[MDEV-23453] Server crash in Item_field::type_handler upon 3rd execution of PS with FOR PORTION - Jira

XML

Word

Printable

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL), 11.3(EOL), 11.4
Fix Version/s: 10.5, 10.6, 10.11
Component/s: Stored routines, Versioned Tables
Labels:
None

Description

CREATE TABLE t1 (id INT PRIMARY KEY, f INT, s DATETIME, e DATETIME, PERIOD FOR p(s,e));

INSERT INTO t1 VALUES (1,0,'1978-08-06','1990-05-26');

CREATE PROCEDURE sp() UPDATE t1 FOR PORTION OF p FROM '1980-12-29' TO '1994-08-09' SET f = NULL;

--error ER_DUP_ENTRY

CALL sp;

UPDATE t1 SET s = '2021-07-13', e = '2035-07-16';

CALL sp;

UPDATE t1 SET s = '1975-08-28', e = '2015-09-01';

CALL sp;

# Cleanup

DROP TABLE t1;

DROP PROCEDURE sp;

10.4 eae968f6
#3 <signal handler called>
#4 0x00005582f9963ab9 in Item_field::type_handler (this=0x7fd778075c70) at /data/src/10.4/sql/item.h:3395
#5 0x00005582f94ef61d in Item::field_type (this=0x7fd778075c70) at /data/src/10.4/sql/item.h:1043
#6 0x00005582f97e2186 in Temporal_with_date::make_from_item (this=0x7fd7895240f0, thd=0x7fd778000af0, item=0x7fd778075c70, fuzzydate=...) at /data/src/10.4/sql/sql_type.cc:860
#7 0x00005582f94a85bc in Temporal_with_date::Temporal_with_date (this=0x7fd7895240f0, thd=0x7fd778000af0, item=0x7fd778075c70, fuzzydate=...) at /data/src/10.4/sql/sql_type.h:1868
#8 0x00005582f94a8758 in Datetime::Datetime (this=0x7fd7895240f0, thd=0x7fd778000af0, item=0x7fd778075c70, fuzzydate=...) at /data/src/10.4/sql/sql_type.h:2111
#9 0x00005582f94a97b0 in Item::val_datetime_packed (this=0x7fd778075c70, thd=0x7fd778000af0) at /data/src/10.4/sql/item.h:1786
#10 0x00005582f96dac54 in cut_fields_for_portion_of_time (thd=0x7fd778000af0, table=0x7fd77800a5a0, period_conds=...) at /data/src/10.4/sql/sql_update.cc:311
#11 0x00005582f96dd3fc in mysql_update (thd=0x7fd778000af0, table_list=0x7fd7780662f0, fields=..., values=..., conds=0x7fd778073950, order_num=0, order=0x0, limit=18446744073709551615, ignore=false, found_return=0x7fd7895248d0, updated_return=0x7fd789524990) at /data/src/10.4/sql/sql_update.cc:989
#12 0x00005582f95cd519 in mysql_execute_command (thd=0x7fd778000af0) at /data/src/10.4/sql/sql_parse.cc:4367
#13 0x00005582f94dd668 in sp_instr_stmt::exec_core (this=0x7fd778066b78, thd=0x7fd778000af0, nextp=0x7fd78952509c) at /data/src/10.4/sql/sp_head.cc:3687
#14 0x00005582f94dca3d in sp_lex_keeper::reset_lex_and_exec_core (this=0x7fd778066bc0, thd=0x7fd778000af0, nextp=0x7fd78952509c, open_tables=false, instr=0x7fd778066b78) at /data/src/10.4/sql/sp_head.cc:3419
#15 0x00005582f94dd22c in sp_instr_stmt::execute (this=0x7fd778066b78, thd=0x7fd778000af0, nextp=0x7fd78952509c) at /data/src/10.4/sql/sp_head.cc:3593
#16 0x00005582f94d6a24 in sp_head::execute (this=0x7fd778065398, thd=0x7fd778000af0, merge_da_on_success=true) at /data/src/10.4/sql/sp_head.cc:1364
#17 0x00005582f94d9759 in sp_head::execute_procedure (this=0x7fd778065398, thd=0x7fd778000af0, args=0x7fd7780058e0) at /data/src/10.4/sql/sp_head.cc:2370
#18 0x00005582f95c90db in do_execute_sp (thd=0x7fd778000af0, sp=0x7fd778065398) at /data/src/10.4/sql/sql_parse.cc:3005
#19 0x00005582f95c9d5a in Sql_cmd_call::execute (this=0x7fd778013240, thd=0x7fd778000af0) at /data/src/10.4/sql/sql_parse.cc:3247
#20 0x00005582f95d40fe in mysql_execute_command (thd=0x7fd778000af0) at /data/src/10.4/sql/sql_parse.cc:6098
#21 0x00005582f95d95ef in mysql_parse (thd=0x7fd778000af0, rawbuf=0x7fd778013198 "CALL sp", length=7, parser_state=0x7fd789526570, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:7896
#22 0x00005582f95c5b24 in dispatch_command (command=COM_QUERY, thd=0x7fd778000af0, packet=0x7fd7781364f1 "CALL sp", packet_length=7, is_com_multi=false, is_next_command=false) at /data/src/10.4/sql/sql_parse.cc:1835
#23 0x00005582f95c42c6 in do_command (thd=0x7fd778000af0) at /data/src/10.4/sql/sql_parse.cc:1353
#24 0x00005582f974d958 in do_handle_one_connection (connect=0x5582fd72cce0) at /data/src/10.4/sql/sql_connect.cc:1412
#25 0x00005582f974d6a7 in handle_one_connection (arg=0x5582fd72cce0) at /data/src/10.4/sql/sql_connect.cc:1316
#26 0x00005582fa15082f in pfs_spawn_thread (arg=0x5582fd748900) at /data/src/10.4/storage/perfschema/pfs.cc:1869
#27 0x00007fd7913054a4 in start_thread (arg=0x7fd789527700) at pthread_create.c:456
#28 0x00007fd78f439d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Reproducible on 10.4-10.5, non-debug, debug and ASAN alike, with at least InnoDB, MyISAM, Aria.

Attachments

Issue Links

relates to

MDEV-20762 Server crashes in Item_field::type_handler upon 3rd execution of SP deleting from versioned table

Closed

MDEV-26434 MariaDB Server SEGV in setup_copy_fields

Closed

Activity

People

Assignee:: Nikita Malyavin

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2020-08-11 22:03

Updated:: 2024-11-22 17:09

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.