Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29411

SIGSEGV's st_select_lex_unit::set_limit and st_select_lex::get_offset, and Assertion `!eliminated' failed in Item_subselect::exec on SELECT, UBSAN: member access within null pointer of type 'struct st_select_lex' in st_select_lex_unit::set_limit

    XMLWordPrintable

Details

    Description

      CREATE TABLE c(c INT) ENGINE=InnoDB;
      		 
      SELECT 0 WHERE 0 IN(SELECT 0 FROM (SELECT 0 IN (WITH c AS(SELECT c=0 FROM (SELECT c FROM c WHERE c=0) AS c) SELECT (SELECT c FROM c AS c LIMIT 0 OFFSET 0)=0) AS c FROM c AS c) AS c WHERE c=0 GROUP BY c);

      Leads to:

      10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Optimized)

      		 
      Core was generated by `/test/MD190822-mariadb-10.11.0-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000055e1f5b7b26a in st_select_lex_unit::set_limit (this=0x14904401cee8, 
          sl=0x0) at /test/10.11_opt/sql/sql_lex.cc:4226
      		 
      [Current thread is 1 (Thread 0x1490700a8700 (LWP 1440414))]
      		 
      (gdb) bt
      		 
      #0  0x000055e1f5b7b26a in st_select_lex_unit::set_limit (this=0x14904401cee8, sl=0x0) at /test/10.11_opt/sql/sql_lex.cc:4226
      		 
      #1  0x000055e1f5ec0e77 in subselect_single_select_engine::exec (this=0x14904401d718) at /test/10.11_opt/sql/sql_lex.h:967
      		 
      #2  0x000055e1f5ec05ac in Item_subselect::exec (this=0x149044014598) at /test/10.11_opt/sql/item_subselect.cc:854
      		 
      #3  0x000055e1f5ec27e4 in Item_singlerow_subselect::val_int (this=0x149044014598) at /test/10.11_opt/sql/item_subselect.cc:1504
      		 
      #4  0x000055e1f5e1e61d in Arg_comparator::compare_int_signed (this=0x14904401d888) at /test/10.11_opt/sql/item_cmpfunc.cc:943
      		 
      #5  0x000055e1f5e1ec8f in Arg_comparator::compare (this=<optimized out>) at /test/10.11_opt/sql/item_cmpfunc.h:103
      		 
      #6  Item_func_eq::val_int (this=<optimized out>) at /test/10.11_opt/sql/item_cmpfunc.cc:1775
      		 
      #7  0x000055e1f5e1e63c in Arg_comparator::compare_int_signed (this=0x149044050cf0) at /test/10.11_opt/sql/item_cmpfunc.cc:946
      		 
      #8  0x000055e1f5e1ec8f in Arg_comparator::compare (this=<optimized out>) at /test/10.11_opt/sql/item_cmpfunc.h:103
      		 
      #9  Item_func_eq::val_int (this=<optimized out>) at /test/10.11_opt/sql/item_cmpfunc.cc:1775
      		 
      #10 0x000055e1f5dfb153 in Item_direct_ref::val_int (this=0x149044051150) at /test/10.11_opt/sql/item.cc:8646
      		 
      #11 0x000055e1f5e1e61d in Arg_comparator::compare_int_signed (this=0x14904401fee8) at /test/10.11_opt/sql/item_cmpfunc.cc:943
      		 
      #12 0x000055e1f5e1ec8f in Arg_comparator::compare (this=<optimized out>) at /test/10.11_opt/sql/item_cmpfunc.h:103
      		 
      #13 Item_func_eq::val_int (this=<optimized out>) at /test/10.11_opt/sql/item_cmpfunc.cc:1775
      		 
      #14 0x000055e1f5c1d9cc in do_select (procedure=<optimized out>, join=0x149044021d10) at /test/10.11_opt/sql/sql_select.cc:21305
      		 
      #15 JOIN::exec_inner (this=0x149044021d10) at /test/10.11_opt/sql/sql_select.cc:4812
      		 
