Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28508

Server crash in /sql/sql_select.cc:18212: TABLE* create_tmp_table

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 10.3.35
    • N/A
    • N/A
    • ubuntu 18.04

    Description

      We found a bug that cause mariadb crash.

      POC:

      CREATE TABLE v1251 ( v1252 BOOLEAN NOT NULL ) ;
      		 
       ( ( SELECT v1252 FROM v1251 WHERE v1252 IN ( 'x' = v1252 ) ORDER BY v1252 + v1252 , v1252 + v1252 ) ) ;
      		 
       UPDATE v1251 SET v1252 = CASE v1252 WHEN v1252 THEN 'x' ELSE TRUE END WHERE v1252 = 2147483647 ;
      		 
       INSERT INTO v1251 ( v1252 ) VALUES ( 0 ) , ( 43 ) ;
      		 
       SELECT DISTINCT v1252 IN ( SELECT v1252 FROM v1251 WHERE v1252 = CASE v1252 * -2147483648 = 90 WHEN 87 THEN -1 WHEN FALSE THEN 'x' ELSE 0 END / 0 ) FROM v1251 WINDOW v1263 AS ( PARTITION BY CASE v1252 WHEN 11 THEN v1252 = CASE WHEN v1252 * ( SELECT v1252 FROM v1251 WHERE v1252 BETWEEN FALSE AND ( ( ( v1252 OR NOT v1252 ) BETWEEN ( ( ( NOT ( ( 95934338.000000 ^ 13533169.000000 AND ( 13965219.000000 ) + -1 + NULL ) * NULL ) ) ) ) AND 29501520.000000 ) ) GROUP BY ( WITH RECURSIVE v1253 ( v1254 ) AS ( SELECT v1252 FROM v1251 ) SELECT v1254 FROM ( SELECT DISTINCT ( ( NOT ( 93673169.000000 AND v1252 = 80 ) ) = 75 AND v1252 = -1 ) % 93 , ( v1252 = -1 OR v1252 > 'x' ) FROM v1251 WHERE v1252 = 2 AND ( v1252 = -1 OR v1252 = 59 OR v1252 = 34 ) ) AS v1255 NATURAL JOIN v1253 WHERE ( v1252 = 0 OR v1252 = 20 ) NOT LIKE 'x' AND NULL GROUP BY v1252 , v1254 ORDER BY v1252 DESC LIMIT 1 OFFSET 1 ) , v1252 WINDOW v1264 AS ( PARTITION BY v1252 ORDER BY ( SELECT DISTINCT -2147483648 FROM v1251 AS v1260 , v1251 AS v1261 , v1251 AS v1262 JOIN v1251 ) DESC RANGE BETWEEN 19177764.000000 FOLLOWING AND FALSE FOLLOWING ) ) ^ v1252 THEN 'x' ELSE v1252 END / 127 ELSE 2147483647 END != 5 ORDER BY ( ( v1252 OR NOT v1252 ) BETWEEN ( 73 = v1252 ) AND TRUE ) ) ;

      Stack dump is in the attachment.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28515 Assertion `field->table == table' failed in Create_tmp_table::finalize and create_tmp_table and SIGSEGV in hp_rec_hashnr

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28501 SIGSEGV in update_depend_map_for_order on SELECT, UBSAN: runtime error: member access within null pointer of type 'struct JOIN_TAB'

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            There are no comments yet on this issue.

            People

              Unassigned Unassigned
              nobody Shihao Wen
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.