[MDEV-31267] Server crash or assertion failure in get_n_sincos with nested ST_BUFFER - Jira

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.3, 10.4, 10.5, 10.6, 10.8, 10.9, 10.10, 10.11, 11.0
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0
Component/s: GIS
Labels:
None

Description

SELECT ST_BUFFER(ST_BUFFER(ST_POLYGONFROMTEXT('POLYGON((0 0, 5 5, 6 6, 0 0))'),1),2);

10.3 55a53949 non-debug
#2 <signal handler called>
#3 get_n_sincos (cosinus=<synthetic pointer>, sinus=<synthetic pointer>, n=1923104) at /data/src/10.3/sql/item_geofunc.cc:1673
#4 get_n_sincos (cosinus=<synthetic pointer>, sinus=<synthetic pointer>, n=1923136) at /data/src/10.3/sql/item_geofunc.cc:1662
#5 fill_gap (trn=trn@entry=0x7f05da2bd890, x=-0.70710678118654757, y=0.70710678118654757, ax=nan(0x8000000000000), ay=nan(0x8000000000000), bx=bx@entry=1.3793103448275863, by=by@entry=-1.4482758620689655, d=<optimized out>, empty_gap=empty_gap@entry=0x7f05da2bd88f) at /data/src/10.3/sql/item_geofunc.cc:1710
#6 0x00005650b0f92437 in Item_func_buffer::Transporter::add_edge_buffer (this=this@entry=0x7f05da2bda10, x3=x3@entry=inf, y3=y3@entry=inf, round_p1=<optimized out>, round_p2=round_p2@entry=false) at /data/src/10.3/sql/item_geofunc.cc:1794
#7 0x00005650b0f926bb in Item_func_buffer::Transporter::add_point (this=0x7f05da2bda10, x=inf, y=inf) at /data/src/10.3/sql/item_geofunc.cc:1929
#8 0x00005650b1047d49 in Gis_polygon::store_shapes (this=0x7f05da2bdab0, trn=0x7f05da2bda10) at /data/src/10.3/sql/spatial.cc:2032
#9 0x00005650b0f8ed13 in Item_func_buffer::val_str (this=0x7f05c80101d0, str_value=0x7f05da2bdb70) at /data/src/10.3/sql/item_geofunc.cc:2043
#10 0x00005650b0e60f8c in Type_handler::Item_send_str (this=<optimized out>, item=<optimized out>, protocol=0x7f05c80011b0, buf=<optimized out>) at /data/src/10.3/sql/sql_type.cc:5412
#11 0x00005650b0c4e1fb in Protocol::send_result_set_row (this=this@entry=0x7f05c80011b0, row_items=row_items@entry=0x7f05c8005250) at /data/src/10.3/sql/protocol.cc:1000
#12 0x00005650b0cc2063 in select_send::send_data (this=0x7f05c80105c0, items=...) at /data/src/10.3/sql/sql_class.cc:3049
#13 0x00005650b0d6e7d0 in JOIN::exec_inner (this=0x7f05c80105e8) at /data/src/10.3/sql/sql_select.cc:4065
#14 0x00005650b0d6ee13 in JOIN::exec (this=this@entry=0x7f05c80105e8) at /data/src/10.3/sql/sql_select.cc:3984
#15 0x00005650b0d6ef62 in mysql_select (thd=thd@entry=0x7f05c8000c58, tables=<optimized out>, wild_num=<optimized out>, fields=..., conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=<optimized out>, having=<optimized out>, proc_param=<optimized out>, select_options=<optimized out>, result=<optimized out>, unit=<optimized out>, select_lex=<optimized out>) at /data/src/10.3/sql/sql_select.cc:4393
#16 0x00005650b0d6f8b3 in handle_select (thd=thd@entry=0x7f05c8000c58, lex=lex@entry=0x7f05c8004890, result=result@entry=0x7f05c80105c0, setup_tables_done_option=setup_tables_done_option@entry=0) at /data/src/10.3/sql/sql_select.cc:372
#17 0x00005650b0cfe2c0 in execute_sqlcom_select (thd=thd@entry=0x7f05c8000c58, all_tables=0x0) at /data/src/10.3/sql/sql_parse.cc:6340
#18 0x00005650b0d0c3cf in mysql_execute_command (thd=thd@entry=0x7f05c8000c58) at /data/src/10.3/sql/sql_parse.cc:3871
#19 0x00005650b0d0ea41 in mysql_parse (thd=0x7f05c8000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /data/src/10.3/sql/sql_parse.cc:7855
#20 0x00005650b0d1094f in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7f05c8000c58, packet=packet@entry=0x7f05c80073c9 "", packet_length=packet_length@entry=84, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.3/sql/sql_parse.cc:1852
#21 0x00005650b0d12ee7 in do_command (thd=0x7f05c8000c58) at /data/src/10.3/sql/sql_parse.cc:1398
#22 0x00005650b0e011d6 in do_handle_one_connection (connect=connect@entry=0x5650b29f4d58) at /data/src/10.3/sql/sql_connect.cc:1404
#23 0x00005650b0e013ad in handle_one_connection (arg=arg@entry=0x5650b29f4d58) at /data/src/10.3/sql/sql_connect.cc:1309
#24 0x00005650b13e081b in pfs_spawn_thread (arg=0x5650b29e7fe8) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#25 0x00007f05e02a7fd4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#26 0x00007f05e03285bc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

10.3 55a53949 debug
mysqld: /data/src/10.3/sql/item_geofunc.cc:1664: void get_n_sincos(int, double, double): Assertion `n > 0 && n < SINUSES_CALCULATED*2+1' failed.

