[MDEV-30358] 【BUG】【core dump】group by + having subquery = core dump - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: None
Fix Version/s: N/A
Component/s: Optimizer
Labels:
None
Environment:
ubuntu 16.04.4 LTS
MariaDB 10.4.6

Description

【重现步骤】
1、创建表 t1，插入记录
create table t1(pk int, col_int int)engine=innodb;
insert into t1 values(6,6),(8,8),(5,5);
SELECT pk AS field1 FROM t1 WHERE pk = 6 GROUP BY field1 HAVING (field1 = 8 OR field1 = ( SELECT pk FROM t1 WHERE col_int = 5 limit 1));

2、执行以下查询
语句一
SELECT pk AS field1 FROM t1 WHERE pk = 6 GROUP BY field1 HAVING (field1 = 8 OR field1 = ( SELECT pk FROM t1 WHERE col_int = 5 limit 1));

语句二
SELECT pk AS field1 FROM t1 GROUP BY field1 HAVING (field1 = 8 OR field1 = ( SELECT pk FROM t1 WHERE col_int = 5 limit 1));

【预期结果】
正确返回结果

【实际结果】
MariaDB server core dump

【备注】
语句一导致 MariaDB server core dump 后，堆栈如下：
linux/raise.c:54(__GI_raise)[0x7f4ed369203a]
stdlib/abort.c:91(__GI_abort)[0x7f4ed3688be7]
assert/assert.c:92(__assert_fail_base)[0x7f4ed3688c92]
/opt/mariadb_debug/bin/mysqld(_ZN12Item_func_eq7val_intEv+0x93)[0x5599072eec27]
/opt/mariadb_debug/bin/mysqld(_ZNK23Type_handler_int_result13Item_val_boolEP4Item+0x3b)[0x55990701c9fd]
sql/item_cmpfunc.cc:1754(Item_func_eq::val_int())[0x559906a15c0c]
sql/sql_type.cc:4418(Type_handler_int_result::Item_val_bool(Item*) const)[0x559907304162]
/opt/mariadb_debug/bin/mysqld(_Z14end_send_groupP4JOINP13st_join_tableb+0x6e7)[0x559906d2ebd0]
/opt/mariadb_debug/bin/mysqld(_Z10sub_selectP4JOINP13st_join_tableb+0x103)[0x559906d281da]
sql/item.h:1461(Item::val_bool())[0x559906d2704c]
sql/item_cmpfunc.cc:5300(Item_cond_or::val_int())[0x559906cdc98b]
sql/sql_select.cc:21616(end_send_group(JOIN*, st_join_table*, bool))[0x559906cdaeae]
sql/sql_select.cc:20238(sub_select(JOIN*, st_join_table*, bool))[0x559906cddbad]
sql/sql_select.cc:19829(do_select(JOIN*, Procedure*))[0x559906cbfbd7]
sql/sql_select.cc:4636(JOIN::exec_inner())[0x559906c54c61]
sql/sql_select.cc:4418(JOIN::exec())[0x559906c3ee12]
sql/sql_select.cc:4850(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x559906c5c040]
sql/sql_select.cc:425(handle_select(THD*, LEX*, select_result*, unsigned long))[0x559906c3230b]
sql/sql_parse.cc:6613(execute_sqlcom_select(THD*, TABLE_LIST*))[0x559906c2e6f2]
sql/sql_parse.cc:4148(mysql_execute_command(THD*))[0x559906eff70b]
sql/sql_parse.cc:8165(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x559906eff0b6]

语句二导致 MariaDB server core dump 后，堆栈如下：
linux/raise.c:54(__GI_raise)[0x7fc53df8f03a]
stdlib/abort.c:91(__GI_abort)[0x7fc53df85be7]
assert/assert.c:92(__assert_fail_base)[0x7fc53df85c92]
/opt/mariadb_debug/bin/mysqld(_ZN9Item_func10fix_fieldsEP3THDPP4Item+0x156)[0x55613404f71a]
/opt/mariadb_debug/bin/mysqld(ZN4Item20fix_fields_if_neededEP3THDPPS+0x79)[0x55613371c6af]
sql/item_func.cc:329(Item_func::fix_fields(THD*, Item**))[0x55613371c717]
/opt/mariadb_debug/bin/mysqld(ZN4Item29fix_fields_if_needed_for_boolEP3THDPPS+0x3d)[0x55613381900f]
sql/item.h:957(Item::fix_fields_if_needed(THD*, Item**))[0x556133ff167c]
sql/item.h:961(Item::fix_fields_if_needed_for_scalar(THD*, Item**))[0x556133a224fb]
sql/item.h:965(Item::fix_fields_if_needed_for_bool(THD*, Item**))[0x556133a21be7]
sql/item_cmpfunc.cc:4830(Item_cond::fix_fields(THD*, Item**))[0x5561339c255d]
sql/sql_select.cc:22235(make_cond_for_table_from_pred(THD*, Item*, Item*, unsigned long long, unsigned long long, int, bool, bool, bool))[0x5561339c63fe]
sql/sql_select.cc:22130(make_cond_for_table(THD*, Item*, unsigned long long, unsigned long long, int, bool, bool))[0x5561339c1e0b]
sql/sql_select.cc:3118(JOIN::add_having_as_table_cond(st_join_table*))[0x5561339bcb8f]
sql/sql_select.cc:3665(JOIN::make_aggr_tables_info())[0x5561339b8726]
sql/sql_select.cc:3041(JOIN::optimize_stage2())[0x5561339cda86]
sql/sql_select.cc:2225(JOIN::optimize_inner())[0x5561339afbd7]
sql/sql_select.cc:1563(JOIN::optimize())[0x556133944c61]
sql/sql_select.cc:4836(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55613392ee12]
sql/sql_select.cc:425(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55613394c040]
sql/sql_parse.cc:6613(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55613392230b]
sql/sql_parse.cc:4148(mysql_execute_command(THD*))[0x55613391e6f2]
sql/sql_parse.cc:8165(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x556133bef70b]

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: niezhibiao

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2023-01-07 02:20

Updated:: 2023-01-07 02:34

Resolved:: 2023-01-07 02:34

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.