Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29262

SIGSEGV in mark_select_range_as_dependent on UPDATE or SELECT | UBSAN: runtime error: member access within null pointer of type 'struct Item_subselect' in sql/item.cc (on UPDATE) and in mark_select_range_as_dependent (on SELECT)

    XMLWordPrintable

Details

    Description

      Reproduces on both InnoDB and MyISAM.

      CREATE TABLE c(c INT);
      UPDATE c SET c=0 ORDER BY(SELECT c,c BETWEEN(SELECT c AS c GROUP BY c WINDOW c AS(PARTITION BY c AND 0 BETWEEN(SELECT c FROM c GROUP BY'',c,c HAVING c IS NULL WINDOW c AS(PARTITION BY c)) AND 0)) AND 0);
      

      Leads to:

      10.10.0 e1caa4bd5e8b4645944b85d4b603bf9fc9ef6ca4 (Optimized)

      Core was generated by `/test/MD290722-mariadb-10.10.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  mark_select_range_as_dependent (thd=0x152870000c58, 
          last_select=0x1528700121d0, current_sel=0x1528700118e8, 
          found_field=0x152870021ba8, found_item=0x0, resolved_item=0x15287001ea40, 
          suppress_warning_output=true) at /test/10.10_opt/sql/item.cc:5296
      5296	    prev_subselect_item->used_tables_cache|= OUTER_REF_TABLE_BIT;
      [Current thread is 1 (Thread 0x1528f4513700 (LWP 3562418))]
      (gdb) bt
      #0  mark_select_range_as_dependent (thd=0x152870000c58, last_select=0x1528700121d0, current_sel=0x1528700118e8, found_field=0x152870021ba8, found_item=0x0, resolved_item=0x15287001ea40, suppress_warning_output=true) at /test/10.10_opt/sql/item.cc:5296
      #1  0x0000559e6fc39b66 in find_field_in_tables (thd=thd@entry=0x152870000c58, item=item@entry=0x15287001ea40, first_table=first_table@entry=0x1528700127b0, last_table=last_table@entry=0x0, ignored_tables=ignored_tables@entry=0x0, ref=ref@entry=0x1528f4510d18, report_error=IGNORE_ERRORS, check_privileges=false, register_tree_change=false) at /test/10.10_opt/sql/sql_base.cc:6733
      #2  0x0000559e6fcda9b6 in find_order_in_list (thd=0x152870000c58, ref_pointer_array=<optimized out>, tables=0x1528700127b0, order=0x152870013218, fields=<optimized out>, all_fields=@0x15287001f298: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15287001f508, last = 0x152870012768, elements = 2}, <No data fields>}, is_group_field=true, add_to_all_fields=true, from_window_spec=false) at /test/10.10_opt/sql/sql_select.cc:25582
      #3  0x0000559e6fd0502f in setup_group (thd=thd@entry=0x152870000c58, ref_pointer_array={m_array = 0x15287004b510, m_size = 15}, tables=0x1528700127b0, fields=@0x152870012470: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152870012768, last = 0x152870012768, elements = 1}, <No data fields>}, all_fields=@0x15287001f298: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15287001f508, last = 0x152870012768, elements = 2}, <No data fields>}, order=0x152870012f28, hidden_group_fields=0x15287001f247, from_window_spec=false) at /test/10.10_opt/sql/sql_select.cc:25778
      #4  0x0000559e6fd08a1b in setup_without_group (reserved=<optimized out>, hidden_group_fields=0x15287001f247, win_funcs=<optimized out>, win_specs=<optimized out>, group=<optimized out>, order=<optimized out>, conds=0x15287001f380, all_fields=<optimized out>, fields=<optimized out>, leaves=<optimized out>, tables=<optimized out>, ref_pointer_array=<optimized out>, thd=0x152870000c58) at /test/10.10_opt/sql/sql_select.cc:904
      #5  JOIN::prepare (this=0x15287001ef08, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=skip_order_by@entry=false, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:1456
      #6  0x0000559e6ffc45d8 in subselect_single_select_engine::prepare (this=0x152870013fe8, thd=0x152870000c58) at /test/10.10_opt/sql/sql_lex.h:1367
