Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL), 11.4, 11.8
Description
CREATE FUNCTION f() RETURNS INT RETURN(SELECT c FROM JSON_TABLE('{}', '$' COLUMNS(c FOR ORDINALITY)) AS jt); |
SHOW FUNCTION CODE f; |
|
|
# Cleanup
|
DROP FUNCTION f; |
|
10.6 71e1ddda |
#3 <signal handler called>
|
#4 Table_function_json_table::print (this=0x7fcc900fa6a0, thd=0x7fcc90000db8, sql_table=0x7fcc900fb088, str=0x7fcca2b884a0, query_type=QT_ITEM_ORIGINAL_FUNC_NULLIF) at /data/src/10.6/sql/json_table.cc:1239
|
#5 0x000055bfc8d8f0a7 in TABLE_LIST::print (this=0x7fcc900fb088, thd=0x7fcc90000db8, eliminated_tables=0, str=0x7fcca2b884a0, query_type=QT_ITEM_ORIGINAL_FUNC_NULLIF) at /data/src/10.6/sql/sql_select.cc:27976
|
#6 0x000055bfc8d8e426 in print_table_array (thd=0x7fcc90000db8, eliminated_tables=0, str=0x7fcca2b884a0, table=0x7fcc90015a60, end=0x7fcc90015a68, query_type=QT_ITEM_ORIGINAL_FUNC_NULLIF) at /data/src/10.6/sql/sql_select.cc:27701
|
#7 0x000055bfc8d8eb25 in print_join (thd=0x7fcc90000db8, eliminated_tables=0, str=0x7fcca2b884a0, tables=0x7fcc901a0eb8, query_type=QT_ITEM_ORIGINAL_FUNC_NULLIF) at /data/src/10.6/sql/sql_select.cc:27857
|
#8 0x000055bfc8d8fb30 in st_select_lex::print (this=0x7fcc901a0d00, thd=0x7fcc90000db8, str=0x7fcca2b884a0, query_type=QT_ITEM_ORIGINAL_FUNC_NULLIF) at /data/src/10.6/sql/sql_select.cc:28164
|
#9 0x000055bfc91766a6 in subselect_single_select_engine::print (this=0x7fcc901a1b48, str=0x7fcca2b884a0, query_type=QT_ITEM_ORIGINAL_FUNC_NULLIF) at /data/src/10.6/sql/item_subselect.cc:4609
|
#10 0x000055bfc916899f in Item_subselect::print (this=0x7fcc901a19c0, str=0x7fcca2b884a0, query_type=QT_ITEM_ORIGINAL_FUNC_NULLIF) at /data/src/10.6/sql/item_subselect.cc:1114
|
#11 0x000055bfc8bf96e6 in sp_instr_freturn::print (this=0x7fcc901a1b88, str=0x7fcca2b884a0) at /data/src/10.6/sql/sp_head.cc:4212
|
#12 0x000055bfc8bf6f8c in sp_head::show_routine_code (this=0x7fcc9019fd40, thd=0x7fcc90000db8) at /data/src/10.6/sql/sp_head.cc:3393
|
#13 0x000055bfc8cfd5a0 in mysql_execute_command (thd=0x7fcc90000db8) at /data/src/10.6/sql/sql_parse.cc:5757
|
#14 0x000055bfc8d043ea in mysql_parse (thd=0x7fcc90000db8, rawbuf=0x7fcc900155b0 "SHOW FUNCTION CODE f", length=20, parser_state=0x7fcca2b89490) at /data/src/10.6/sql/sql_parse.cc:8019
|
#15 0x000055bfc8cf084e in dispatch_command (command=COM_QUERY, thd=0x7fcc90000db8, packet=0x7fcc9000b869 "", packet_length=20, blocking=true) at /data/src/10.6/sql/sql_parse.cc:1897
|
#16 0x000055bfc8cef1f3 in do_command (thd=0x7fcc90000db8, blocking=true) at /data/src/10.6/sql/sql_parse.cc:1406
|
#17 0x000055bfc8eab8ca in do_handle_one_connection (connect=0x55bfcbe3fd08, put_in_cache=true) at /data/src/10.6/sql/sql_connect.cc:1410
|
#18 0x000055bfc8eab626 in handle_one_connection (arg=0x55bfcbe3d068) at /data/src/10.6/sql/sql_connect.cc:1312
|
#19 0x000055bfc9416ae7 in pfs_spawn_thread (arg=0x55bfcbe3f858) at /data/src/10.6/storage/perfschema/pfs.cc:2201
|
#20 0x00007fcca8846609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
#21 0x00007fcca841a293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
The test case is not applicable to non-debug build due to the use of SHOW FUNCTION CODE and to earlier versions due to the use of JSON_TABLE.
Attachments
Issue Links
- relates to
-
-
- Confirmed
-
Activity
I ran into this particular one also, with a very similar looking testcase. This issue is 10.6+ only. Very lightly sporadic.
