[MDEV-24958] Server crashes in my_strtod / Value_source::Converter_strntod::Converter_strntod with DEFAULT(blob) - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.3(EOL)
Fix Version/s: 10.3.29, 10.4.19, 10.5.10
Component/s: Server
Labels:
- regression

Description

CREATE TABLE t1 (b BLOB NOT NULL DEFAULT '');

SELECT DEFAULT(b) AS f FROM t1 HAVING f > 5;

# Cleanup

DROP TABLE t1;

10.3 640f4231 debug
#3 <signal handler called>
#4 0x0000555bc3ba5d2a in my_strtod_int (s00=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, se=0x7f3e0a3ea320, error=0x7f3e0a3ea328, buf=0x7f3e0a3e93c0 "4\006", buf_size=3680) at /data/src/10.3/strings/dtoa.c:1378
#5 0x0000555bc3ba4950 in my_strtod (str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, end=0x7f3e0a3ea320, error=0x7f3e0a3ea328) at /data/src/10.3/strings/dtoa.c:469
#6 0x0000555bc3b819d6 in my_strntod_8bit (cs=0x555bc44100a0 <my_charset_bin>, str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, length=42405, end=0x7f3e0a3ea320, err=0x7f3e0a3ea328) at /data/src/10.3/strings/ctype-simple.c:788
#7 0x0000555bc2e8d547 in Value_source::Converter_strntod::Converter_strntod (this=0x7f3e0a3ea320, cs=0x555bc44100a0 <my_charset_bin>, str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, length=42405) at /data/src/10.3/sql/field.h:165
#8 0x0000555bc2e8d664 in Value_source::Converter_strntod_with_warn::Converter_strntod_with_warn (this=0x7f3e0a3ea320, thd=0x7f3df8000d90, filter=..., cs=0x555bc44100a0 <my_charset_bin>, str=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, length=42405) at /data/src/10.3/sql/field.h:236
#9 0x0000555bc329e1ad in Field_blob::val_real (this=0x7f3df8013f30) at /data/src/10.3/sql/field.cc:8456
#10 0x0000555bc32e49dd in Item_field::val_result (this=0x7f3df8012c98) at /data/src/10.3/sql/item.cc:3469
#11 0x0000555bc32f3ffa in Item_ref::val_real (this=0x7f3df8013488) at /data/src/10.3/sql/item.cc:8359
#12 0x0000555bc32f3b23 in Item_ref::val_result (this=0x7f3df8013488) at /data/src/10.3/sql/item.cc:8275
#13 0x0000555bc32fa576 in Item_cache_real::cache_value (this=0x7f3df8014068) at /data/src/10.3/sql/item.cc:10160
#14 0x0000555bc31ade3c in Item_cache::has_value (this=0x7f3df8014068) at /data/src/10.3/sql/item.h:6249
#15 0x0000555bc32fa63c in Item_cache_real::val_real (this=0x7f3df8014068) at /data/src/10.3/sql/item.cc:10169
#16 0x0000555bc3308350 in Arg_comparator::compare_real (this=0x7f3df80136e0) at /data/src/10.3/sql/item_cmpfunc.cc:813
#17 0x0000555bc331e48e in Arg_comparator::compare (this=0x7f3df80136e0) at /data/src/10.3/sql/item_cmpfunc.h:102
#18 0x0000555bc330b9ae in Item_func_gt::val_int (this=0x7f3df8013620) at /data/src/10.3/sql/item_cmpfunc.cc:1785
#19 0x0000555bc319ea3f in Type_handler_int_result::Item_val_bool (this=0x555bc43ea910 <type_handler_long>, item=0x7f3df8013620) at /data/src/10.3/sql/sql_type.cc:3288
#20 0x0000555bc2e80abe in Item::val_bool (this=0x7f3df8013620) at /data/src/10.3/sql/item.h:1219
#21 0x0000555bc302a425 in Item::eval_const_cond (this=0x7f3df8013620) at /data/src/10.3/sql/item.h:1227
#22 0x0000555bc30095f8 in Item_bool_func2::remove_eq_conds (this=0x7f3df8013620, thd=0x7f3df8000d90, cond_value=0x7f3df8013b8c, top_level_arg=true) at /data/src/10.3/sql/sql_select.cc:16688
#23 0x0000555bc30083de in optimize_cond (join=0x7f3df8013878, conds=0x7f3df8013620, join_list=0x7f3df8005580, ignore_on_conds=true, cond_value=0x7f3df8013b8c, cond_equal=0x7f3df8013cb8, flags=0) at /data/src/10.3/sql/sql_select.cc:16230
#24 0x0000555bc2fdfaf5 in JOIN::optimize_inner (this=0x7f3df8013878) at /data/src/10.3/sql/sql_select.cc:1796
#25 0x0000555bc2fde978 in JOIN::optimize (this=0x7f3df8013878) at /data/src/10.3/sql/sql_select.cc:1502
#26 0x0000555bc2fe8aca in mysql_select (thd=0x7f3df8000d90, tables=0x7f3df8012e10, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x7f3df8013620, proc_param=0x0, select_options=2147748608, result=0x7f3df8013850, unit=0x7f3df8004c58, select_lex=0x7f3df80053e0) at /data/src/10.3/sql/sql_select.cc:4310
#27 0x0000555bc2fda0f6 in handle_select (thd=0x7f3df8000d90, lex=0x7f3df8004b98, result=0x7f3df8013850, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:370
#28 0x0000555bc2fa0574 in execute_sqlcom_select (thd=0x7f3df8000d90, all_tables=0x7f3df8012e10) at /data/src/10.3/sql/sql_parse.cc:6317
#29 0x0000555bc2f96d81 in mysql_execute_command (thd=0x7f3df8000d90) at /data/src/10.3/sql/sql_parse.cc:3848
#30 0x0000555bc2fa48f8 in mysql_parse (thd=0x7f3df8000d90, rawbuf=0x7f3df8012ab8 "SELECT DEFAULT(b) AS f FROM t1 HAVING f > 5", length=43, parser_state=0x7f3e0a3eb5c0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7841
#31 0x0000555bc2f9103c in dispatch_command (command=COM_QUERY, thd=0x7f3df8000d90, packet=0x7f3df8008f11 "SELECT DEFAULT(b) AS f FROM t1 HAVING f > 5", packet_length=43, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1852
#32 0x0000555bc2f8f9dc in do_command (thd=0x7f3df8000d90) at /data/src/10.3/sql/sql_parse.cc:1398
#33 0x0000555bc310e597 in do_handle_one_connection (connect=0x555bc58fcd70) at /data/src/10.3/sql/sql_connect.cc:1403
#34 0x0000555bc310e2f3 in handle_one_connection (arg=0x555bc58fcd70) at /data/src/10.3/sql/sql_connect.cc:1308
#35 0x0000555bc3adb2d7 in pfs_spawn_thread (arg=0x555bc59a18c0) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#36 0x00007f3e108d6609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#37 0x00007f3e104b2293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