      #16 0x000055e1f5c1df68 in JOIN::exec (this=0x149044021d10) at /test/10.11_opt/sql/sql_select.cc:4590
      		 
      #17 0x000055e1f5ec0f56 in subselect_single_select_engine::exec (this=0x149044020b70) at /test/10.11_opt/sql/item_subselect.cc:4144
      		 
      #18 0x000055e1f5ec05ac in Item_subselect::exec (this=0x149044020978) at /test/10.11_opt/sql/item_subselect.cc:854
      		 
      #19 0x000055e1f5ec0a14 in Item_in_subselect::val_bool (this=0x149044020978) at /test/10.11_opt/sql/item_subselect.cc:1989
      		 
      #20 0x000055e1f5e2c064 in Item_in_optimizer::val_int (this=0x1490440513d0) at /test/10.11_opt/sql/item_cmpfunc.cc:1650
      		 
      #21 Item_in_optimizer::val_int (this=0x1490440513d0) at /test/10.11_opt/sql/item_cmpfunc.cc:1558
      		 
      #22 0x000055e1f5d32574 in Type_handler_int_result::Item_val_bool (this=<optimized out>, item=<optimized out>) at /test/10.11_opt/sql/sql_type.cc:5091
      		 
      #23 0x000055e1f5bda5ad in Item::eval_const_cond (this=0x1490440513d0) at /test/10.11_opt/sql/item.h:1694
      		 
      #24 Item::remove_eq_conds (thd=<optimized out>, top_level_arg=<optimized out>, cond_value=0x1490440218c0, this=0x1490440513d0) at /test/10.11_opt/sql/sql_select.cc:18611
      		 
      #25 Item::remove_eq_conds (this=0x1490440513d0, thd=<optimized out>, cond_value=0x1490440218c0, top_level_arg=<optimized out>) at /test/10.11_opt/sql/sql_select.cc:18607
      		 
      #26 0x000055e1f5be0d79 in optimize_cond (join=<optimized out>, conds=0x1490440513d0, join_list=0x149044010ad0, ignore_on_conds=<optimized out>, cond_value=0x1490440218c0, cond_equal=0x1490440219e8, flags=1) at /test/10.11_opt/sql/sql_select.cc:18161
      		 
      #27 0x000055e1f5c18afe in JOIN::optimize_inner (this=0x149044021540) at /test/10.11_opt/sql/sql_select.cc:2251
      		 
      #28 0x000055e1f5c1c033 in JOIN::optimize (this=this@entry=0x149044021540) at /test/10.11_opt/sql/sql_select.cc:1863
      		 
      #29 0x000055e1f5c1c11e in mysql_select (thd=0x149044000c58, tables=0x0, fields=@0x149044010bb8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x149044010e10, last = 0x149044010e10, elements = 1}, <No data fields>}, conds=0x149044020978, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x149044021518, unit=0x149044004cd0, select_lex=0x149044010918) at /test/10.11_opt/sql/sql_select.cc:5056
      		 
      #30 0x000055e1f5c1c8b7 in handle_select (thd=thd@entry=0x149044000c58, lex=lex@entry=0x149044004bf8, result=result@entry=0x149044021518, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_opt/sql/sql_select.cc:581
      		 
      #31 0x000055e1f5b9e5b1 in execute_sqlcom_select (thd=0x149044000c58, all_tables=0x149044012788) at /test/10.11_opt/sql/sql_parse.cc:6261
      		 
      #32 0x000055e1f5bac1f8 in mysql_execute_command (thd=0x149044000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:3945
      		 
      #33 0x000055e1f5b997b5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x149044000c58) at /test/10.11_opt/sql/sql_parse.cc:8035
      		 
      #34 mysql_parse (thd=0x149044000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.11_opt/sql/sql_parse.cc:7957
      		 
      #35 0x000055e1f5ba52ca in dispatch_command (command=COM_QUERY, thd=0x149044000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.11_opt/sql/sql_class.h:1339
      		 
