Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.5.16
-
mariadb-connector-python
Description
Crash from CONPY-206 prepared statement using mariadb-connector-python:
INSERT INTO t1 (id, data) VALUES\n\n ((SELECT CAST(1 AS SIGNED INTEGER) AS anon_1), ?) RETURNING t1.id |
The following didn't trigger it:
CREATE TABLE t1 (
|
id INTEGER NOT NULL,
|
data VARCHAR(30),
|
PRIMARY KEY (id)
|
)ENGINE=MyISAM;
|
|
|
|
|
execute immediate 'INSERT INTO t1 (id, data) VALUES ((SELECT CAST(1 AS SIGNED INTEGER) AS anon_1), ?) RETURNING t1.id' using 'hi';
|
|
mariadb-10.5-e7de50a82187cbaaa192c2065d64c0041cd9a6a1 |
hread 14 "mysqld" received signal SIGSEGV, Segmentation fault.
|
[Switching to Thread 0x7fa1bc1c8700 (LWP 143)]
|
0x0000000000000000 in ?? ()
|
(gdb) bt full
|
#0 0x0000000000000000 in ?? ()
|
No symbol table info available.
|
#1 0x000055d9275bba33 in JOIN::destroy (this=0x7fa170010410) at ./sql/sql_select.cc:4597
|
No locals.
|
#2 0x000055d92761496d in st_select_lex::cleanup (this=0x7fa170046638) at ./sql/sql_union.cc:2790
|
ti = {<base_list_iterator> = {list = 0x7fa170046878, el = 0x55d9285bce70 <end_of_list>, prev = <optimized out>, current = <optimized out>}, <No data fields>}
|
tbl = 0x0
|
error = <optimized out>
|
#3 0x000055d9278393ba in subselect_single_select_engine::prepare (this=0x7fa170047630, thd=0x7fa170000c58) at ./sql/item_subselect.cc:3872
|
save_select = <optimized out>
|
#4 0x000055d927838da6 in Item_subselect::fix_fields (this=0x7fa170047488, thd_param=<optimized out>, ref=0x7fa170047678) at ./sql/item_subselect.cc:291
|
save_where = 0x55d927de7c0e "field list"
|
uncacheable = <optimized out>
|
res = false
|
#5 0x000055d9274f0279 in Item::fix_fields_if_needed (ref=0x7fa170047678, thd=0x7fa170000c58, this=0x7fa170047488) at ./sql/item.h:986
|
No locals.
|
#6 Item::fix_fields_if_needed (ref=0x7fa170047678, thd=0x7fa170000c58, this=0x7fa170047488) at ./sql/item.h:986
|
No locals.
|
#7 Item::fix_fields_if_needed_for_scalar (ref=0x7fa170047678, thd=0x7fa170000c58, this=0x7fa170047488) at ./sql/item.h:992
|
No locals.
|
#8 setup_fields (thd=thd@entry=0x7fa170000c58, ref_pointer_array=..., fields=..., column_usage=column_usage@entry=MARK_COLUMNS_READ, sum_func_list=sum_func_list@entry=0x0, pre_fix=0x0, allow_sum_func=false)
|
at ./sql/sql_base.cc:7624
|
item = 0x7fa170047488
|
saved_column_usage = MARK_COLUMNS_READ
|
save_allow_sum_func = {static BITS_PER_ELEMENT = 64, static ARRAY_ELEMENTS = 1, static ALL_BITS_SET = 18446744073709551615, buffer = {0}}
|
it = {<base_list_iterator> = {list = 0x7fa170046620, el = 0x7fa170047670, prev = 0x7fa170046620, current = 0x7fa170047670}, <No data fields>}
|
save_is_item_list_lookup = false
|
make_pre_fix = false
|
li = <optimized out>
|
var = <optimized out>
|
ref = {m_array = 0x0, m_size = <optimized out>}
|
#9 0x000055d92751987d in mysql_prepare_insert (thd=thd@entry=0x7fa170000c58, table_list=table_list@entry=0x7fa170045808, fields=..., values=values@entry=0x7fa170046620, update_fields=..., update_values=..., duplic=DUP_ERROR,
|
where=0x7fa1bc1c68e8, select_insert=false) at ./sql/sql_array.h:38
|
select_lex = 0x7fa170046198
|
context = 0x7fa1700461f0
|
ctx_state = {save_table_list = 0x7fa170045808, save_first_name_resolution_table = 0x7fa170045808, save_next_name_resolution_table = 0x0, save_resolve_in_select_list = false, save_next_local = <optimized out>}
|
insert_into_view = false
|
res = false
|
map = 0
|
table = 0x7fa170049b08
|
#10 0x000055d92751ff4f in mysql_insert (thd=thd@entry=0x7fa170000c58, table_list=0x7fa170045808, fields=..., values_list=..., update_fields=..., update_values=..., duplic=<optimized out>, ignore=<optimized out>,
|
result=<optimized out>) at ./sql/sql_insert.cc:769
|
retval = true
|
error = <optimized out>
|
--Type <RET> for more, q to quit, c to continue without paging--
|
res = <optimized out>
|
transactional_table = <optimized out>
