Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32305

Server crashes at Item_func_distance::val_real

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 10.4, 10.5, 10.6, 10.9, 10.10, 10.11, 11.0, 11.1.2, 11.2.1
    • N/A
    • GIS
    • None
    • Ubuntu 20.04 x86-64, docker image mariadb:11.1.2

    Description

      PoC:

      SELECT ( WITH x ( x ) AS ( WITH x ( x ) AS ( SELECT ST_DISTANCE ( ST_GEOMFROMTEXT ( 'MULTILINESTRING((1 5))' ) , ST_GEOMFROMTEXT ( 'MULTIPOINT(151 -68)' ) ) ) SELECT CASE WHEN x THEN 'x' END FROM x ) SELECT 1 FROM x WHERE x ) ;

      docker log:

      mariadbd(my_print_stacktrace+0x32)[0x55d354fea7c2]
      		 
      mariadbd(handle_fatal_signal+0x488)[0x55d354ac3cf8]
      		 
      /lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7ff5a6841520]
      		 
      mariadbd(_ZN18Item_func_distance8val_realEv+0x3ae)[0x55d354b5807e]
      		 
      mariadbd(_ZNK28Type_handler_temporal_result13Item_val_boolEP4Item+0x14)[0x55d354a06374]
      		 
      mariadbd(_ZN23Item_func_case_searched9find_itemEv+0x4a)[0x55d354b0055a]
      		 
      mariadbd(_ZN14Item_func_case6str_opEP6String+0x1a)[0x55d354afdafa]
      		 
      mariadbd(_ZN27Item_func_hybrid_field_type23val_decimal_from_str_opEP10my_decimal+0x25)[0x55d354b3d115]
      		 
      mariadbd(_ZN18Item_cache_decimal11val_decimalEP10my_decimal+0x5c)[0x55d354adfadc]
      		 
      mariadbd(_ZN4VDecC2EP4Item+0x2f)[0x55d354a129bf]
      		 
      mariadbd(_ZN14Arg_comparator15compare_decimalEv+0x27)[0x55d354b026d7]
      		 
      mariadbd(_ZN12Item_func_ne7val_intEv+0x34)[0x55d354b0a884]
      		 
      mariadbd(_ZNK23Type_handler_int_result13Item_val_boolEP4Item+0x14)[0x55d354a063a4]
      		 
      mariadbd(_ZN15Item_bool_func215remove_eq_condsEP3THDPN4Item11cond_resultEb+0x79)[0x55d354887f39]
      		 
      mariadbd(+0x870e91)[0x55d35488ee91]
      		 
      mariadbd(_ZN4JOIN14optimize_innerEv+0x8bb)[0x55d3548cfd7b]
      		 
      mariadbd(_ZN4JOIN8optimizeEv+0xda)[0x55d3548d0e2a]
      		 
      mariadbd(+0x7ec60c)[0x55d35480a60c]
      		 
      mariadbd(_Z27mysql_handle_single_derivedP3LEXP10TABLE_LISTj+0x95)[0x55d354809e35]
      		 
      mariadbd(_ZN4JOIN14optimize_innerEv+0xb27)[0x55d3548cffe7]
      		 
      mariadbd(_ZN4JOIN8optimizeEv+0xda)[0x55d3548d0e2a]
      		 
      mariadbd(+0x7ec60c)[0x55d35480a60c]
      		 
      mariadbd(_Z27mysql_handle_single_derivedP3LEXP10TABLE_LISTj+0x95)[0x55d354809e35]
      		 
      mariadbd(_ZN4JOIN14optimize_innerEv+0xb27)[0x55d3548cffe7]
      		 
      mariadbd(_ZN4JOIN8optimizeEv+0xda)[0x55d3548d0e2a]
      		 
      mariadbd(_ZN13st_select_lex31optimize_unflattened_subqueriesEb+0x115)[0x55d35482aa55]
      		 
      mariadbd(_ZN4JOIN28optimize_constant_subqueriesEv+0x35)[0x55d3549c9d55]
      		 
      mariadbd(_ZN4JOIN14optimize_innerEv+0x503)[0x55d3548cf9c3]
      		 
      mariadbd(_ZN4JOIN8optimizeEv+0xda)[0x55d3548d0e2a]
      		 
      mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0xd1)[0x55d3548d0f21]
      		 
      mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x154)[0x55d3548d1774]
      		 
      mariadbd(+0x826f55)[0x55d354844f55]
      		 
      mariadbd(_Z21mysql_execute_commandP3THDb+0x419e)[0x55d354853f0e]
      		 
      mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x1e7)[0x55d354855237]
      		 
      mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x14bd)[0x55d354857a1d]
      		 
      mariadbd(_Z10do_commandP3THDb+0x138)[0x55d354859818]
      		 
      mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x3bf)[0x55d3549813af]
      		 
      mariadbd(handle_one_connection+0x5d)[0x55d3549816fd]
      		 
      mariadbd(+0xcd1906)[0x55d354cef906]
      		 
      /lib/x86_64-linux-gnu/libc.so.6(+0x94b43)[0x7ff5a6893b43]
      		 
      /lib/x86_64-linux-gnu/libc.so.6(clone+0x44)[0x7ff5a6924bb4]
      		 
       
      		 
      Trying to get some variables.
      		 
      Some pointers may be invalid and cause the dump to abort.
      		 
      Query (0x7ff54c0130d8): SELECT ( WITH x ( x ) AS ( WITH x ( x ) AS ( SELECT ST_DISTANCE ( ST_GEOMFROMTEXT ( 'MULTILINESTRING((1 5))' ) , ST_GEOMFROMTEXT ( 'MULTIPOINT(151 -68)' ) ) ) SELECT CASE WHEN x THEN 'x' END FROM x ) SELECT 1 FROM x WHERE x )
      		 
       
      		 
      Connection ID (thread ID): 4
      		 
      Status: NOT_KILLED
      		 
       
      		 
      Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-17657 cte + geometry crash

          • Major - Major loss of function.
          • Confirmed

          Activity

            People

              holyfoot Alexey Botchkov
              fuboat Jingzhou Fu
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.