      #7  0x0000559e6ffc3c38 in Item_subselect::fix_fields (this=0x152870013e60, thd_param=<optimized out>, ref=0x1528700141e0) at /test/10.10_opt/sql/item_subselect.cc:295
      #8  0x0000559e6ff5270d in Item::fix_fields_if_needed (ref=0x1528700141e0, thd=0x152870000c58, this=0x152870013e60) at /test/10.10_opt/sql/item.h:1142
      #9  Item::fix_fields_if_needed (ref=0x1528700141e0, thd=0x152870000c58, this=0x152870013e60) at /test/10.10_opt/sql/item.h:1142
      #10 Item_func::fix_fields (ref=<optimized out>, thd=0x152870000c58, this=0x1528700140a8) at /test/10.10_opt/sql/item_func.cc:347
      #11 Item_func::fix_fields (this=0x1528700140a8, thd=0x152870000c58, ref=<optimized out>) at /test/10.10_opt/sql/item_func.cc:314
      #12 0x0000559e6ff2691b in Item::fix_fields_if_needed (ref=0x152870014300, thd=0x152870000c58, this=0x1528700140a8) at /test/10.10_opt/sql/item.h:1142
      #13 Item::fix_fields_if_needed (ref=0x152870014300, thd=0x152870000c58, this=0x1528700140a8) at /test/10.10_opt/sql/item.h:1142
      #14 Item::fix_fields_if_needed_for_scalar (ref=0x152870014300, thd=0x152870000c58, this=0x1528700140a8) at /test/10.10_opt/sql/item.h:1148
      #15 Item::fix_fields_if_needed_for_bool (ref=0x152870014300, thd=0x152870000c58, this=0x1528700140a8) at /test/10.10_opt/sql/item.h:1152
      #16 Item_cond::fix_fields (this=0x1528700141f0, thd=0x152870000c58, ref=<optimized out>) at /test/10.10_opt/sql/item_cmpfunc.cc:4893
      #17 0x0000559e6fcda8b4 in Item::fix_fields_if_needed (ref=<optimized out>, thd=0x152870000c58, this=0x1528700141f0) at /test/10.10_opt/sql/item.h:1142
      #18 Item::fix_fields_if_needed (ref=<optimized out>, thd=0x152870000c58, this=0x1528700141f0) at /test/10.10_opt/sql/item.h:1142
      #19 Item::fix_fields_if_needed_for_scalar (ref=<optimized out>, thd=0x152870000c58, this=0x1528700141f0) at /test/10.10_opt/sql/item.h:1148
      #20 Item::fix_fields_if_needed_for_order_by (ref=<optimized out>, thd=0x152870000c58, this=0x1528700141f0) at /test/10.10_opt/sql/item.h:1156
      #21 find_order_in_list (thd=0x152870000c58, ref_pointer_array=<optimized out>, tables=0x0, order=0x152870014308, fields=<optimized out>, all_fields=@0x15287001e4e8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15287001eb60, last = 0x152870011e88, elements = 2}, <No data fields>}, is_group_field=true, add_to_all_fields=true, from_window_spec=true) at /test/10.10_opt/sql/sql_select.cc:25654
      #22 0x0000559e6fd0502f in setup_group (thd=thd@entry=0x152870000c58, ref_pointer_array={m_array = 0x15287001e738, m_size = 19}, tables=tables@entry=0x0, fields=@0x152870011b88: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152870011e88, last = 0x152870011e88, elements = 1}, <No data fields>}, all_fields=@0x15287001e4e8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15287001eb60, last = 0x152870011e88, elements = 2}, <No data fields>}, order=0x152870014308, hidden_group_fields=0x1528f45113ef, from_window_spec=true) at /test/10.10_opt/sql/sql_select.cc:25778
      #23 0x0000559e6fe4ef0e in setup_windows (thd=thd@entry=0x152870000c58, ref_pointer_array=<optimized out>, tables=<optimized out>, fields=@0x152870011b88: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x152870011e88, last = 0x152870011e88, elements = 1}, <No data fields>}, all_fields=@0x15287001e4e8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15287001eb60, last = 0x152870011e88, elements = 2}, <No data fields>}, win_specs=@0x152870011d20: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1528700143e8, last = 0x1528700143e8, elements = 1}, <No data fields>}, win_funcs=@0x152870011d38: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x559e70d362f0 <end_of_list>, last = 0x152870011d38, elements = 0}, <No data fields>}) at /test/10.10_opt/sql/sql_window.cc:237
      #24 0x0000559e6fd08aa9 in setup_without_group (reserved=<optimized out>, hidden_group_fields=0x15287001e497, win_funcs=<optimized out>, win_specs=<optimized out>, group=<optimized out>, order=<optimized out>, conds=0x15287001e5d0, all_fields=<optimized out>, fields=<optimized out>, leaves=<optimized out>, tables=<optimized out>, ref_pointer_array=<optimized out>, thd=0x152870000c58) at /test/10.10_opt/sql/sql_select.cc:908
      #25 JOIN::prepare (this=0x15287001e158, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=skip_order_by@entry=false, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:1456
      #26 0x0000559e6ffc45d8 in subselect_single_select_engine::prepare (this=0x152870014590, thd=0x152870000c58) at /test/10.10_opt/sql/sql_lex.h:1367
      #27 0x0000559e6ffc3c38 in Item_subselect::fix_fields (this=0x152870014408, thd_param=<optimized out>, ref=0x152870014658) at /test/10.10_opt/sql/item_subselect.cc:295
      #28 0x0000559e6ff5270d in Item::fix_fields_if_needed (ref=0x152870014658, thd=0x152870000c58, this=0x152870014408) at /test/10.10_opt/sql/item.h:1142
      #29 Item::fix_fields_if_needed (ref=0x152870014658, thd=0x152870000c58, this=0x152870014408) at /test/10.10_opt/sql/item.h:1142
      #30 Item_func::fix_fields (ref=<optimized out>, thd=0x152870000c58, this=0x15287001bf30) at /test/10.10_opt/sql/item_func.cc:347
      #31 Item_func::fix_fields (this=0x15287001bf30, thd=0x152870000c58, ref=<optimized out>) at /test/10.10_opt/sql/item_func.cc:314
      #32 0x0000559e6fc3a80b in Item::fix_fields_if_needed (ref=0x152870014670, thd=0x152870000c58, this=0x15287001bf30) at /test/10.10_opt/sql/item.h:1142
      #33 Item::fix_fields_if_needed (ref=0x152870014670, thd=0x152870000c58, this=0x15287001bf30) at /test/10.10_opt/sql/item.h:1142
      #34 Item::fix_fields_if_needed_for_scalar (ref=0x152870014670, thd=0x152870000c58, this=0x15287001bf30) at /test/10.10_opt/sql/item.h:1148
      #35 setup_fields (thd=0x152870000c58, ref_pointer_array=<optimized out>, fields=<optimized out>, column_usage=column_usage@entry=MARK_COLUMNS_READ, sum_func_list=sum_func_list@entry=0x15287001db88, pre_fix=0x1528700114d8, allow_sum_func=true) at /test/10.10_opt/sql/sql_base.cc:7975
      #36 0x0000559e6fd08639 in JOIN::prepare (this=0x15287001d7f8, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=skip_order_by@entry=false, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:1450
      #37 0x0000559e6ffc45d8 in subselect_single_select_engine::prepare (this=0x1528700146b8, thd=0x152870000c58) at /test/10.10_opt/sql/sql_lex.h:1367
      #38 0x0000559e6ffc3c38 in Item_subselect::fix_fields (this=0x15287001c960, thd_param=<optimized out>, ref=0x15287001cae0) at /test/10.10_opt/sql/item_subselect.cc:295
      #39 0x0000559e6fcda8b4 in Item::fix_fields_if_needed (ref=<optimized out>, thd=0x152870000c58, this=0x15287001c960) at /test/10.10_opt/sql/item.h:1142
      #40 Item::fix_fields_if_needed (ref=<optimized out>, thd=0x152870000c58, this=0x15287001c960) at /test/10.10_opt/sql/item.h:1142
      #41 Item::fix_fields_if_needed_for_scalar (ref=<optimized out>, thd=0x152870000c58, this=0x15287001c960) at /test/10.10_opt/sql/item.h:1148
      #42 Item::fix_fields_if_needed_for_order_by (ref=<optimized out>, thd=0x152870000c58, this=0x15287001c960) at /test/10.10_opt/sql/item.h:1156