      #36 0x000055e1f5ba71f2 in do_command (thd=0x149044000c58, blocking=blocking@entry=true) at /test/10.11_opt/sql/sql_parse.cc:1407
      		 
      #37 0x000055e1f5cbf46f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e1f7bf34e8, put_in_cache=put_in_cache@entry=true) at /test/10.11_opt/sql/sql_connect.cc:1418
      		 
      #38 0x000055e1f5cbf74d in handle_one_connection (arg=0x55e1f7bf34e8) at /test/10.11_opt/sql/sql_connect.cc:1312
      		 
      #39 0x000014909cb3c609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #40 0x000014909c728133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Debug)

      		 
      mysqld: /test/10.11_dbg/sql/item_subselect.cc:829: virtual bool Item_subselect::exec(): Assertion `!eliminated' failed.

      10.11.0 bc563f1a4b0b38de3b41fd0f0d3d8b7f1aacbd8b (Debug)

      		 
      Core was generated by `/test/MD190822-mariadb-10.11.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGABRT, Aborted.
      		 
      #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
      		 
      [Current thread is 1 (Thread 0x154586b4c700 (LWP 1440415))]
      		 
      (gdb) bt
      		 
      #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
      		 
      #1  0x00001545a30cb859 in __GI_abort () at abort.c:79
      		 
      #2  0x00001545a30cb729 in __assert_fail_base (fmt=0x1545a3261588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x56101adc5f62 "!eliminated", file=0x56101adc6398 "/test/10.11_dbg/sql/item_subselect.cc", line=829, function=<optimized out>) at assert.c:92
      		 
      #3  0x00001545a30dcfd6 in __GI___assert_fail (assertion=assertion@entry=0x56101adc5f62 "!eliminated", file=file@entry=0x56101adc6398 "/test/10.11_dbg/sql/item_subselect.cc", line=line@entry=829, function=function@entry=0x56101adc6c98 "virtual bool Item_subselect::exec()") at assert.c:101
      		 
      #4  0x000056101a424e7b in Item_subselect::exec (this=0x15454c017ab8) at /test/10.11_dbg/sql/item_subselect.cc:829
      		 
      #5  0x000056101a423385 in Item_singlerow_subselect::val_int (this=0x15454c017ab8) at /test/10.11_dbg/sql/item_subselect.cc:1504
      		 
      #6  0x000056101a35c4eb in Arg_comparator::compare_int_signed (this=0x15454c0262a8) at /test/10.11_dbg/sql/item_cmpfunc.cc:943
      		 
      #7  0x000056101a35eb22 in Arg_comparator::compare (this=0x15454c0262a8) at /test/10.11_dbg/sql/item_cmpfunc.h:103
      		 
      #8  Item_func_eq::val_int (this=0x15454c0261f8) at /test/10.11_dbg/sql/item_cmpfunc.cc:1775
      		 
      #9  0x000056101a35c50a in Arg_comparator::compare_int_signed (this=0x15454c078038) at /test/10.11_dbg/sql/item_cmpfunc.cc:946
      		 
      #10 0x000056101a35eb22 in Arg_comparator::compare (this=0x15454c078038) at /test/10.11_dbg/sql/item_cmpfunc.h:103
      		 
      #11 Item_func_eq::val_int (this=0x15454c077f88) at /test/10.11_dbg/sql/item_cmpfunc.cc:1775
      		 
      #12 0x000056101a32ed59 in Item_direct_ref::val_int (this=this@entry=0x15454c078498) at /test/10.11_dbg/sql/item.cc:8646
      		 
      #13 0x000056101a353bee in Item_direct_view_ref::val_int (this=0x15454c078498) at /test/10.11_dbg/sql/item.h:6090
      		 
      #14 0x000056101a35c4eb in Arg_comparator::compare_int_signed (this=0x15454c029418) at /test/10.11_dbg/sql/item_cmpfunc.cc:943
      		 
