[MDEV-30159] Client can crash the server with a mysql_list_fields("view") call - Jira

Sergei Petrunia created issue - 2022-12-05 11:58

Sergei Petrunia made changes - 2022-12-05 12:00

Field	Original Value	New Value
Attachment		test1.cc [ 67330 ]

Sergei Petrunia made changes - 2022-12-05 12:06

Description

This is based on a support issue.

A Connector/C client can crash the server based by issuing a
{code:cpp}
mysql_list_fields("v1")
{code}

call, where v1 is a view with a certain definition.

Trying equivalent (or are they similar?) commands from command line client:
{code:sql}
desc v1;
{code}
does not cause a crash, expected result is produced.

This is based on a support issue.

A Connector/C client can crash the server based by issuing a
{code:cpp}
mysql_list_fields("v1")
{code}

call, where v1 is a view with a certain definition.

Trying equivalent (or are they similar?) commands from command line client:
{code:sql}
desc v1;
{code}
does not cause a crash, expected result is produced.

Crashes like so:
{code}
Thread 14 "mysqld" received signal SIGABRT, Aborted.
(gdb) wher
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140736891541056) at pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=140736891541056) at pthread_kill.c:80
#2 __GI___pthread_kill (threadid=140736891541056, signo=signo@entry=6) at pthread_kill.c:91
#3 0x00007ffff7635476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007ffff761b7b7 in __GI_abort () at abort.c:79
#5 0x00007ffff761b6db in __assert_fail_base (fmt=0x7ffff77cf770 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x555556f826d8 "table_share->tmp_table != NO_TMP_TABLE || m_lock_type != 2", file=0x555556f80c90 "/home/psergey/dev-git/10.7/sql/handler.cc", line=3407, function=<optimized out>) at assert.c:92
#6 0x00007ffff762ce26 in __GI___assert_fail (assertion=0x555556f826d8 "table_share->tmp_table != NO_TMP_TABLE || m_
lock_type != 2", file=0x555556f80c90 "/home/psergey/dev-git/10.7/sql/handler.cc", line=3407, function=0x555556f826b0 "int handler::ha_rnd_next(uchar*)") at assert.c:101
#7 0x000055555630ff77 in handler::ha_rnd_next (this=0x7fffac93b5f0, buf=0x7fffac93bde0 "\377") at /home/psergey/dev-git/10.7/sql/handler.cc:3407
#8 0x0000555555de4ac6 in rr_sequential (info=0x7fffac940458) at /home/psergey/dev-git/10.7/sql/records.cc:519
#9 0x0000555555dce777 in READ_RECORD::read_record (this=0x7fffac940458) at /home/psergey/dev-git/10.7/sql/records.h:81
#10 0x0000555555fd1040 in join_init_read_record (tab=0x7fffac940390) at /home/psergey/dev-git/10.7/sql/sql_select.cc:22364
#11 0x0000555555fce950 in sub_select (join=0x7fffac944450, join_tab=0x7fffac940390, end_of_records=false) at /home/psergey/dev-git/10.7/sql/sql_select.cc:21367
#12 0x0000555555fcdd50 in do_select (join=0x7fffac944450, procedure=0x0) at /home/psergey/dev-git/10.7/sql/sql_select.cc:20913
#13 0x0000555555f9fdfd in JOIN::exec_inner (this=0x7fffac944450) at /home/psergey/dev-git/10.7/sql/sql_select.cc:4794
#14 0x0000555555f9ee37 in JOIN::exec (this=0x7fffac944450) at /home/psergey/dev-git/10.7/sql/sql_select.cc:4572
#15 0x00005555564290d8 in subselect_single_select_engine::exec (this=0x7fffac01bcb0) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:4095
#16 0x000055555641b526 in Item_subselect::exec (this=0x7fffac01bb20) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:811
#17 0x000055555641d980 in Item_singlerow_subselect::val_str (this=0x7fffac01bb20, str=0x7fffdc6d2410) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:1477
#18 0x000055555636c567 in Regexp_processor_pcre::compile (this=0x7fffac01bde0, item=0x7fffac01bb20, send_error=true)at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6083
#19 0x000055555636cb26 in Regexp_processor_pcre::fix_owner (this=0x7fffac01bde0, owner=0x7fffac01bd30, subject_arg=0x7fffac019270, pattern_arg=0x7fffac01bb20) at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6189
#20 0x000055555636cc3e in Item_func_regex::fix_length_and_dec (this=0x7fffac01bd30) at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6210
#21 0x000055555639771c in Item_func::fix_fields (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item_func.cc:362
#22 0x0000555555df30be in Item::fix_fields_if_needed (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1147
#23 0x0000555555df30f7 in Item::fix_fields_if_needed_for_scalar (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1156
#24 0x0000555555e8175b in Item::fix_fields_if_needed_for_bool (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1160
#25 0x0000555555e7de16 in setup_conds (thd=0x7fffac000d48, tables=0x7fffac018940, leaves=..., conds=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/sql_base.cc:8540
#26 0x0000555555f8fdc0 in setup_without_group (thd=0x7fffac000d48, ref_pointer_array=..., tables=0x7fffac018940, leaves=..., fields=..., all_fields=..., conds=0x7fffac9442b0, order=0x0, group=0x0, win_specs=..., win_funcs=..., hidden_group_fields=0x7fffac944177, reserved=0x7fffac01827c) at /home/psergey/dev-git/10.7/sql/sql_select.cc:858
#27 0x0000555555f92ec2 in JOIN::prepare (this=0x7fffac943e60, tables_init=0x7fffac018940, conds_init=0x7fffac01bd30,og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg
=0x7fffac017ec0, unit_arg=0x7fffac016228) at /home/psergey/dev-git/10.7/sql/sql_select.cc:1439
#28 0x00005555560715a2 in st_select_lex_unit::prepare_join (this=0x7fffac016228, thd_arg=0x7fffac000d48, sl=0x7fffac017ec0, tmp_result=0x7fffac93e6f0, additional_options=0, is_union_select=false) at /home/psergey/dev-git/10.7/sql/sql_union.cc:1103
#29 0x0000555556072ef9 in st_select_lex_unit::prepare (this=0x7fffac016228, derived_arg=0x7fffdc6d4460, sel_result=0x7fffac93e6f0, additional_options=0) at /home/psergey/dev-git/10.7/sql/sql_union.cc:1496
#30 0x0000555555ec6e49 in mysql_derived_prepare (thd=0x7fffac000d48, lex=0x7fffac005080, derived=0x7fffdc6d4460) at /home/psergey/dev-git/10.7/sql/sql_derived.cc:855
#31 0x0000555555ec4fdd in mysql_handle_derived (lex=0x7fffac005080, phases=3) at /home/psergey/dev-git/10.7/sql/sql_derived.cc:123
#32 0x0000555555e7501e in open_normal_and_derived_tables (thd=0x7fffac000d48, tables=0x7fffdc6d4460, flags=1024, dt_phases=3) at /home/psergey/dev-git/10.7/sql/sql_base.cc:5368
#33 0x0000555555ff7dc9 in mysqld_list_fields (thd=0x7fffac000d48, table_list=0x7fffdc6d4460, wild=0x7fffac013390 "") at /home/psergey/dev-git/10.7/sql/sql_show.cc:1498
#34 0x0000555555f24dbb in dispatch_command (command=COM_FIELD_LIST, thd=0x7fffac000d48, packet=0x7fffac00ac0c "", packet_length=3, blocking=true) at /home/psergey/dev-git/10.7/sql/sql_parse.cc:2087
#35 0x0000555555f22cc0 in do_command (thd=0x7fffac000d48, blocking=true) at /home/psergey/dev-git/10.7/sql/sql_parse.cc:1407
#36 0x000055555610b961 in do_handle_one_connection (connect=0x555558abb248, put_in_cache=true) at /home/psergey/dev-git/10.7/sql/sql_connect.cc:1416
{code}

