Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-31433

SIGSEGV in charset_info_st::charpos | Charset::charpos

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Duplicate
    • 11.1
    • N/A
    • Character Sets
    • None

    Description

      SELECT WEIGHT_STRING ('aa') IN (LEFT(WEIGHT_STRING ('aaa'),4),'bbb') AS expect_1;

      Leads to:

      11.1.0 17127fd91b763ba7c3f8ecb30190689a06bd9485 (Optimized)

      		 
      Core was generated by `/test/MD060623-mariadb-11.1.0-linux-x86_64-opt/bin/mariadbd --no-defaults --cor'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x00005625fb38a61d in charset_info_st::charpos (pos=4, 
          e=0x14732001681e "B Server", b=0x147320016818 "", this=0x0)
      		 
          at /test/11.1_opt/include/m_ctype.h:819
      		 
      [Current thread is 1 (Thread 0x14735c0c3700 (LWP 1474361))]
      		 
      (gdb) bt
      		 
      #0  0x00005625fb38a61d in charset_info_st::charpos (pos=4, e=0x14732001681e "B Server", b=0x147320016818 "", this=0x0) at /test/11.1_opt/include/m_ctype.h:819
      		 
      #1  Charset::charpos (this=0x1473200126f0, pos=4, end=0x14732001681e "B Server", str=0x147320016818 "") at /test/11.1_opt/sql/sql_string.h:176
      		 
      #2  String::charpos (offset=0, i=4, this=0x1473200126f0) at /test/11.1_opt/sql/sql_string.h:1061
      		 
      #3  Item_func_left::val_str (this=0x147320011098, str=<optimized out>) at /test/11.1_opt/sql/item_strfunc.cc:1879
      		 
      #4  0x00005625fb31897b in in_string::set (this=<optimized out>, pos=<optimized out>, item=0x147320011098) at /test/11.1_opt/sql/item_cmpfunc.cc:3691
      		 
      #5  0x00005625fb326388 in Item_func_in::fix_in_vector (this=this@entry=0x147320011240) at /test/11.1_opt/sql/item_cmpfunc.cc:4505
      		 
      #6  0x00005625fb22968f in Item_func_in::fix_for_scalar_comparison_using_bisection (thd=0x147320000c58, this=0x147320011240) at /test/11.1_opt/sql/item_cmpfunc.h:2558
      		 
      #7  Type_handler_string_result::Item_func_in_fix_comparator_compatible_types (this=<optimized out>, func=0x147320011240, thd=0x147320000c58) at /test/11.1_opt/sql/sql_type.cc:5856
      		 
      #8  Type_handler_string_result::Item_func_in_fix_comparator_compatible_types (this=<optimized out>, thd=0x147320000c58, func=0x147320011240) at /test/11.1_opt/sql/sql_type.cc:5847
      		 
      #9  0x00005625fb32bf88 in Item_func_in::fix_length_and_dec (this=0x147320011240, thd=0x147320000c58) at /test/11.1_opt/sql/sql_type.h:7441
      		 
      #10 0x00005625fb34dcd4 in Item_func::fix_fields (ref=<optimized out>, thd=0x147320000c58, this=0x147320011240) at /test/11.1_opt/sql/item_func.cc:361
      		 
      #11 Item_func::fix_fields (this=0x147320011240, thd=0x147320000c58, ref=<optimized out>) at /test/11.1_opt/sql/item_func.cc:316
      		 
      #12 0x00005625fb01c9ff in Item::fix_fields_if_needed (ref=0x1473200113d0, thd=0x147320000c58, this=0x147320011240) at /test/11.1_opt/sql/item.h:1145
      		 
      #13 Item::fix_fields_if_needed (ref=0x1473200113d0, thd=0x147320000c58, this=0x147320011240) at /test/11.1_opt/sql/item.h:1145
      		 
      #14 Item::fix_fields_if_needed_for_scalar (ref=0x1473200113d0, thd=0x147320000c58, this=0x147320011240) at /test/11.1_opt/sql/item.h:1156
      		 
      #15 setup_fields (thd=0x147320000c58, ref_pointer_array=<optimized out>, fields=<optimized out>, column_usage=<optimized out>, sum_func_list=sum_func_list@entry=0x1473200120a0, pre_fix=0x147320010b58, allow_sum_func=true) at /test/11.1_opt/sql/sql_base.cc:8034
      		 
      #16 0x00005625fb0ef58a in JOIN::prepare (this=0x147320011cf8, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x147320010880, unit_arg=0x147320004ce8) at /test/11.1_opt/sql/sql_select.cc:1489
      		 