      #15 0x000056101a35eb22 in Arg_comparator::compare (this=0x15454c029418) at /test/10.11_dbg/sql/item_cmpfunc.h:103
      		 
      #16 Item_func_eq::val_int (this=0x15454c029368) at /test/10.11_dbg/sql/item_cmpfunc.cc:1775
      		 
      #17 0x000056101a0bb556 in do_select (procedure=<optimized out>, join=0x15454c02b248) at /test/10.11_dbg/sql/sql_select.cc:21305
      		 
      #18 JOIN::exec_inner (this=this@entry=0x15454c02b248) at /test/10.11_dbg/sql/sql_select.cc:4812
      		 
      #19 0x000056101a0bbe28 in JOIN::exec (this=0x15454c02b248) at /test/10.11_dbg/sql/sql_select.cc:4590
      		 
      #20 0x000056101a425722 in subselect_single_select_engine::exec (this=0x15454c02a0a0) at /test/10.11_dbg/sql/item_subselect.cc:4144
      		 
      #21 0x000056101a424d70 in Item_subselect::exec (this=this@entry=0x15454c029ea8) at /test/10.11_dbg/sql/item_subselect.cc:854
      		 
      #22 0x000056101a42a03d in Item_in_subselect::exec (this=0x15454c029ea8) at /test/10.11_dbg/sql/item_subselect.cc:1036
      		 
      #23 0x000056101a423f17 in Item_in_subselect::val_bool (this=0x15454c029ea8) at /test/10.11_dbg/sql/item_subselect.cc:1989
      		 
      #24 0x0000561019efff5b in Item::val_bool_result (this=<optimized out>) at /test/10.11_dbg/sql/item.h:1783
      		 
      #25 0x000056101a36c79a in Item_in_optimizer::val_int (this=0x15454c078718) at /test/10.11_dbg/sql/item_cmpfunc.cc:1650
      		 
      #26 0x000056101a224022 in Type_handler_int_result::Item_val_bool (this=<optimized out>, item=<optimized out>) at /test/10.11_dbg/sql/sql_type.cc:5091
      		 
      #27 0x0000561019effe8c in Item::val_bool (this=0x15454c078718) at /test/10.11_dbg/sql/item.h:1687
      		 
      #28 0x000056101a06dc86 in Item::eval_const_cond (this=0x15454c078718) at /test/10.11_dbg/sql/item.h:1694
      		 
      #29 Item::remove_eq_conds (this=0x15454c078718, thd=<optimized out>, cond_value=0x15454c02adf8, top_level_arg=<optimized out>) at /test/10.11_dbg/sql/sql_select.cc:18611
      		 
      #30 0x000056101a072934 in optimize_cond (join=join@entry=0x15454c02aa70, conds=0x15454c078718, join_list=0x15454c013ff0, ignore_on_conds=ignore_on_conds@entry=false, cond_value=cond_value@entry=0x15454c02adf8, cond_equal=cond_equal@entry=0x15454c02af20, flags=1) at /test/10.11_dbg/sql/sql_select.cc:18161
      		 
      #31 0x000056101a0b8c02 in JOIN::optimize_inner (this=this@entry=0x15454c02aa70) at /test/10.11_dbg/sql/sql_select.cc:2251
      		 
      #32 0x000056101a0b9a66 in JOIN::optimize (this=this@entry=0x15454c02aa70) at /test/10.11_dbg/sql/sql_select.cc:1863
      		 
      #33 0x000056101a0b9b59 in mysql_select (thd=thd@entry=0x15454c000db8, tables=0x0, fields=@0x15454c0140d8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15454c014330, last = 0x15454c014330, elements = 1}, <No data fields>}, conds=0x15454c029ea8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x15454c02aa48, unit=0x15454c004ff0, select_lex=0x15454c013e38) at /test/10.11_dbg/sql/sql_select.cc:5056
      		 
