Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28623

Server crash in sql/item.cc:5721: Item** resolve_ref_in_select_and_group(THD*, Item_ident*, SELECT_LEX*)

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Duplicate
    • 10.3.35
    • N/A
    • N/A
    • None
    • ubuntu 18.04

    Description

      poc:

      CREATE TABLE v1386 ( v1387 TEXT ) ;
      		 
       INSERT INTO v1386 ( v1387 ) VALUES ( ( NOT ( 'x' = 'x' AND v1387 = 'x' ) ) IS NULL ) , ( NULL ) , ( 'x' ) , ( NULL ) ;
      		 
       SELECT 'x' , ( WITH RECURSIVE v1388 ( v1389 ) AS ( SELECT v1387 FROM v1386 ) SELECT v1387 FROM ( SELECT DISTINCT ( ( NOT ( 82215853.000000 AND v1387 = 255 ) ) = 0 AND v1387 = 70 ) % -1 , ( v1387 = 83 OR v1387 > 'x' ) FROM v1386 WHERE v1387 = 73 AND ( v1387 = 32 OR v1387 = 70 OR v1387 = 30 ) ) AS v1390 NATURAL JOIN v1388 WHERE ( v1387 = 93 OR v1387 = -1 ) NOT LIKE 'x' AND CASE v1387 * 73 = 97 WHEN 80 THEN 'x' WHEN 65 THEN 'x' ELSE 21 END != 59 GROUP BY v1389 , v1389 HAVING ( v1387 IN ( - -128 = ( v1387 = 40 OR v1387 = 83 OR v1387 = - ( 46 + 84 <= -1 ) >= v1387 + v1387 ) , -1 ) ) ORDER BY v1387 DESC LIMIT 1 OFFSET 1 ) , 35 , 83601245.000000 FROM v1386 WINDOW v1402 AS ( PARTITION BY v1387 ORDER BY TRUE BETWEEN v1387 * ( SELECT -128 FROM ( SELECT DISTINCT v1387 , ( NOT ( 30631815.000000 AND v1387 = 0 ) ) = TRUE FROM v1386 ) AS v1391 NATURAL JOIN v1386 AS v1392 NATURAL JOIN ( SELECT DISTINCT v1387 , ( v1387 = 0 OR v1387 > 'x' ) FROM v1386 ) AS v1393 NATURAL JOIN v1386 AS v1394 WHERE v1387 BETWEEN 99403445.000000 AND 7 GROUP BY v1387 , v1387 WINDOW v1403 AS ( PARTITION BY v1387 ORDER BY ( SELECT DISTINCT 8 FROM v1386 AS v1399 , v1386 AS v1400 , v1386 AS v1401 JOIN v1386 ) DESC RANGE BETWEEN 88050883.000000 FOLLOWING AND 76595699.000000 FOLLOWING ) ) ^ v1387 AND ( CASE v1387 WHEN ( v1387 IN ( 68 , -1 , 34 , 43 , 'x' / v1387 = v1387 + CASE v1387 WHEN TRUE THEN 66 ELSE 37 END OR v1387 = v1387 OR v1387 = v1387 ) ) THEN 29 ELSE 16 END != 0 ) ) ;

      output:
      mysqld: /sql/item.cc:5721: Item** resolve_ref_in_select_and_group(THD*, Item_ident*, SELECT_LEX*): Assertion `(*select_ref)->fixed' failed.

      The full error log is in the attachment.

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28506 SIGSEGV's in find_field_in_table[s][_ref], Item_field::fix_fields, create_view_field | Assertion `(*select_ref)->fixed' or '->is_fixed' failed in resolve_ref_in_select_and_group | Assertion `table_list->table' failed in find_field_in_table_ref

          • Major - Major loss of function.
          • Stalled
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-22713 Assertion `(*select_ref)->is_fixed()' failed in resolve_ref_in_select_and_group

          • Major - Major loss of function.
          • Confirmed

          Activity

            People

              Unassigned Unassigned
              nobody Shihao Wen
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.