Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-31567

SIGSEGV in reinit_stmt_before_use | Prepared_statement::execute

    XMLWordPrintable

Details

    Description

      The given test case crashes the lower versions (10.[4-9]) with a different stack, similar to MDEV-28833

      CREATE TEMPORARY TABLE t (a INT);
      		 
      SET max_statement_time=0.001;
      		 
      PREPARE s FROM 'SELECT a FROM t WHERE a in (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (SELECT a FROM t WHERE a IN (1))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))';
      		 
      EXECUTE s;
      		 
      EXECUTE s;
      		 
      SELECT @@wait_timeout;
      		 
      EXECUTE s;

      Leads to:

      11.0.2 5ba3bafb834dbc56e6105809ded9a7ccef70ee54 (Debug)

      		 
      Core was generated by `/test/MD060623-mariadb-11.0.2-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x00005560058b1cbf in reinit_stmt_before_use (thd=0x14d0c8000d48, 
          lex=0x14d0c8022a58) at /test/11.0_dbg/sql/sql_prepare.cc:3166
      		 
      [Current thread is 1 (Thread 0x14d11c0c6700 (LWP 3082747))]
      		 
      (gdb) bt
      		 
      #0  0x00005560058b1cbf in reinit_stmt_before_use (thd=0x14d0c8000d48, lex=0x14d0c8022a58) at /test/11.0_dbg/sql/sql_prepare.cc:3166
      		 
      #1  0x00005560058b5e39 in Prepared_statement::execute (this=this@entry=0x14d0c8022648, expanded_query=expanded_query@entry=0x14d11c0c4cf0, open_cursor=open_cursor@entry=false) at /test/11.0_dbg/sql/sql_prepare.cc:5185
      		 
      #2  0x00005560058b62dd in Prepared_statement::execute_loop (this=this@entry=0x14d0c8022648, expanded_query=expanded_query@entry=0x14d11c0c4cf0, open_cursor=open_cursor@entry=false, packet=packet@entry=0x0, packet_end=packet_end@entry=0x0) at /test/11.0_dbg/sql/sql_prepare.cc:4646
      		 
      #3  0x00005560058b6926 in mysql_sql_stmt_execute (thd=thd@entry=0x14d0c8000d48) at /test/11.0_dbg/sql/sql_prepare.cc:3690
      		 
      #4  0x000055600588cb84 in mysql_execute_command (thd=thd@entry=0x14d0c8000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/11.0_dbg/sql/sql_parse.cc:3965
      		 
      #5  0x000055600587aab7 in mysql_parse (thd=thd@entry=0x14d0c8000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14d11c0c5300) at /test/11.0_dbg/sql/sql_parse.cc:8014
      		 
      #6  0x0000556005888387 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14d0c8000d48, packet=packet@entry=0x14d0c800ae39 "EXECUTE s", packet_length=packet_length@entry=9, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_class.h:1370
      		 
      #7  0x000055600588a7df in do_command (thd=0x14d0c8000d48, blocking=blocking@entry=true) at /test/11.0_dbg/sql/sql_parse.cc:1407
      		 
      #8  0x00005560059f1435 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x556007e8c688, put_in_cache=put_in_cache@entry=true) at /test/11.0_dbg/sql/sql_connect.cc:1416
      		 
      #9  0x00005560059f1904 in handle_one_connection (arg=0x556007e8c688) at /test/11.0_dbg/sql/sql_connect.cc:1318
      		 
      #10 0x000014d134b64609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #11 0x000014d134750133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Bug confirmed present in:
      MariaDB: 10.10.5 (dbg), 10.10.5 (opt), 10.11.4 (dbg), 10.11.4 (opt), 11.0.2 (dbg), 11.0.2 (opt), 11.1.0 (dbg), 11.1.0 (opt)

      Attachments

        Activity

          People

            shulga Dmitry Shulga
            ramesh Ramesh Sivaraman
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.