      #43 find_order_in_list (thd=0x152870000c58, ref_pointer_array=<optimized out>, tables=0x152870010960, order=0x15287001cad0, fields=<optimized out>, all_fields=@0x15287001d238: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x559e70d362f0 <end_of_list>, last = 0x15287001d238, elements = 0}, <No data fields>}, is_group_field=false, add_to_all_fields=true, from_window_spec=false) at /test/10.10_opt/sql/sql_select.cc:25654
      #44 0x0000559e6fd04e65 in setup_order (thd=thd@entry=0x152870000c58, ref_pointer_array={m_array = 0x15287001d488, m_size = 22}, tables=tables@entry=0x152870010960, fields=@0x1528f4511e80: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x559e70d362f0 <end_of_list>, last = 0x1528f4511e80, elements = 0}, <No data fields>}, all_fields=@0x15287001d238: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x559e70d362f0 <end_of_list>, last = 0x15287001d238, elements = 0}, <No data fields>}, order=0x15287001cad0, from_window_spec=false) at /test/10.10_opt/sql/sql_select.cc:25701
      #45 0x0000559e6fd0898d in setup_without_group (reserved=<optimized out>, hidden_group_fields=0x15287001d1e7, win_funcs=<optimized out>, win_specs=<optimized out>, group=<optimized out>, order=<optimized out>, conds=0x15287001d320, all_fields=<optimized out>, fields=<optimized out>, leaves=<optimized out>, tables=<optimized out>, ref_pointer_array=<optimized out>, thd=0x152870000c58) at /test/10.10_opt/sql/sql_select.cc:900
      #46 JOIN::prepare (this=0x15287001cea8, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /test/10.10_opt/sql/sql_select.cc:1456
      #47 0x0000559e6fd1ab9f in mysql_select (thd=thd@entry=0x152870000c58, tables=tables@entry=0x152870010960, fields=@0x1528f4511e80: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x559e70d362f0 <end_of_list>, last = 0x1528f4511e80, elements = 0}, <No data fields>}, conds=conds@entry=0x0, og_num=1, order=0x15287001cad0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x15287001cd98, unit=0x152870004cd0, select_lex=0x1528700054d0) at /test/10.10_opt/sql/sql_select.cc:5037
      #48 0x0000559e6fd7b185 in mysql_multi_update (thd=thd@entry=0x152870000c58, table_list=0x152870010960, fields=fields@entry=0x152870005770, values=values@entry=0x152870005ba0, conds=0x0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x152870004cd0, select_lex=0x1528700054d0, result=0x1528f4512070) at /test/10.10_opt/sql/sql_update.cc:1979
      #49 0x0000559e6fca90bb in mysql_execute_command (thd=0x152870000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:4487
      #50 0x0000559e6fc97d85 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x152870000c58) at /test/10.10_opt/sql/sql_parse.cc:8037
      #51 mysql_parse (thd=0x152870000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.10_opt/sql/sql_parse.cc:7959
      #52 0x0000559e6fca389a in dispatch_command (command=COM_QUERY, thd=0x152870000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.10_opt/sql/sql_class.h:1366
      #53 0x0000559e6fca57c2 in do_command (thd=0x152870000c58, blocking=blocking@entry=true) at /test/10.10_opt/sql/sql_parse.cc:1407
      #54 0x0000559e6fdbd6ef in do_handle_one_connection (connect=<optimized out>, connect@entry=0x559e72d26558, put_in_cache=put_in_cache@entry=true) at /test/10.10_opt/sql/sql_connect.cc:1418
      #55 0x0000559e6fdbd9cd in handle_one_connection (arg=0x559e72d26558) at /test/10.10_opt/sql/sql_connect.cc:1312
      #56 0x000015290f3ca609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #57 0x000015290efb6133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      10.10.0 e1caa4bd5e8b4645944b85d4b603bf9fc9ef6ca4 (Debug)

      Core was generated by `/test/MD290722-mariadb-10.10.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
      Program terminated with signal SIGSEGV, Segmentation fault.
      #0  mark_select_range_as_dependent (thd=thd@entry=0x14adc8000db8, 
          last_select=last_select@entry=0x14adc80156f0, 
          current_sel=current_sel@entry=0x14adc8014e08, 
          found_field=found_field@entry=0x14adc802d9c8, found_item=0x0, 
          resolved_item=resolved_item@entry=0x14adc80273d8, 
          suppress_warning_output=true) at /test/10.10_dbg/sql/item.cc:5296
      5296	    prev_subselect_item->used_tables_cache|= OUTER_REF_TABLE_BIT;
      [Current thread is 1 (Thread 0x14ae185b0700 (LWP 3563191))]
      (gdb) bt
      #0  mark_select_range_as_dependent (thd=thd@entry=0x14adc8000db8, last_select=last_select@entry=0x14adc80156f0, current_sel=current_sel@entry=0x14adc8014e08, found_field=found_field@entry=0x14adc802d9c8, found_item=0x0, resolved_item=resolved_item@entry=0x14adc80273d8, suppress_warning_output=true) at /test/10.10_dbg/sql/item.cc:5296
      #1  0x0000561e980ef630 in find_field_in_tables (thd=thd@entry=0x14adc8000db8, item=item@entry=0x14adc80273d8, first_table=first_table@entry=0x14adc8015cd0, last_table=last_table@entry=0x0, ignored_tables=ignored_tables@entry=0x0, ref=ref@entry=0x14ae185adc68, report_error=IGNORE_ERRORS, check_privileges=false, register_tree_change=false) at /test/10.10_dbg/sql/sql_base.cc:6733
      #2  0x0000561e981b87a8 in find_order_in_list (thd=thd@entry=0x14adc8000db8, ref_pointer_array=<optimized out>, tables=tables@entry=0x14adc8015cd0, order=order@entry=0x14adc8016738, fields=@0x14adc8015990: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14adc8015c88, last = 0x14adc8015c88, elements = 1}, <No data fields>}, all_fields=@0x14adc8027c30: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14adc8027ea0, last = 0x14adc8015c88, elements = 2}, <No data fields>}, is_group_field=true, add_to_all_fields=true, from_window_spec=false) at /test/10.10_dbg/sql/sql_select.cc:25582
      #3  0x0000561e981e5ea2 in setup_group (thd=thd@entry=0x14adc8000db8, ref_pointer_array=<optimized out>, tables=tables@entry=0x14adc8015cd0, fields=@0x14adc8015990: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14adc8015c88, last = 0x14adc8015c88, elements = 1}, <No data fields>}, all_fields=@0x14adc8027c30: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14adc8027ea0, last = 0x14adc8015c88, elements = 2}, <No data fields>}, order=0x14adc8016448, hidden_group_fields=0x14adc8027bdf, from_window_spec=false) at /test/10.10_dbg/sql/sql_select.cc:25778
      #4  0x0000561e981e9e3e in setup_without_group (reserved=<optimized out>, hidden_group_fields=0x14adc8027bdf, win_funcs=<optimized out>, win_specs=<optimized out>, group=<optimized out>, order=<optimized out>, conds=0x14adc8027d18, all_fields=@0x14adc8027c30: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14adc8027ea0, last = 0x14adc8015c88, elements = 2}, <No data fields>}, fields=<optimized out>, leaves=<optimized out>, tables=<optimized out>, ref_pointer_array=<optimized out>, thd=0x14adc8000db8) at /test/10.10_dbg/sql/sql_select.cc:888
      #5  JOIN::prepare (this=0x14adc80278a0, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=skip_order_by@entry=false, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /test/10.10_dbg/sql/sql_select.cc:1456
      #6  0x0000561e9857028f in subselect_single_select_engine::prepare (this=0x14adc8017508, thd=0x14adc8000db8) at /test/10.10_dbg/sql/sql_lex.h:1367
      #7  0x0000561e9856f75d in Item_subselect::fix_fields (this=0x14adc8017380, thd_param=<optimized out>, ref=0x14adc8017700) at /test/10.10_dbg/sql/item_subselect.cc:295
      #8  0x0000561e984e5354 in Item::fix_fields_if_needed (ref=0x14adc8017700, thd=0x14adc8000db8, this=<optimized out>) at /test/10.10_dbg/sql/item.h:1144
      #9  Item_func::fix_fields (this=0x14adc80175c8, thd=0x14adc8000db8, ref=<optimized out>) at /test/10.10_dbg/sql/item_func.cc:347
      #10 0x0000561e984ac4b6 in Item::fix_fields_if_needed (ref=0x14adc8017820, thd=0x14adc8000db8, this=0x14adc80175c8) at /test/10.10_dbg/sql/item.h:1152
      #11 Item::fix_fields_if_needed_for_scalar (ref=0x14adc8017820, thd=0x14adc8000db8, this=0x14adc80175c8) at /test/10.10_dbg/sql/item.h:1148
      #12 Item::fix_fields_if_needed_for_bool (ref=0x14adc8017820, thd=0x14adc8000db8, this=0x14adc80175c8) at /test/10.10_dbg/sql/item.h:1152
      #13 Item_cond::fix_fields (this=0x14adc8017710, thd=0x14adc8000db8, ref=<optimized out>) at /test/10.10_dbg/sql/item_cmpfunc.cc:4893
      #14 0x0000561e981b8859 in Item::fix_fields_if_needed (ref=<optimized out>, thd=0x14adc8000db8, this=0x14adc8017710) at /test/10.10_dbg/sql/item.h:1156