The failure may depend on a build, even though the test case is simple. ASAN does not help. If it doesn't crash, try Valgrind:

10.3 640f4231 valgrind
==2687283== Conditional jump or move depends on uninitialised value(s)
==2687283== at 0xB1CBF7: Field_blob::val_real() (field.cc:8453)
==2687283== by 0xB64A0F: Item_field::val_result() (item.cc:3469)
==2687283== by 0xB7416D: Item_ref::val_real() (item.cc:8359)
==2687283== by 0xB73C8F: Item_ref::val_result() (item.cc:8275)
==2687283== by 0xB7A787: Item_cache_real::cache_value() (item.cc:10160)
==2687283== by 0xA284EB: Item_cache::has_value() (item.h:6249)
==2687283== by 0xB7A853: Item_cache_real::val_real() (item.cc:10169)
==2687283== by 0xB88AA9: Arg_comparator::compare_real() (item_cmpfunc.cc:813)
==2687283== by 0xB9ED65: Arg_comparator::compare() (item_cmpfunc.h:102)
==2687283== by 0xB8C1A7: Item_func_gt::val_int() (item_cmpfunc.cc:1785)
==2687283== by 0xA190C2: Type_handler_int_result::Item_val_bool(Item*) const (sql_type.cc:3288)
==2687283== by 0x6ECD5B: Item::val_bool() (item.h:1219)
==2687283== by 0x89B310: Item::eval_const_cond() (item.h:1227)
==2687283== by 0x87A0E3: Item_bool_func2::remove_eq_conds(THD, Item::cond_result, bool) (sql_select.cc:16688)
==2687283== by 0x878EC8: optimize_cond(JOIN, Item, List<TABLE_LIST>, bool, Item::cond_result, COND_EQUAL**, int) (sql_select.cc:16230)
==2687283== by 0x8502D4: JOIN::optimize_inner() (sql_select.cc:1796)
^ Found warnings in /data/bld/10.3-valgrind-nightly/mysql-test/var/log/mysqld.1.err