#9 0x00007fee1ae53df2 in __GI___assert_fail (assertion=0x5573092a9ee0 "n > 0 && n < SINUSES_CALCULATED2+1", file=0x5573092a84c0 "/data/src/10.3/sql/item_geofunc.cc", line=1664, function=0x5573092a9f40 "void get_n_sincos(int, double, double*)") at ./assert/assert.c:101
#10 0x0000557307b275a2 in get_n_sincos (n=65, sinus=0x7fee11f0b8e0, cosinus=0x7fee11f0b900) at /data/src/10.3/sql/item_geofunc.cc:1664
#11 0x0000557307b27bbf in fill_gap (trn=0x7fee11f0bae0, x=-0.70710678118654757, y=0.70710678118654757, ax=nan(0x8000000000000), ay=nan(0x8000000000000), bx=1.3793103448275863, by=-1.4482758620689655, d=2, empty_gap=0x7fee11f0b9d0) at /data/src/10.3/sql/item_geofunc.cc:1710
#12 0x0000557307b28cd2 in Item_func_buffer::Transporter::add_edge_buffer (this=0x7fee11f0be10, x3=inf, y3=inf, round_p1=false, round_p2=false) at /data/src/10.3/sql/item_geofunc.cc:1794
#13 0x0000557307b2a94e in Item_func_buffer::Transporter::add_point (this=0x7fee11f0be10, x=inf, y=inf) at /data/src/10.3/sql/item_geofunc.cc:1929
#14 0x0000557307da2a66 in Gis_polygon::store_shapes (this=0x7fee11f0bd50, trn=0x7fee11f0be10) at /data/src/10.3/sql/spatial.cc:2032
#15 0x0000557307b2bb18 in Item_func_buffer::val_str (this=0x62b000000da8, str_value=0x7fee11f0c0f0) at /data/src/10.3/sql/item_geofunc.cc:2043
#16 0x0000557307722d70 in Type_handler::Item_send_str (this=0x557309eae540 <type_handler_geometry>, item=0x62b000000da8, protocol=0x62a0000607e8, buf=0x7fee11f0c0c0) at /data/src/10.3/sql/sql_type.cc:5412
#17 0x000055730772c2ac in Type_handler_string_result::Item_send (this=0x557309eae540 <type_handler_geometry>, item=0x62b000000da8, protocol=0x62a0000607e8, buf=0x7fee11f0c0c0) at /data/src/10.3/sql/sql_type.h:2279
#18 0x0000557306f911be in Item::send (this=0x62b000000da8, protocol=0x62a0000607e8, buffer=0x7fee11f0c0c0) at /data/src/10.3/sql/item.h:886
#19 0x0000557306f83f3b in Protocol::send_result_set_row (this=0x62a0000607e8, row_items=0x62a0000649c0) at /data/src/10.3/sql/protocol.cc:1000
#20 0x0000557307118ed3 in select_send::send_data (this=0x62b0000011c0, items=...) at /data/src/10.3/sql/sql_class.cc:3049
#21 0x00005573072de9b8 in JOIN::exec_inner (this=0x62b0000011f0) at /data/src/10.3/sql/sql_select.cc:4065
#22 0x00005573072dd750 in JOIN::exec (this=0x62b0000011f0) at /data/src/10.3/sql/sql_select.cc:3984
#23 0x00005573072e10e2 in mysql_select (thd=0x62a000060208, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x62b0000011c0, unit=0x62a0000640c0, select_lex=0x62a000064880) at /data/src/10.3/sql/sql_select.cc:4393
#24 0x00005573072b705b in handle_select (thd=0x62a000060208, lex=0x62a000064000, result=0x62b0000011c0, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:372
#25 0x000055730722b6e6 in execute_sqlcom_select (thd=0x62a000060208, all_tables=0x0) at /data/src/10.3/sql/sql_parse.cc:6340
#26 0x00005573072194b7 in mysql_execute_command (thd=0x62a000060208) at /data/src/10.3/sql/sql_parse.cc:3871
#27 0x0000557307235180 in mysql_parse (thd=0x62a000060208, rawbuf=0x62b0000003a8 "SELECT ST_BUFFER(ST_BUFFER(ST_POLYGONFROMTEXT('POLYGON((0 0, 5 5, 6 6, 0 0))'),1),2)", length=84, parser_state=0x7fee11f0e9b0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7855
#28 0x000055730720bfaf in dispatch_command (command=COM_QUERY, thd=0x62a000060208, packet=0x6290000dc209 "", packet_length=84, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1852
#29 0x0000557307208b47 in do_command (thd=0x62a000060208) at /data/src/10.3/sql/sql_parse.cc:1398
#30 0x00005573075d0f5c in do_handle_one_connection (connect=0x6080000006a8) at /data/src/10.3/sql/sql_connect.cc:1404
#31 0x00005573075d0889 in handle_one_connection (arg=0x6080000006a8) at /data/src/10.3/sql/sql_connect.cc:1309
#32 0x0000557308bb7bd5 in pfs_spawn_thread (arg=0x615000003008) at /data/src/10.3/storage/perfschema/pfs.cc:1869
#33 0x00007fee1aea7fd4 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442
#34 0x00007fee1af285bc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

Reproducible on debug- and non-debug builds as described above, on all existing versions, including earlier minor releases.

Attachments

Issue Links

is duplicated by

MDEV-32303 Server crashes at Item_func_buffer::Transporter::add_edge_buffer

Closed

Server crash or assertion failure in get_n_sincos with nested ST_BUFFER

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration