Details
Description
create table tb1 ( col1 int unique,col2 int unique); |
insert into tb1 (col1,col2) values (100,200); |
update tb1 set col1= case 11 when 0 then 'x' when 'x' then 'x' end order by col1,(select 2555555555.5555555555 union select 0 union select -1),col2 desc,col2,col1; |
ERROR 2013 (HY000): Lost connection to MySQL server during query |
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __pthread_kill (threadid=<optimized out>, signo=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
56 ../sysdeps/unix/sysv/linux/pthread_kill.c: 没有那个文件或目录.
|
[Current thread is 1 (Thread 0x7ff1fc236700 (LWP 30208))]
|
(gdb) bt
|
#0 __pthread_kill (threadid=<optimized out>, signo=11) at ../sysdeps/unix/sysv/linux/pthread_kill.c:56
|
#1 0x0000557666840dc8 in handle_fatal_signal ()
|
#2 <signal handler called>
|
#3 0x000055766693773f in my_decimal2binary(unsigned int, my_decimal const*, unsigned char*, int, int) ()
|
#4 0x000055766683da7b in Type_handler_decimal_result::make_sort_key(unsigned char*, Item*, SORT_FIELD_ATTR const*, Sort_param*) const ()
|
#5 0x000055766683cd65 in ?? ()
|
#6 0x000055766683fc9f in filesort(THD*, TABLE*, Filesort*, Filesort_tracker*, JOIN*, unsigned long long) ()
|
#7 0x000055766670938f in mysql_update(THD*, TABLE_LIST*, List<Item>&, List<Item>&, Item*, unsigned int, st_order*, unsigned long long, bool, unsigned long long*, unsigned long long*) ()
|
#8 0x0000557666664e31 in mysql_execute_command(THD*) ()
|
#9 0x000055766666aca9 in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) ()
|
#10 0x000055766666cb45 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) ()
|
#11 0x000055766666e342 in do_command(THD*) ()
|
#12 0x0000557666745ad6 in do_handle_one_connection(CONNECT*) ()
|
#13 0x0000557666745c4d in handle_one_connection ()
|
#14 0x00007ff206f06fa3 in start_thread (arg=<optimized out>) at pthread_create.c:486
|
#15 0x00007ff20698e60f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
Attachments
Issue Links
- duplicates
-
MDEV-25994 Crash with union of my_decimal type in ORDER BY clause
-
- Closed
-
- relates to
-
MDEV-23850 Server crash with SIGFPE in decimal2bin, ASAN global-buffer-overflow in decimal_bin_size, assertion `scale <= precision'
-
- Closed
-
Incorporating the following patches can solve this problem
From 04dac63d71302e4f7140202732f395aa328ce986 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Wed, 27 Oct 2021 17:55:45 +0800
Subject: [PATCH] case2
---
sql/my_decimal.cc | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sql/my_decimal.cc b/sql/my_decimal.cc
index 338f78d8..c6a3f2d1 100644
--- a/sql/my_decimal.cc
+++ b/sql/my_decimal.cc
@@ -204,6 +204,10 @@ int my_decimal2binary(uint mask, const my_decimal *d, uchar *bin, int prec,
{
int err1= E_DEC_OK, err2;
my_decimal rounded;
+ if ((void*)0 == d)
+ {
+ return check_result(mask, E_DEC_TRUNCATED);
+ }
my_decimal2decimal(d, &rounded);
rounded.frac= decimal_actual_fraction(&rounded);
if (scale < rounded.frac)
--
2.27.0