Sergei Petrunia made changes - 2022-12-05 12:07

Description

This is based on a support issue.

A Connector/C client can crash the server based by issuing a
{code:cpp}
mysql_list_fields("v1")
{code}

call, where v1 is a view with a certain definition.

Trying equivalent (or are they similar?) commands from command line client:
{code:sql}
desc v1;
{code}
does not cause a crash, expected result is produced.

Crashes like so:
{code}
Thread 14 "mysqld" received signal SIGABRT, Aborted.
(gdb) wher
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140736891541056) at pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=140736891541056) at pthread_kill.c:80
#2 __GI___pthread_kill (threadid=140736891541056, signo=signo@entry=6) at pthread_kill.c:91
#3 0x00007ffff7635476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007ffff761b7b7 in __GI_abort () at abort.c:79
#5 0x00007ffff761b6db in __assert_fail_base (fmt=0x7ffff77cf770 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x555556f826d8 "table_share->tmp_table != NO_TMP_TABLE || m_lock_type != 2", file=0x555556f80c90 "/home/psergey/dev-git/10.7/sql/handler.cc", line=3407, function=<optimized out>) at assert.c:92
#6 0x00007ffff762ce26 in __GI___assert_fail (assertion=0x555556f826d8 "table_share->tmp_table != NO_TMP_TABLE || m_
lock_type != 2", file=0x555556f80c90 "/home/psergey/dev-git/10.7/sql/handler.cc", line=3407, function=0x555556f826b0 "int handler::ha_rnd_next(uchar*)") at assert.c:101
#7 0x000055555630ff77 in handler::ha_rnd_next (this=0x7fffac93b5f0, buf=0x7fffac93bde0 "\377") at /home/psergey/dev-git/10.7/sql/handler.cc:3407
#8 0x0000555555de4ac6 in rr_sequential (info=0x7fffac940458) at /home/psergey/dev-git/10.7/sql/records.cc:519
#9 0x0000555555dce777 in READ_RECORD::read_record (this=0x7fffac940458) at /home/psergey/dev-git/10.7/sql/records.h:81
#10 0x0000555555fd1040 in join_init_read_record (tab=0x7fffac940390) at /home/psergey/dev-git/10.7/sql/sql_select.cc:22364
#11 0x0000555555fce950 in sub_select (join=0x7fffac944450, join_tab=0x7fffac940390, end_of_records=false) at /home/psergey/dev-git/10.7/sql/sql_select.cc:21367
#12 0x0000555555fcdd50 in do_select (join=0x7fffac944450, procedure=0x0) at /home/psergey/dev-git/10.7/sql/sql_select.cc:20913
#13 0x0000555555f9fdfd in JOIN::exec_inner (this=0x7fffac944450) at /home/psergey/dev-git/10.7/sql/sql_select.cc:4794
#14 0x0000555555f9ee37 in JOIN::exec (this=0x7fffac944450) at /home/psergey/dev-git/10.7/sql/sql_select.cc:4572
#15 0x00005555564290d8 in subselect_single_select_engine::exec (this=0x7fffac01bcb0) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:4095
#16 0x000055555641b526 in Item_subselect::exec (this=0x7fffac01bb20) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:811
#17 0x000055555641d980 in Item_singlerow_subselect::val_str (this=0x7fffac01bb20, str=0x7fffdc6d2410) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:1477
#18 0x000055555636c567 in Regexp_processor_pcre::compile (this=0x7fffac01bde0, item=0x7fffac01bb20, send_error=true)at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6083
#19 0x000055555636cb26 in Regexp_processor_pcre::fix_owner (this=0x7fffac01bde0, owner=0x7fffac01bd30, subject_arg=0x7fffac019270, pattern_arg=0x7fffac01bb20) at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6189
#20 0x000055555636cc3e in Item_func_regex::fix_length_and_dec (this=0x7fffac01bd30) at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6210
#21 0x000055555639771c in Item_func::fix_fields (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item_func.cc:362
#22 0x0000555555df30be in Item::fix_fields_if_needed (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1147
#23 0x0000555555df30f7 in Item::fix_fields_if_needed_for_scalar (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1156
#24 0x0000555555e8175b in Item::fix_fields_if_needed_for_bool (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1160
#25 0x0000555555e7de16 in setup_conds (thd=0x7fffac000d48, tables=0x7fffac018940, leaves=..., conds=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/sql_base.cc:8540
#26 0x0000555555f8fdc0 in setup_without_group (thd=0x7fffac000d48, ref_pointer_array=..., tables=0x7fffac018940, leaves=..., fields=..., all_fields=..., conds=0x7fffac9442b0, order=0x0, group=0x0, win_specs=..., win_funcs=..., hidden_group_fields=0x7fffac944177, reserved=0x7fffac01827c) at /home/psergey/dev-git/10.7/sql/sql_select.cc:858
#27 0x0000555555f92ec2 in JOIN::prepare (this=0x7fffac943e60, tables_init=0x7fffac018940, conds_init=0x7fffac01bd30,og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg
=0x7fffac017ec0, unit_arg=0x7fffac016228) at /home/psergey/dev-git/10.7/sql/sql_select.cc:1439
#28 0x00005555560715a2 in st_select_lex_unit::prepare_join (this=0x7fffac016228, thd_arg=0x7fffac000d48, sl=0x7fffac017ec0, tmp_result=0x7fffac93e6f0, additional_options=0, is_union_select=false) at /home/psergey/dev-git/10.7/sql/sql_union.cc:1103
#29 0x0000555556072ef9 in st_select_lex_unit::prepare (this=0x7fffac016228, derived_arg=0x7fffdc6d4460, sel_result=0x7fffac93e6f0, additional_options=0) at /home/psergey/dev-git/10.7/sql/sql_union.cc:1496
#30 0x0000555555ec6e49 in mysql_derived_prepare (thd=0x7fffac000d48, lex=0x7fffac005080, derived=0x7fffdc6d4460) at /home/psergey/dev-git/10.7/sql/sql_derived.cc:855
#31 0x0000555555ec4fdd in mysql_handle_derived (lex=0x7fffac005080, phases=3) at /home/psergey/dev-git/10.7/sql/sql_derived.cc:123
#32 0x0000555555e7501e in open_normal_and_derived_tables (thd=0x7fffac000d48, tables=0x7fffdc6d4460, flags=1024, dt_phases=3) at /home/psergey/dev-git/10.7/sql/sql_base.cc:5368
#33 0x0000555555ff7dc9 in mysqld_list_fields (thd=0x7fffac000d48, table_list=0x7fffdc6d4460, wild=0x7fffac013390 "") at /home/psergey/dev-git/10.7/sql/sql_show.cc:1498
#34 0x0000555555f24dbb in dispatch_command (command=COM_FIELD_LIST, thd=0x7fffac000d48, packet=0x7fffac00ac0c "", packet_length=3, blocking=true) at /home/psergey/dev-git/10.7/sql/sql_parse.cc:2087
#35 0x0000555555f22cc0 in do_command (thd=0x7fffac000d48, blocking=true) at /home/psergey/dev-git/10.7/sql/sql_parse.cc:1407
#36 0x000055555610b961 in do_handle_one_connection (connect=0x555558abb248, put_in_cache=true) at /home/psergey/dev-git/10.7/sql/sql_connect.cc:1416
{code}

This is based on a support issue.

A Connector/C client can crash the server based by issuing a
{code:cpp}
mysql_list_fields("v1")
{code}

call, where v1 is a view with a certain definition.

Trying equivalent (or are they similar?) commands from command line client:
{code:sql}
desc v1;
{code}
does not cause a crash, expected result is produced.

