Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22836

Server crashes in err_conv / ErrBuff::set_str

    XMLWordPrintable

    Details

      Description

      CREATE TABLE t1 (a INT);
      INSERT INTO t1 VALUES (0),(1);
      SELECT * FROM t1 ORDER BY CONVERT(AES_ENCRYPT(1,a), CHAR(4));
       
      # Cleanup
      DROP TABLE t1;
      

      10.5 3be16909

      #3  <signal handler called>
      #4  0x000055a0d42ba1a4 in err_conv (buff=0x7f6152204998 "", to_length=511, from=0x7f61400641d8 "\213\203\327\260:\350\aUd\237c\377l\217\"\251\245\245\245\245\245\245\245\245h4z\025", from_length=16, from_cs=0x0) at /data/src/10.5/sql/sql_error.cc:919
      #5  0x000055a0d41f3402 in ErrBuff::set_str (this=0x7f6152204998, str=0x7f61400641d8 "\213\203\327\260:\350\aUd\237c\377l\217\"\251\245\245\245\245\245\245\245\245h4z\025", len=16, cs=0x0) at /data/src/10.5/sql/sql_error.h:846
      #6  0x000055a0d41f35a3 in ErrConvString::ptr (this=0x7f6152204990) at /data/src/10.5/sql/sql_error.h:878
      #7  0x000055a0d477fa04 in Item_char_typecast::check_truncation_with_warn (this=0x7f6140015270, src=0x7f61522050f0, dstlen=4) at /data/src/10.5/sql/item_timefunc.cc:2291
      #8  0x000055a0d477fb68 in Item_char_typecast::reuse (this=0x7f6140015270, src=0x7f61522050f0, length=4) at /data/src/10.5/sql/item_timefunc.cc:2303
      #9  0x000055a0d478012f in Item_char_typecast::val_str_generic (this=0x7f6140015270, str=0x7f61522050f0) at /data/src/10.5/sql/item_timefunc.cc:2384
      #10 0x000055a0d47899bc in Item_char_typecast_func_handler::val_str (this=0x55a0d5c9b980 <item_char_typecast_func_handler>, item=0x7f6140015270, to=0x7f61522050f0) at /data/src/10.5/sql/item_timefunc.cc:2453
      #11 0x000055a0d4568de1 in Item_handled_func::val_str (this=0x7f6140015270, to=0x7f61522050f0) at /data/src/10.5/sql/item_func.h:750
      #12 0x000055a0d41e6d64 in Item::str_result (this=0x7f6140015270, tmp=0x7f61522050f0) at /data/src/10.5/sql/item.h:1563
      #13 0x000055a0d465bedd in Type_handler_string_result::make_sort_key_part (this=0x55a0d5eaad60 <type_handler_varchar>, to=0x7f6140069689 '\245' <repeats 200 times>..., item=0x7f6140015270, sort_field=0x7f6140017bc8, param=0x7f6152205080) at /data/src/10.5/sql/filesort.cc:1099
      #14 0x000055a0d46610ff in make_sortkey (param=0x7f6152205080, to=0x7f6140069688 "\001", '\245' <repeats 199 times>...) at /data/src/10.5/sql/filesort.cc:2992
      #15 0x000055a0d465cb01 in make_sortkey (param=0x7f6152205080, to=0x7f6140069688 "\001", '\245' <repeats 199 times>..., ref_pos=0x7f61400fc090 "", using_packed_sortkeys=false) at /data/src/10.5/sql/filesort.cc:1330
      #16 0x000055a0d465b819 in find_all_keys (thd=0x7f6140000b18, param=0x7f6152205080, select=0x7f6140017278, fs_info=0x7f6140069330, buffpek_pointers=0x7f61522052a0, tempfile=0x7f6152205130, pq=0x0, found_rows=0x7f6140069520) at /data/src/10.5/sql/filesort.cc:949
      #17 0x000055a0d46597f6 in filesort (thd=0x7f6140000b18, table=0x7f61400086b8, filesort=0x7f6140017448, tracker=0x7f6140017b38, join=0x7f6140015538, first_table_bit=1) at /data/src/10.5/sql/filesort.cc:356
      #18 0x000055a0d439a09d in create_sort_index (thd=0x7f6140000b18, join=0x7f6140015538, tab=0x7f6140016938, fsort=0x7f6140017448) at /data/src/10.5/sql/sql_select.cc:23884
