Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28510

SIGSEGV in get_sort_by_table and SIGSEGV in subquery_types_allow_materialization

    XMLWordPrintable

Details

    Description

      Original testcase (reduced version in comments below):

      CREATE TABLE v1071 ( v1072 BOOLEAN NOT NULL ) ;
       ( ( SELECT v1072 FROM v1071 ORDER BY v1072 + v1072 , v1072 + v1072 ) ) ;
       UPDATE v1071 SET v1072 = 'x' WHERE v1072 = CASE WHEN v1072 * ( SELECT 0 FROM v1071 AS v1073 WHERE v1072 BETWEEN 70743860.000000 AND 22 WINDOW v1086 AS ( PARTITION BY v1072 ORDER BY ( SELECT DISTINCT 0 FROM ( SELECT v1072 FROM ( SELECT DISTINCT ( ( NOT ( 87472356.000000 AND v1072 = 0 ) ) = 49 AND v1072 = 30 ) % 0 , ( v1072 = 255 OR v1072 > 'x' ) FROM v1071 WHERE v1072 = 46 AND ( v1072 = 10 OR v1072 = 80 OR v1072 = -1 ) ) AS v1074 NATURAL JOIN v1071 WHERE ( v1072 = 127 OR v1072 = 16 ) NOT LIKE 'x' AND CASE v1072 * 8 = 0 WHEN 2147483647 THEN 'x' WHEN -128 THEN 'x' ELSE 8 END != 4 GROUP BY v1072 , 71777162.000000 / 91619124.000000 WINDOW v1087 AS ( PARTITION BY v1072 ORDER BY ( SELECT DISTINCT 76 FROM v1071 AS v1083 , v1071 AS v1084 , v1071 AS v1085 , v1071 ) DESC RANGE BETWEEN 66948404.000000 FOLLOWING AND 67858344.000000 FOLLOWING ) ) AS v1079 NATURAL JOIN v1071 AS v1080 , v1071 AS v1081 , v1071 AS v1082 JOIN v1071 ) DESC RANGE BETWEEN 26683913.000000 FOLLOWING AND 30593825.000000 FOLLOWING ) ) ^ v1072 THEN 'x' ELSE v1072 END / 16 ;
       INSERT INTO v1071 ( v1072 ) VALUES ( 86 ) , ( -32768 ) ;
       SELECT STDDEV_SAMP ( v1072 ) OVER v1088 , STDDEV_SAMP ( v1072 ) OVER v1088 FROM v1071 WINDOW v1088 AS ( PARTITION BY v1072 ORDER BY v1072 DESC ) ;
      

      Leads to:

      10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Optimized)

      Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  get_sort_by_table (const_tables=0, tables=..., b=<optimized out>, a=0x0)
          at /test/10.9_opt/sql/sql_select.cc:25516
      [Current thread is 1 (Thread 0x14c418129700 (LWP 3725953))]
      (gdb) bt
      #0  get_sort_by_table (const_tables=0, tables=@0x14c374011cb0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c37406ea28, last = 0x14c37406ea28, elements = 1}, <No data fields>}, b=<optimized out>, a=0x0) at /test/10.9_opt/sql/sql_select.cc:25516
      #1  make_join_statistics (keyuse_array=0x14c37406e790, tables_list=@0x14c374011cb0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14c37406ea28, last = 0x14c37406ea28, elements = 1}, <No data fields>}, join=0x14c37406e470) at /test/10.9_opt/sql/sql_select.cc:5643
      #2  JOIN::optimize_inner (this=0x14c37406e470) at /test/10.9_opt/sql/sql_select.cc:2495
      #3  0x0000562a257cc6d3 in JOIN::optimize (this=this@entry=0x14c37406e470) at /test/10.9_opt/sql/sql_select.cc:1837
      #4  0x0000562a25730464 in st_select_lex::optimize_unflattened_subqueries (this=0x14c3740054b0, const_only=const_only@entry=true) at /test/10.9_opt/sql/sql_lex.cc:4916
      #5  0x0000562a258b2455 in JOIN::optimize_constant_subqueries (this=this@entry=0x14c37406d238) at /test/10.9_opt/sql/opt_subselect.cc:5622
      #6  0x0000562a257c8f67 in JOIN::optimize_inner (this=0x14c37406d238) at /test/10.9_opt/sql/sql_select.cc:2157
      #7  0x0000562a257cc6d3 in JOIN::optimize (this=this@entry=0x14c37406d238) at /test/10.9_opt/sql/sql_select.cc:1837
      #8  0x0000562a257cc7be in mysql_select (thd=thd@entry=0x14c374000c58, tables=tables@entry=0x14c374010fa0, fields=@0x14c418127ec0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x562a267d16d0 <end_of_list>, last = 0x14c418127ec0, elements = 0}, <No data fields>}, conds=conds@entry=0x14c374053f20, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14c37406d128, unit=0x14c374004cb8, select_lex=0x14c3740054b0) at /test/10.9_opt/sql/sql_select.cc:5022
      #9  0x0000562a2582ce05 in mysql_multi_update (thd=thd@entry=0x14c374000c58, table_list=0x14c374010fa0, fields=fields@entry=0x14c374005750, values=values@entry=0x14c374005b80, conds=0x14c374053f20, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14c374004cb8, select_lex=0x14c3740054b0, result=0x14c4181280b0) at /test/10.9_opt/sql/sql_update.cc:1969
      #10 0x0000562a2575cda1 in mysql_execute_command (thd=0x14c374000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:4504
      #11 0x0000562a2574ba55 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14c374000c58) at /test/10.9_opt/sql/sql_parse.cc:8046
      #12 mysql_parse (thd=0x14c374000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:7968
      #13 0x0000562a2575771a in dispatch_command (command=COM_QUERY, thd=0x14c374000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.9_opt/sql/sql_class.h:1364
      #14 0x0000562a25759642 in do_command (thd=0x14c374000c58, blocking=blocking@entry=true) at /test/10.9_opt/sql/sql_parse.cc:1408
      #15 0x0000562a2586e5bf in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562a28fe5d38, put_in_cache=put_in_cache@entry=true) at /test/10.9_opt/sql/sql_connect.cc:1418
      #16 0x0000562a2586e89d in handle_one_connection (arg=0x562a28fe5d38) at /test/10.9_opt/sql/sql_connect.cc:1312
      #17 0x000014c43d5d0609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #18 0x000014c43d1bc133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      10.9.0 0b14dbd45b5a1c02616d611876158d44b92b77bf (Debug)