CREATE VIEW v AS SELECT * FROM JSON_TABLE ('[]','$' COLUMNS (c INT EXISTS PATH '$')) AS d; |
PREPARE p FROM 'SHOW CREATE VIEW v'; |
DROP VIEW v; |
EXECUTE p; |
Leads to:
|
11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Debug) |
Core was generated by `/test/MD070423-mariadb-11.1.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
|
Program terminated with signal SIGSEGV, Segmentation fault.
|
#0 0x00005556dfff5dac in Table_function_json_table::print (
|
this=0x1480a4021b10, thd=0x1480a4000d58,
|
sql_table=sql_table@entry=0x1480a4022b20, str=0x1481436e9600,
|
query_type=132) at /test/11.1_dbg/sql/json_table.cc:1317
|
[Current thread is 1 (Thread 0x1481436ec640 (LWP 3355628))]
|
(gdb) bt
|
#0 0x00005556dfff5dac in Table_function_json_table::print (this=0x1480a4021b10, thd=0x1480a4000d58, sql_table=sql_table@entry=0x1480a4022b20, str=0x1481436e9600, query_type=132) at /test/11.1_dbg/sql/json_table.cc:1317
|
#1 0x00005556dfe3cf11 in TABLE_LIST::print (this=0x1480a4022b20, thd=thd@entry=0x1480a4000d58, eliminated_tables=eliminated_tables@entry=0, str=str@entry=0x1481436e9600, query_type=query_type@entry=132) at /test/11.1_dbg/sql/sql_select.cc:30133
|
#2 0x00005556dfe3d556 in print_table_array (query_type=132, end=0x1480a4013200, table=0x1480a40131f8, str=0x1481436e9600, eliminated_tables=0, thd=0x1480a4000d58) at /test/11.1_dbg/sql/sql_select.cc:29858
|
#3 print_join (thd=thd@entry=0x1480a4000d58, eliminated_tables=0, str=str@entry=0x1481436e9600, tables=0x1480a40215c0, query_type=query_type@entry=132) at /test/11.1_dbg/sql/sql_select.cc:30014
|
#4 0x00005556dfe3decd in st_select_lex::print (this=this@entry=0x1480a4021400, thd=0x1480a4000d58, str=str@entry=0x1481436e9600, query_type=query_type@entry=132) at /test/11.1_dbg/sql/sql_select.cc:30340
|
#5 0x00005556dfd8c57c in st_select_lex_unit::print (this=0x1480a401f810, str=str@entry=0x1481436e9600, query_type=query_type@entry=132) at /test/11.1_dbg/sql/sql_lex.cc:3671
|
#6 0x00005556dfe63780 in show_create_view (buff=0x1481436e9600, table=0x1480a401ee78, thd=0x1480a4000d58) at /test/11.1_dbg/sql/sql_show.cc:2661
|
#7 mysqld_show_create_get_fields (thd=thd@entry=0x1480a4000d58, table_list=<optimized out>, table_list@entry=0x1480a401ee78, field_list=field_list@entry=0x1481436e95e0, buffer=buffer@entry=0x1481436e9600) at /test/11.1_dbg/sql/sql_show.cc:1251
|
#8 0x00005556dfe64746 in mysqld_show_create (thd=thd@entry=0x1480a4000d58, table_list=table_list@entry=0x1480a401ee78) at /test/11.1_dbg/sql/sql_show.cc:1328
|
#9 0x00005556dfdbd9fc in mysql_execute_command (thd=0x1480a4000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=true) at /test/11.1_dbg/sql/sql_parse.cc:4369
|
#10 0x00005556dfde8eb8 in Prepared_statement::execute (this=this@entry=0x1480a4019248, expanded_query=expanded_query@entry=0x1481436eac90, open_cursor=open_cursor@entry=false) at /test/11.1_dbg/sql/sql_prepare.cc:4992
|
#11 0x00005556dfde9254 in Prepared_statement::execute_loop (this=this@entry=0x1480a4019248, expanded_query=expanded_query@entry=0x1481436eac90, open_cursor=open_cursor@entry=false, packet=packet@entry=0x0, packet_end=packet_end@entry=0x0) at /test/11.1_dbg/sql/sql_prepare.cc:4415
|
#12 0x00005556dfde9891 in mysql_sql_stmt_execute (thd=thd@entry=0x1480a4000d58) at /test/11.1_dbg/sql/sql_prepare.cc:3456
|
#13 0x00005556dfdbc9d1 in mysql_execute_command (thd=thd@entry=0x1480a4000d58, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.1_dbg/sql/sql_parse.cc:3960
|
#14 0x00005556dfdc2f05 in mysql_parse (thd=thd@entry=0x1480a4000d58, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1481436eb230) at /test/11.1_dbg/sql/sql_parse.cc:7760
|
#15 0x00005556dfdc5099 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1480a4000d58, packet=packet@entry=0x1480a400ae49 "EXECUTE p", packet_length=packet_length@entry=9, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_class.h:242
