Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-28958

SIGSEGV in Item::clear_extraction_flag on SELECT

    XMLWordPrintable

    Details

      Description

      CREATE TABLE c(c INT) ENGINE=InnoDB;
      SELECT * FROM(SELECT * FROM c GROUP BY NOT c=c) AS c NATURAL JOIN c AS c GROUP BY c HAVING c=c OR c=c;
      

      Leads to:

      10.10.0 081a284712bb661349e2e3802077b12211cede3e (Optimized)

      Core was generated by `/test/MD310522-mariadb-10.10.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  0x000055ae368d5e44 in Item::clear_extraction_flag (this=0x149bb20a4090)
          at /test/10.10_opt/sql/item.h:2664
      [Current thread is 1 (Thread 0x149b98d48700 (LWP 3347048))]
      (gdb) bt
      #0  0x000055ae368d5e44 in Item::clear_extraction_flag (this=0x149bb20a4090) at /test/10.10_opt/sql/item.h:2664
      #1  Item::check_pushable_cond (this=0x149bb20a4090, checker=(bool (Item::*)(Item * const, uchar *)) 0x55ae3662aec0 <Item::pushable_cond_checker_for_derived(unsigned char*)>, arg=0x149b5404b128 "\001") at /test/10.10_opt/sql/item.cc:7505
      #2  0x000055ae368d5f99 in Item::check_pushable_cond (this=0x149b5401fa68, checker=<optimized out>, arg=0x149b5404b128 "\001") at /test/10.10_opt/sql/item.cc:7514
      #3  0x000055ae368d5eea in Item::check_pushable_cond (this=this@entry=0x149b540220a8, checker=<optimized out>, arg=0x149b5404b128 "\001") at /test/10.10_opt/sql/item.cc:7514
      #4  0x000055ae36629be1 in pushdown_cond_for_derived (thd=0x149b54000c58, cond=0x149b540220a8, derived=derived@entry=0x149b540129e0) at /test/10.10_opt/sql/sql_derived.cc:1538
      #5  0x000055ae366e0b45 in JOIN::optimize_inner (this=0x149b54020458) at /test/10.10_opt/sql/sql_select.cc:2318
      #6  0x000055ae366e3b13 in JOIN::optimize (this=this@entry=0x149b54020458) at /test/10.10_opt/sql/sql_select.cc:1845
      #7  0x000055ae366e3bfe in mysql_select (thd=0x149b54000c58, tables=0x149b540129e0, fields=@0x149b54010ad8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149b54010dc8, last = 0x149b54010dc8, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x149b540140c8, having=0x149b5401fa68, proc_param=0x0, select_options=<optimized out>, result=0x149b54020430, unit=0x149b54004cb8, select_lex=0x149b54010838) at /test/10.10_opt/sql/sql_select.cc:5030
      #8  0x000055ae366e4397 in handle_select (thd=thd@entry=0x149b54000c58, lex=lex@entry=0x149b54004be0, result=result@entry=0x149b54020430, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_opt/sql/sql_select.cc:578
      #9  0x000055ae366679b1 in execute_sqlcom_select (thd=0x149b54000c58, all_tables=0x149b540129e0) at /test/10.10_opt/sql/sql_parse.cc:6260
      #10 0x000055ae3667552d in mysql_execute_command (thd=0x149b54000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:3944
      #11 0x000055ae36662bb5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x149b54000c58) at /test/10.10_opt/sql/sql_parse.cc:8036
      #12 mysql_parse (thd=0x149b54000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:7958
      #13 0x000055ae3666e6ca in dispatch_command (command=COM_QUERY, thd=0x149b54000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.10_opt/sql/sql_class.h:1364
      #14 0x000055ae366705f2 in do_command (thd=0x149b54000c58, blocking=blocking@entry=true) at /test/10.10_opt/sql/sql_parse.cc:1407
      #15 0x000055ae367868af in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55ae39b31eb8, put_in_cache=put_in_cache@entry=true) at /test/10.10_opt/sql/sql_connect.cc:1418
      #16 0x000055ae36786b8d in handle_one_connection (arg=0x55ae39b31eb8) at /test/10.10_opt/sql/sql_connect.cc:1312
      #17 0x0000149bb1f88609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #18 0x0000149bb1b74133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      10.10.2 5deccac4aaf1be948a0ae10f40bb5f668ac37a4d (Debug)