      #17 0x00005625fb10205a in mysql_select (thd=0x147320000c58, tables=0x0, fields=@0x147320010b40: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1473200113c8, last = 0x1473200113c8, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x147320011cd0, unit=0x147320004ce8, select_lex=0x147320010880) at /test/11.1_opt/sql/sql_select.cc:5132
      		 
      #18 0x00005625fb102307 in handle_select (thd=thd@entry=0x147320000c58, lex=lex@entry=0x147320004c08, result=result@entry=0x147320011cd0, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_opt/sql/sql_select.cc:611
      		 
      #19 0x00005625fb081b7e in execute_sqlcom_select (thd=0x147320000c58, all_tables=0x0) at /test/11.1_opt/sql/sql_parse.cc:6024
      		 
      #20 0x00005625fb08f412 in mysql_execute_command (thd=0x147320000c58, is_called_from_prepared_stmt=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:3944
      		 
      #21 0x00005625fb07ca55 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x147320000c58) at /test/11.1_opt/sql/sql_parse.cc:7760
      		 
      #22 mysql_parse (thd=0x147320000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/11.1_opt/sql/sql_parse.cc:7682
      		 
      #23 0x00005625fb088af2 in dispatch_command (command=COM_QUERY, thd=0x147320000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/11.1_opt/sql/sql_class.h:1370
      		 
      #24 0x00005625fb08a8fe in do_command (thd=0x147320000c58, blocking=blocking@entry=true) at /test/11.1_opt/sql/sql_parse.cc:1405
      		 
      #25 0x00005625fb1a7e2f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5625febf3f98, put_in_cache=put_in_cache@entry=true) at /test/11.1_opt/sql/sql_connect.cc:1416
      		 
      #26 0x00005625fb1a811d in handle_one_connection (arg=0x5625febf3f98) at /test/11.1_opt/sql/sql_connect.cc:1318
      		 
      #27 0x0000147388fab609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #28 0x0000147388b97133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      11.1.0 17127fd91b763ba7c3f8ecb30190689a06bd9485 (Debug)

      		 
      Core was generated by `/test/MD060623-mariadb-11.1.0-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x0000562c69e4e0ed in charset_info_st::charpos (pos=4, 
          e=0x15071001920e "\245\245\217\217\217\217\217\217\217\217! ", 
          b=0x150710019208 "", this=0x0) at /test/11.1_dbg/include/m_ctype.h:819
      		 
      [Current thread is 1 (Thread 0x150744ced700 (LWP 742599))]
      		 
      (gdb) bt
      		 
      #0  0x0000562c69e4e0ed in charset_info_st::charpos (pos=4, e=0x15071001920e "\245\245\217\217\217\217\217\217\217\217! ", b=0x150710019208 "", this=0x0) at /test/11.1_dbg/include/m_ctype.h:819
      		 
      #1  Charset::charpos (pos=4, end=0x15071001920e "\245\245\217\217\217\217\217\217\217\217! ", str=0x150710019208 "", this=0x150710015270) at /test/11.1_dbg/sql/sql_string.h:176
      		 
      #2  String::charpos (offset=0, i=4, this=0x150710015270) at /test/11.1_dbg/sql/sql_string.h:1061
      		 
      #3  Item_func_left::val_str (this=0x150710013c08, str=<optimized out>) at /test/11.1_dbg/sql/item_strfunc.cc:1879
      		 
      #4  0x0000562c69dbcf09 in in_string::set (this=<optimized out>, pos=<optimized out>, item=0x150710013c08) at /test/11.1_dbg/sql/item_cmpfunc.cc:3691
      		 
      #5  0x0000562c69dcbdd4 in Item_func_in::fix_in_vector (this=this@entry=0x150710013db0) at /test/11.1_dbg/sql/item_cmpfunc.cc:4505
      		 
      #6  0x0000562c69c83dba in Item_func_in::fix_for_scalar_comparison_using_bisection (thd=0x150710000d48, this=0x150710013db0) at /test/11.1_dbg/sql/item_cmpfunc.h:2558
      		 
      #7  Type_handler_string_result::Item_func_in_fix_comparator_compatible_types (this=<optimized out>, thd=0x150710000d48, func=0x150710013db0) at /test/11.1_dbg/sql/sql_type.cc:5856
      		 
      #8  0x0000562c69dd2490 in Item_func_in::fix_length_and_dec (this=0x150710013db0, thd=0x150710000d48) at /test/11.1_dbg/sql/sql_type.h:7441
      		 
