Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-31647

Stack looping and SIGSEGV in Item_args::walk_args on UPDATE

    XMLWordPrintable

Details

    Description

      --source include/have_innodb.inc
      		 
      CREATE TABLE c (c INT, c2 INT) ENGINE=InnoDB;
      		 
      UPDATE c SET c=0 WHERE c=(SELECT 1 FROM (SELECT * FROM (SELECT 1) AS v1 JOIN c HAVING c=1) AS v2 NATURAL JOIN c) ORDER BY LAST_VALUE (c2) OVER (ORDER BY c2);

      Leads to:

      11.1.2 3883eb63dc5e663558571c33d086c9fd3aa0cf8f (Debug)

      		 
      Core was generated by `/test/MD220623-mariadb-11.1.2-linux-x86_64-dbg/bin/mariadbd --no-defaults --cor'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x0000559a05d4c44b in Item_args::walk_args (arg=0x1505280a7a40, 
          walk_subquery=true, processor=<optimized out>, this=0x150528025b70)
      		 
          at /test/11.1_dbg/sql/item.h:2794
      		 
       
      		 
      warning: Source file is more recent than executable.
      		 
      2794	      if (args[i]->walk(processor, walk_subquery, arg))
      		 
      [Current thread is 1 (Thread 0x15059c0c5640 (LWP 2549356))]
      		 
      (gdb) bt
      		 
      #0  0x0000559a05d4c44b in Item_args::walk_args (arg=0x1505280a7a40, walk_subquery=true, processor=<optimized out>, this=0x150528025b70) at /test/11.1_dbg/sql/item.h:2794
      		 
      #1  Item_func_or_sum::walk (this=0x150528025af8, processor=<optimized out>, walk_subquery=true, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5493
      		 
      #2  0x0000559a05dc6680 in Item_ref::walk (this=0x150528032a90, processor=&virtual Item::register_field_in_read_map(void*), walk_subquery=<optimized out>, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5699
      		 
      #3  0x0000559a05d4c451 in Item_args::walk_args (arg=0x1505280a7a40, walk_subquery=true, processor=<optimized out>, this=0x150528025828) at /test/11.1_dbg/sql/item.h:2794
      		 
      #4  Item_func_or_sum::walk (this=0x1505280257b0, processor=<optimized out>, walk_subquery=true, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5493
      		 
      #5  0x0000559a05d4c451 in Item_args::walk_args (arg=0x1505280a7a40, walk_subquery=true, processor=<optimized out>, this=0x150528025b70) at /test/11.1_dbg/sql/item.h:2794
      		 
      #6  Item_func_or_sum::walk (this=0x150528025af8, processor=<optimized out>, walk_subquery=true, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5493
      		 
      #7  0x0000559a05dc6680 in Item_ref::walk (this=0x150528032a90, processor=&virtual Item::register_field_in_read_map(void*), walk_subquery=<optimized out>, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5699
      		 
      #8  0x0000559a05d4c451 in Item_args::walk_args (arg=0x1505280a7a40, walk_subquery=true, processor=<optimized out>, this=0x150528025828) at /test/11.1_dbg/sql/item.h:2794
      		 
      #9  Item_func_or_sum::walk (this=0x1505280257b0, processor=<optimized out>, walk_subquery=true, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5493
      		 
      #10 0x0000559a05d4c451 in Item_args::walk_args (arg=0x1505280a7a40, walk_subquery=true, processor=<optimized out>, this=0x150528025b70) at /test/11.1_dbg/sql/item.h:2794
      		 
      #11 Item_func_or_sum::walk (this=0x150528025af8, processor=<optimized out>, walk_subquery=true, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5493
      		 
      #12 0x0000559a05dc6680 in Item_ref::walk (this=0x150528032a90, processor=&virtual Item::register_field_in_read_map(void*), walk_subquery=<optimized out>, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5699
      		 
