Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-30248

Infinite sequence of recursive calls when processing embedded CTE

Details

    Description

      New regression caused by MDEV-29361

      CREATE TABLE x (c INT);
      		 
      WITH x AS (((SELECT (WITH x AS (WITH x AS (SELECT 1 FROM x) SELECT 1) SELECT 1)))) SELECT 1;

      Leads to:

      10.11.2 c194db34d93d8d94bd52b17349063fa401e3f942 (Debug)

      		 
      Core was generated by `/test/MD171222-mariadb-10.11.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000055ec81a53b5e in st_select_lex_unit::set_unique_exclude (
      		 
          this=0x149aa4015390) at /test/10.11_dbg/sql/sql_union.cc:2849
      		 
      2849	{
      		 
      [Current thread is 1 (Thread 0x149abfbfd700 (LWP 2438758))]
      		 
      (gdb) bt
      		 
      #0  0x000055ec81a53b5e in st_select_lex_unit::set_unique_exclude (this=0x149aa4015390) at /test/10.11_dbg/sql/sql_union.cc:2849
      		 
      #1  0x000055ec81a53b93 in st_select_lex_unit::set_unique_exclude (this=<optimized out>) at /test/10.11_dbg/sql/sql_union.cc:2857
      		 
      #2  0x000055ec81a53b93 in st_select_lex_unit::set_unique_exclude (this=<optimized out>) at /test/10.11_dbg/sql/sql_union.cc:2857
      		 
      ...
      		 
      ...
      		 
      #992 0x000055ec81a53b93 in st_select_lex_unit::set_unique_exclude (this=<optimized out>) at /test/10.11_dbg/sql/sql_union.cc:2857
      		 
      #993 0x000055ec81a53b93 in st_select_lex_unit::set_unique_exclude (this=<optimized out>) at /test/10.11_dbg/sql/sql_union.cc:2857

      Bug confirmed present in:
      MariaDB: 10.3.38 (dbg), 10.3.38 (opt), 10.4.28 (dbg), 10.4.28 (opt), 10.5.19 (dbg), 10.5.19 (opt), 10.6.12 (dbg), 10.6.12 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.7 (dbg), 10.8.7 (opt), 10.9.5 (dbg), 10.9.5 (opt), 10.10.3 (dbg), 10.10.3 (opt), 10.11.2 (dbg), 10.11.2 (opt)

      Attachments

        Issue Links

          is caused by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-29361 Infinite recursive calls when detecting CTE dependencies

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            View 7 older comments
            igor Igor Babaev (Inactive) added a comment -

            The patch above in one of the comments that uses the method With_clause::find_with_element_by_spec() is incorrect because there is no 1 to 1 relation between WITH elements and units created for the references to these elements.

            igor Igor Babaev (Inactive) added a comment - The patch above in one of the comments that uses the method With_clause::find_with_element_by_spec() is incorrect because there is no 1 to 1 relation between WITH elements and units created for the references to these elements.
            igor Igor Babaev (Inactive) added a comment -

            All not simplified test cases were checked with the fix.

            igor Igor Babaev (Inactive) added a comment - All not simplified test cases were checked with the fix.
            igor Igor Babaev (Inactive) added a comment -

            A fix for this bug was pushed into 10.3. It should be merged upstream as it is.

            igor Igor Babaev (Inactive) added a comment - A fix for this bug was pushed into 10.3. It should be merged upstream as it is.
            Roel Roel Van de Paar added a comment -

            Impressive work igor, thank you.

            Roel Roel Van de Paar added a comment - Impressive work igor , thank you.
            Roel Roel Van de Paar added a comment -

            An additional testcase was observed to generate a slightly different stack. The issue looks to be fixed with the patch from this bug. Adding it for completeness. It looks very similar to a testcase by Igor provided earlier.

            WITH x AS (((SELECT (WITH x AS (WITH x AS (SELECT 1 FROM x) SELECT 1) SELECT 1)))) SELECT 1;


            SIGSEGV|st_select_lex::first_inner_unit|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude
            		 
            SIGSEGV|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude

            Roel Roel Van de Paar added a comment - An additional testcase was observed to generate a slightly different stack. The issue looks to be fixed with the patch from this bug. Adding it for completeness. It looks very similar to a testcase by Igor provided earlier. WITH x AS ((( SELECT ( WITH x AS ( WITH x AS ( SELECT 1 FROM x) SELECT 1) SELECT 1)))) SELECT 1; SIGSEGV|st_select_lex::first_inner_unit|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude SIGSEGV|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude|st_select_lex_unit::set_unique_exclude

            People

              igor Igor Babaev (Inactive)
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.