Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-25346

Server crashes in Item_field::fix_outer_field upon subquery with unknown column

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Cannot Reproduce
    • 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5
    • N/A
    • Optimizer
    • None

    Description

      Note: The test case doesn't involve JSON tables, but this is a regression to a general use case introduced by changes made in the scope of JSON_TABLE task in the development tree, hence the relation and the "Blocker" status.

      CREATE TABLE t1 (a INT);
      		 
      INSERT INTO t1 VALUES (1),(2); # Optional, fails either way
      		 
      CREATE TABLE t2 (b INT);
      		 
      INSERT INTO t2 VALUES (1),(2); # Optional, fails either way
      		 
       
      		 
      SELECT * FROM ( SELECT * FROM t1 JOIN t2 ON (b IN(SELECT x FROM (SELECT 1 AS c) AS sq1))) AS sq2;
      		 
       
      		 
      DROP TABLE t1, t2;

      bb-10.6-mdev17399-hf 160bd1691b

      		 
      #3  <signal handler called>
      		 
      #4  0x00005638f79e5c13 in Item_field::fix_outer_field (this=0x62b00003a520, thd=0x62b000069288, from_field=0x7fd5901cf740, reference=0x62b00003a670) at /data/src/bb-10.6-mdev17399-hf/sql/item.cc:5519
      		 
      #5  0x00005638f79e9788 in Item_field::fix_fields (this=0x62b00003a520, thd=0x62b000069288, reference=0x62b00003a670) at /data/src/bb-10.6-mdev17399-hf/sql/item.cc:5939
      		 
      #6  0x00005638f6eadcb3 in Item::fix_fields_if_needed (this=0x62b00003a520, thd=0x62b000069288, ref=0x62b00003a670) at /data/src/bb-10.6-mdev17399-hf/sql/item.h:995
      		 
      #7  0x00005638f6eadced in Item::fix_fields_if_needed_for_scalar (this=0x62b00003a520, thd=0x62b000069288, ref=0x62b00003a670) at /data/src/bb-10.6-mdev17399-hf/sql/item.h:999
      		 
      #8  0x00005638f6fd5137 in setup_fields (thd=0x62b000069288, ref_pointer_array=..., fields=..., column_usage=MARK_COLUMNS_READ, sum_func_list=0x62900025eb70, pre_fix=0x62b00003a1e0, allow_sum_func=true) at /data/src/bb-10.6-mdev17399-hf/sql/sql_base.cc:7671
      		 
      #9  0x00005638f7207322 in JOIN::prepare (this=0x62900025e848, tables_init=0x62b00003b488, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x62b00003a070, unit_arg=0x62b00003bb98) at /data/src/bb-10.6-mdev17399-hf/sql/sql_select.cc:1256
      		 
      #10 0x00005638f7bbedf6 in subselect_single_select_engine::prepare (this=0x62b00003c600, thd=0x62b000069288) at /data/src/bb-10.6-mdev17399-hf/sql/item_subselect.cc:3835
      		 
      #11 0x00005638f7b982c5 in Item_subselect::fix_fields (this=0x62b00003c3a8, thd_param=0x62b000069288, ref=0x62b0000397c8) at /data/src/bb-10.6-mdev17399-hf/sql/item_subselect.cc:289
      		 
      #12 0x00005638f7bbbbdd in Item_in_subselect::fix_fields (this=0x62b00003c3a8, thd_arg=0x62b000069288, ref=0x62b0000397c8) at /data/src/bb-10.6-mdev17399-hf/sql/item_subselect.cc:3497
      		 
      #13 0x00005638f6eadcb3 in Item::fix_fields_if_needed (this=0x62b00003c3a8, thd=0x62b000069288, ref=0x62b0000397c8) at /data/src/bb-10.6-mdev17399-hf/sql/item.h:995
      		 
      #14 0x00005638f6eadced in Item::fix_fields_if_needed_for_scalar (this=0x62b00003c3a8, thd=0x62b000069288, ref=0x62b0000397c8) at /data/src/bb-10.6-mdev17399-hf/sql/item.h:999
      		 
      #15 0x00005638f6fe3a47 in Item::fix_fields_if_needed_for_bool (this=0x62b00003c3a8, thd=0x62b000069288, ref=0x62b0000397c8) at /data/src/bb-10.6-mdev17399-hf/sql/item.h:1003
      		 
      #16 0x00005638f6fda309 in setup_on_expr (thd=0x62b000069288, table=0x62b000039768, is_update=false) at /data/src/bb-10.6-mdev17399-hf/sql/sql_base.cc:8307
      		 
      #17 0x00005638f6fdaec2 in setup_conds (thd=0x62b000069288, tables=0x62b000039028, leaves=..., conds=0x62900025e448) at /data/src/bb-10.6-mdev17399-hf/sql/sql_base.cc:8424
      		 
      #18 0x00005638f7200240 in setup_without_group (thd=0x62b000069288, ref_pointer_array=..., tables=0x62b000039028, leaves=..., fields=..., all_fields=..., conds=0x62900025e448, order=0x0, group=0x0, win_specs=..., win_funcs=..., hidden_group_fields=0x62900025e31f, reserved=0x62b000038cec) at /data/src/bb-10.6-mdev17399-hf/sql/sql_select.cc:698
      		 