Crashes like so:
{code}
Thread 14 "mysqld" received signal SIGABRT, Aborted.
(gdb) wher
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140736891541056) at pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=140736891541056) at pthread_kill.c:80
#2 __GI___pthread_kill (threadid=140736891541056, signo=signo@entry=6) at pthread_kill.c:91
#3 0x00007ffff7635476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007ffff761b7b7 in __GI_abort () at abort.c:79
#5 0x00007ffff761b6db in __assert_fail_base (fmt=0x7ffff77cf770 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x555556f826d8 "table_share->tmp_table != NO_TMP_TABLE || m_lock_type != 2", file=0x555556f80c90 "/home/psergey/dev-git/10.7/sql/handler.cc", line=3407, function=<optimized out>) at assert.c:92
#6 0x00007ffff762ce26 in __GI___assert_fail (assertion=0x555556f826d8 "table_share->tmp_table != NO_TMP_TABLE || m_
lock_type != 2", file=0x555556f80c90 "/home/psergey/dev-git/10.7/sql/handler.cc", line=3407, function=0x555556f826b0 "int handler::ha_rnd_next(uchar*)") at assert.c:101
#7 0x000055555630ff77 in handler::ha_rnd_next (this=0x7fffac93b5f0, buf=0x7fffac93bde0 "\377") at /home/psergey/dev-git/10.7/sql/handler.cc:3407
#8 0x0000555555de4ac6 in rr_sequential (info=0x7fffac940458) at /home/psergey/dev-git/10.7/sql/records.cc:519
#9 0x0000555555dce777 in READ_RECORD::read_record (this=0x7fffac940458) at /home/psergey/dev-git/10.7/sql/records.h:81
#10 0x0000555555fd1040 in join_init_read_record (tab=0x7fffac940390) at /home/psergey/dev-git/10.7/sql/sql_select.cc:22364
#11 0x0000555555fce950 in sub_select (join=0x7fffac944450, join_tab=0x7fffac940390, end_of_records=false) at /home/psergey/dev-git/10.7/sql/sql_select.cc:21367
#12 0x0000555555fcdd50 in do_select (join=0x7fffac944450, procedure=0x0) at /home/psergey/dev-git/10.7/sql/sql_select.cc:20913
#13 0x0000555555f9fdfd in JOIN::exec_inner (this=0x7fffac944450) at /home/psergey/dev-git/10.7/sql/sql_select.cc:4794
#14 0x0000555555f9ee37 in JOIN::exec (this=0x7fffac944450) at /home/psergey/dev-git/10.7/sql/sql_select.cc:4572
#15 0x00005555564290d8 in subselect_single_select_engine::exec (this=0x7fffac01bcb0) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:4095
#16 0x000055555641b526 in Item_subselect::exec (this=0x7fffac01bb20) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:811
#17 0x000055555641d980 in Item_singlerow_subselect::val_str (this=0x7fffac01bb20, str=0x7fffdc6d2410) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:1477
#18 0x000055555636c567 in Regexp_processor_pcre::compile (this=0x7fffac01bde0, item=0x7fffac01bb20, send_error=true)at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6083
#19 0x000055555636cb26 in Regexp_processor_pcre::fix_owner (this=0x7fffac01bde0, owner=0x7fffac01bd30, subject_arg=0x7fffac019270, pattern_arg=0x7fffac01bb20) at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6189
#20 0x000055555636cc3e in Item_func_regex::fix_length_and_dec (this=0x7fffac01bd30) at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6210
#21 0x000055555639771c in Item_func::fix_fields (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item_func.cc:362
#22 0x0000555555df30be in Item::fix_fields_if_needed (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1147
