (this=0x7fff60015588)

    at /home/bar/maria-git/server.10.3/sql/item.h:3068

#1  0x0000000000b5a541 in subselect_engine::set_row (this=0x7fff60014ac8, item_list=...,

    row=0x7fff60014a88) at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:3749

#2  0x0000000000b5a711 in subselect_single_select_engine::fix_length_and_dec (

    this=0x7fff60014ac8, row=0x7fff60014a88)

    at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:3766

#3  0x0000000000b4fdae in Item_singlerow_subselect::fix_length_and_dec (

    this=0x7fff60014940) at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:1208

#4  0x0000000000b4d62e in Item_subselect::fix_fields (this=0x7fff60014940,

    thd_param=0x7fff60000d90, ref=0x0)

    at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:316

#5  0x000000000067d13e in Item::fix_fields_if_needed (this=0x7fff60014940,

    thd=0x7fff60000d90, ref=0x0) at /home/bar/maria-git/server.10.3/sql/item.h:825

#6  0x0000000000984e47 in fix_fields_for_tvc (thd=0x7fff60000d90, li=...)

    at /home/bar/maria-git/server.10.3/sql/sql_tvc.cc:62

#7  0x00000000009854c1 in table_value_constr::prepare (this=0x7fff600144e0,

    thd=0x7fff60000d90, sl=0x7fff60013870, tmp_result=0x7fff60016b18,

    unit_arg=0x7fff600156a8) at /home/bar/maria-git/server.10.3/sql/sql_tvc.cc:238

#8  0x000000000086d430 in st_select_lex_unit::prepare (this=0x7fff600156a8,

    derived_arg=0x7fff60015e60, sel_result=0x7fff60016a30, additional_options=0)

    at /home/bar/maria-git/server.10.3/sql/sql_union.cc:1018

#9  0x000000000072c701 in mysql_derived_prepare (thd=0x7fff60000d90, lex=0x7fff60004b98,

    derived=0x7fff60015e60) at /home/bar/maria-git/server.10.3/sql/sql_derived.cc:770

#10 0x000000000072b2c3 in mysql_handle_single_derived (lex=0x7fff60004b98,

    derived=0x7fff60015e60, phases=2)

    at /home/bar/maria-git/server.10.3/sql/sql_derived.cc:199

#11 0x000000000089b868 in TABLE_LIST::handle_derived (this=0x7fff60015e60,

    lex=0x7fff60004b98, phases=2) at /home/bar/maria-git/server.10.3/sql/table.cc:8292

#12 0x00000000007447c8 in LEX::handle_list_of_derived (this=0x7fff60004b98,

    table_list=0x7fff60015e60, phases=2)

    at /home/bar/maria-git/server.10.3/sql/sql_lex.h:3997

#13 0x0000000000750912 in st_select_lex::handle_derived (this=0x7fff60015170,

    lex=0x7fff60004b98, phases=2) at /home/bar/maria-git/server.10.3/sql/sql_lex.cc:4143

#14 0x00000000007bb4ee in JOIN::prepare (this=0x7fff600164c8, tables_init=0x7fff60015e60,

    wild_num=1, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false,

    group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fff60015170,

    unit_arg=0x7fff60013c88) at /home/bar/maria-git/server.10.3/sql/sql_select.cc:1036

#15 0x0000000000b5a37f in subselect_single_select_engine::prepare (this=0x7fff60014ac8,

    thd=0x7fff60000d90) at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:3686

#16 0x0000000000b4d422 in Item_subselect::fix_fields (this=0x7fff60014940,

    thd_param=0x7fff60000d90, ref=0x0)

relates to

MDEV-21995 Server crashes in Item_field::real_type_handler with table value constructor

MDEV-24618 Assertion failure when TVC uses a row in the context expecting a scalar value

MDEV-24675 Server crash when table value constructor uses a subselect

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.