|
joins_freed = false
|
changed = <optimized out>
|
was_insert_delayed = <optimized out>
|
using_bulk_insert = false
|
value_count = 2
|
counter = 1
|
iteration = 0
|
id = <optimized out>
|
info = {records = 0, deleted = 0, updated = 0, copied = 0, error_count = 0, touched = 0, handle_duplicates = DUP_ERROR, escape_char = 0, last_errno = 0, ignore = false, update_fields = 0x0, update_values = 0x0,
|
view = 0x0, table_list = 0x0}
|
table = 0x0
|
its = {<base_list_iterator> = {list = 0x7fa170044ac8, el = 0x7fa1700478d0, prev = 0x0, current = 0x0}, <No data fields>}
|
values = 0x7fa170046620
|
context = <optimized out>
|
ctx_state = <optimized out>
|
returning = <optimized out>
|
readbuff = 0x0
|
query = <optimized out>
|
log_on = <optimized out>
|
lock_type = TL_WRITE_CONCURRENT_INSERT
|
unused_conds = 0x0
|
#11 0x000055d92755bebb in mysql_execute_command (thd=0x7fa170000c58) at ./sql/sql_parse.cc:4624
|
sel_result = 0x7fa170010400
|
save_protocol = 0x0
|
res = <optimized out>
|
up_result = 0
|
lex = 0x7fa170043ae0
|
select_lex = <optimized out>
|
first_table = 0x7fa170045808
|
all_tables = 0x7fa170045808
|
unit = 0x7fa170043ba8
|
have_table_map_for_update = <optimized out>
|
rpl_filter = <optimized out>
|
ots = {ctx = 0x7fa170004848, traceable = false}
|
trace_command = {<Json_writer_struct> = {_vptr.Json_writer_struct = 0x55d9283d0218 <vtable for Json_writer_object+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
|
trace_command_steps = {<Json_writer_struct> = {_vptr.Json_writer_struct = 0x55d9283d0238 <vtable for Json_writer_array+16>, my_writer = 0x0, context = {writer = 0x0}, closed = false}, <No data fields>}
|
orig_binlog_format = BINLOG_FORMAT_MIXED
|
orig_current_stmt_binlog_format = BINLOG_FORMAT_STMT
|
#12 0x000055d9275703b5 in Prepared_statement::execute (this=0x7fa170041778, expanded_query=<optimized out>, open_cursor=false) at ./sql/sql_prepare.cc:5075
|
stmt_backup = {<ilink> = {_vptr.ilink = 0x55d9283d4410 <vtable for Statement+16>, prev = 0x0, next = 0x0}, <Query_arena> = {_vptr.Query_arena = 0x55d9283d4440 <vtable for Statement+64>, free_list = 0x7fa1bc1c7060,
|
mem_root = 0x55d9275ebf1e <String::copy(char const*, unsigned long, charset_info_st const*, charset_info_st const*, unsigned int*)+270>, state = -1138986336}, id = 0, column_usage = MARK_COLUMNS_READ, name = {
|
str = 0xbc1c705e <error: Cannot access memory at address 0xbc1c705e>, length = 0}, lex = 0x7fa170004b78, query_string = {string = {
|
--Type <RET> for more, q to quit, c to continue without paging--
|
str = 0x7fa170045688 "INSERT INTO t1 (id, data) VALUES\n\n ((SELECT CAST(1 AS SIGNED INTEGER) AS anon_1), ?) RETURNING t1.id", length = 107}, cs = 0x55d9285a8ac0 <my_charset_utf8mb4_general_ci>},
|
base_query = {<Charset> = {m_charset = 0x55d928540c40 <my_charset_bin>}, <Binary_string> = {<Static_binary_string> = {<Sql_alloc> = {<No data fields>}, Ptr = 0x0, str_length = 0}, Alloced_length = 0, extra_alloc = 0,
|
alloced = false, thread_specific = false}, <No data fields>}, db = {str = 0x55d9285a8ac0 <my_charset_utf8mb4_general_ci> "-", length = 140331345786312}, query_cache_is_applicable = 2 '\002'}
|
old_stmt_arena = 0x7fa170000c70
|
error = true
|
qc_executed = false
|
saved_cur_db_name_buf = "\340p\034\274\241\177\000\000_6y'\331U\000\000\002", '\000' <repeats 15 times>, "y\200\000p\241\177\000\000\340\212\004p\241\177\000\000x\027\004p\241\177\000\000\340\212\004p\241\177\000\000y\200\000p\241\177\000\000\bw\004p\241\177\000\000@q\034\274\241\177\000\000\347\256V'\331U\000\000\bq\034\274\241\177\000\000r\200\000p\241\177\000\000\330\212\004p\241\177\000\000y\200\000p\241\177\000\000X\f\000p\241\177\000\000\340\212\004p\241\177\000\000x\027\004p\241\177\000\000r\200\000p\241\177\000\000v\200\000p\241\177\000\000\340\212\004p\241\177\000\000\240q\034\274\241\177\000\000/\364V'\331U\000\000P\027\004p\241\177\000\000"...
