Details
Critical Description
PoC:
SELECT ( ( ( WITH x AS ( WITH x AS ( SELECT x FROM ( SELECT * FROM ( SELECT 'x' ) x ) x WHERE ( SELECT x * x ORDER BY ( SELECT 1 GROUP BY 1 IN ( SELECT x ) ) ) ) SELECT x FROM x WHERE x ) SELECT * FROM x ) ) ) ; |
docker log:
mariadbd(my_print_stacktrace+0x32)[0x556678eaa7c2]
|
mariadbd(handle_fatal_signal+0x488)[0x556678983cf8]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7f8dd27eb520]
|
mariadbd(_ZN10Item_field15fix_outer_fieldEP3THDPP5FieldPP4Item+0x31b)[0x5566789ae8ab]
|
mariadbd(_ZN10Item_field10fix_fieldsEP3THDPP4Item+0x415)[0x5566789af675]
|
mariadbd(_ZN20Item_direct_view_ref10fix_fieldsEP3THDPP4Item+0x11b)[0x5566789b04ab]
|
mariadbd(_ZN9Item_func10fix_fieldsEP3THDPP4Item+0x8c)[0x5566789f4fec]
|
mariadbd(_ZN9Item_cond10fix_fieldsEP3THDPP4Item+0x139)[0x5566789ce5c9]
|
mariadbd(_ZN4JOIN14optimize_innerEv+0x69b)[0x55667878fb5b]
|
mariadbd(_ZN4JOIN8optimizeEv+0xda)[0x556678790e2a]
|
mariadbd(+0x7ec60c)[0x5566786ca60c]
|
mariadbd(_Z27mysql_handle_single_derivedP3LEXP10TABLE_LISTj+0x95)[0x5566786c9e35]
|
mariadbd(_ZN4JOIN14optimize_innerEv+0xb27)[0x55667878ffe7]
|
mariadbd(_ZN4JOIN8optimizeEv+0xda)[0x556678790e2a]
|
mariadbd(_ZN13st_select_lex31optimize_unflattened_subqueriesEb+0x115)[0x5566786eaa55]
|
mariadbd(_ZN4JOIN28optimize_constant_subqueriesEv+0x35)[0x556678889d55]
|
mariadbd(_ZN4JOIN14optimize_innerEv+0x503)[0x55667878f9c3]
|
mariadbd(_ZN4JOIN8optimizeEv+0xda)[0x556678790e2a]
|
mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0xd1)[0x556678790f21]
|
mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x154)[0x556678791774]
|
mariadbd(+0x826f55)[0x556678704f55]
|
mariadbd(_Z21mysql_execute_commandP3THDb+0x419e)[0x556678713f0e]
|
mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x1e7)[0x556678715237]
|
mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x14bd)[0x556678717a1d]
|
mariadbd(_Z10do_commandP3THDb+0x138)[0x556678719818]
|
mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x3bf)[0x5566788413af]
|
mariadbd(handle_one_connection+0x5d)[0x5566788416fd]
|
mariadbd(+0xcd1906)[0x556678baf906]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x94b43)[0x7f8dd283db43]
|
/lib/x86_64-linux-gnu/libc.so.6(clone+0x44)[0x7f8dd28cebb4]
|
 |
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7f8d700130d8): SELECT ( ( ( WITH x AS ( WITH x AS ( SELECT x FROM ( SELECT * FROM ( SELECT 'x' ) x ) x WHERE ( SELECT x * x ORDER BY ( SELECT 1 GROUP BY 1 IN ( SELECT x ) ) ) ) SELECT x FROM x WHERE x ) SELECT * FROM x ) ) )
|
 |
Connection ID (thread ID): 4
|
Status: NOT_KILLED
|
 |
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on
|
Attachments
Issue Links
- relates to
-
MDEV-29300 Assertion `*ref && (*ref)->fixed()' failed in Item_field::fix_outer_field on SELECT
-
- Confirmed
-