      Core was generated by `/test/MD190922-mariadb-10.10.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  Item::clear_extraction_flag (this=0x14dcb199d090)
          at /test/10.10_dbg/sql/item.h:2674
      [Current thread is 1 (Thread 0x14dc9880d700 (LWP 620908))]
      (gdb) bt
      #0  Item::clear_extraction_flag (this=0x14dcb199d090) at /test/10.10_dbg/sql/item.h:2674
      #1  Item::check_pushable_cond (this=0x14dcb199d090, checker=(bool (Item::*)(Item * const, uchar *)) 0x558ff487bd8a <Item::pushable_cond_checker_for_derived(unsigned char*)>, arg=0x14dc5806c5e8 "\001") at /test/10.10_dbg/sql/item.cc:7521
      #2  0x0000558ff4be982e in Item::check_pushable_cond (this=0x14dc58027278, checker=<optimized out>, arg=0x14dc5806c5e8 "\001") at /test/10.10_dbg/sql/item.cc:7530
      #3  0x0000558ff4be982e in Item::check_pushable_cond (this=this@entry=0x14dc58029920, checker=<optimized out>, arg=0x14dc5806c5e8 "\001") at /test/10.10_dbg/sql/item.cc:7530
      #4  0x0000558ff487a5d6 in pushdown_cond_for_derived (thd=0x14dc58000d48, cond=0x14dc58029920, derived=derived@entry=0x14dc580153b0) at /test/10.10_dbg/sql/sql_derived.cc:1538
      #5  0x0000558ff4958f15 in JOIN::optimize_inner (this=this@entry=0x14dc58027c68) at /test/10.10_dbg/sql/sql_select.cc:2339
      #6  0x0000558ff49599f6 in JOIN::optimize (this=this@entry=0x14dc58027c68) at /test/10.10_dbg/sql/sql_select.cc:1863
      #7  0x0000558ff4959ae9 in mysql_select (thd=thd@entry=0x14dc58000d48, tables=0x14dc580153b0, fields=@0x14dc580134a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14dc58013798, last = 0x14dc58013798, elements = 1}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x14dc58016aa0, having=0x14dc58027278, proc_param=0x0, select_options=2164525824, result=0x14dc58027c40, unit=0x14dc58004f80, select_lex=0x14dc58013208) at /test/10.10_dbg/sql/sql_select.cc:5056
      #8  0x0000558ff495a332 in handle_select (thd=thd@entry=0x14dc58000d48, lex=lex@entry=0x14dc58004ea8, result=result@entry=0x14dc58027c40, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.10_dbg/sql/sql_select.cc:581
      #9  0x0000558ff48c43e7 in execute_sqlcom_select (thd=thd@entry=0x14dc58000d48, all_tables=0x14dc580153b0) at /test/10.10_dbg/sql/sql_parse.cc:6261
      #10 0x0000558ff48d0755 in mysql_execute_command (thd=thd@entry=0x14dc58000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:3945
      #11 0x0000558ff48be68d in mysql_parse (thd=thd@entry=0x14dc58000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14dc9880c330) at /test/10.10_dbg/sql/sql_parse.cc:8035
      #12 0x0000558ff48cbcbf in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14dc58000d48, packet=packet@entry=0x14dc5800adb9 "SELECT * FROM(SELECT * FROM c GROUP BY NOT c=c) AS c NATURAL JOIN c AS c GROUP BY c HAVING c=c OR c=c", packet_length=packet_length@entry=101, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1345
      #13 0x0000558ff48ce3e2 in do_command (thd=0x14dc58000d48, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
      #14 0x0000558ff4a30abd in do_handle_one_connection (connect=<optimized out>, connect@entry=0x558ff77ab1a8, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1416
      #15 0x0000558ff4a30fc7 in handle_one_connection (arg=0x558ff77ab1a8) at /test/10.10_dbg/sql/sql_connect.cc:1318
      #16 0x000014dcb1881609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #17 0x000014dcb146d133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      Bug confirmed present in:
      MariaDB: 10.7.5 (dbg), 10.7.5 (opt), 10.8.4 (dbg), 10.8.4 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.0 (dbg), 10.10.0 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.3.36 (dbg), 10.3.36 (opt), 10.4.26 (dbg), 10.4.26 (opt), 10.5.17 (dbg), 10.5.17 (opt), 10.6.9 (dbg), 10.6.9 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

        Attachments

          Activity

            People

            Assignee:
            igor Igor Babaev
            Reporter:
            Roel Roel Van de Paar
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Dates

              Created:
              Updated:

                Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.