      Core was generated by `/test/MD030522-mariadb-10.9.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core-'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  get_sort_by_table (const_tables=<optimized out>, tables=..., 
          b=<optimized out>, a=0x0) at /test/10.9_dbg/sql/sql_select.cc:25516
      [Current thread is 1 (Thread 0x15000412d700 (LWP 3726887))]
      (gdb) bt
      #0  get_sort_by_table (const_tables=<optimized out>, tables=@0x14ff880151d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14ff88097750, last = 0x14ff88097750, elements = 1}, <No data fields>}, b=<optimized out>, a=0x0) at /test/10.9_dbg/sql/sql_select.cc:25516
      #1  make_join_statistics (join=join@entry=0x14ff88097198, tables_list=@0x14ff880151d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14ff88097750, last = 0x14ff88097750, elements = 1}, <No data fields>}, keyuse_array=keyuse_array@entry=0x14ff880974b8) at /test/10.9_dbg/sql/sql_select.cc:5643
      #2  0x000056217facd52c in JOIN::optimize_inner (this=this@entry=0x14ff88097198) at /test/10.9_dbg/sql/sql_select.cc:2495
      #3  0x000056217facd96c in JOIN::optimize (this=this@entry=0x14ff88097198) at /test/10.9_dbg/sql/sql_select.cc:1837
      #4  0x000056217fa12462 in st_select_lex::optimize_unflattened_subqueries (this=0x14ff880057d0, const_only=const_only@entry=true) at /test/10.9_dbg/sql/sql_lex.cc:4916
      #5  0x000056217fbfef3d in JOIN::optimize_constant_subqueries (this=this@entry=0x14ff88095f60) at /test/10.9_dbg/sql/opt_subselect.cc:5622
      #6  0x000056217facc490 in JOIN::optimize_inner (this=this@entry=0x14ff88095f60) at /test/10.9_dbg/sql/sql_select.cc:2157
      #7  0x000056217facd96c in JOIN::optimize (this=this@entry=0x14ff88095f60) at /test/10.9_dbg/sql/sql_select.cc:1837
      #8  0x000056217facda5f in mysql_select (thd=thd@entry=0x14ff88000db8, tables=tables@entry=0x14ff880144c0, fields=@0x15000412bea0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x562180f10bc0 <end_of_list>, last = 0x15000412bea0, elements = 0}, <No data fields>}, conds=conds@entry=0x14ff8807c970, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2200096997504, result=0x14ff88095e50, unit=0x14ff88004fd8, select_lex=0x14ff880057d0) at /test/10.9_dbg/sql/sql_select.cc:5022
      #9  0x000056217fb4692d in mysql_multi_update (thd=thd@entry=0x14ff88000db8, table_list=0x14ff880144c0, fields=fields@entry=0x14ff88005a70, values=values@entry=0x14ff88005ea0, conds=0x14ff8807c970, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14ff88004fd8, select_lex=0x14ff880057d0, result=0x15000412c080) at /test/10.9_dbg/sql/sql_update.cc:1969
      #10 0x000056217fa47e60 in mysql_execute_command (thd=thd@entry=0x14ff88000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.9_dbg/sql/sql_parse.cc:4504
      #11 0x000056217fa3467b in mysql_parse (thd=thd@entry=0x14ff88000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15000412c470) at /test/10.9_dbg/sql/sql_parse.cc:8046
      #12 0x000056217fa41f79 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14ff88000db8, packet=packet@entry=0x14ff8800b699 "UPDATE v1071 SET v1072 = 'x' WHERE v1072 = CASE WHEN v1072 * ( SELECT 0 FROM v1071 AS v1073 WHERE v1072 BETWEEN 70743860.000000 AND 22 WINDOW v1086 AS ( PARTITION BY v1072 ORDER BY ( SELECT DISTINCT 0"..., packet_length=packet_length@entry=1044, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_class.h:1364
      #13 0x000056217fa44686 in do_command (thd=0x14ff88000db8, blocking=blocking@entry=true) at /test/10.9_dbg/sql/sql_parse.cc:1408
      #14 0x000056217fba1d02 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562182aba788, put_in_cache=put_in_cache@entry=true) at /test/10.9_dbg/sql/sql_connect.cc:1418
      #15 0x000056217fba220b in handle_one_connection (arg=0x562182aba788) at /test/10.9_dbg/sql/sql_connect.cc:1312
      #16 0x00001500321f1609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #17 0x0000150031ddd133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      Bug confirmed present in:
      MariaDB: 10.3.35 (dbg), 10.3.35 (opt), 10.4.25 (dbg), 10.4.25 (opt), 10.5.16 (dbg), 10.5.16 (opt), 10.6.8 (dbg), 10.6.8 (opt), 10.7.4 (dbg), 10.7.4 (opt), 10.8.3 (dbg), 10.8.3 (opt), 10.9.0 (dbg), 10.9.0 (opt), 10.10.0 (dbg), 10.10.0 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.37 (dbg), 5.7.37 (opt), 8.0.28 (dbg), 8.0.28 (opt)

      Attachments

        Issue Links

          Activity

            People

              psergei Sergei Petrunia
              nobody Shihao Wen
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.