Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28615

Crash caused by multi-table UPDATE over derived with hanging CTE

    XMLWordPrintable

Details

    Description

      poc:

      CREATE TABLE v1269 ( v1270 VARCHAR ( 1 ) , v1271 INT , v1272 INT ) ;
      		 
       CREATE TABLE v1273 ( v1274 BOOLEAN NOT NULL , v1275 INT , v1276 INT ) ;
      		 
       INSERT INTO v1269 ( v1271 ) VALUES ( v1271 ) ;
      		 
       UPDATE ( SELECT DISTINCT ( ( 66 , 'x' NOT BETWEEN ( SELECT DISTINCT EXISTS ( SELECT DISTINCT v1270 FROM v1269 UNION SELECT v1274 FROM ( SELECT DISTINCT ( SELECT v1270 FROM ( SELECT DISTINCT ( ( NOT ( 17138038.000000 AND v1274 = 78 ) ) = 0 AND v1274 = -128 ) % 45 , ( 79 = 13 OR v1276 > 'x' ) FROM v1273 WHERE v1275 - v1276 ) AS v1277 NATURAL JOIN ( WITH v1279 AS ( SELECT v1276 FROM ( SELECT NOT v1276 <= 'x' , v1276 FROM v1273 GROUP BY v1274 ) AS v1278 ) SELECT DISTINCT v1270 , ( v1270 = 5 OR v1272 > 'x' ) FROM v1269 ) AS v1280 NATURAL JOIN v1269 WHERE v1270 = v1274 ) AS v1281 FROM v1273 ) AS v1282 NATURAL JOIN v1269 AS v1283 NATURAL JOIN v1273 ORDER BY v1271 ) AND v1270 = -1 FROM v1269 ) AND 'x' ) = 12 AND v1271 = 64 ) % 0 , ( v1271 = 37 OR v1270 > 'x' ) FROM v1269 WHERE v1271 = -1 AND ( v1271 = 85 OR v1270 = 0 OR v1270 = 45 ) ) AS v1284 NATURAL JOIN v1269 SET v1271 = -1 WHERE v1270 = 62 ;
      		 
       INSERT INTO v1273 ( v1275 ) VALUES ( ( ( SELECT ARRAY [ 16 , 255 , -1 ] ) ) [ 93 ] ) , ( 255 ) ;
      		 
       SELECT COUNT ( v1270 ) OVER v1285 , NTILE ( v1271 ) OVER v1285 FROM v1269 WINDOW v1285 AS ( PARTITION BY v1271 ORDER BY v1272 DESC ) ;

      output:
      mysqld: /sql/handler.cc:2853: int handler::ha_rnd_next(uchar*): Assertion `table_share->tmp_table != NO_TMP_TABLE || m_lock_type != 2' failed.

      The full error log is in the attachment.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32429 Heap-Use-After-Free at /mariadb-11.3.0/sql/sql_select.cc:15810

          • Major - Major loss of function.
          • Closed

          Activity

            People

              igor Igor Babaev
              nobody Shihao Wen
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.