#23 0x0000555555df30f7 in Item::fix_fields_if_needed_for_scalar (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1156
#24 0x0000555555e8175b in Item::fix_fields_if_needed_for_bool (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1160
#25 0x0000555555e7de16 in setup_conds (thd=0x7fffac000d48, tables=0x7fffac018940, leaves=..., conds=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/sql_base.cc:8540
#26 0x0000555555f8fdc0 in setup_without_group (thd=0x7fffac000d48, ref_pointer_array=..., tables=0x7fffac018940, leaves=..., fields=..., all_fields=..., conds=0x7fffac9442b0, order=0x0, group=0x0, win_specs=..., win_funcs=..., hidden_group_fields=0x7fffac944177, reserved=0x7fffac01827c) at /home/psergey/dev-git/10.7/sql/sql_select.cc:858
#27 0x0000555555f92ec2 in JOIN::prepare (this=0x7fffac943e60, tables_init=0x7fffac018940, conds_init=0x7fffac01bd30,og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg
=0x7fffac017ec0, unit_arg=0x7fffac016228) at /home/psergey/dev-git/10.7/sql/sql_select.cc:1439
#28 0x00005555560715a2 in st_select_lex_unit::prepare_join (this=0x7fffac016228, thd_arg=0x7fffac000d48, sl=0x7fffac017ec0, tmp_result=0x7fffac93e6f0, additional_options=0, is_union_select=false) at /home/psergey/dev-git/10.7/sql/sql_union.cc:1103
#29 0x0000555556072ef9 in st_select_lex_unit::prepare (this=0x7fffac016228, derived_arg=0x7fffdc6d4460, sel_result=0x7fffac93e6f0, additional_options=0) at /home/psergey/dev-git/10.7/sql/sql_union.cc:1496
#30 0x0000555555ec6e49 in mysql_derived_prepare (thd=0x7fffac000d48, lex=0x7fffac005080, derived=0x7fffdc6d4460) at /home/psergey/dev-git/10.7/sql/sql_derived.cc:855
#31 0x0000555555ec4fdd in mysql_handle_derived (lex=0x7fffac005080, phases=3) at /home/psergey/dev-git/10.7/sql/sql_derived.cc:123
#32 0x0000555555e7501e in open_normal_and_derived_tables (thd=0x7fffac000d48, tables=0x7fffdc6d4460, flags=1024, dt_phases=3) at /home/psergey/dev-git/10.7/sql/sql_base.cc:5368
#33 0x0000555555ff7dc9 in mysqld_list_fields (thd=0x7fffac000d48, table_list=0x7fffdc6d4460, wild=0x7fffac013390 "") at /home/psergey/dev-git/10.7/sql/sql_show.cc:1498
#34 0x0000555555f24dbb in dispatch_command (command=COM_FIELD_LIST, thd=0x7fffac000d48, packet=0x7fffac00ac0c "", packet_length=3, blocking=true) at /home/psergey/dev-git/10.7/sql/sql_parse.cc:2087
#35 0x0000555555f22cc0 in do_command (thd=0x7fffac000d48, blocking=true) at /home/psergey/dev-git/10.7/sql/sql_parse.cc:1407
#36 0x000055555610b961 in do_handle_one_connection (connect=0x555558abb248, put_in_cache=true) at /home/psergey/dev-git/10.7/sql/sql_connect.cc:1416
{code}

The assert is hit here:
{code}
int handler::ha_rnd_next(uchar *buf)
{
  int result;
  DBUG_ENTER("handler::ha_rnd_next");
  DBUG_ASSERT(table_share->tmp_table != NO_TMP_TABLE ||
              m_lock_type != F_UNLCK);
{code}

The reason:
{code}
3407 DBUG_ASSERT(table_share->tmp_table != NO_TMP_TABLE ||
(gdb) p table_share
$1 = (TABLE_SHARE *) 0x7fffac027c80
(gdb) p table_share->tmp_table
$2 = NO_TMP_TABLE
(gdb) p m_lock_type
$3 = 2
(gdb) p F_UNLCK
$4 = 2
{code}

Sergei Petrunia made changes - 2022-12-05 12:08

Component/s

Views [ 10111 ]

Sergei Golubchik made changes - 2022-12-05 12:19

Assignee

Oleksandr Byelkin [ sanja ]

Sergei Petrunia made changes - 2022-12-05 12:49

Description

This is based on a support issue.

