Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32317

Prepare phase: Server crashes at Item_bool_rowready_func2::cleanup

    XMLWordPrintable

Details

    Description

      PoC:

      SELECT AVG ( 'x' ) OVER ( ) x WHERE ( 1 , 1 , ( 1 , NULL ) ) IN ( ( 1 , 1 , ( 1 , 1 ) ) ) ORDER BY x BETWEEN 25 AND ( ( x = x ) / x ) OR x = x = AVG ( NULL ) OR x = 94 ;

      docker log:

      mariadbd(my_print_stacktrace+0x32)[0x5621986b27c2]
      		 
      mariadbd(handle_fatal_signal+0x488)[0x56219818bcf8]
      		 
      /lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7f113e8f5520]
      		 
      mariadbd(_ZN24Item_bool_rowready_func27cleanupEv+0x4f)[0x562197e388af]
      		 
      mariadbd(_ZN11Query_arena10free_itemsEv+0x31)[0x562197ebc481]
      		 
      mariadbd(_ZN3THD19cleanup_after_queryEv+0x111)[0x562197ebe3e1]
      		 
      mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x14bd)[0x562197f1fa1d]
      		 
      mariadbd(_Z10do_commandP3THDb+0x138)[0x562197f21818]
      		 
      mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x3bf)[0x5621980493af]
      		 
      mariadbd(handle_one_connection+0x5d)[0x5621980496fd]
      		 
      mariadbd(+0xcd1906)[0x5621983b7906]
      		 
      /lib/x86_64-linux-gnu/libc.so.6(+0x94b43)[0x7f113e947b43]
      		 
      /lib/x86_64-linux-gnu/libc.so.6(clone+0x44)[0x7f113e9d8bb4]
      		 
       
      		 
      Trying to get some variables.
      		 
      Some pointers may be invalid and cause the dump to abort.
      		 
      Query (0x7f10d00130d8): SELECT AVG ( 'x' ) OVER ( ) x WHERE ( 1 , 1 , ( 1 , NULL ) ) IN ( ( 1 , 1 , ( 1 , 1 ) ) ) ORDER BY x BETWEEN 25 AND ( ( x = x ) / x ) OR x = x = AVG ( NULL ) OR x = 94
      		 
       
      		 
      Connection ID (thread ID): 4
      		 
      Status: NOT_KILLED
      		 
       
      		 
      Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. MDEV-33644 Server crashes at Item_func_nullif::decimal_op

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28917 SIGSEGV in resolve_ref_in_select_and_group and Assertion `n < m_size' failed in Bounds_checked_array on INSERT

          • Major - Major loss of function.
          • Confirmed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32393 Segmentation fault at /mariadb-11.3.0/sql/sql_select.cc:27660

          • Major - Major loss of function.
          • Confirmed

          Activity

            People

              sanja Oleksandr Byelkin
              fuboat Jingzhou Fu
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.