Details
Description
PoC:
SELECT 1.000000 two UNION SELECT 1 ORDER BY ( SELECT two LIMIT 1 OFFSET 1 ) ; |
docker log:
mariadbd(my_print_stacktrace+0x32)[0x55edbccc87c2]
|
mariadbd(handle_fatal_signal+0x488)[0x55edbc7a1cf8]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7f2de8831520]
|
mariadbd(_ZNK10my_decimal9to_binaryEPhitj+0x31)[0x55edbc8ed5c1]
|
mariadbd(_ZNK27Type_handler_decimal_result18make_sort_key_partEPhP4ItemPK15SORT_FIELD_ATTRP6String+0x6d)[0x55edbc79ccdd]
|
mariadbd(+0xaa1dc2)[0x55edbc79ddc2]
|
mariadbd(_Z8filesortP3THDP5TABLEP8FilesortP16Filesort_trackerP4JOINy+0x15d7)[0x55edbc7a06c7]
|
mariadbd(_Z17create_sort_indexP3THDP4JOINP13st_join_tableP8Filesort+0xea)[0x55edbc595dfa]
|
mariadbd(_ZN13st_join_table10sort_tableEv+0x8b)[0x55edbc59618b]
|
mariadbd(_Z21join_init_read_recordP13st_join_table+0x71)[0x55edbc596251]
|
mariadbd(_Z10sub_selectP4JOINP13st_join_tableb+0x22f)[0x55edbc57c9ff]
|
mariadbd(_ZN4JOIN10exec_innerEv+0xfd4)[0x55edbc5b0bc4]
|
mariadbd(_ZN4JOIN4execEv+0x3f)[0x55edbc5b0fff]
|
mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x12c)[0x55edbc5aef7c]
|
mariadbd(_ZN18st_select_lex_unit10exec_innerEv+0x68c)[0x55edbc60341c]
|
mariadbd(_Z11mysql_unionP3THDP3LEXP13select_resultP18st_select_lex_unity+0x48)[0x55edbc606438]
|
mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x59)[0x55edbc5af679]
|
mariadbd(+0x826f55)[0x55edbc522f55]
|
mariadbd(_Z21mysql_execute_commandP3THDb+0x419e)[0x55edbc531f0e]
|
mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x1e7)[0x55edbc533237]
|
mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x14bd)[0x55edbc535a1d]
|
mariadbd(_Z10do_commandP3THDb+0x138)[0x55edbc537818]
|
mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x3bf)[0x55edbc65f3af]
|
mariadbd(handle_one_connection+0x5d)[0x55edbc65f6fd]
|
mariadbd(+0xcd1906)[0x55edbc9cd906]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x94b43)[0x7f2de8883b43]
|
/lib/x86_64-linux-gnu/libc.so.6(clone+0x44)[0x7f2de8914bb4]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7f2d840130d8): SELECT 1.000000 two UNION SELECT 1 ORDER BY ( SELECT two LIMIT 1 OFFSET 1 )
|
|
|
Connection ID (thread ID): 4
|
Status: NOT_KILLED
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on
|
Attachments
Issue Links
- is duplicated by
-
MDEV-32606 Server crash when querying InnoDB table
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Closed
-