Same test case, but without data type conversion, thus different stack trace:

CREATE TABLE t1 (b BLOB NOT NULL DEFAULT '');

SELECT DEFAULT(b) AS f FROM t1 HAVING f > 'foo';

# Cleanup

DROP TABLE t1;

#3  <signal handler called>

#4  __memcmp_avx2_movbe () at ../sysdeps/x86_64/multiarch/memcmp-avx2-movbe.S:203

#5  0x00005562365ba7a9 in my_strnncoll_binary (cs=0x556236e550a0 <my_charset_bin>, s=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, slen=42405, t=0x7f6494013588 "foo", tlen=3, t_is_prefix=0 '\000') at /data/src/10.3/strings/ctype-bin.c:85

#6  0x00005562365ba834 in my_strnncollsp_binary (cs=0x556236e550a0 <my_charset_bin>, s=0xa5a5a5a5a5a5a5a5 <error: Cannot access memory at address 0xa5a5a5a5a5a5a5a5>, slen=42405, t=0x7f6494013588 "foo", tlen=3) at /data/src/10.3/strings/ctype-bin.c:124

#7  0x0000556235aaa9f6 in sortcmp (s=0x7f6494012cc8, t=0x7f64940135c0, cs=0x556236e550a0 <my_charset_bin>) at /data/src/10.3/sql/sql_string.cc:859

#8  0x0000556235d4d220 in Arg_comparator::compare_string (this=0x7f64940136e8) at /data/src/10.3/sql/item_cmpfunc.cc:780

#9  0x0000556235d6348e in Arg_comparator::compare (this=0x7f64940136e8) at /data/src/10.3/sql/item_cmpfunc.h:102

#10 0x0000556235d509ae in Item_func_gt::val_int (this=0x7f6494013628) at /data/src/10.3/sql/item_cmpfunc.cc:1785

#11 0x0000556235be3a3f in Type_handler_int_result::Item_val_bool (this=0x556236e2f910 <type_handler_long>, item=0x7f6494013628) at /data/src/10.3/sql/sql_type.cc:3288

#12 0x00005562358c5abe in Item::val_bool (this=0x7f6494013628) at /data/src/10.3/sql/item.h:1219

#13 0x0000556235a6f425 in Item::eval_const_cond (this=0x7f6494013628) at /data/src/10.3/sql/item.h:1227

#14 0x0000556235a4e5f8 in Item_bool_func2::remove_eq_conds (this=0x7f6494013628, thd=0x7f6494000d90, cond_value=0x7f6494013b94, top_level_arg=true) at /data/src/10.3/sql/sql_select.cc:16688

#15 0x0000556235a4d3de in optimize_cond (join=0x7f6494013880, conds=0x7f6494013628, join_list=0x7f6494005580, ignore_on_conds=true, cond_value=0x7f6494013b94, cond_equal=0x7f6494013cc0, flags=0) at /data/src/10.3/sql/sql_select.cc:16230

#16 0x0000556235a24af5 in JOIN::optimize_inner (this=0x7f6494013880) at /data/src/10.3/sql/sql_select.cc:1796

#17 0x0000556235a23978 in JOIN::optimize (this=0x7f6494013880) at /data/src/10.3/sql/sql_select.cc:1502

#18 0x0000556235a2daca in mysql_select (thd=0x7f6494000d90, tables=0x7f6494012e10, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x7f6494013628, proc_param=0x0, select_options=2147748608, result=0x7f6494013858, unit=0x7f6494004c58, select_lex=0x7f64940053e0) at /data/src/10.3/sql/sql_select.cc:4310

#19 0x0000556235a1f0f6 in handle_select (thd=0x7f6494000d90, lex=0x7f6494004b98, result=0x7f6494013858, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:370

#20 0x00005562359e5574 in execute_sqlcom_select (thd=0x7f6494000d90, all_tables=0x7f6494012e10) at /data/src/10.3/sql/sql_parse.cc:6317

#21 0x00005562359dbd81 in mysql_execute_command (thd=0x7f6494000d90) at /data/src/10.3/sql/sql_parse.cc:3848

#22 0x00005562359e98f8 in mysql_parse (thd=0x7f6494000d90, rawbuf=0x7f6494012ab8 "SELECT DEFAULT(b) AS f FROM t1 HAVING f > 'foo'", length=47, parser_state=0x7f64ab54a5c0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7841

#23 0x00005562359d603c in dispatch_command (command=COM_QUERY, thd=0x7f6494000d90, packet=0x7f6494008f11 "SELECT DEFAULT(b) AS f FROM t1 HAVING f > 'foo'", packet_length=47, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1852

#24 0x00005562359d49dc in do_command (thd=0x7f6494000d90) at /data/src/10.3/sql/sql_parse.cc:1398

#25 0x0000556235b53597 in do_handle_one_connection (connect=0x556238030d70) at /data/src/10.3/sql/sql_connect.cc:1403

#26 0x0000556235b532f3 in handle_one_connection (arg=0x556238030d70) at /data/src/10.3/sql/sql_connect.cc:1308

#27 0x00005562365202d7 in pfs_spawn_thread (arg=0x5562380d58c0) at /data/src/10.3/storage/perfschema/pfs.cc:1869

#28 0x00007f64b5a36609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#29 0x00007f64b5612293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

The failure appeared in 10.3 after this commit:

commit 8db5274dce7f8710b25ca954559843c9cd812ac5 (HEAD, origin/10.3, 10.3)

Author: Monty

Date:   Sun Feb 21 20:38:32 2021 +0200

    MDEV-22703 DEFAULT() on a BLOB column can overwrite the default record

Other stack traces produced in similar circumstances:

#3  <signal handler called>

#4  0x0000559bb2414085 in my_scan_weight_utf8_general_ci (end=0xbebebebebf7d7d7c <error: Cannot access memory at address 0xbebebebebf7d7d7c>, str=0xbebebebebebebebe <error: Cannot access memory at address 0xbebebebebebebebe>, weight=<synthetic pointer>) at /data/src/10.3/strings/strcoll.ic:89

#5  my_scan_weight_utf8_general_ci (end=0xbebebebebf7d7d7c <error: Cannot access memory at address 0xbebebebebf7d7d7c>, str=0xbebebebebebebebe <error: Cannot access memory at address 0xbebebebebebebebe>, weight=<synthetic pointer>) at /data/src/10.3/strings/strcoll.ic:80

#6  my_strnncollsp_utf8_general_ci (cs=<optimized out>, a=0xbebebebebebebebe <error: Cannot access memory at address 0xbebebebebebebebe>, a_length=<optimized out>, b=0x602000002398 "", b_length=<optimized out>) at /data/src/10.3/strings/strcoll.ic:245

#7  0x0000559bb1317753 in Arg_comparator::compare (this=<optimized out>) at /data/src/10.3/sql/item_cmpfunc.h:102

#8  Item_func_ge::val_int (this=<optimized out>) at /data/src/10.3/sql/item_cmpfunc.cc:1777

#9  0x0000559bb104be4b in Type_handler_int_result::Item_val_bool (this=<optimized out>, item=<optimized out>) at /data/src/10.3/sql/sql_type.cc:3288

#10 0x0000559bb0c5fa97 in Item::val_bool (this=0x62b000003780) at /data/src/10.3/sql/item.h:1219

#11 Item::eval_const_cond (this=0x62b000003780) at /data/src/10.3/sql/item.h:1227

#12 Item_bool_func2::remove_eq_conds (this=0x62b000003780, thd=<optimized out>, cond_value=0x6290000d8a1c, top_level_arg=<optimized out>) at /data/src/10.3/sql/sql_select.cc:16688

#13 0x0000559bb0c6af7e in optimize_cond (join=join@entry=0x6290000d8708, conds=0x62b000003780, join_list=<optimized out>, ignore_on_conds=ignore_on_conds@entry=true, cond_value=cond_value@entry=0x6290000d8a1c, cond_equal=cond_equal@entry=0x6290000d8b48, flags=0) at /data/src/10.3/sql/sql_select.cc:16230

#14 0x0000559bb0d29e48 in JOIN::optimize_inner (this=0x6290000d8708) at /data/src/10.3/sql/sql_select.cc:1796

#15 0x0000559bb0d334ca in JOIN::optimize (this=this@entry=0x6290000d8708) at /data/src/10.3/sql/sql_select.cc:1502

#16 0x0000559bb0d3b36e in mysql_select (thd=0x62a00005a208, tables=0x62b0000024f0, wild_num=0, fields=..., conds=0x0, og_num=<optimized out>, order=0x0, group=0x62b000002e18, having=0x62b000003780, proc_param=0x0, select_options=2147748612, result=0x6290000d7f80, unit=0x62a00005df10, select_lex=0x62a00005e698) at /data/src/10.3/sql/sql_select.cc:4310

#17 0x0000559bb0d3c4ae in mysql_explain_union (thd=thd@entry=0x62a00005a208, unit=unit@entry=0x62a00005df10, result=result@entry=0x6290000d7f80) at /data/src/10.3/sql/sql_select.cc:26265

#18 0x0000559bb0bb5dcf in execute_sqlcom_select (thd=0x62a00005a208, all_tables=<optimized out>) at /data/src/10.3/sql/sql_parse.cc:6256

#19 0x0000559bb0be2d08 in mysql_execute_command (thd=0x62a00005a208) at /data/src/10.3/sql/sql_parse.cc:3848

#20 0x0000559bb0becce0 in mysql_parse (thd=thd@entry=0x62a00005a208, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7fe916c32fb0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.3/sql/sql_parse.cc:7841

#21 0x0000559bb0bf3963 in dispatch_command (command=COM_QUERY, thd=0x62a00005a208, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.3/sql/sql_class.h:1139

#22 0x0000559bb0bfa88e in do_command (thd=0x62a00005a208) at /data/src/10.3/sql/sql_parse.cc:1398

#23 0x0000559bb0f37757 in do_handle_one_connection (connect=connect@entry=0x608000001028) at /data/src/10.3/sql/sql_connect.cc:1403

#24 0x0000559bb0f37fdf in handle_one_connection (arg=arg@entry=0x608000001028) at /data/src/10.3/sql/sql_connect.cc:1308

#25 0x0000559bb22c0209 in pfs_spawn_thread (arg=0x615000003c88) at /data/src/10.3/storage/perfschema/pfs.cc:1869

#26 0x00007fe9219cd609 in start_thread (arg=<optimized out>) at pthread_create.c:477

#27 0x00007fe9215a7293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.4 3c9d03ed
#3 <signal handler called>
#4 0x000055f8aa4c6eda in get_prefix (endptr=<synthetic pointer>, length=1073743297, str=0x400005c128000062 <error: Cannot access memory at address 0x400005c128000062>) at /data/src/10.4-bug/sql-common/my_time.c:328
#5 find_body (neg=neg@entry=0x7fd15beec470 "\360\t\006", str=0x400005c128000062 <error: Cannot access memory at address 0x400005c128000062>, length=1073743297, to=to@entry=0x7fd15beecd70, warn=warn@entry=0x7fd15beecb80, new_str=new_str@entry=0x7fd15beec480, new_length=0x7fd15beec4a0) at /data/src/10.4-bug/sql-common/my_time.c:357
#6 0x000055f8aa4c9319 in str_to_datetime_or_date_or_time (str=<optimized out>, length=<optimized out>, to=to@entry=0x7fd15beecd70, mode=<optimized out>, status=status@entry=0x7fd15beecb80, time_max_hour=time_max_hour@entry=838, time_err_hour=<optimized out>) at /data/src/10.4-bug/sql-common/my_time.c:818
#7 0x000055f8a8f805d5 in Temporal::ascii_to_datetime_or_date_or_time (fuzzydate=..., length=<optimized out>, str=<optimized out>, status=0x7fd15beecb80, this=0x7fd15beecd70) at /data/src/10.4-bug/sql/sql_type.h:865
#8 Temporal::ascii_to_temporal (mode=..., length=<optimized out>, str=<optimized out>, st=0x7fd15beecb80, this=0x7fd15beecd70) at /data/src/10.4-bug/sql/sql_type.h:840
#9 Temporal::str_to_temporal (this=this@entry=0x7fd15beecd70, thd=<optimized out>, status=status@entry=0x7fd15beecb80, str=str@entry=0x400005c128000062 <error: Cannot access memory at address 0x400005c128000062>, length=length@entry=1073743297, cs=<optimized out>, flags=...) at /data/src/10.4-bug/sql/sql_time.cc:403
#10 0x000055f8a913875d in Temporal::make_from_str (this=this@entry=0x7fd15beecd70, thd=thd@entry=0x62b00005b208, warn=warn@entry=0x7fd15beec980, str=0x400005c128000062 <error: Cannot access memory at address 0x400005c128000062>, length=1073743297, cs=<optimized out>, fuzzydate=...) at /data/src/10.4-bug/sql/sql_type.cc:246
#11 0x000055f8a9327f5c in Temporal_hybrid::Temporal_hybrid (mode=..., str=<optimized out>, warn=0x7fd15beec980, thd=0x62b00005b208, this=0x7fd15beecd70) at /data/src/10.4-bug/sql/sql_string.h:210
#12 Field::get_date (this=<optimized out>, to=0x7fd15beecd70, mode=...) at /data/src/10.4-bug/sql/field.cc:2322
#13 0x000055f8a93d82e9 in Item_field::get_date_result (this=<optimized out>, thd=<optimized out>, ltime=0x7fd15beecd70, fuzzydate=...) at /data/src/10.4-bug/sql/field.h:1182
#14 0x000055f8a93e5c5c in Item::val_time_packed_result (this=this@entry=0x62b000064980, thd=<optimized out>) at /data/src/10.4-bug/sql/sql_type.h:1363
#15 0x000055f8a93e5fc8 in Item_cache_time::cache_value (this=0x62b0000665d0) at /data/src/10.4-bug/include/my_pthread.h:375
#16 0x000055f8a941fa64 in Item_cache::has_value (this=0x62b0000665d0) at /data/src/10.4-bug/sql/item.h:6957
#17 Item_cache_time::val_time_packed (this=0x62b0000665d0, thd=<optimized out>) at /data/src/10.4-bug/sql/item.h:6957
#18 0x000055f8a944b88b in Arg_comparator::compare_time (this=0x62b000064bd8) at /data/src/10.4-bug/sql/item_cmpfunc.cc:714
#19 0x000055f8a9472fdb in Item_func_nullif::time_op (this=0x62b000064b08, thd=0x62b00005b208, ltime=0x7fd15beed050) at /data/src/10.4-bug/sql/item_cmpfunc.cc:2922
#20 0x000055f8a951bcd3 in Item_func_hybrid_field_type::time_op_with_null_check (ltime=0x7fd15beed050, thd=<optimized out>, this=0x62b000064b08) at /data/src/10.4-bug/sql/item_func.h:718
#21 Item_func_hybrid_field_type::val_decimal_from_time_op (this=0x62b000064b08, dec=0x7fd15beed178) at /data/src/10.4-bug/sql/item_func.cc:926
#22 0x000055f8a91353e5 in VDec::VDec (this=0x7fd15beed170, item=0x62b000064b08) at /data/src/10.4-bug/sql/sql_type.cc:195
#23 0x000055f8a9512349 in VDec2_lazy::VDec2_lazy (b=0x62b000064d98, a=<optimized out>, this=0x7fd15beed170) at /data/src/10.4-bug/sql/sql_type.h:288
#24 Item_func_minus::decimal_op (this=0x62b000064eb0, decimal_value=0x7fd15beed308) at /data/src/10.4-bug/sql/item_func.cc:1321
#25 0x000055f8a9135c85 in VDec_op::VDec_op (this=0x7fd15beed300, item=0x62b000064eb0) at /data/src/10.4-bug/sql/sql_type.cc:202
#26 0x000055f8a9135d7b in Type_handler_decimal_result::Item_func_hybrid_field_type_val_str (this=<optimized out>, item=0x62b000064eb0, str=0x62b000067fd8) at /data/src/10.4-bug/sql/sql_type.cc:4752
#27 0x000055f8a93d16ec in Item_copy_string::copy (this=0x62b000067fa8) at /data/src/10.4-bug/sql/item.cc:4876
#28 0x000055f8a8da1880 in copy_fields (param=param@entry=0x62b000065b28) at /data/src/10.4-bug/sql/sql_select.cc:25092
#29 0x000055f8a8dbc61c in end_send_group (join=join@entry=0x62b000065930, join_tab=join_tab@entry=0x0, end_of_records=end_of_records@entry=false) at /data/src/10.4-bug/sql/sql_select.cc:21799
#30 0x000055f8a8df54ea in do_select (procedure=<optimized out>, join=0x62b000065930) at /data/src/10.4-bug/sql/sql_select.cc:19901
#31 JOIN::exec_inner (this=0x62b000065930) at /data/src/10.4-bug/sql/sql_select.cc:4487
#32 0x000055f8a8df5e82 in JOIN::exec (this=this@entry=0x62b000065930) at /data/src/10.4-bug/sql/sql_select.cc:4269
#33 0x000055f8a8dee132 in mysql_select (thd=0x62b00005b208, tables=0x62b000063ff0, wild_num=0, fields=..., conds=0x0, og_num=<optimized out>, order=0x0, group=0x62b000064f88, having=0x0, proc_param=0x0, select_options=2147748609, result=0x62b000065900, unit=0x62b00005ef78, select_lex=0x62b0000625c0) at /data/src/10.4-bug/sql/sql_select.cc:4704
#34 0x000055f8a8df0b66 in handle_select (thd=thd@entry=0x62b00005b208, lex=lex@entry=0x62b00005eeb8, result=result@entry=0x62b000065900, setup_tables_done_option=setup_tables_done_option@entry=0) at /data/src/10.4-bug/sql/sql_select.cc:410
#35 0x000055f8a8c599bd in execute_sqlcom_select (thd=0x62b00005b208, all_tables=<optimized out>) at /data/src/10.4-bug/sql/sql_parse.cc:6418
#36 0x000055f8a8c88460 in mysql_execute_command (thd=0x62b00005b208) at /data/src/10.4-bug/sql/sql_parse.cc:3937
#37 0x000055f8a8c92c2d in mysql_parse (thd=thd@entry=0x62b00005b208, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7fd15bef20e0, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.4-bug/sql/sql_parse.cc:7959
#38 0x000055f8a8c9b9f2 in dispatch_command (command=COM_QUERY, thd=0x62b00005b208, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.4-bug/sql/sql_class.h:1170
#39 0x000055f8a8ca13b6 in do_command (thd=0x62b00005b208) at /data/src/10.4-bug/sql/sql_parse.cc:1373
#40 0x000055f8a8ff5313 in do_handle_one_connection (connect=connect@entry=0x608000000e28) at /data/src/10.4-bug/sql/sql_connect.cc:1412
#41 0x000055f8a8ff5841 in handle_one_connection (arg=arg@entry=0x608000000e28) at /data/src/10.4-bug/sql/sql_connect.cc:1316
#42 0x000055f8aa3c31e8 in pfs_spawn_thread (arg=0x615000003f08) at /data/src/10.4-bug/storage/perfschema/pfs.cc:1869
#43 0x00007fd165d5d609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#44 0x00007fd1655c6293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Attachments

Issue Links

relates to

MDEV-21639 DEFAULT(col) evaluates to a bad value in WHERE clause

Closed

MDEV-22703 DEFAULT() on a BLOB column can overwrite the default record, which can cause crashes when accessing already released memory

Closed

MDEV-24942 Server crashes in _ma_rec_pack / _ma_write_blob_record with DEFAULT() on BLOB

Closed

MDEV-25627 Unexpected warning ER_TRUNCATED_WRONG_VALUE or server crash in get_prefix upon using DEFAULT() on blob

Open

Activity

People

Assignee:: Michael Widenius

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2021-02-23 17:05

Updated:: 2021-12-29 10:54

Resolved:: 2021-03-02 11:02

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.