A Connector/C client can crash the server based by issuing a
{code:cpp}
mysql_list_fields("v1")
{code}

call, where v1 is a view with a certain definition.

Trying equivalent (or are they similar?) commands from command line client:
{code:sql}
desc v1;
{code}
does not cause a crash, expected result is produced.

Crashes like so:
{code}
Thread 14 "mysqld" received signal SIGABRT, Aborted.
(gdb) wher
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140736891541056) at pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=140736891541056) at pthread_kill.c:80
#2 __GI___pthread_kill (threadid=140736891541056, signo=signo@entry=6) at pthread_kill.c:91
#3 0x00007ffff7635476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007ffff761b7b7 in __GI_abort () at abort.c:79
#5 0x00007ffff761b6db in __assert_fail_base (fmt=0x7ffff77cf770 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x555556f826d8 "table_share->tmp_table != NO_TMP_TABLE || m_lock_type != 2", file=0x555556f80c90 "/home/psergey/dev-git/10.7/sql/handler.cc", line=3407, function=<optimized out>) at assert.c:92
#6 0x00007ffff762ce26 in __GI___assert_fail (assertion=0x555556f826d8 "table_share->tmp_table != NO_TMP_TABLE || m_
lock_type != 2", file=0x555556f80c90 "/home/psergey/dev-git/10.7/sql/handler.cc", line=3407, function=0x555556f826b0 "int handler::ha_rnd_next(uchar*)") at assert.c:101
#7 0x000055555630ff77 in handler::ha_rnd_next (this=0x7fffac93b5f0, buf=0x7fffac93bde0 "\377") at /home/psergey/dev-git/10.7/sql/handler.cc:3407
#8 0x0000555555de4ac6 in rr_sequential (info=0x7fffac940458) at /home/psergey/dev-git/10.7/sql/records.cc:519
#9 0x0000555555dce777 in READ_RECORD::read_record (this=0x7fffac940458) at /home/psergey/dev-git/10.7/sql/records.h:81
#10 0x0000555555fd1040 in join_init_read_record (tab=0x7fffac940390) at /home/psergey/dev-git/10.7/sql/sql_select.cc:22364
#11 0x0000555555fce950 in sub_select (join=0x7fffac944450, join_tab=0x7fffac940390, end_of_records=false) at /home/psergey/dev-git/10.7/sql/sql_select.cc:21367
#12 0x0000555555fcdd50 in do_select (join=0x7fffac944450, procedure=0x0) at /home/psergey/dev-git/10.7/sql/sql_select.cc:20913
#13 0x0000555555f9fdfd in JOIN::exec_inner (this=0x7fffac944450) at /home/psergey/dev-git/10.7/sql/sql_select.cc:4794
#14 0x0000555555f9ee37 in JOIN::exec (this=0x7fffac944450) at /home/psergey/dev-git/10.7/sql/sql_select.cc:4572
#15 0x00005555564290d8 in subselect_single_select_engine::exec (this=0x7fffac01bcb0) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:4095
#16 0x000055555641b526 in Item_subselect::exec (this=0x7fffac01bb20) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:811
#17 0x000055555641d980 in Item_singlerow_subselect::val_str (this=0x7fffac01bb20, str=0x7fffdc6d2410) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:1477
#18 0x000055555636c567 in Regexp_processor_pcre::compile (this=0x7fffac01bde0, item=0x7fffac01bb20, send_error=true)at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6083
#19 0x000055555636cb26 in Regexp_processor_pcre::fix_owner (this=0x7fffac01bde0, owner=0x7fffac01bd30, subject_arg=0x7fffac019270, pattern_arg=0x7fffac01bb20) at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6189
#20 0x000055555636cc3e in Item_func_regex::fix_length_and_dec (this=0x7fffac01bd30) at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6210
#21 0x000055555639771c in Item_func::fix_fields (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item_func.cc:362
#22 0x0000555555df30be in Item::fix_fields_if_needed (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1147
#23 0x0000555555df30f7 in Item::fix_fields_if_needed_for_scalar (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1156
#24 0x0000555555e8175b in Item::fix_fields_if_needed_for_bool (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1160
#25 0x0000555555e7de16 in setup_conds (thd=0x7fffac000d48, tables=0x7fffac018940, leaves=..., conds=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/sql_base.cc:8540
#26 0x0000555555f8fdc0 in setup_without_group (thd=0x7fffac000d48, ref_pointer_array=..., tables=0x7fffac018940, leaves=..., fields=..., all_fields=..., conds=0x7fffac9442b0, order=0x0, group=0x0, win_specs=..., win_funcs=..., hidden_group_fields=0x7fffac944177, reserved=0x7fffac01827c) at /home/psergey/dev-git/10.7/sql/sql_select.cc:858
#27 0x0000555555f92ec2 in JOIN::prepare (this=0x7fffac943e60, tables_init=0x7fffac018940, conds_init=0x7fffac01bd30,og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg
=0x7fffac017ec0, unit_arg=0x7fffac016228) at /home/psergey/dev-git/10.7/sql/sql_select.cc:1439
#28 0x00005555560715a2 in st_select_lex_unit::prepare_join (this=0x7fffac016228, thd_arg=0x7fffac000d48, sl=0x7fffac017ec0, tmp_result=0x7fffac93e6f0, additional_options=0, is_union_select=false) at /home/psergey/dev-git/10.7/sql/sql_union.cc:1103
#29 0x0000555556072ef9 in st_select_lex_unit::prepare (this=0x7fffac016228, derived_arg=0x7fffdc6d4460, sel_result=0x7fffac93e6f0, additional_options=0) at /home/psergey/dev-git/10.7/sql/sql_union.cc:1496
#30 0x0000555555ec6e49 in mysql_derived_prepare (thd=0x7fffac000d48, lex=0x7fffac005080, derived=0x7fffdc6d4460) at /home/psergey/dev-git/10.7/sql/sql_derived.cc:855
#31 0x0000555555ec4fdd in mysql_handle_derived (lex=0x7fffac005080, phases=3) at /home/psergey/dev-git/10.7/sql/sql_derived.cc:123
#32 0x0000555555e7501e in open_normal_and_derived_tables (thd=0x7fffac000d48, tables=0x7fffdc6d4460, flags=1024, dt_phases=3) at /home/psergey/dev-git/10.7/sql/sql_base.cc:5368
#33 0x0000555555ff7dc9 in mysqld_list_fields (thd=0x7fffac000d48, table_list=0x7fffdc6d4460, wild=0x7fffac013390 "") at /home/psergey/dev-git/10.7/sql/sql_show.cc:1498
#34 0x0000555555f24dbb in dispatch_command (command=COM_FIELD_LIST, thd=0x7fffac000d48, packet=0x7fffac00ac0c "", packet_length=3, blocking=true) at /home/psergey/dev-git/10.7/sql/sql_parse.cc:2087
#35 0x0000555555f22cc0 in do_command (thd=0x7fffac000d48, blocking=true) at /home/psergey/dev-git/10.7/sql/sql_parse.cc:1407
#36 0x000055555610b961 in do_handle_one_connection (connect=0x555558abb248, put_in_cache=true) at /home/psergey/dev-git/10.7/sql/sql_connect.cc:1416
{code}

