[MDEV-31116] SIGSEGV in test_if_skip_sort_order|JOIN::optimize_stage2 - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 11.0, 11.1
Fix Version/s: 11.0.5, 11.1.4, 11.2.3
Component/s: Optimizer
Labels:
- regression-11.0

Description

SET sql_select_limit=1;

CREATE TABLE t (a BINARY (2),b BINARY (1),KEY(a));

INSERT INTO t (a) VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''),('');

SELECT * FROM t WHERE a IN (SELECT a FROM t WHERE a >'') ORDER BY a;

Leads to:

11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Optimized)
Core was generated by `/test/MD040423-mariadb-11.1.0-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 test_if_skip_sort_order (tab=tab@entry=0x14627c04e790,
order=<optimized out>, select_limit=<optimized out>,
no_changes=no_changes@entry=false, map=<optimized out>)
at /test/11.1_opt/sql/sql_select.cc:26061
[Current thread is 1 (Thread 0x1462cdb7a700 (LWP 2680953))]
(gdb) bt
#0 test_if_skip_sort_order (tab=tab@entry=0x14627c04e790, order=<optimized out>, select_limit=<optimized out>, no_changes=no_changes@entry=false, map=<optimized out>) at /test/11.1_opt/sql/sql_select.cc:26061
#1 0x000055fd884899c8 in JOIN::optimize_stage2 (this=<optimized out>) at /test/11.1_opt/sql/sql_select.cc:3311
#2 0x000055fd8848cc02 in JOIN::optimize_inner (this=0x14627c013dc8) at /test/11.1_opt/sql/sql_select.cc:2600
#3 0x000055fd8848eee0 in JOIN::optimize (this=this@entry=0x14627c013dc8) at /test/11.1_opt/sql/sql_select.cc:1902
#4 0x000055fd8848efd1 in mysql_select (thd=0x14627c000c58, tables=0x14627c010e78, fields=<optimized out>, conds=0x14627c013050, og_num=1, order=0x14627c013c48, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x14627c013da0, unit=0x14627c004ce0, select_lex=0x14627c010858) at /test/11.1_opt/sql/sql_select.cc:5141
#5 0x000055fd8848f777 in handle_select (thd=thd@entry=0x14627c000c58, lex=lex@entry=0x14627c004c08, result=result@entry=0x14627c013da0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_opt/sql/sql_select.cc:611
#6 0x000055fd8840f04e in execute_sqlcom_select (thd=0x14627c000c58, all_tables=0x14627c010e78) at /test/11.1_opt/sql/sql_parse.cc:6024
#7 0x000055fd8841c8e2 in mysql_execute_command (thd=0x14627c000c58, is_called_from_prepared_stmt=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:3944
#8 0x000055fd88409f25 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x14627c000c58) at /test/11.1_opt/sql/sql_parse.cc:7760
#9 mysql_parse (thd=0x14627c000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:7682
#10 0x000055fd88415fc2 in dispatch_command (command=COM_QUERY, thd=0x14627c000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.1_opt/sql/sql_class.h:1370
#11 0x000055fd88417dce in do_command (thd=0x14627c000c58, blocking=blocking@entry=true) at /test/11.1_opt/sql/sql_parse.cc:1405
#12 0x000055fd885351ef in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55fd8bf4c968, put_in_cache=put_in_cache@entry=true) at /test/11.1_opt/sql/sql_connect.cc:1416
#13 0x000055fd885354dd in handle_one_connection (arg=0x55fd8bf4c968) at /test/11.1_opt/sql/sql_connect.cc:1318
#14 0x00001462eb629609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#15 0x00001462eb215133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

11.1.0 2b61ff8f2221745f0a96855a0feb0825c426f993 (Debug)
Core was generated by `/test/MD040423-mariadb-11.1.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055e0cfa4824b in test_if_skip_sort_order (
tab=tab@entry=0x1523c80713f8, order=0x1523c8016648,
select_limit=<optimized out>, no_changes=no_changes@entry=false,
map=<optimized out>) at /test/11.1_dbg/sql/sql_select.cc:26061
[Current thread is 1 (Thread 0x1523f4611700 (LWP 2681179))]
(gdb) bt
#0 0x000055e0cfa4824b in test_if_skip_sort_order (tab=tab@entry=0x1523c80713f8, order=0x1523c8016648, select_limit=<optimized out>, no_changes=no_changes@entry=false, map=<optimized out>) at /test/11.1_dbg/sql/sql_select.cc:26061
#1 0x000055e0cfa63908 in JOIN::optimize_stage2 (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:3311
#2 0x000055e0cfa6596d in JOIN::optimize_inner (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:2600
#3 0x000055e0cfa65d53 in JOIN::optimize (this=this@entry=0x1523c80167c8) at /test/11.1_dbg/sql/sql_select.cc:1902
#4 0x000055e0cfa65e5c in mysql_select (thd=thd@entry=0x1523c8000d48, tables=<optimized out>, fields=@0x1523c8013518: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1523c8013830, last = 0x1523c80170f0, elements = 2}, <No data fields>}, conds=0x1523c8015a50, og_num=1, order=0x1523c8016648, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x1523c80167a0, unit=0x1523c8004f90, select_lex=0x1523c8013258) at /test/11.1_dbg/sql/sql_select.cc:5141
#5 0x000055e0cfa66641 in handle_select (thd=thd@entry=0x1523c8000d48, lex=lex@entry=0x1523c8004eb8, result=result@entry=0x1523c80167a0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_dbg/sql/sql_select.cc:611
#6 0x000055e0cf9cdcc5 in execute_sqlcom_select (thd=thd@entry=0x1523c8000d48, all_tables=0x1523c8013878) at /test/11.1_dbg/sql/sql_parse.cc:6024
#7 0x000055e0cf9d9efe in mysql_execute_command (thd=thd@entry=0x1523c8000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.1_dbg/sql/sql_parse.cc:3944
#8 0x000055e0cf9c817c in mysql_parse (thd=thd@entry=0x1523c8000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x1523f46102f0) at /test/11.1_dbg/sql/sql_parse.cc:7760
#9 0x000055e0cf9d5718 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1523c8000d48, packet=packet@entry=0x1523c800ae39 "SELECT * FROM t WHERE a IN (SELECT a FROM t WHERE a >'') ORDER BY a", packet_length=packet_length@entry=67, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_class.h:1370
#10 0x000055e0cf9d7b54 in do_command (thd=0x1523c8000d48, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_parse.cc:1405
#11 0x000055e0cfb3a9c1 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55e0d3371e28, put_in_cache=put_in_cache@entry=true) at /test/11.1_dbg/sql/sql_connect.cc:1416
#12 0x000055e0cfb3ae90 in handle_one_connection (arg=0x55e0d3371e28) at /test/11.1_dbg/sql/sql_connect.cc:1318
#13 0x000015240d0af609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#14 0x000015240cc9b133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 11.0.2 (dbg), 11.0.2 (opt), 11.1.0 (dbg), 11.1.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.4.29 (dbg), 10.4.29 (opt), 10.5.20 (dbg), 10.5.20 (opt), 10.6.13 (dbg), 10.6.13 (opt), 10.8.8 (dbg), 10.8.8 (opt), 10.9.6 (dbg), 10.9.6 (opt), 10.10.4 (dbg), 10.10.4 (opt), 10.11.3 (dbg), 10.11.3 (opt)

Attachments

Activity

People

Assignee:: Dave Gosselin

Reporter:: Ramesh Sivaraman

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2023-04-24 05:03

Updated:: 2023-11-16 08:20

Resolved:: 2023-11-09 10:49

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.