      #15 Item::fix_fields_if_needed_for_scalar (ref=<optimized out>, thd=0x14adc8000db8, this=0x14adc8017710) at /test/10.10_dbg/sql/item.h:1148
      #16 Item::fix_fields_if_needed_for_order_by (ref=<optimized out>, thd=0x14adc8000db8, this=0x14adc8017710) at /test/10.10_dbg/sql/item.h:1156
      #17 find_order_in_list (thd=thd@entry=0x14adc8000db8, ref_pointer_array=<optimized out>, tables=tables@entry=0x0, order=order@entry=0x14adc8017828, fields=@0x14adc80150a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14adc80153a8, last = 0x14adc80153a8, elements = 1}, <No data fields>}, all_fields=@0x14adc8026e80: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14adc80274f8, last = 0x14adc80153a8, elements = 2}, <No data fields>}, is_group_field=true, add_to_all_fields=true, from_window_spec=true) at /test/10.10_dbg/sql/sql_select.cc:25654
      #18 0x0000561e981e5ea2 in setup_group (thd=thd@entry=0x14adc8000db8, ref_pointer_array=<optimized out>, tables=tables@entry=0x0, fields=@0x14adc80150a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14adc80153a8, last = 0x14adc80153a8, elements = 1}, <No data fields>}, all_fields=@0x14adc8026e80: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14adc80274f8, last = 0x14adc80153a8, elements = 2}, <No data fields>}, order=0x14adc8017828, hidden_group_fields=0x14ae185ae31f, from_window_spec=true) at /test/10.10_dbg/sql/sql_select.cc:25778
      #19 0x0000561e9839746c in setup_windows (thd=thd@entry=0x14adc8000db8, ref_pointer_array={m_array = 0x14adc80270d0, m_size = 19}, tables=tables@entry=0x0, fields=@0x14adc80150a8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14adc80153a8, last = 0x14adc80153a8, elements = 1}, <No data fields>}, all_fields=@0x14adc8026e80: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14adc80274f8, last = 0x14adc80153a8, elements = 2}, <No data fields>}, win_specs=@0x14adc8015240: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14adc8017908, last = 0x14adc8017908, elements = 1}, <No data fields>}, win_funcs=@0x14adc8015258: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x561e99652860 <end_of_list>, last = 0x14adc8015258, elements = 0}, <No data fields>}) at /test/10.10_dbg/sql/sql_window.cc:237
      #20 0x0000561e981e9ecd in setup_without_group (reserved=<optimized out>, hidden_group_fields=0x14adc8026e2f, win_funcs=<optimized out>, win_specs=<optimized out>, group=<optimized out>, order=<optimized out>, conds=0x14adc8026f68, all_fields=@0x14adc8026e80: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x14adc80274f8, last = 0x14adc80153a8, elements = 2}, <No data fields>}, fields=<optimized out>, leaves=<optimized out>, tables=<optimized out>, ref_pointer_array=<optimized out>, thd=0x14adc8000db8) at /test/10.10_dbg/sql/sql_select.cc:888
      #21 JOIN::prepare (this=0x14adc8026af0, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=skip_order_by@entry=false, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /test/10.10_dbg/sql/sql_select.cc:1456
      #22 0x0000561e9857028f in subselect_single_select_engine::prepare (this=0x14adc8017ab0, thd=0x14adc8000db8) at /test/10.10_dbg/sql/sql_lex.h:1367
      #23 0x0000561e9856f75d in Item_subselect::fix_fields (this=0x14adc8017928, thd_param=<optimized out>, ref=0x14adc8017b78) at /test/10.10_dbg/sql/item_subselect.cc:295
      #24 0x0000561e984e5354 in Item::fix_fields_if_needed (ref=0x14adc8017b78, thd=0x14adc8000db8, this=<optimized out>) at /test/10.10_dbg/sql/item.h:1144
      #25 Item_func::fix_fields (this=0x14adc80248c0, thd=0x14adc8000db8, ref=<optimized out>) at /test/10.10_dbg/sql/item_func.cc:347
      #26 0x0000561e980f069a in Item::fix_fields_if_needed (ref=0x14adc8017b90, thd=0x14adc8000db8, this=0x14adc80248c0) at /test/10.10_dbg/sql/item.h:1148
      #27 Item::fix_fields_if_needed_for_scalar (ref=0x14adc8017b90, thd=0x14adc8000db8, this=0x14adc80248c0) at /test/10.10_dbg/sql/item.h:1148
      #28 setup_fields (thd=0x14adc8000db8, ref_pointer_array=<optimized out>, fields=<optimized out>, column_usage=column_usage@entry=MARK_COLUMNS_READ, sum_func_list=sum_func_list@entry=0x14adc8026520, pre_fix=0x14adc80149f8, allow_sum_func=true) at /test/10.10_dbg/sql/sql_base.cc:7975
      #29 0x0000561e981e98f5 in JOIN::prepare (this=0x14adc8026190, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=skip_order_by@entry=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x14adc8014740, unit_arg=0x14adc8024af0) at /test/10.10_dbg/sql/sql_select.cc:1450
      #30 0x0000561e9857028f in subselect_single_select_engine::prepare (this=0x14adc8017bd8, thd=0x14adc8000db8) at /test/10.10_dbg/sql/sql_lex.h:1367
      #31 0x0000561e9856f75d in Item_subselect::fix_fields (this=0x14adc80252f0, thd_param=<optimized out>, ref=0x14adc8025470) at /test/10.10_dbg/sql/item_subselect.cc:295