The assert is hit here:
{code}
int handler::ha_rnd_next(uchar *buf)
{
  int result;
  DBUG_ENTER("handler::ha_rnd_next");
  DBUG_ASSERT(table_share->tmp_table != NO_TMP_TABLE ||
              m_lock_type != F_UNLCK);
{code}

The reason:
{code}
3407 DBUG_ASSERT(table_share->tmp_table != NO_TMP_TABLE ||
(gdb) p table_share
$1 = (TABLE_SHARE *) 0x7fffac027c80
(gdb) p table_share->tmp_table
$2 = NO_TMP_TABLE
(gdb) p m_lock_type
$3 = 2
(gdb) p F_UNLCK
$4 = 2
{code}

This is based on a support issue.

A Connector/C client can crash the server based by issuing a
{code:cpp}
mysql_list_fields("v1")
{code}

call, where v1 is a view with a certain definition.

Trying equivalent (or are they similar?) commands from command line client:
{code:sql}
desc v1;
{code}
does not cause a crash, expected result is produced.

{code:sql}
create table t1 (
  name varchar(100),
  typ varchar(100)
);
insert into t1 select seq,seq from seq_1_to_10;
insert into t1 select '', 'value' from seq_1_to_2;

create table t2 (
  servername varchar(100)
);
insert into t2 select seq from seq_1_to_10;

create view v1 as
select * from t2
where
   `t2`.`servername` regexp ( select
                                  group_concat(`t1`.`name` separator '|')
                               from `t1`
                               where `t1`.`typ`
                               like 'value')
;

{code}
Crashes like so:
{code}
Thread 14 "mysqld" received signal SIGABRT, Aborted.
(gdb) wher
#0 __pthread_kill_implementation (no_tid=0, signo=6, threadid=140736891541056) at pthread_kill.c:44
#1 __pthread_kill_internal (signo=6, threadid=140736891541056) at pthread_kill.c:80
#2 __GI___pthread_kill (threadid=140736891541056, signo=signo@entry=6) at pthread_kill.c:91
#3 0x00007ffff7635476 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#4 0x00007ffff761b7b7 in __GI_abort () at abort.c:79
#5 0x00007ffff761b6db in __assert_fail_base (fmt=0x7ffff77cf770 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x555556f826d8 "table_share->tmp_table != NO_TMP_TABLE || m_lock_type != 2", file=0x555556f80c90 "/home/psergey/dev-git/10.7/sql/handler.cc", line=3407, function=<optimized out>) at assert.c:92
#6 0x00007ffff762ce26 in __GI___assert_fail (assertion=0x555556f826d8 "table_share->tmp_table != NO_TMP_TABLE || m_
lock_type != 2", file=0x555556f80c90 "/home/psergey/dev-git/10.7/sql/handler.cc", line=3407, function=0x555556f826b0 "int handler::ha_rnd_next(uchar*)") at assert.c:101
#7 0x000055555630ff77 in handler::ha_rnd_next (this=0x7fffac93b5f0, buf=0x7fffac93bde0 "\377") at /home/psergey/dev-git/10.7/sql/handler.cc:3407
#8 0x0000555555de4ac6 in rr_sequential (info=0x7fffac940458) at /home/psergey/dev-git/10.7/sql/records.cc:519
#9 0x0000555555dce777 in READ_RECORD::read_record (this=0x7fffac940458) at /home/psergey/dev-git/10.7/sql/records.h:81
#10 0x0000555555fd1040 in join_init_read_record (tab=0x7fffac940390) at /home/psergey/dev-git/10.7/sql/sql_select.cc:22364
#11 0x0000555555fce950 in sub_select (join=0x7fffac944450, join_tab=0x7fffac940390, end_of_records=false) at /home/psergey/dev-git/10.7/sql/sql_select.cc:21367
#12 0x0000555555fcdd50 in do_select (join=0x7fffac944450, procedure=0x0) at /home/psergey/dev-git/10.7/sql/sql_select.cc:20913
#13 0x0000555555f9fdfd in JOIN::exec_inner (this=0x7fffac944450) at /home/psergey/dev-git/10.7/sql/sql_select.cc:4794
#14 0x0000555555f9ee37 in JOIN::exec (this=0x7fffac944450) at /home/psergey/dev-git/10.7/sql/sql_select.cc:4572
#15 0x00005555564290d8 in subselect_single_select_engine::exec (this=0x7fffac01bcb0) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:4095
#16 0x000055555641b526 in Item_subselect::exec (this=0x7fffac01bb20) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:811
#17 0x000055555641d980 in Item_singlerow_subselect::val_str (this=0x7fffac01bb20, str=0x7fffdc6d2410) at /home/psergey/dev-git/10.7/sql/item_subselect.cc:1477
#18 0x000055555636c567 in Regexp_processor_pcre::compile (this=0x7fffac01bde0, item=0x7fffac01bb20, send_error=true)at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6083
#19 0x000055555636cb26 in Regexp_processor_pcre::fix_owner (this=0x7fffac01bde0, owner=0x7fffac01bd30, subject_arg=0x7fffac019270, pattern_arg=0x7fffac01bb20) at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6189
#20 0x000055555636cc3e in Item_func_regex::fix_length_and_dec (this=0x7fffac01bd30) at /home/psergey/dev-git/10.7/sql/item_cmpfunc.cc:6210
#21 0x000055555639771c in Item_func::fix_fields (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item_func.cc:362
#22 0x0000555555df30be in Item::fix_fields_if_needed (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1147
#23 0x0000555555df30f7 in Item::fix_fields_if_needed_for_scalar (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1156
#24 0x0000555555e8175b in Item::fix_fields_if_needed_for_bool (this=0x7fffac01bd30, thd=0x7fffac000d48, ref=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/item.h:1160
#25 0x0000555555e7de16 in setup_conds (thd=0x7fffac000d48, tables=0x7fffac018940, leaves=..., conds=0x7fffac9442b0) at /home/psergey/dev-git/10.7/sql/sql_base.cc:8540
#26 0x0000555555f8fdc0 in setup_without_group (thd=0x7fffac000d48, ref_pointer_array=..., tables=0x7fffac018940, leaves=..., fields=..., all_fields=..., conds=0x7fffac9442b0, order=0x0, group=0x0, win_specs=..., win_funcs=..., hidden_group_fields=0x7fffac944177, reserved=0x7fffac01827c) at /home/psergey/dev-git/10.7/sql/sql_select.cc:858
#27 0x0000555555f92ec2 in JOIN::prepare (this=0x7fffac943e60, tables_init=0x7fffac018940, conds_init=0x7fffac01bd30,og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg
=0x7fffac017ec0, unit_arg=0x7fffac016228) at /home/psergey/dev-git/10.7/sql/sql_select.cc:1439
#28 0x00005555560715a2 in st_select_lex_unit::prepare_join (this=0x7fffac016228, thd_arg=0x7fffac000d48, sl=0x7fffac017ec0, tmp_result=0x7fffac93e6f0, additional_options=0, is_union_select=false) at /home/psergey/dev-git/10.7/sql/sql_union.cc:1103
#29 0x0000555556072ef9 in st_select_lex_unit::prepare (this=0x7fffac016228, derived_arg=0x7fffdc6d4460, sel_result=0x7fffac93e6f0, additional_options=0) at /home/psergey/dev-git/10.7/sql/sql_union.cc:1496
#30 0x0000555555ec6e49 in mysql_derived_prepare (thd=0x7fffac000d48, lex=0x7fffac005080, derived=0x7fffdc6d4460) at /home/psergey/dev-git/10.7/sql/sql_derived.cc:855
#31 0x0000555555ec4fdd in mysql_handle_derived (lex=0x7fffac005080, phases=3) at /home/psergey/dev-git/10.7/sql/sql_derived.cc:123
#32 0x0000555555e7501e in open_normal_and_derived_tables (thd=0x7fffac000d48, tables=0x7fffdc6d4460, flags=1024, dt_phases=3) at /home/psergey/dev-git/10.7/sql/sql_base.cc:5368
#33 0x0000555555ff7dc9 in mysqld_list_fields (thd=0x7fffac000d48, table_list=0x7fffdc6d4460, wild=0x7fffac013390 "") at /home/psergey/dev-git/10.7/sql/sql_show.cc:1498
#34 0x0000555555f24dbb in dispatch_command (command=COM_FIELD_LIST, thd=0x7fffac000d48, packet=0x7fffac00ac0c "", packet_length=3, blocking=true) at /home/psergey/dev-git/10.7/sql/sql_parse.cc:2087
#35 0x0000555555f22cc0 in do_command (thd=0x7fffac000d48, blocking=true) at /home/psergey/dev-git/10.7/sql/sql_parse.cc:1407
#36 0x000055555610b961 in do_handle_one_connection (connect=0x555558abb248, put_in_cache=true) at /home/psergey/dev-git/10.7/sql/sql_connect.cc:1416
{code}