      #34 0x000056101a0ba3a2 in handle_select (thd=thd@entry=0x15454c000db8, lex=lex@entry=0x15454c004f18, result=result@entry=0x15454c02aa48, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.11_dbg/sql/sql_select.cc:581
      		 
      #35 0x000056101a0245a6 in execute_sqlcom_select (thd=thd@entry=0x15454c000db8, all_tables=0x15454c015ca8) at /test/10.11_dbg/sql/sql_parse.cc:6261
      		 
      #36 0x000056101a0308c7 in mysql_execute_command (thd=thd@entry=0x15454c000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:3945
      		 
      #37 0x000056101a01e882 in mysql_parse (thd=thd@entry=0x15454c000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x154586b4b330) at /test/10.11_dbg/sql/sql_parse.cc:8035
      		 
      #38 0x000056101a02be6a in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x15454c000db8, packet=packet@entry=0x15454c00b6e9 "SELECT 0 WHERE 0 IN(SELECT 0 FROM (SELECT 0 IN (WITH c AS(SELECT c=0 FROM (SELECT c FROM c WHERE c=0) AS c) SELECT (SELECT c FROM c AS c LIMIT 0 OFFSET 0)=0) AS c FROM c AS c) AS c WHERE c=0 GROUP BY "..., packet_length=packet_length@entry=202, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:1339
      		 
      #39 0x000056101a02e574 in do_command (thd=0x15454c000db8, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
      		 
      #40 0x000056101a1901da in do_handle_one_connection (connect=<optimized out>, connect@entry=0x56101d13d1e8, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1418
      		 
      #41 0x000056101a1906e3 in handle_one_connection (arg=0x56101d13d1e8) at /test/10.11_dbg/sql/sql_connect.cc:1312
      		 
      #42 0x00001545a35dc609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #43 0x00001545a31c8133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      In 10.4 and 10.5 we see a different SIGSEGV:

      10.5.18 5fc172fd43375b392a8c8adfb9038c279e578d83 (Optimized)

      		 
      Core was generated by `/test/MD200822-mariadb-10.5.18-linux-x86_64-opt/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x0000562c95ebb881 in st_select_lex::get_offset (this=0x0)
      		 
          at /test/10.5_opt/sql/sql_lex.cc:3408
      		 
      [Current thread is 1 (Thread 0x154798089700 (LWP 1440457))]
      		 
      (gdb) bt
      		 
      #0  0x0000562c95ebb881 in st_select_lex::get_offset (this=0x0) at /test/10.5_opt/sql/sql_lex.cc:3408
      		 
      #1  0x0000562c95ebdd4f in st_select_lex_unit::set_limit (this=0x15471c015b10, sl=0x0) at /test/10.5_opt/sql/sql_lex.cc:4186
      		 
      #2  0x0000562c961ad8e7 in subselect_single_select_engine::exec (this=0x15471c020a70) at /test/10.5_opt/sql/sql_lex.h:924
      		 
      #3  0x0000562c961ace0c in Item_subselect::exec (this=0x15471c0208c8) at /test/10.5_opt/sql/item_subselect.cc:837
      		 
      #4  0x0000562c961ac7a3 in Item_singlerow_subselect::val_int (this=0x15471c0208c8) at /test/10.5_opt/sql/item_subselect.cc:1461
      		 
      #5  0x0000562c9611db2d in Arg_comparator::compare_int_signed (this=0x15471c020c20) at /test/10.5_opt/sql/item_cmpfunc.cc:952
      		 
      #6  0x0000562c9611e1cf in Arg_comparator::compare (this=<optimized out>) at /test/10.5_opt/sql/item_cmpfunc.h:102
      		 
      #7  Item_func_eq::val_int (this=<optimized out>) at /test/10.5_opt/sql/item_cmpfunc.cc:1791
      		 
      #8  0x0000562c9611db4c in Arg_comparator::compare_int_signed (this=0x15471c0280f8) at /test/10.5_opt/sql/item_cmpfunc.cc:955
      		 