      #9  0x0000562c69dfc00d in Item_func::fix_fields (this=0x150710013db0, thd=0x150710000d48, ref=<optimized out>) at /test/11.1_dbg/sql/item_func.cc:361
      		 
      #10 0x0000562c69dcb269 in Item_func_in::fix_fields (this=<optimized out>, thd=<optimized out>, ref=<optimized out>) at /test/11.1_dbg/sql/item_cmpfunc.cc:4338
      		 
      #11 0x0000562c69a0069c in Item::fix_fields_if_needed (ref=0x150710013f40, thd=0x150710000d48, this=0x150710013db0) at /test/11.1_dbg/sql/item.h:1156
      		 
      #12 Item::fix_fields_if_needed_for_scalar (ref=0x150710013f40, thd=0x150710000d48, this=0x150710013db0) at /test/11.1_dbg/sql/item.h:1156
      		 
      #13 setup_fields (thd=0x150710000d48, ref_pointer_array=<optimized out>, fields=<optimized out>, column_usage=<optimized out>, sum_func_list=sum_func_list@entry=0x150710014c18, pre_fix=0x1507100136c8, allow_sum_func=true) at /test/11.1_dbg/sql/sql_base.cc:8034
      		 
      #14 0x0000562c69af7056 in JOIN::prepare (this=this@entry=0x150710014868, tables_init=tables_init@entry=0x0, conds_init=conds_init@entry=0x0, og_num=og_num@entry=0, order_init=order_init@entry=0x0, skip_order_by=skip_order_by@entry=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x1507100133f0, unit_arg=0x150710004f98) at /test/11.1_dbg/sql/sql_select.cc:1489
      		 
      #15 0x0000562c69b0e506 in mysql_select (thd=thd@entry=0x150710000d48, tables=0x0, fields=@0x1507100136b0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x150710013f38, last = 0x150710013f38, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525824, result=0x150710014840, unit=0x150710004f98, select_lex=0x1507100133f0) at /test/11.1_dbg/sql/sql_select.cc:5132
      		 
      #16 0x0000562c69b0e707 in handle_select (thd=thd@entry=0x150710000d48, lex=lex@entry=0x150710004eb8, result=result@entry=0x150710014840, setup_tables_done_option=setup_tables_done_option@entry=0) at /test/11.1_dbg/sql/sql_select.cc:611
      		 
      #17 0x0000562c69a75d4d in execute_sqlcom_select (thd=thd@entry=0x150710000d48, all_tables=0x0) at /test/11.1_dbg/sql/sql_parse.cc:6024
      		 
      #18 0x0000562c69a81f86 in mysql_execute_command (thd=thd@entry=0x150710000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.1_dbg/sql/sql_parse.cc:3944
      		 
      #19 0x0000562c69a70204 in mysql_parse (thd=thd@entry=0x150710000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x150744cec2f0) at /test/11.1_dbg/sql/sql_parse.cc:7760
      		 
      #20 0x0000562c69a7d7a0 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x150710000d48, packet=packet@entry=0x15071000ae39 "SELECT WEIGHT_STRING ('aa') IN (LEFT(WEIGHT_STRING ('aaa'),4),'bbb') AS expect_1", packet_length=packet_length@entry=80, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_class.h:1370
      		 
      #21 0x0000562c69a7fbdc in do_command (thd=0x150710000d48, blocking=blocking@entry=true) at /test/11.1_dbg/sql/sql_parse.cc:1405
      		 
      #22 0x0000562c69be2b07 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562c6c7d8038, put_in_cache=put_in_cache@entry=true) at /test/11.1_dbg/sql/sql_connect.cc:1416
      		 
      #23 0x0000562c69be2fd6 in handle_one_connection (arg=0x562c6c7d8038) at /test/11.1_dbg/sql/sql_connect.cc:1318
      		 
      #24 0x000015075db92609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #25 0x000015075d77e133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Bug confirmed present in:
      MariaDB: 11.1.0 (dbg), 11.1.0 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.4.30 (dbg), 10.4.30 (opt), 10.5.21 (dbg), 10.5.21 (opt), 10.6.14 (dbg), 10.6.14 (opt), 10.9.7 (opt), 10.9.7 (dbg), 10.10.5 (dbg), 10.10.5 (opt), 10.11.4 (dbg), 10.11.4 (opt), 11.0.2 (dbg), 11.0.2 (opt)

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-30351 crash in Item_func_left::val_str

          • Major - Major loss of function.
          • Closed

          Activity

            People

              bar Alexander Barkov
              ramesh Ramesh Sivaraman
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.