The assert is hit here:
{code}
int handler::ha_rnd_next(uchar *buf)
{
  int result;
  DBUG_ENTER("handler::ha_rnd_next");
  DBUG_ASSERT(table_share->tmp_table != NO_TMP_TABLE ||
              m_lock_type != F_UNLCK);
{code}

The reason:
{code}
3407 DBUG_ASSERT(table_share->tmp_table != NO_TMP_TABLE ||
(gdb) p table_share
$1 = (TABLE_SHARE *) 0x7fffac027c80
(gdb) p table_share->tmp_table
$2 = NO_TMP_TABLE
(gdb) p m_lock_type
$3 = 2
(gdb) p F_UNLCK
$4 = 2
{code}

Julien Fritsch made changes - 2023-02-27 09:24

Priority

Major [ 3 ]

Critical [ 2 ]

Sergei Petrunia made changes - 2023-02-27 10:08

Affects Version/s		10.5 [ 23123 ]
Affects Version/s		10.6 [ 24028 ]
Affects Version/s		10.8 [ 26121 ]
Affects Version/s		10.9 [ 26905 ]
Affects Version/s		10.10 [ 27530 ]
Affects Version/s		10.11 [ 27614 ]

Sergei Petrunia made changes - 2023-02-27 10:09

Fix Version/s		10.5 [ 23123 ]
Fix Version/s		10.6 [ 24028 ]
Fix Version/s		10.8 [ 26121 ]
Fix Version/s		10.9 [ 26905 ]
Fix Version/s		10.10 [ 27530 ]
Fix Version/s		10.11 [ 27614 ]

Julien Fritsch made changes - 2023-03-03 17:24

Fix Version/s

10.7 [ 24805 ]

Julien Fritsch made changes - 2023-04-27 14:51

Fix Version/s

10.8 [ 26121 ]

Oleksandr Byelkin made changes - 2023-07-07 12:37

Status

Open [ 1 ]

In Progress [ 3 ]

Oleksandr Byelkin made changes - 2023-07-07 13:06

Comment

[ Here is my test, what wrong with it (it passes)
{code}
static void test_mdev_30159()
{
  MYSQL_RES *result;
  int rc;

  myheader("test_mdev_30159");

  rc= mysql_query(mysql, "INSTALL SONAME \"ha_sequence\"");
  myquery(rc);

  rc= mysql_query(mysql, "create table t1 ("
                          " name varchar(100),"
                          " typ varchar(100)"
                          ")");
  myquery(rc);
  rc= mysql_query(mysql, "insert into t1 select seq,seq from seq_1_to_10");
  myquery(rc);
  rc= mysql_query(mysql, "insert into t1 select '', 'value' from seq_1_to_2");
  myquery(rc);
  rc= mysql_query(mysql, "create table t2 ("
                         " servername varchar(100)"
                         ")");
  myquery(rc);
  rc= mysql_query(mysql, "insert into t2 select seq from seq_1_to_10");
  myquery(rc);
  rc= mysql_query(mysql, "create view v1 as"
                         " select * from t2"
                         " where"
                         " `t2`.`servername` regexp ( select"
                         " group_concat(`t1`.`name` separator '|')"
                         " from `t1`"
                         " where `t1`.`typ`"
                         " like 'value')");
  myquery(rc);

  result= mysql_list_fields(mysql, "t1", NULL);
  mytest(result);

  rc= mysql_query(mysql, "drop view v1");
  myquery(rc);
  rc= mysql_query(mysql, "drop table t1, t2");
  myquery(rc);
}
{code} ]

Oleksandr Byelkin made changes - 2023-07-07 13:24

Affects Version/s

10.4 [ 22408 ]

Oleksandr Byelkin made changes - 2023-07-07 13:24

Fix Version/s

10.4 [ 22408 ]

Oleksandr Byelkin made changes - 2023-07-14 12:53

Assignee	Oleksandr Byelkin [ sanja ]	Alexander Barkov [ bar ]
Status	In Progress [ 3 ]	In Review [ 10002 ]

Alexander Barkov made changes - 2023-07-14 15:30

Status

In Review [ 10002 ]

Stalled [ 10000 ]

Alexander Barkov made changes - 2023-07-14 15:30

Assignee

Alexander Barkov [ bar ]

Oleksandr Byelkin [ sanja ]

Oleksandr Byelkin made changes - 2023-07-20 11:52

Component/s		OTHER [ 10125 ]
Component/s	Optimizer [ 10200 ]
Component/s	Views [ 10111 ]
Fix Version/s		10.4.31 [ 29010 ]
Fix Version/s		10.5.22 [ 29011 ]
Fix Version/s		10.6.15 [ 29013 ]
Fix Version/s		10.9.8 [ 29015 ]
Fix Version/s		10.10.6 [ 29017 ]
Fix Version/s		10.11.5 [ 29019 ]
Fix Version/s		11.0.3 [ 28920 ]
Fix Version/s		11.1.2 [ 28921 ]
Fix Version/s		11.2.1 [ 29034 ]
Fix Version/s	10.4 [ 22408 ]
Fix Version/s	10.5 [ 23123 ]
Fix Version/s	10.6 [ 24028 ]
Fix Version/s	10.9 [ 26905 ]
Fix Version/s	10.10 [ 27530 ]
Fix Version/s	10.11 [ 27614 ]
Resolution		Fixed [ 1 ]
Status	Stalled [ 10000 ]	Closed [ 6 ]

Jira Automation (IT) made changes - 2024-07-04 01:26

Zendesk Related Tickets

186641

MariaDB Server

Client can crash the server with a mysql_list_fields("view") call

Details

Description

Attachments

Attachments

Activity

People

Dates

Git Integration