      #9  0x0000562c9611e1cf in Arg_comparator::compare (this=<optimized out>) at /test/10.5_opt/sql/item_cmpfunc.h:102
      		 
      #10 Item_func_eq::val_int (this=<optimized out>) at /test/10.5_opt/sql/item_cmpfunc.cc:1791
      		 
      #11 0x0000562c960fc113 in Item_direct_ref::val_int (this=0x15471c028558) at /test/10.5_opt/sql/item.cc:8570
      		 
      #12 0x0000562c9611db2d in Arg_comparator::compare_int_signed (this=0x15471c023220) at /test/10.5_opt/sql/item_cmpfunc.cc:952
      		 
      #13 0x0000562c9611e1cf in Arg_comparator::compare (this=<optimized out>) at /test/10.5_opt/sql/item_cmpfunc.h:102
      		 
      #14 Item_func_eq::val_int (this=<optimized out>) at /test/10.5_opt/sql/item_cmpfunc.cc:1791
      		 
      #15 0x0000562c95f4f555 in do_select (procedure=<optimized out>, join=0x15471c025220) at /test/10.5_opt/sql/sql_select.cc:20495
      		 
      #16 JOIN::exec_inner (this=0x15471c025220) at /test/10.5_opt/sql/sql_select.cc:4560
      		 
      #17 0x0000562c95f4fac8 in JOIN::exec (this=0x15471c025220) at /test/10.5_opt/sql/sql_select.cc:4340
      		 
      #18 0x0000562c961ad9c6 in subselect_single_select_engine::exec (this=0x15471c023fa0) at /test/10.5_opt/sql/item_subselect.cc:4097
      		 
      #19 0x0000562c961ace0c in Item_subselect::exec (this=0x15471c023d58) at /test/10.5_opt/sql/item_subselect.cc:837
      		 
      #20 0x0000562c961ad664 in Item_in_subselect::val_bool (this=0x15471c023d58) at /test/10.5_opt/sql/item_subselect.cc:1947
      		 
      #21 0x0000562c9612947a in Item_in_optimizer::val_int (this=0x15471c0286e8) at /test/10.5_opt/sql/item_cmpfunc.cc:1666
      		 
      #22 Item_in_optimizer::val_int (this=0x15471c0286e8) at /test/10.5_opt/sql/item_cmpfunc.cc:1574
      		 
      #23 0x0000562c9603ba84 in Type_handler_int_result::Item_val_bool (this=<optimized out>, item=<optimized out>) at /test/10.5_opt/sql/sql_type.cc:5082
      		 
      #24 0x0000562c95f0ab8d in Item::eval_const_cond (this=0x15471c0286e8) at /test/10.5_opt/sql/item.h:1496
      		 
      #25 Item::remove_eq_conds (thd=<optimized out>, top_level_arg=<optimized out>, cond_value=0x15471c0244a0, this=0x15471c0286e8) at /test/10.5_opt/sql/sql_select.cc:17782
      		 
      #26 Item::remove_eq_conds (this=0x15471c0286e8, thd=<optimized out>, cond_value=0x15471c0244a0, top_level_arg=<optimized out>) at /test/10.5_opt/sql/sql_select.cc:17778
      		 
      #27 0x0000562c95f137e9 in optimize_cond (join=<optimized out>, conds=0x15471c0286e8, join_list=0x15471c0107d0, ignore_on_conds=<optimized out>, cond_value=0x15471c0244a0, cond_equal=0x15471c0245c8, flags=1) at /test/10.5_opt/sql/sql_select.cc:17332
      		 
      #28 0x0000562c95f4a7c2 in JOIN::optimize_inner (this=0x15471c024190) at /test/10.5_opt/sql/sql_select.cc:2058
      		 
      #29 0x0000562c95f4da03 in JOIN::optimize (this=this@entry=0x15471c024190) at /test/10.5_opt/sql/sql_select.cc:1686
      		 
      #30 0x0000562c95f4db0c in mysql_select (thd=0x15471c000c58, tables=0x0, fields=@0x15471c010758: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x15471c010b30, last = 0x15471c010b30, elements = 1}, <No data fields>}, conds=0x15471c023d58, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x15471c024168, unit=0x15471c004a40, select_lex=0x15471c010608) at /test/10.5_opt/sql/sql_select.cc:4803
      		 
      #31 0x0000562c95f4e517 in handle_select (thd=thd@entry=0x15471c000c58, lex=lex@entry=0x15471c004978, result=result@entry=0x15471c024168, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/10.5_opt/sql/sql_select.cc:444
      		 
      #32 0x0000562c95edfa01 in execute_sqlcom_select (thd=0x15471c000c58, all_tables=0x15471c0125d8) at /test/10.5_opt/sql/sql_parse.cc:6315
      		 
      #33 0x0000562c95eedb1d in mysql_execute_command (thd=0x15471c000c58) at /test/10.5_opt/sql/sql_parse.cc:4006
      		 
      #34 0x0000562c95eda933 in mysql_parse (thd=0x15471c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_parse.cc:8101
      		 
      #35 0x0000562c95ee7202 in dispatch_command (command=COM_QUERY, thd=0x15471c000c58, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.5_opt/sql/sql_class.h:1290
      		 
      #36 0x0000562c95ee8ed6 in do_command (thd=0x15471c000c58) at /test/10.5_opt/sql/sql_parse.cc:1375
      		 
      #37 0x0000562c95fe52c6 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562c98c53dd8, put_in_cache=put_in_cache@entry=true) at /test/10.5_opt/sql/sql_connect.cc:1418
      		 
      #38 0x0000562c95fe557d in handle_one_connection (arg=0x562c98c53dd8) at /test/10.5_opt/sql/sql_connect.cc:1312
      		 
      #39 0x00001547b0140609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #40 0x00001547afd2c133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Bug confirmed present in:
      MariaDB: 10.4.27 (dbg), 10.4.27 (opt), 10.5.18 (dbg), 10.5.18 (opt), 10.6.10 (dbg), 10.6.10 (opt), 10.7.6 (dbg), 10.7.6 (opt), 10.8.5 (dbg), 10.8.5 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.2 (dbg), 10.10.2 (opt), 10.11.0 (dbg), 10.11.0 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.3.37 (dbg), 10.3.37 (opt)
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

      10.3 Fails with invalid syntax:

      10.3.37 a1055ab35d29437b717e83b1a388eaa02901c42f (Debug)

      		 
      10.3.37-dbg>CREATE TABLE c(c INT) ENGINE=InnoDB;
      		 
      Query OK, 0 rows affected (0.015 sec)
      		 
       
      		 
      10.3.37-dbg>SELECT 0 WHERE 0 IN(SELECT 0 FROM (SELECT 0 IN (WITH c AS(SELECT c=0 FROM (SELECT c FROM c WHERE c=0) AS c) SELECT (SELECT c FROM c AS c LIMIT 0 OFFSET 0)=0) AS c FROM c AS c) AS c WHERE c=0 GROUP BY c);
      		 
      ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE 0 IN(SELECT 0 FROM (SELECT 0 IN (WITH c AS(SELECT c=0 FROM (SELECT c FR...' at line 1

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32312 Server crashes at st_select_lex_unit::set_limit

          • Major - Major loss of function.
          • Closed
          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28621 group by optimization incorrectly removing subquery where subject buried in a function

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          is part of

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28622 Item_subselect eliminated flag set but Item still evaluated/used.

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28502 SIGSEGV in Item_subselect::is_expensive (+ other SIGSEGV's in MS 8.0) and 2x UBSAN: runtime error: member call on null pointer of type 'struct st_select_lex' in Item_subselect::is_expensive and in st_select_lex::next_select

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-33126 virtual bool Item_subselect::exec(): Assertion `!eliminated' failed

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              Johnston Rex Johnston
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.