Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-31766

SIGSEGV in maria_rtree_split_page | maria_rtree_add_key

    XMLWordPrintable

Details

    Description

      CREATE TEMPORARY TABLE t (c POINT NOT NULL,SPATIAL (c)) ENGINE=ARIA;
      		 
      INSERT INTO t VALUES (ST_GEOMFROMTEXT ('POINT(1 0)'));
      		 
      UPDATE t SET c='';

      Leads to:

      10.4.31 922db0642b6321ece41adb3232c1616812143573 (Optimized)

      		 
      Core was generated by `/test/MD040723-mariadb-10.4.31-linux-x86_64-opt/bin/mariadbd --no-defaults --co'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x000055e0dd8a479d in maria_rtree_split_page (key=0x1551f00eb140, 
          page=page@entry=0x1551f00eaf00, new_page_offs=0x1551f00eafc0)
      		 
          at /test/10.4_opt/storage/maria/ma_rt_split.c:398
      		 
      [Current thread is 1 (Thread 0x1551f00ee700 (LWP 3614190))]
      		 
      (gdb) bt
      		 
      #0  0x000055e0dd8a479d in maria_rtree_split_page (key=0x1551f00eb140, page=page@entry=0x1551f00eaf00, new_page_offs=0x1551f00eafc0) at /test/10.4_opt/storage/maria/ma_rt_split.c:398
      		 
      #1  0x000055e0dd8a09c0 in maria_rtree_add_key (key=key@entry=0x1551f00eb140, page=page@entry=0x1551f00eaf00, new_page=new_page@entry=0x1551f00eafc0) at /test/10.4_opt/storage/maria/ma_rt_key.c:67
      		 
      #2  0x000055e0dd89ecf9 in maria_rtree_insert_req (info=info@entry=0x15519801d158, key=key@entry=0x1551f00eb140, page_pos=page_pos@entry=0, new_page=new_page@entry=0x1551f00eafc0, ins_level=ins_level@entry=-1, level=level@entry=0) at /test/10.4_opt/storage/maria/ma_rt_index.c:690
      		 
      #3  0x000055e0dd89fabc in maria_rtree_insert_level (info=info@entry=0x15519801d158, key=key@entry=0x1551f00eb140, ins_level=ins_level@entry=-1, root=root@entry=0x1551f00eb090) at /test/10.4_opt/storage/maria/ma_rt_index.c:758
      		 
      #4  0x000055e0dd89ff5d in maria_rtree_insert (info=0x15519801d158, key=0x1551f00eb140) at /test/10.4_opt/storage/maria/ma_rt_index.c:862
      		 
      #5  0x000055e0dd8811eb in maria_update (info=<optimized out>, oldrec=0x155198017ae8 "\031", newrec=0x155198017ad8 "") at /test/10.4_opt/storage/maria/ma_update.c:133
      		 
      #6  0x000055e0dd6788d6 in handler::ha_update_row (this=0x155198019860, old_data=0x155198017ae8 "\031", new_data=0x155198017ad8 "") at /test/10.4_opt/sql/handler.cc:6888
      		 
      #7  0x000055e0dd52dd29 in mysql_update (thd=thd@entry=0x155198000c48, table_list=<optimized out>, fields=@0x1551980051b8: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x155198010828, last = 0x155198010828, elements = 1}, <No data fields>}, values=@0x155198005778: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x155198010838, last = 0x155198010838, elements = 1}, <No data fields>}, conds=<optimized out>, order_num=<optimized out>, order=<optimized out>, limit=18446744073709551615, ignore=false, found_return=0x1551f00ebc60, updated_return=0x1551f00ebd20) at /test/10.4_opt/sql/sql_update.cc:1082
      		 
      #8  0x000055e0dd474bb3 in mysql_execute_command (thd=0x155198000c48) at /test/10.4_opt/sql/sql_parse.cc:4449
      		 
      #9  0x000055e0dd47a5a2 in mysql_parse (thd=0x155198000c48, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.4_opt/sql/sql_parse.cc:8008
      		 
      #10 0x000055e0dd47d055 in dispatch_command (command=COM_QUERY, thd=0x155198000c48, packet=<optimized out>, packet_length=<optimized out>, is_com_multi=<optimized out>, is_next_command=<optimized out>) at /test/10.4_opt/sql/sql_class.h:1231
      		 
      #11 0x000055e0dd47e8af in do_command (thd=0x155198000c48) at /test/10.4_opt/sql/sql_parse.cc:1378
      		 
      #12 0x000055e0dd56bdae in do_handle_one_connection (connect=<optimized out>) at /test/10.4_opt/sql/sql_connect.cc:1420
      		 
      #13 0x000055e0dd56be3d in handle_one_connection (arg=<optimized out>) at /test/10.4_opt/sql/sql_connect.cc:1324
      		 
      #14 0x00001551f37fc609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      		 
      #15 0x00001551f33e8133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

      Bug confirmed present in:
      MariaDB: 10.4.31 (dbg), 10.4.31 (opt), 10.5.21 (dbg), 10.5.22 (dbg), 10.5.22 (opt), 10.6.15 (dbg), 10.6.15 (opt), 10.9.8 (dbg), 10.9.8 (opt), 10.10.6 (dbg), 10.10.6 (opt), 10.11.4 (opt), 10.11.5 (dbg), 10.11.5 (opt), 11.0.2 (dbg), 11.0.2 (opt), 11.0.3 (dbg), 11.0.3 (opt), 11.1.2 (dbg), 11.1.2 (opt), 11.2.0 (dbg), 11.2.0 (opt)

      Attachments

        Activity

          People

            holyfoot Alexey Botchkov
            ramesh Ramesh Sivaraman
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.