Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-30230

Crash bug on evaluate_join_record

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 10.11.2
    • N/A
    • Server
    • None

    Description

      POC:
      ```
      CREATE TABLE v0 ( v1 INTEGER , v2 NUMERIC , v3 INTEGER ) ;
      INSERT INTO v0 VALUES ( 25 , 17 , -32768 ) ;
      INSERT INTO v0 VALUES ( NOT ( 'x' = 'x' AND v3 = 0 ) , 94 , 0 ) ;
      SELECT v2 , ( - v2 ) FROM v0 GROUP BY v3 / 0 WINDOW v4 AS ( PARTITION BY ( SELECT v1 AS v5 FROM v0 AS v7 GROUP BY v1 HAVING v1 WINDOW v6 AS ( PARTITION BY v2 ORDER BY ( 255 ) DESC ) ) ) ;
      ```

      Version:
      ```
      Server version: 10.11.2-MariaDB key_buffer_size=134217728 read_buffer_size=131072 max_used_connections=1 max_threads=153 thread_count=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468019 K bytes of memory Hope that's ok; if not, decrease some variables in the equation.
      ```

      BT:
      ```
      stack_bottom = 0x7fdbe80c0c00 thread_stack 0x49000 [46/1814]addr2line: DWARF error: invalid or unhandled FORM value: 0x23
      ??:0(my_print_stacktrace)[0x559d1a2e71eb]
      ??:0(handle_fatal_signal)[0x559d19a94958]
      ??:0(__sigaction)[0x7fdbfe0ac520]
      addr2line: DWARF error: invalid or unhandled FORM value: 0x23
      :0(hp_rec_hashnr)[0x559d19f00cd9]
      :0(hp_write_key)[0x559d19f05901]
      :0(heap_write)[0x559d19f04ec3]
      :0(ha_heap::write_row(unsigned char const*))[0x559d19efcedd]
      ??:0(handler::ha_write_tmp_row(unsigned char*))[0x559d1973657f]
      sql_select.cc:0(end_write(JOIN*, st_join_table*, bool))[0x559d1974c401]
      sql_select.cc:0(evaluate_join_record(JOIN*, st_join_table*, int))[0x559d1974e238]
      ??:0(sub_select(JOIN*, st_join_table*, bool))[0x559d196f01c0]
      sql_select.cc:0(do_select(JOIN*, Procedure*))[0x559d197216c0]
      ??:0(JOIN::exec_inner())[0x559d197207f5]
      ??:0(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x559d196f0fe1]
      ??:0(handle_select(THD*, LEX*, select_result*, unsigned long long))[0x559d196f0a86]
      sql_parse.cc:0(execute_sqlcom_select(THD*, TABLE_LIST*))[0x559d19694800]
      ??:0(mysql_execute_command(THD*, bool))[0x559d1968b539]
      ??:0(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x559d1967fc82]
      ??:0(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x559d1967d1fb]
      ??:0(do_command(THD*, bool))[0x559d196803b1]
      ??:0(do_handle_one_connection(CONNECT*, bool))[0x559d1988a425]
      ??:0(handle_one_connection)[0x559d1988a057]
      :0(pfs_spawn_thread)[0x559d19e16d9f]
      ```

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28515 Assertion `field->table == table' failed in Create_tmp_table::finalize and create_tmp_table and SIGSEGV in hp_rec_hashnr

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              Unassigned Unassigned
              Ne0 Yongheng Chen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.