|
saved_cur_db_name = {str = 0x7fa1bc1c7090 "\340p\034\274\241\177", length = 202}
|
cur_db_changed = false
|
stmt_db_name = {str = 0x7fa170045680 "test", length = 4}
|
#13 0x000055d9275705a1 in Prepared_statement::execute_loop (packet=<optimized out>, packet_end=<optimized out>, open_cursor=<optimized out>, expanded_query=0x7fa1bc1c7230, this=0x7fa170041778) at ./sql/sql_prepare.cc:4519
|
reprepare_observer = {m_invalidated = false}
|
error = <optimized out>
|
reprepare_attempt = <optimized out>
|
reprepare_observer = <optimized out>
|
error = <optimized out>
|
reprepare_attempt = <optimized out>
|
#14 Prepared_statement::execute_loop (this=0x7fa170041778, expanded_query=0x7fa1bc1c7230, open_cursor=<optimized out>, packet=<optimized out>, packet_end=<optimized out>) at ./sql/sql_prepare.cc:4468
|
reprepare_observer = <optimized out>
|
error = <optimized out>
|
#15 0x000055d927571495 in mysql_stmt_execute_common (thd=0x7fa170000c58, stmt_id=<optimized out>, packet=0x7fa170008072 "", packet_end=0x7fa170008079 "", cursor_flags=0, bulk_op=<optimized out>, read_types=false)
|
at ./sql/sql_prepare.cc:3474
|
expanded_query = {<Charset> = {m_charset = 0x55d928540c40 <my_charset_bin>}, <Binary_string> = {<Static_binary_string> = {<Sql_alloc> = {<No data fields>}, Ptr = 0x0, str_length = 0}, Alloced_length = 0, extra_alloc = 0,
|
alloced = false, thread_specific = false}, <No data fields>}
|
stmt = 0x7fa170041778
|
save_protocol = 0x7fa1700011c8
|
open_cursor = false
|
#16 0x000055d9275716d0 in mysqld_stmt_execute (thd=thd@entry=0x7fa170000c58, packet_arg=packet_arg@entry=0x7fa170008069 "\377\377\377\377", packet_length=packet_length@entry=16) at ./sql/sql_prepare.cc:3248
|
packet = 0x7fa170008072 ""
|
stmt_id = <optimized out>
|
flags = <optimized out>
|
packet_end = 0x7fa170008079 ""
|
#17 0x000055d9275581f7 in dispatch_command (command=COM_STMT_EXECUTE, thd=0x7fa170000c58, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>)
|
at ./sql/sql_parse.cc:1815
|
net = 0x7fa170000ef8
|
error = false
|
do_end_of_statement = true
|
drop_more_results = false
|
__FUNCTION__ = "dispatch_command"
|
res = <optimized out>
|
#18 0x000055d927559cb3 in do_command (thd=0x7fa170000c58) at ./sql/sql_parse.cc:1375
|
return_value = <optimized out>
|
--Type <RET> for more, q to quit, c to continue without paging--
|
packet = 0x7fa170008068 "\027\377\377\377\377"
|
packet_length = <optimized out>
|
net = 0x7fa170000ef8
|
command = <optimized out>
|
__FUNCTION__ = "do_command"
|
#19 0x000055d9276623a1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55d92a185f48, put_in_cache=put_in_cache@entry=true) at ./sql/sql_connect.cc:1418
|
create_user = true
|
thr_create_utime = <optimized out>
|
thd = 0x7fa170000c58
|
#20 0x000055d92766281d in handle_one_connection (arg=arg@entry=0x55d92a185f48) at ./sql/sql_connect.cc:1312
|
connect = 0x55d92a185f48
|
#21 0x000055d9279cb7df in pfs_spawn_thread (arg=0x55d92a111458) at ./storage/perfschema/pfs.cc:2201
|
typed_arg = 0x55d92a111458
|
user_arg = 0x55d92a185f48
|
user_start_routine = 0x55d9276627c0 <handle_one_connection(void*)>
|
pfs = <optimized out>
|
klass = <optimized out>
|
#22 0x00007fa1bd310609 in start_thread (arg=<optimized out>) at pthread_create.c:477
|
ret = <optimized out>
|
pd = <optimized out>
|
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140332622448384, 2788340002874670381, 140729274743022, 140729274743023, 94391173347328, 140332622446336, -2742318006710616787, -2742316038837682899}, mask_was_saved = 0}},
|
priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
|
not_first_call = 0
|
#23 0x00007fa1bcefc133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
|
|
|
(gdb) up
|
#1 0x000055d9275bba33 in JOIN::destroy (this=0x7fa170010410) at ./sql/sql_select.cc:4597
|
4597 ./sql/sql_select.cc: No such file or directory.
|
(gdb) p *this
|
$1 = {<Sql_alloc> = {<No data fields>}, join_tab = 0x0, best_ref = 0x0, non_agg_fields = {<base_list> = {<Sql_alloc> = {<No data fields>},
|
first = 0x55d9285bce00 <guard variable for LEX::stmt_execute_immediate(Item*, List<Item>*)::immediate>, last = 0x7fa170006718, elements = 0}, <No data fields>}, map2table = 0x0,
|
join_tab_ranges = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7fa1700104a8, last = 0x1000000000, elements = 16}, <No data fields>}, table = 0x0, sort_by_table = 0x100, table_count = 1879115048,
|
outer_tables = 32673, const_tables = 0, top_join_tab_count = 16, aggr_tables = 16, send_group_parts = 8, group = false, need_distinct = false, sort_and_group = false, first_record = false, full_join = 32, no_field_update = 116,
|
hash_join = 49, do_send_rows = true, const_table_map = 256, sjm_lookup_tables = 140331345513560, sjm_scan_tables = 0, found_const_table_map = 0, eliminated_tables = 0, outer_join = 0, select_list_used_tables = 12660,
|
send_records = 0, found_records = 0, join_examined_rows = 6061921326615319107, row_limit = 2319762965022917185, select_limit = 2314885530817006120, duplicate_rows = 0, fetch_limit = 18446744073709551615, best_positions = 0x0,
|
pushdown_query = 0x0, original_join_tab = 0x0, original_table_count = 1095254866, emb_sjm_nest = 0x0, positions = 0x0, cur_embedding_map = 2330970471108530753, cur_sj_inner_tables = 2314861247228832040,
|
complex_firstmatch_tables = 5641118409751601184, first_select = 0x55d927595bb0 <sub_select(JOIN*, st_join_table*, bool)>, best_read = 0, join_record_count = 4.6635435168000998e-310, fields = 0x7fa170010f90,
|
group_fields = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55d9285bce70 <end_of_list>, last = 0x7fa170010560, elements = 0}, <No data fields>},
|
group_fields_cache = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55d9285bce70 <end_of_list>, last = 0x7fa170010578, elements = 0}, <No data fields>}, thd = 0x7fa170000c58, sum_funcs = 0x7fa170010988,
|
sum_funcs_end = 0x7fa170010990, sum_funcs2 = 0x7fa170049b08, sum_funcs_end2 = 0x7fa1700105e0, procedure = 0x7fa1700105d0, having = 0x100000001, tmp_having = 0x3, having_history = 0x7fa17004bdc8,
|
group_list_for_estimates = 0x7fa17004bdc8, having_is_correlated = 8, select_options = 140331345617992, allowed_join_cache_types = 1879202520, allowed_semijoin_with_cache = 161, allowed_outer_join_with_cache = 127,
|
max_allowed_join_cache_level = 1879262968, result = 0x7fa170010650, tmp_table_param = {<Sql_alloc> = {<No data fields>}, copy_funcs = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55d9285bce70 <end_of_list>,
|
last = 0x7fa170010610, elements = 0}, <No data fields>}, copy_field = 0x0, copy_field_end = 0x0, group_buff = 0x7fa17001fe48 "\370(", items_to_copy = 0x7fa17002df38, recinfo = 0x7fa17003b288,
|
start_recinfo = 0x7fa17001a448, keyinfo = 0x7fa170025ad8, end_write_records = 140331345725176, field_count = 677105264, func_count = 21977, sum_func_count = 1879332872, hidden_field_count = 32673, group_parts = 0,
|
group_length = 0, group_null_parts = 0, quick_group = 1, using_outer_summary_function = false, table_charset = 0x0, schema_table = false, materialized_subquery = false, force_not_null_cols = false,
|
precomputed_group_by = false, force_copy_fields = false, bit_fields_as_long = false, skip_create_table = false}, lock = 0x0, unit = 0x7fa170046c78, select_lex = 0x7fa170046638, no_const_tables = false,
|