      #19 0x000055a0d4394106 in st_join_table::sort_table (this=0x7f6140016938) at /data/src/10.5/sql/sql_select.cc:21613
      #20 0x000055a0d4393ce1 in join_init_read_record (tab=0x7f6140016938) at /data/src/10.5/sql/sql_select.cc:21552
      #21 0x000055a0d4391a79 in sub_select (join=0x7f6140015538, join_tab=0x7f6140016938, end_of_records=false) at /data/src/10.5/sql/sql_select.cc:20626
      #22 0x000055a0d4390f3a in do_select (join=0x7f6140015538, procedure=0x0) at /data/src/10.5/sql/sql_select.cc:20163
      #23 0x000055a0d4364ccd in JOIN::exec_inner (this=0x7f6140015538) at /data/src/10.5/sql/sql_select.cc:4475
      #24 0x000055a0d4363df9 in JOIN::exec (this=0x7f6140015538) at /data/src/10.5/sql/sql_select.cc:4256
      #25 0x000055a0d436552a in mysql_select (thd=0x7f6140000b18, tables=0x7f6140014038, fields=..., conds=0x0, og_num=1, order=0x7f61400153a0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f6140015510, unit=0x7f6140004b30, select_lex=0x7f6140013a40) at /data/src/10.5/sql/sql_select.cc:4680
      #26 0x000055a0d4354fe6 in handle_select (thd=0x7f6140000b18, lex=0x7f6140004a68, result=0x7f6140015510, setup_tables_done_option=0) at /data/src/10.5/sql/sql_select.cc:429
      #27 0x000055a0d431a63b in execute_sqlcom_select (thd=0x7f6140000b18, all_tables=0x7f6140014038) at /data/src/10.5/sql/sql_parse.cc:6208
      #28 0x000055a0d431196f in mysql_execute_command (thd=0x7f6140000b18) at /data/src/10.5/sql/sql_parse.cc:3939
      #29 0x000055a0d431f487 in mysql_parse (thd=0x7f6140000b18, rawbuf=0x7f6140013960 "SELECT * FROM t1 ORDER BY CONVERT(AES_ENCRYPT(1,a), CHAR(4))", length=60, parser_state=0x7f6152206520, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:7992
      #30 0x000055a0d430b80d in dispatch_command (command=COM_QUERY, thd=0x7f6140000b18, packet=0x7f61401b06e9 "", packet_length=60, is_com_multi=false, is_next_command=false) at /data/src/10.5/sql/sql_parse.cc:1875
      #31 0x000055a0d4309f45 in do_command (thd=0x7f6140000b18) at /data/src/10.5/sql/sql_parse.cc:1356
      #32 0x000055a0d44ae901 in do_handle_one_connection (connect=0x55a0d8762358, put_in_cache=true) at /data/src/10.5/sql/sql_connect.cc:1411
      #33 0x000055a0d44ae669 in handle_one_connection (arg=0x55a0d8762358) at /data/src/10.5/sql/sql_connect.cc:1313
      #34 0x000055a0d49e7a60 in pfs_spawn_thread (arg=0x55a0d874e4d8) at /data/src/10.5/storage/perfschema/pfs.cc:2201
      #35 0x00007f61595f14a4 in start_thread (arg=0x7f6152207700) at pthread_create.c:456
      #36 0x00007f6157725d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
      

      All of debug-, release- and ASAN builds crash the same way.
      Not reproducible with 10.4.

      The failure appeared in 10.5 with this commit:

      commit ade8253cb9260371ffd393f0962f56619c949c07
      Author: Varun Gupta <varun.gupta@mariadb.com>
      Date:   Sat May 30 02:27:33 2020 +0530
       
          MDEV-22303: Incorrect ordering with REGEXP_REPLACE and OFFSET/LIMIT
      

        Attachments

          Activity

            People

            Assignee:
            varun Varun Gupta
            Reporter:
            elenst Elena Stepanova
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: