[MDEV-25206] Crash with CREATE VIEW .. SELECT with non-existing field in ON condition - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.4(EOL), 10.5, 10.6
Fix Version/s: 10.4.19, 10.5.10
Component/s: Optimizer, Views
Labels:
- regression

Description

CREATE TABLE t1 (a INT);

INSERT INTO t1 VALUES (1),(2); # Optional, fails either way

CREATE TABLE t2 (b INT);

INSERT INTO t2 VALUES (3),(4); # Optional, fails either way

CREATE VIEW v AS SELECT * FROM t1 JOIN t2 ON t1.x > t2.b;

10.4 44d70c01f
#3 <signal handler called>
#4 0x000055d25f7a578a in Item_field::fix_outer_field (this=0x7f2fdc0163d0, thd=0x7f2fdc000d90, from_field=0x7f2ff34edff0, reference=0x7f2fdc016690) at /data/src/10.4-bug/sql/item.cc:5447
#5 0x000055d25f7a7d2f in Item_field::fix_fields (this=0x7f2fdc0163d0, thd=0x7f2fdc000d90, reference=0x7f2fdc016690) at /data/src/10.4-bug/sql/item.cc:5861
#6 0x000055d25eeb2e05 in Item::fix_fields_if_needed (this=0x7f2fdc0163d0, thd=0x7f2fdc000d90, ref=0x7f2fdc016690) at /data/src/10.4-bug/sql/item.h:964
#7 0x000055d25f853037 in Item_func::fix_fields (this=0x7f2fdc016600, thd=0x7f2fdc000d90, ref=0x7f2fdc015cc8) at /data/src/10.4-bug/sql/item_func.cc:352
#8 0x000055d25eeb2e05 in Item::fix_fields_if_needed (this=0x7f2fdc016600, thd=0x7f2fdc000d90, ref=0x7f2fdc015cc8) at /data/src/10.4-bug/sql/item.h:964
#9 0x000055d25eeb2e65 in Item::fix_fields_if_needed_for_scalar (this=0x7f2fdc016600, thd=0x7f2fdc000d90, ref=0x7f2fdc015cc8) at /data/src/10.4-bug/sql/item.h:968
#10 0x000055d25efba9d3 in Item::fix_fields_if_needed_for_bool (this=0x7f2fdc016600, thd=0x7f2fdc000d90, ref=0x7f2fdc015cc8) at /data/src/10.4-bug/sql/item.h:972
#11 0x000055d25efb2a22 in setup_on_expr (thd=0x7f2fdc000d90, table=0x7f2fdc015c68, is_update=false) at /data/src/10.4-bug/sql/sql_base.cc:8343
#12 0x000055d25efb3450 in setup_conds (thd=0x7f2fdc000d90, tables=0x7f2fdc015568, leaves=..., conds=0x7f2fdc017e10) at /data/src/10.4-bug/sql/sql_base.cc:8460
#13 0x000055d25f15fb8f in setup_without_group (thd=0x7f2fdc000d90, ref_pointer_array=..., tables=0x7f2fdc015568, leaves=..., fields=..., all_fields=..., conds=0x7f2fdc017e10, order=0x0, group=0x0, win_specs=..., win_funcs=..., hidden_group_fields=0x7f2fdc017cef, reserved=0x7f2fdc01528c) at /data/src/10.4-bug/sql/sql_select.cc:689
#14 0x000055d25f164fa0 in JOIN::prepare (this=0x7f2fdc017a08, tables_init=0x7f2fdc015568, wild_num=1, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f2fdc014f88, unit_arg=0x7f2fdc004cc8) at /data/src/10.4-bug/sql/sql_select.cc:1243
#15 0x000055d25f2d256a in st_select_lex_unit::prepare_join (this=0x7f2fdc004cc8, thd_arg=0x7f2fdc000d90, sl=0x7f2fdc014f88, tmp_result=0x0, additional_options=0, is_union_select=false) at /data/src/10.4-bug/sql/sql_union.cc:646
#16 0x000055d25f2d5056 in st_select_lex_unit::prepare (this=0x7f2fdc004cc8, derived_arg=0x0, sel_result=0x0, additional_options=0) at /data/src/10.4-bug/sql/sql_union.cc:993
#17 0x000055d25f2f6f4f in mysql_create_view (thd=0x7f2fdc000d90, views=0x7f2fdc0148c0, mode=VIEW_CREATE_NEW) at /data/src/10.4-bug/sql/sql_view.cc:534
#18 0x000055d25f0e8745 in mysql_execute_command (thd=0x7f2fdc000d90) at /data/src/10.4-bug/sql/sql_parse.cc:6001
#19 0x000055d25f0f452c in mysql_parse (thd=0x7f2fdc000d90, rawbuf=0x7f2fdc014788 "CREATE VIEW v AS SELECT * FROM t1 JOIN t2 ON t1.x > t2.b", length=56, parser_state=0x7f2ff34ef550, is_com_multi=false, is_next_command=false) at /data/src/10.4-bug/sql/sql_parse.cc:7989
#20 0x000055d25f0ca38e in dispatch_command (command=COM_QUERY, thd=0x7f2fdc000d90, packet=0x7f2fdc00abe1 "CREATE VIEW v AS SELECT * FROM t1 JOIN t2 ON t1.x > t2.b", packet_length=56, is_com_multi=false, is_next_command=false) at /data/src/10.4-bug/sql/sql_parse.cc:1855
#21 0x000055d25f0c7246 in do_command (thd=0x7f2fdc000d90) at /data/src/10.4-bug/sql/sql_parse.cc:1373
#22 0x000055d25f3b9466 in do_handle_one_connection (connect=0x55d264d62900) at /data/src/10.4-bug/sql/sql_connect.cc:1412
#23 0x000055d25f3b8dd7 in handle_one_connection (arg=0x55d264d62900) at /data/src/10.4-bug/sql/sql_connect.cc:1316
#24 0x000055d2606949bb in pfs_spawn_thread (arg=0x55d264d3b700) at /data/src/10.4-bug/storage/perfschema/pfs.cc:1869
#25 0x00007f2ffdda6609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#26 0x00007f2ffd611293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Reproducible with at least MyISAM and InnoDB.

The failure appeared in 10.4 branch after this merge:

commit 44d70c01f0aef419bc1325f0cba6a46085042646 (HEAD)

Merge: 126725421e5 867724fd304

Author: Marko Mäkelä

Date:   Fri Mar 19 11:42:44 2021 +0200

    Merge 10.3 into 10.4

But it's not reproducible on 10.3 with the provided test case, so I can't say which commit from the merge caused it (or whether it was a result of a bad merge).

Attachments

Issue Links

relates to

MDEV-26214 INSERT from SELECT crashes server on error missing column.

Closed

Activity

People

Assignee:: Igor Babaev

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2021-03-19 18:38

Updated:: 2022-05-21 00:11

Resolved:: 2021-03-22 02:32

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.