      #32 0x0000561e981b8859 in Item::fix_fields_if_needed (ref=<optimized out>, thd=0x14adc8000db8, this=0x14adc80252f0) at /test/10.10_dbg/sql/item.h:1156
      #33 Item::fix_fields_if_needed_for_scalar (ref=<optimized out>, thd=0x14adc8000db8, this=0x14adc80252f0) at /test/10.10_dbg/sql/item.h:1148
      #34 Item::fix_fields_if_needed_for_order_by (ref=<optimized out>, thd=0x14adc8000db8, this=0x14adc80252f0) at /test/10.10_dbg/sql/item.h:1156
      #35 find_order_in_list (thd=thd@entry=0x14adc8000db8, ref_pointer_array=<optimized out>, tables=tables@entry=0x14adc8013e80, order=order@entry=0x14adc8025460, fields=@0x14ae185aed20: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x561e99652860 <end_of_list>, last = 0x14ae185aed20, elements = 0}, <No data fields>}, all_fields=@0x14adc8025bd0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x561e99652860 <end_of_list>, last = 0x14adc8025bd0, elements = 0}, <No data fields>}, is_group_field=false, add_to_all_fields=true, from_window_spec=false) at /test/10.10_dbg/sql/sql_select.cc:25654
      #36 0x0000561e981e5cee in setup_order (thd=thd@entry=0x14adc8000db8, ref_pointer_array=<optimized out>, tables=tables@entry=0x14adc8013e80, fields=@0x14ae185aed20: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x561e99652860 <end_of_list>, last = 0x14ae185aed20, elements = 0}, <No data fields>}, all_fields=@0x14adc8025bd0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x561e99652860 <end_of_list>, last = 0x14adc8025bd0, elements = 0}, <No data fields>}, order=0x14adc8025460, from_window_spec=false) at /test/10.10_dbg/sql/sql_select.cc:25701
      #37 0x0000561e981e9db2 in setup_without_group (reserved=<optimized out>, hidden_group_fields=0x14adc8025b7f, win_funcs=<optimized out>, win_specs=<optimized out>, group=<optimized out>, order=<optimized out>, conds=0x14adc8025cb8, all_fields=@0x14adc8025bd0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x561e99652860 <end_of_list>, last = 0x14adc8025bd0, elements = 0}, <No data fields>}, fields=<optimized out>, leaves=<optimized out>, tables=<optimized out>, ref_pointer_array=<optimized out>, thd=0x14adc8000db8) at /test/10.10_dbg/sql/sql_select.cc:888
      #38 JOIN::prepare (this=this@entry=0x14adc8025840, tables_init=tables_init@entry=0x14adc8013e80, conds_init=conds_init@entry=0x0, og_num=og_num@entry=1, order_init=order_init@entry=0x14adc8025460, skip_order_by=skip_order_by@entry=false, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /test/10.10_dbg/sql/sql_select.cc:1456
      #39 0x0000561e98200c8c in mysql_select (thd=thd@entry=0x14adc8000db8, tables=tables@entry=0x14adc8013e80, fields=@0x14ae185aed20: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x561e99652860 <end_of_list>, last = 0x14ae185aed20, elements = 0}, <No data fields>}, conds=conds@entry=0x0, og_num=1, order=0x14adc8025460, group=0x0, having=0x0, proc_param=0x0, select_options=2200096997504, result=0x14adc8025730, unit=0x14adc8004ff0, select_lex=0x14adc80057f0) at /test/10.10_dbg/sql/sql_select.cc:5037
      #40 0x0000561e98279feb in mysql_multi_update (thd=thd@entry=0x14adc8000db8, table_list=0x14adc8013e80, fields=fields@entry=0x14adc8005a90, values=values@entry=0x14adc8005ec0, conds=0x0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14adc8004ff0, select_lex=0x14adc80057f0, result=0x14ae185aef00) at /test/10.10_dbg/sql/sql_update.cc:1979
      #41 0x0000561e98178be1 in mysql_execute_command (thd=thd@entry=0x14adc8000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:4487
      #42 0x0000561e98165534 in mysql_parse (thd=thd@entry=0x14adc8000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14ae185af330) at /test/10.10_dbg/sql/sql_parse.cc:8037
      #43 0x0000561e98172b1c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14adc8000db8, packet=packet@entry=0x14adc800b6e9 "UPDATE c SET c=0 ORDER BY(SELECT c,c BETWEEN(SELECT c AS c GROUP BY c WINDOW c AS(PARTITION BY c AND 0 BETWEEN(SELECT c FROM c GROUP BY'',c,c HAVING c IS NULL WINDOW c AS(PARTITION BY c)) AND 0)) AND "..., packet_length=packet_length@entry=202, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1366
      #44 0x0000561e98175226 in do_command (thd=0x14adc8000db8, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
      #45 0x0000561e982d6744 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x561e9c1b7e48, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1418
      #46 0x0000561e982d6c4d in handle_one_connection (arg=0x561e9c1b7e48) at /test/10.10_dbg/sql/sql_connect.cc:1312
      #47 0x000014ae3e047609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #48 0x000014ae3dc33133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      10.11.0 fe1f8f2c6b6f3b8e3383168225f9ae7853028947 (Optimized, UBASAN)

