[MDEV-29362] Crash with query using constant subquery as left part of IN subquery - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.10.0, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11, 11.0, 11.1, 11.2
Fix Version/s: 10.4.33, 10.5.24, 10.6.17, 10.11.7, 11.0.5, 11.1.4, 11.2.3, 11.3.2
Component/s: Optimizer
Labels:
- crash

Description

mysqld: /home/wsh/database_fuzz/mysql_fuzz/Mariadb_10.3/sql/item_subselect.cc:1497: virtual longlong Item_singlerow_subselect::val_int(): Assertion `fixed()' failed.

poc:

CREATE TABLE v768 ( v769 BOOLEAN NOT NULL ) ;

 ( ( SELECT v769 FROM v768 ORDER BY v769 + v769 , v769 + ( v769 % ( SELECT v769 FROM v768 WHERE 16 = v769 ) <= v769 ) ) ) ;

 UPDATE v768 SET v769 = 99 WHERE v769 = -2147483648 ;

 INSERT INTO v768 ( v769 ) VALUES ( 15 ) , ( -1 ) ;

 SELECT v769 FROM v768 WHERE v769 IN ( v769 , 'x' NOT LIKE -1 ) GROUP BY v769 HAVING ( v769 IN ( ( ( SELECT ( SELECT v769 FROM v768 WHERE ( FALSE <= 127 BETWEEN 0 AND -2147483648 , v769 ) NOT IN ( SELECT ( v769 NOT IN ( v769 ) AND v769 NOT IN ( 63309275.000000 ^ v769 ) ) , v769 + v769 FROM v768 GROUP BY v769 HAVING ( v769 != 127 AND v769 = v769 AND ( NOT ( 'x' = 'x' AND FALSE = 90 ) ) AND v769 LIKE 'x' ) ) ) * -1 AS v770 FROM v768 WHERE NULL = v769 ) IN ( SELECT v769 FROM v768 ) ) < 'x' ) ) ;

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

403_stack
9 kB
2022-08-23 12:52

Issue Links

is duplicated by

MDEV-32314 Server crashes at Item_singlerow_subselect::store

Closed

MDEV-32703 Assertion Failed at /mariadb-11.3.0/sql/item_subselect.cc:1455

Closed

Activity

People

Assignee:: Igor Babaev

Reporter:: Shihao Wen

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2022-08-23 12:52

Updated:: 2024-01-03 07:27

Resolved:: 2024-01-03 07:27

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.