Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28620

Server crash in /sql/item_subselect.cc:812 in Item_subselect::get_cache_parameters(List<Item>&)

Details

    Description

      poc:

      CREATE TABLE v1374 ( v1375 VARCHAR ( 1 ) CHECK ( v1375 NOT LIKE 84979020.000000 ) , v1376 INT , v1377 INT , v1378 INT , UNIQUE INDEX v1379 ( v1376 , v1378 ) ) ;
      		 
       CREATE UNIQUE INDEX v1380 USING BTREE ON v1374 ( v1378 ASC ) ;
      		 
       INSERT INTO v1374 ( v1378 ) VALUES ( -128 ) , ( 8 ) ;
      		 
       UPDATE v1374 SET v1375 = NULL WHERE v1376 BETWEEN -2147483648 AND 48 ;
      		 
       SELECT v1377 FROM v1374 WHERE EXISTS ( SELECT v1375 , 'x' FROM v1374 GROUP BY ( SELECT ( v1375 NOT IN ( 16 , 19946199.000000 NOT BETWEEN 'x' AND 'x' ) AND v1378 NOT IN ( -1 % v1376 ) ) , - 'x' >= v1378 AS v1381 FROM v1374 UNION SELECT v1377 , v1375 FROM v1374 WHERE ( v1376 , ( 13774910.000000 % ( ( NOT ( v1378 IS NULL ) ) ) + v1377 ) ) NOT IN ( SELECT ( v1376 % v1377 <= v1377 ) , -1 FROM v1374 ) LIMIT 1 OFFSET 1 ) IN ( SELECT v1375 , ( SELECT v1376 FROM ( SELECT DISTINCT ( 'x' / v1376 = v1377 + CASE v1378 WHEN TRUE THEN -1 ELSE v1378 END OR v1378 = v1376 OR v1376 = v1375 ) % 42 , ( v1376 = 0 OR v1376 > 'x' ) FROM v1374 WHERE v1375 = 2147483647 AND ( v1376 = -128 OR v1378 = 64 OR v1377 = 85 ) ) AS v1382 WHERE v1375 = v1378 ) AS v1383 FROM v1374 ) , v1378 ORDER BY v1376 + ( ( SELECT v1376 FROM v1374 WHERE ( v1378 , ( 36 < 'x' ) ) NOT IN ( SELECT ( v1375 % v1377 <= v1376 ) , 0 FROM v1374 ) LIMIT 1 OFFSET 1 ) * 78 BETWEEN ( SELECT v1375 FROM v1374 WHERE ( 50 , ( v1377 < 'x' ) ) IN ( SELECT ( v1375 % v1377 <= v1376 ) , 91 FROM v1374 ) ) * 'x' AND 87 ) , v1376 ) ;

      output:
      SUMMARY: AddressSanitizer: SEGV /sql/item_subselect.cc:812 in Item_subselect::get_cache_parameters(List<Item>&)

      The full error log is in the attachment.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28621 group by optimization incorrectly removing subquery where subject buried in a function

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-30842 Item_subselect::get_cache_parameters and UBSAN member access within null pointer of type 'struct st_select_lex' in Item_subselect::get_cache_parameters on INSERT

          • Major - Major loss of function.
          • Stalled

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28622 Item_subselect eliminated flag set but Item still evaluated/used.

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Transition Time In Source Status Execution Times
            Sergei Golubchik made transition -
            Confirmed Open
            		5d 1h 6m 1
            Sergei Petrunia made transition -
            Stalled Closed
            		17s 1
            Roel Van de Paar made transition -
            Closed Stalled
            		41d 11h 18m 2
            Roel Van de Paar made transition -
            Stalled Open
            		3s 1
            Roel Van de Paar made transition -
            Open Confirmed
            		1d 5h 28m 3
            Rex Johnston made transition -
            Confirmed Closed
            		674d 1h 37m 2

            People

              Johnston Rex Johnston
              nobody Shihao Wen
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.