|
#16 0x00005556dfdc6ef5 in do_command (thd=0x1480a4000d58, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_parse.cc:1405
|
#17 0x00005556dff18cfc in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5556e3109188, put_in_cache=put_in_cache@entry=true) at /test/11.1_dbg/sql/sql_connect.cc:1416
|
#18 0x00005556dff18f5b in handle_one_connection (arg=0x5556e3109188) at /test/11.1_dbg/sql/sql_connect.cc:1318
|
#19 0x0000148166aadb43 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
|
#20 0x0000148166b3fa00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
|
Bug confirmed present in:
MariaDB: 10.6.13 (dbg), 10.6.13 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.3 (dbg), 10.11.3 (opt), 11.0.2 (dbg), 11.0.2 (opt), 11.1.0 (dbg), 11.1.0 (opt), 11.2.0 (dbg), 11.2.0 (opt)
Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.40 (dbg), 5.7.40 (opt), 8.0.31 (dbg), 8.0.31 (opt)
UBSAN: member access within null pointer:
|
11.0.2 8e55d7ea4a2f94ae3f38fdd8785778612d4b1203 (Optimized, UBASAN) |
2023-04-27 12:34:20 0 [Note] /test/UBASAN_MD070423-mariadb-11.0.2-linux-x86_64-opt/bin/mariadbd: ready for connections.
|
Version: '11.0.2-MariaDB' socket: '/test/UBASAN_MD070423-mariadb-11.0.2-linux-x86_64-opt/socket.sock' port: 11181 MariaDB Server
|
/test/11.0_opt_san/sql/json_table.cc:1317:37: runtime error: member access within null pointer of type 'struct TABLE'
|
#0 0x5642fafff515 in Table_function_json_table::print(THD*, TABLE_LIST*, String*, enum_query_type) /test/11.0_opt_san/sql/json_table.cc:1317
|
#1 0x5642fa3dd917 in TABLE_LIST::print(THD*, unsigned long long, String*, enum_query_type) /test/11.0_opt_san/sql/sql_select.cc:30132
|
#2 0x5642fa3e203a in print_table_array /test/11.0_opt_san/sql/sql_select.cc:29857
|
#3 0x5642fa3e203a in print_join /test/11.0_opt_san/sql/sql_select.cc:30013
|
#4 0x5642fa3e46d7 in st_select_lex::print(THD*, String*, enum_query_type) /test/11.0_opt_san/sql/sql_select.cc:30339
|
#5 0x5642f9ec5663 in st_select_lex_unit::print(String*, enum_query_type) /test/11.0_opt_san/sql/sql_lex.cc:3694
|
#6 0x5642fa4e4978 in show_create_view /test/11.0_opt_san/sql/sql_show.cc:2661
|
#7 0x5642fa4e4978 in mysqld_show_create_get_fields(THD*, TABLE_LIST*, List<Item>*, String*) /test/11.0_opt_san/sql/sql_show.cc:1251
|
#8 0x5642fa4e7b45 in mysqld_show_create(THD*, TABLE_LIST*) /test/11.0_opt_san/sql/sql_show.cc:1328
|
#9 0x5642fa06dc71 in mysql_execute_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:4374
|
#10 0x5642fa1772b7 in Prepared_statement::execute(String*, bool) /test/11.0_opt_san/sql/sql_prepare.cc:5223
|
#11 0x5642fa179b85 in Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) /test/11.0_opt_san/sql/sql_prepare.cc:4646
|
#12 0x5642fa17bce4 in mysql_sql_stmt_execute(THD*) /test/11.0_opt_san/sql/sql_prepare.cc:3690
|
#13 0x5642fa06db2c in mysql_execute_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:3965
|
#14 0x5642fa081b02 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/11.0_opt_san/sql/sql_parse.cc:7999
|
#15 0x5642fa090445 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/11.0_opt_san/sql/sql_parse.cc:1894
|
#16 0x5642fa098d58 in do_command(THD*, bool) /test/11.0_opt_san/sql/sql_parse.cc:1407
|
#17 0x5642fa999f7c in do_handle_one_connection(CONNECT*, bool) /test/11.0_opt_san/sql/sql_connect.cc:1416
|
#18 0x5642fa99c57c in handle_one_connection /test/11.0_opt_san/sql/sql_connect.cc:1318
|
#19 0x14f503320b42 in start_thread nptl/pthread_create.c:442
|
#20 0x14f5033b29ff (/lib/x86_64-linux-gnu/libc.so.6+0x1269ff)
|
|
|
230427 12:34:35 [ERROR] mysqld got signal 11 ;
|
JSON_TABLE is available as of 10.6+ so this is not a regression https://mariadb.com/kb/en/json_table/
Probably a duplicate of MDEV-23208.