      #13 0x0000559a05d4c451 in Item_args::walk_args (arg=0x1505280a7a40, walk_subquery=true, processor=<optimized out>, this=0x150528025828) at /test/11.1_dbg/sql/item.h:2794
      		 
      #14 Item_func_or_sum::walk (this=0x1505280257b0, processor=<optimized out>, walk_subquery=true, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5493
      		 
      #15 0x0000559a05d4c451 in Item_args::walk_args (arg=0x1505280a7a40, walk_subquery=true, processor=<optimized out>, this=0x150528025b70) at /test/11.1_dbg/sql/item.h:2794
      		 
      #16 Item_func_or_sum::walk (this=0x150528025af8, processor=<optimized out>, walk_subquery=true, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5493
      		 
      #17 0x0000559a05dc6680 in Item_ref::walk (this=0x150528032a90, processor=&virtual Item::register_field_in_read_map(void*), walk_subquery=<optimized out>, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5699
      		 
      #18 0x0000559a05d4c451 in Item_args::walk_args (arg=0x1505280a7a40, walk_subquery=true, processor=<optimized out>, this=0x150528025828) at /test/11.1_dbg/sql/item.h:2794
      		 
      #19 Item_func_or_sum::walk (this=0x1505280257b0, processor=<optimized out>, walk_subquery=true, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5493
      		 
      #20 0x0000559a05d4c451 in Item_args::walk_args (arg=0x1505280a7a40, walk_subquery=true, processor=<optimized out>, this=0x150528025b70) at /test/11.1_dbg/sql/item.h:2794
      		 
      #21 Item_func_or_sum::walk (this=0x150528025af8, processor=<optimized out>, walk_subquery=true, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5493
      		 
      #22 0x0000559a05dc6680 in Item_ref::walk (this=0x150528032a90, processor=&virtual Item::register_field_in_read_map(void*), walk_subquery=<optimized out>, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5699
      		 
      #23 0x0000559a05d4c451 in Item_args::walk_args (arg=0x1505280a7a40, walk_subquery=true, processor=<optimized out>, this=0x150528025828) at /test/11.1_dbg/sql/item.h:2794
      		 
      ... stack looping ...
      		 
      #986 Item_func_or_sum::walk (this=0x150528025af8, processor=<optimized out>, walk_subquery=true, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5493
      		 
      #987 0x0000559a05dc6680 in Item_ref::walk (this=0x150528032a90, processor=&virtual Item::register_field_in_read_map(void*), walk_subquery=<optimized out>, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5699
      		 
      #988 0x0000559a05d4c451 in Item_args::walk_args (arg=0x1505280a7a40, walk_subquery=true, processor=<optimized out>, this=0x150528025828) at /test/11.1_dbg/sql/item.h:2794
      		 
      #989 Item_func_or_sum::walk (this=0x1505280257b0, processor=<optimized out>, walk_subquery=true, arg=0x1505280a7a40) at /test/11.1_dbg/sql/item.h:5493
      		 
      #990 0x0000559a05d4c451 in Item_args::walk_args (arg=0x1505280a7a40, walk_subquery=true, processor=<optimized out>, this=0x150528025b70) at /test/11.1_dbg/sql/item.h:2794

      Bug confirmed present in:
      MariaDB: 10.4.31 (dbg), 10.4.31 (opt), 10.5.22 (dbg), 10.5.22 (opt), 10.6.15 (dbg), 10.6.15 (opt), 10.9.8 (dbg), 10.9.8 (opt), 10.10.6 (dbg), 10.10.6 (opt), 10.11.5 (dbg), 10.11.5 (opt), 11.0.3 (dbg), 11.0.3 (opt), 11.1.2 (dbg), 11.1.2 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.40 (dbg), 8.0.33 (dbg), 8.0.33 (opt)

      Attachments

        Issue Links

          relates to

          Task - A task that needs to be done. MDEV-22534 Trivial correlation detection/removal for IN subqueries

          • Critical - Crashes, loss of data, severe memory leak.
          • In Review

          Activity

            People

              sanja Oleksandr Byelkin
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.