no_rows_in_result_called = false, filesort_found_rows = false, subq_exit_fl = false, rollup = {state = st_rollup::STATE_NONE, null_items = {m_array = 0x0, m_size = 0}, ref_pointer_arrays = 0x0, fields = 0x0},
|
mixed_implicit_grouping = false, select_distinct = false, group_optimized_away = false, simple_order = false, simple_group = false, ordered_index_usage = JOIN::ordered_index_void, no_order = false, skip_sort_order = false,
|
need_tmp = false, hidden_group_fields = false, cleaned = false, keyuse = {buffer = 0x0, elements = 0, max_element = 0, alloc_increment = 0, size_of_element = 0, m_psi_key = 0, malloc_flags = 0}, cond_value = Item::COND_UNDEF,
|
having_value = Item::COND_UNDEF, impossible_where = false, all_fields = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7fa170046c40, last = 0x7fa170046c40, elements = 1}, <No data fields>},
|
tmp_all_fields1 = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55d9285bce70 <end_of_list>, last = 0x7fa170010750, elements = 0}, <No data fields>},
|
tmp_all_fields2 = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55d9285bce70 <end_of_list>, last = 0x7fa170010768, elements = 0}, <No data fields>},
|
tmp_all_fields3 = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55d9285bce70 <end_of_list>, last = 0x7fa170010780, elements = 0}, <No data fields>},
|
tmp_fields_list1 = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55d9285bce70 <end_of_list>, last = 0x7fa170010798, elements = 0}, <No data fields>},
|
tmp_fields_list2 = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55d9285bce70 <end_of_list>, last = 0x7fa1700107b0, elements = 0}, <No data fields>},
|
tmp_fields_list3 = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55d9285bce70 <end_of_list>, last = 0x7fa1700107c8, elements = 0}, <No data fields>}, fields_list = @0x7fa170046788,
|
procedure_fields_list = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55d9285bce70 <end_of_list>, last = 0x7fa1700107e8, elements = 0}, <No data fields>}, error = 0, order = 0x0, group_list = 0x0,
|
proc_param = 0x0, conds = 0x0, conds_history = 0x0, outer_ref_cond = 0x0, pseudo_bits_cond = 0x0, tables_list = 0x0, join_list = 0x7fa170046800, cond_equal = 0x0, having_equal = 0x0, exec_const_cond = 0x0,
|
exec_const_order_group_cond = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55d9285bce70 <end_of_list>, last = 0x7fa170010868, elements = 0}, <No data fields>}, select = 0x0, return_tab = 0x0, ref_ptrs = {
|
m_array = 0x7fa170048ae0, m_size = 3}, items0 = {m_array = 0x0, m_size = 0}, items1 = {m_array = 0x0, m_size = 0}, items2 = {m_array = 0x0, m_size = 0}, items3 = {m_array = 0x0, m_size = 0}, current_ref_ptrs = {m_array = 0x0,
|
m_size = 0}, zero_result_cause = 0x0, union_part = false, optimization_state = JOIN::NOT_OPTIMIZED, initialized = false, explain = 0x0, have_query_plan = JOIN::QEP_DELETED, tmp_table_keep_current_rowid = false,
|
in_to_exists_where = 0x0, in_to_exists_having = 0x0, sj_tmp_tables = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55d9285bce70 <end_of_list>, last = 0x7fa170010928, elements = 0}, <No data fields>},
|
sjm_info_list = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55d9285bce70 <end_of_list>, last = 0x7fa170010940, elements = 0}, <No data fields>}, set_group_rpa = false, group_sent = false,
|
implicit_grouping = false, with_two_phase_optimization = false, save_qep = 0x0, spl_opt_info = 0x0, ext_keyuses_for_splitting = 0x0, sort_and_group_aggr_tab = 0x0, is_orig_degenerated = false}
|
Attachments
Issue Links
- is caused by
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Closed
-
(1 relates to)