      #19 0x00005638f720766d in JOIN::prepare (this=0x62900025e038, tables_init=0x62b000039028, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x62b0000389d8, unit_arg=0x62b00003cdf8) at /data/src/bb-10.6-mdev17399-hf/sql/sql_select.cc:1261
      		 
      #20 0x00005638f7440d35 in st_select_lex_unit::prepare_join (this=0x62b00003cdf8, thd_arg=0x62b000069288, sl=0x62b0000389d8, tmp_result=0x62b00003df58, additional_options=0, is_union_select=false) at /data/src/bb-10.6-mdev17399-hf/sql/sql_union.cc:1088
      		 
      #21 0x00005638f7444969 in st_select_lex_unit::prepare (this=0x62b00003cdf8, derived_arg=0x62b00003d660, sel_result=0x62b00003df58, additional_options=0) at /data/src/bb-10.6-mdev17399-hf/sql/sql_union.cc:1481
      		 
      #22 0x00005638f70753dc in mysql_derived_prepare (thd=0x62b000069288, lex=0x62b00006d398, derived=0x62b00003d660) at /data/src/bb-10.6-mdev17399-hf/sql/sql_derived.cc:817
      		 
      #23 0x00005638f707161e in mysql_handle_single_derived (lex=0x62b00006d398, derived=0x62b00003d660, phases=2) at /data/src/bb-10.6-mdev17399-hf/sql/sql_derived.cc:206
      		 
      #24 0x00005638f74d0489 in TABLE_LIST::handle_derived (this=0x62b00003d660, lex=0x62b00006d398, phases=2) at /data/src/bb-10.6-mdev17399-hf/sql/table.cc:9205
      		 
      #25 0x00005638f70ba388 in LEX::handle_list_of_derived (this=0x62b00006d398, table_list=0x62b00003d660, phases=2) at /data/src/bb-10.6-mdev17399-hf/sql/sql_lex.h:4431
      		 
      #26 0x00005638f70e082d in st_select_lex::handle_derived (this=0x62b0000383d8, lex=0x62b00006d398, phases=2) at /data/src/bb-10.6-mdev17399-hf/sql/sql_lex.cc:4944
      		 
      #27 0x00005638f720606a in JOIN::prepare (this=0x62900025dab8, tables_init=0x62b00003d660, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x62b0000383d8, unit_arg=0x62b00006d460) at /data/src/bb-10.6-mdev17399-hf/sql/sql_select.cc:1160
      		 
      #28 0x00005638f722d0df in mysql_select (thd=0x62b000069288, tables=0x62b00003d660, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x62b00003df28, unit=0x62b00006d460, select_lex=0x62b0000383d8) at /data/src/bb-10.6-mdev17399-hf/sql/sql_select.cc:4739
      		 
      #29 0x00005638f71fe3e0 in handle_select (thd=0x62b000069288, lex=0x62b00006d398, result=0x62b00003df28, setup_tables_done_option=0) at /data/src/bb-10.6-mdev17399-hf/sql/sql_select.cc:419
      		 
      #30 0x00005638f7167f26 in execute_sqlcom_select (thd=0x62b000069288, all_tables=0x62b00003d660) at /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:6231
      		 
      #31 0x00005638f7157208 in mysql_execute_command (thd=0x62b000069288) at /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:3927
      		 
      #32 0x00005638f71731e5 in mysql_parse (thd=0x62b000069288, rawbuf=0x62b0000382a8 "SELECT * FROM ( SELECT * FROM t1 JOIN t2 ON (b IN( SELECT x FROM (SELECT 1 AS c) AS sq1))) AS sq2", length=97, parser_state=0x7fd5901d3bb0) at /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:8006
      		 
      #33 0x00005638f7149c0c in dispatch_command (command=COM_QUERY, thd=0x62b000069288, packet=0x629000258289 "SELECT * FROM ( SELECT * FROM t1 JOIN t2 ON (b IN( SELECT x FROM (SELECT 1 AS c) AS sq1))) AS sq2", packet_length=97, blocking=true) at /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:1888
      		 
      #34 0x00005638f7146947 in do_command (thd=0x62b000069288, blocking=true) at /data/src/bb-10.6-mdev17399-hf/sql/sql_parse.cc:1399
      		 
      #35 0x00005638f75895ea in do_handle_one_connection (connect=0x61100000b388, put_in_cache=true) at /data/src/bb-10.6-mdev17399-hf/sql/sql_connect.cc:1410
      		 
      #36 0x00005638f7588f47 in handle_one_connection (arg=0x61100000b248) at /data/src/bb-10.6-mdev17399-hf/sql/sql_connect.cc:1312
      		 
      #37 0x00005638f829cdbf in pfs_spawn_thread (arg=0x616000101b08) at /data/src/bb-10.6-mdev17399-hf/storage/perfschema/pfs.cc:2201
      		 
      #38 0x00007fd5999e8609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #39 0x00007fd5995bc293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Not reproducible on 10.6 main tree, it throws ER_BAD_FIELD_ERROR ("Unknown column 'x' in 'field list'") as expected.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-26412 Server crash in Item_field::fix_outer_field for INSERT SELECT

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-25362 Incorrect name resolution for subqueries in ON expressions

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-31632 Server crashes in Item_field::fix_outer_field place= prev_subselect_item->parsing_place (prev_subselect_item=NULL)

          • Major - Major loss of function.
          • Closed

          Activity

            People

              igor Igor Babaev
              elenst Elena Stepanova
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.