      /test/10.11_opt_san/sql/item.cc:5296:43: runtime error: member access within null pointer of type 'struct Item_subselect'
          #0 0x559790d29a38 in mark_select_range_as_dependent(THD*, st_select_lex*, st_select_lex*, Field*, Item*, Item_ident*, bool) /test/10.11_opt_san/sql/item.cc:5296
          #1 0x55978f357ac2 in find_field_in_tables(THD*, Item_ident*, TABLE_LIST*, TABLE_LIST*, List<TABLE_LIST>*, Item**, find_item_error_report_type, bool, bool) /test/10.11_opt_san/sql/sql_base.cc:6733
          #2 0x55978f8eb327 in find_order_in_list /test/10.11_opt_san/sql/sql_select.cc:25605
          #3 0x55978f9f5927 in setup_group(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, List<Item>&, List<Item>&, st_order*, bool*, bool) /test/10.11_opt_san/sql/sql_select.cc:25801
          #4 0x55978faf4de1 in setup_without_group /test/10.11_opt_san/sql/sql_select.cc:904
          #5 0x55978faf4de1 in JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /test/10.11_opt_san/sql/sql_select.cc:1456
          #6 0x5597915ebec4 in subselect_single_select_engine::prepare(THD*) /test/10.11_opt_san/sql/item_subselect.cc:3930
          #7 0x5597915e4ad5 in Item_subselect::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_subselect.cc:295
          #8 0x5597910cd224 in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
          #9 0x5597910cd224 in Item_func::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_func.cc:347
          #10 0x559790e89817 in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
          #11 0x559790e89817 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/10.11_opt_san/sql/item.h:1148
          #12 0x559790e89817 in Item::fix_fields_if_needed_for_bool(THD*, Item**) /test/10.11_opt_san/sql/item.h:1152
          #13 0x559790e89817 in Item_cond::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_cmpfunc.cc:4906
          #14 0x55978f8ebd1e in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
          #15 0x55978f8ebd1e in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/10.11_opt_san/sql/item.h:1148
          #16 0x55978f8ebd1e in Item::fix_fields_if_needed_for_order_by(THD*, Item**) /test/10.11_opt_san/sql/item.h:1156
          #17 0x55978f8ebd1e in find_order_in_list /test/10.11_opt_san/sql/sql_select.cc:25677
          #18 0x55978f9f5927 in setup_group(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, List<Item>&, List<Item>&, st_order*, bool*, bool) /test/10.11_opt_san/sql/sql_select.cc:25801
          #19 0x55979058764f in setup_windows(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, List<Item>&, List<Item>&, List<Window_spec>&, List<Item_window_func>&) /test/10.11_opt_san/sql/sql_window.cc:238
          #20 0x55978faf523b in setup_without_group /test/10.11_opt_san/sql/sql_select.cc:908
          #21 0x55978faf523b in JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /test/10.11_opt_san/sql/sql_select.cc:1456
          #22 0x5597915ebec4 in subselect_single_select_engine::prepare(THD*) /test/10.11_opt_san/sql/item_subselect.cc:3930
          #23 0x5597915e4ad5 in Item_subselect::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_subselect.cc:295
          #24 0x5597910cd224 in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
          #25 0x5597910cd224 in Item_func::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_func.cc:347
          #26 0x55978f35d084 in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
          #27 0x55978f35d084 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/10.11_opt_san/sql/item.h:1148
          #28 0x55978f35d084 in setup_fields(THD*, Bounds_checked_array<Item*>, List<Item>&, enum_column_usage, List<Item>*, List<Item>*, bool) /test/10.11_opt_san/sql/sql_base.cc:7975
          #29 0x55978faf2994 in JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /test/10.11_opt_san/sql/sql_select.cc:1450
          #30 0x5597915ebec4 in subselect_single_select_engine::prepare(THD*) /test/10.11_opt_san/sql/item_subselect.cc:3930
          #31 0x5597915e4ad5 in Item_subselect::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_subselect.cc:295
          #32 0x55978f8ebd1e in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
          #33 0x55978f8ebd1e in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/10.11_opt_san/sql/item.h:1148
          #34 0x55978f8ebd1e in Item::fix_fields_if_needed_for_order_by(THD*, Item**) /test/10.11_opt_san/sql/item.h:1156
          #35 0x55978f8ebd1e in find_order_in_list /test/10.11_opt_san/sql/sql_select.cc:25677
          #36 0x55978f9f4e34 in setup_order(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, List<Item>&, List<Item>&, st_order*, bool) /test/10.11_opt_san/sql/sql_select.cc:25724
          #37 0x55978faf4b3d in setup_without_group /test/10.11_opt_san/sql/sql_select.cc:900
          #38 0x55978faf4b3d in JOIN::prepare(TABLE_LIST*, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /test/10.11_opt_san/sql/sql_select.cc:1456
          #39 0x55978fb02fd6 in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.11_opt_san/sql/sql_select.cc:5045
          #40 0x55978fe29947 in mysql_multi_update(THD*, TABLE_LIST*, List<Item>*, List<Item>*, Item*, unsigned long long, enum_duplicates, bool, st_select_lex_unit*, st_select_lex*, multi_update**) /test/10.11_opt_san/sql/sql_update.cc:1980
          #41 0x55978f75eaa5 in mysql_execute_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:4487
          #42 0x55978f6e3500 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.11_opt_san/sql/sql_parse.cc:8035
          #43 0x55978f7380ff in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.11_opt_san/sql/sql_parse.cc:1894
          #44 0x55978f7433fd in do_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:1407
          #45 0x55979002c4cd in do_handle_one_connection(CONNECT*, bool) /test/10.11_opt_san/sql/sql_connect.cc:1418
          #46 0x55979002eb3c in handle_one_connection /test/10.11_opt_san/sql/sql_connect.cc:1312
          #47 0x148c2eeba608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
          #48 0x148c2e12f132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
       
      221217 15:42:06 [ERROR] mysqld got signal 11 ;
      

      Bug confirmed present in:
      MariaDB: 10.4.26 (dbg), 10.4.26 (opt), 10.5.17 (dbg), 10.5.17 (opt), 10.6.9 (dbg), 10.6.9 (opt), 10.7.5 (dbg), 10.7.5 (opt), 10.8.4 (dbg), 10.8.4 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.0 (dbg), 10.10.0 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.3.36 (dbg), 10.3.36 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

      Attachments

        Activity

          People

            Unassigned Unassigned
            Roel Roel Van de Paar
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.