Details
Critical Description
This statement:
VALUES ((VALUES(1))); |
crashes the server with the following stack trace:
#0 Item_field::type_handler (this=0x7fff60015588)
|
at /home/bar/maria-git/server.10.3/sql/item.h:3068
|
#1 0x0000000000b5a541 in subselect_engine::set_row (this=0x7fff60014ac8, item_list=...,
|
row=0x7fff60014a88) at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:3749
|
#2 0x0000000000b5a711 in subselect_single_select_engine::fix_length_and_dec (
|
this=0x7fff60014ac8, row=0x7fff60014a88)
|
at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:3766
|
#3 0x0000000000b4fdae in Item_singlerow_subselect::fix_length_and_dec (
|
this=0x7fff60014940) at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:1208
|
#4 0x0000000000b4d62e in Item_subselect::fix_fields (this=0x7fff60014940,
|
thd_param=0x7fff60000d90, ref=0x0)
|
at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:316
|
#5 0x000000000067d13e in Item::fix_fields_if_needed (this=0x7fff60014940,
|
thd=0x7fff60000d90, ref=0x0) at /home/bar/maria-git/server.10.3/sql/item.h:825
|
#6 0x0000000000984e47 in fix_fields_for_tvc (thd=0x7fff60000d90, li=...)
|
at /home/bar/maria-git/server.10.3/sql/sql_tvc.cc:62
|
#7 0x00000000009854c1 in table_value_constr::prepare (this=0x7fff600144e0,
|
thd=0x7fff60000d90, sl=0x7fff60013870, tmp_result=0x7fff60016b18,
|
unit_arg=0x7fff600156a8) at /home/bar/maria-git/server.10.3/sql/sql_tvc.cc:238
|
#8 0x000000000086d430 in st_select_lex_unit::prepare (this=0x7fff600156a8,
|
derived_arg=0x7fff60015e60, sel_result=0x7fff60016a30, additional_options=0)
|
at /home/bar/maria-git/server.10.3/sql/sql_union.cc:1018
|
#9 0x000000000072c701 in mysql_derived_prepare (thd=0x7fff60000d90, lex=0x7fff60004b98,
|
derived=0x7fff60015e60) at /home/bar/maria-git/server.10.3/sql/sql_derived.cc:770
|
#10 0x000000000072b2c3 in mysql_handle_single_derived (lex=0x7fff60004b98,
|
derived=0x7fff60015e60, phases=2)
|
at /home/bar/maria-git/server.10.3/sql/sql_derived.cc:199
|
#11 0x000000000089b868 in TABLE_LIST::handle_derived (this=0x7fff60015e60,
|
lex=0x7fff60004b98, phases=2) at /home/bar/maria-git/server.10.3/sql/table.cc:8292
|
#12 0x00000000007447c8 in LEX::handle_list_of_derived (this=0x7fff60004b98,
|
table_list=0x7fff60015e60, phases=2)
|
at /home/bar/maria-git/server.10.3/sql/sql_lex.h:3997
|
#13 0x0000000000750912 in st_select_lex::handle_derived (this=0x7fff60015170,
|
lex=0x7fff60004b98, phases=2) at /home/bar/maria-git/server.10.3/sql/sql_lex.cc:4143
|
#14 0x00000000007bb4ee in JOIN::prepare (this=0x7fff600164c8, tables_init=0x7fff60015e60,
|
wild_num=1, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false,
|
group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fff60015170,
|
unit_arg=0x7fff60013c88) at /home/bar/maria-git/server.10.3/sql/sql_select.cc:1036
|
#15 0x0000000000b5a37f in subselect_single_select_engine::prepare (this=0x7fff60014ac8,
|
thd=0x7fff60000d90) at /home/bar/maria-git/server.10.3/sql/item_subselect.cc:3686
|
#16 0x0000000000b4d422 in Item_subselect::fix_fields (this=0x7fff60014940,
|
thd_param=0x7fff60000d90, ref=0x0)
|
Attachments
Issue Links
- relates to
-
MDEV-21995 Server crashes in Item_field::real_type_handler with table value constructor
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
Activity
| Field | Original Value | New Value |
|---|---|---|
| Assignee | Alexander Barkov [ bar ] | Igor Babaev [ igor ] |
| Link |
This issue relates to |
| Summary | VALUES ((VALUES(1))) crashes the server | VALUES ((VALUES(1))) leads to SIGSEGV in |
| Summary | VALUES ((VALUES(1))) leads to SIGSEGV in | VALUES ((VALUES(1))) leads to SIGSEGV in Item_field::type_handler |
| Priority | Major [ 3 ] | Critical [ 2 ] |
| Fix Version/s | 10.4 [ 22408 ] | |
| Fix Version/s | 10.5 [ 23123 ] |
| Labels | not-10.1 not-10.2 |
| Status | Open [ 1 ] | Confirmed [ 10101 ] |
| Component/s | Parser [ 10201 ] | |
| Component/s | Optimizer - CTE [ 13513 ] |
| Assignee | Igor Babaev [ igor ] | Oleksandr Byelkin [ sanja ] |
| Assignee | Oleksandr Byelkin [ sanja ] | Dmitry Shulga [ JIRAUSER47315 ] |
| Status | Confirmed [ 10101 ] | In Progress [ 3 ] |
| Affects Version/s | 10.6 [ 24028 ] |
| Link |
This issue relates to |
| Link |
This issue relates to |
| Summary | VALUES ((VALUES(1))) leads to SIGSEGV in Item_field::type_handler | Crashes with nested table value constructors |
| Assignee | Dmitry Shulga [ JIRAUSER47315 ] | Igor Babaev [ igor ] |
| Assignee | Igor Babaev [ igor ] | Oleksandr Byelkin [ sanja ] |
| Status | In Progress [ 3 ] | In Review [ 10002 ] |
| Assignee | Oleksandr Byelkin [ sanja ] | Igor Babaev [ igor ] |
| Assignee | Igor Babaev [ igor ] | Dmitry Shulga [ JIRAUSER47315 ] |
| Status | In Review [ 10002 ] | Stalled [ 10000 ] |
| Assignee | Dmitry Shulga [ JIRAUSER47315 ] | Igor Babaev [ igor ] |
| Fix Version/s | 10.3.29 [ 25206 ] | |
| Fix Version/s | 10.4.19 [ 25205 ] | |
| Fix Version/s | 10.5.10 [ 25204 ] | |
| Fix Version/s | 10.3 [ 22126 ] | |
| Fix Version/s | 10.4 [ 22408 ] | |
| Fix Version/s | 10.5 [ 23123 ] | |
| Resolution | Fixed [ 1 ] | |
| Status | Stalled [ 10000 ] | Closed [ 6 ] |
| Workflow | MariaDB v3 [ 109442 ] | MariaDB v4 [ 157901 ] |