Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32390

Segmentation fault at /mariadb-11.3.0/sql/sql_lex.cc:4227

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 11.3.0
    • N/A
    • Server
    • None
    • Ubuntu 20.04

    Description

      Run these queries in release build:

      CREATE TABLE t0 ( c43 DECIMAL ( 31 ) DEFAULT ( 45 ) ) ;
      INSERT INTO t0 VALUES ( 13 ) , ( 29 ) ;
      ALTER TABLE t0 ADD COLUMN c24 INT AFTER c43 ;
      INSERT INTO t0 VALUES ( DEFAULT , DEFAULT ) , ( DEFAULT , DEFAULT ) ;
      SELECT t1 . c22 AS c9 FROM ( SELECT ( SELECT + EXISTS ( SELECT -128 AS c29 ) << LOCATE ( t0 . c43 , t0 . c24 <= t0 . c24 NOT BETWEEN 4642475734208631537 AND -108 , NULLIF ( 57 , -8 ) SOUNDS LIKE TRIM( TRAILING FROM 6107036197732405580 ) ) - t0 . c43 AS c57 FROM t0 LIMIT 1 ) AS c22 FROM t0 ) AS t1 HAVING TRIM( CASE t1 . c22 WHEN -16 THEN RAND ( ) % HEX ( t1 . c22 ) - SUBSTRING_INDEX ( t1 . c22 , ':A9SEZxtjN,fKN*zR' , 'V*vhJb}&c%Op,[T[S,j`F9NDsK;\'8 4;m"
      P,ce}1r"3ID1DN' ) >> NULLIF ( t1 . c22 , -95 ) ELSE -2 END IS TRUE FROM t1 . c22 >= EXISTS ( SELECT t2 . c57 AS c59 FROM ( SELECT CASE c24 WHEN -103 THEN 85 ELSE 22 END IS TRUE AS c57 FROM t0 ) AS t2 WHERE MOD ( 64 , 46 ) = CONVERT ( 73 , BINARY ) % RAND ( ) IS NOT NULL = -65 GROUP BY c57 , c22 , c22 WINDOW w0 AS ( PARTITION BY t2 . c57 ) ) & PI ( ) ) ;

      Will trigger Segmentation fault.
      GDB info:
      Thread 17 "mariadbd" received signal SIGSEGV, Segmentation fault.
      [Switching to Thread 0x7fffe011a700 (LWP 45342)]
      0x0000555555d4af6a in st_select_lex_unit::set_limit (this=0x7fff980719d0, sl=0x0)
      at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4227
      4227 lim.set_limit(sl->get_limit(), sl->get_offset(), sl->limit_params.with_ties);
      (gdb) p sl
      $1 = (st_select_lex *) 0x0

      #0 0x0000555555d4af6a in st_select_lex_unit::set_limit (this=0x7fff980719d0, sl=0x0)
      at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4227
      #1 0x00005555560b133e in subselect_single_select_engine::exec (this=0x7fff98016bb0)
      at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4074
      #2 0x00005555560b040c in Item_subselect::exec (this=0x7fff98016a20)
      at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
      #3 0x00005555560afd03 in Item_singlerow_subselect::val_int (this=0x7fff98016a20)
      at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1462
      #4 0x0000555555fef893 in Item_direct_view_ref::val_int_result (this=0x7fff9807c578)
      at /home/wx/mariadb-11.3.0/sql/item.cc:9518
      #5 0x0000555555fef2e3 in Item_ref::val_int (this=0x7fff98074cd0)
      at /home/wx/mariadb-11.3.0/sql/item.cc:8522
      #6 0x00005555560106cd in Arg_comparator::compare_int_unsigned (this=0x7fff980793b8)
      at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:963
      #7 0x0000555556010d2f in Arg_comparator::compare (this=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:104
      #8 Item_func_ge::val_int (this=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1812
      #9 0x0000555556044dba in Item_int_func::val_str (this=0x7fff98079300, str=0x7fffe01182e0)
      at /home/wx/mariadb-11.3.0/sql/item_func.cc:760
      #10 0x00005555560835ed in Item_func_trim::val_str (this=0x7fff98079528, str=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/item_strfunc.cc:2477
      #11 0x000055555607f344 in Item_str_func::val_int (this=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/item_strfunc.cc:165
      #12 0x0000555555dd9c5d in end_send (join=0x7fff98079ef8, join_tab=0x7fff98085168,
      end_of_records=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24685
      #13 0x0000555555dad6d4 in evaluate_join_record (join=join@entry=0x7fff98079ef8,
      join_tab=join_tab@entry=0x7fff98084cf0, error=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23677
      #14 0x0000555555dbf7fb in sub_select (join=0x7fff98079ef8, join_tab=0x7fff98084cf0,
      end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23444
      #15 0x0000555555df19b2 in do_select (procedure=<optimized out>, join=0x7fff98079ef8)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
      #16 JOIN::exec_inner (this=this@entry=0x7fff98079ef8)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #17 0x0000555555df1d78 in JOIN::exec (this=this@entry=0x7fff98079ef8)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #18 0x0000555555defe1c in mysql_select (thd=thd@entry=0x7fff98000c58, tables=0x7fff98073200,
      fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x7fff98079528,
      proc_param=0x0, select_options=<optimized out>, result=0x7fff98079ed0,
      unit=0x7fff98004ee8, select_lex=0x7fff980132f8)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
      #19 0x0000555555df0607 in handle_select (thd=thd@entry=0x7fff98000c58,
      lex=lex@entry=0x7fff98004e08, result=result@entry=0x7fff98079ed0,
      setup_tables_done_option=setup_tables_done_option@entry=0)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
      #20 0x0000555555d6de41 in execute_sqlcom_select (thd=thd@entry=0x7fff98000c58,
      all_tables=0x7fff98073200) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
      #21 0x0000555555d7c2aa in mysql_execute_command (thd=thd@entry=0x7fff98000c58,
      is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)
      at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
      #22 0x0000555555d68c27 in mysql_parse (thd=0x7fff98000c58, rawbuf=<optimized out>,
      length=<optimized out>, parser_state=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
      #23 0x0000555555d74fdd in dispatch_command (command=command@entry=COM_QUERY,
      thd=thd@entry=0x7fff98000c58, packet=packet@entry=0x7fff98008509 "",
      packet_length=packet_length@entry=811, blocking=blocking@entry=true)
      at /home/wx/mariadb-11.3.0/sql/sql_class.h:251
      #24 0x0000555555d7721e in do_command (thd=0x7fff98000c58, blocking=blocking@entry=true)
      at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
      #25 0x0000555555e9a617 in do_handle_one_connection (connect=<optimized out>,
      connect@entry=0x555557e0ae58, put_in_cache=put_in_cache@entry=true)
      at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
      #26 0x0000555555e9a94d in handle_one_connection (arg=arg@entry=0x555557e0ae58)
      at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
      #27 0x00005555561e658d in pfs_spawn_thread (arg=0x555557db46e8)
      at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
      #28 0x00007ffff7b48609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
      #29 0x00007ffff7719133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-28621 group by optimization incorrectly removing subquery where subject buried in a function

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              Unassigned Unassigned
              Xin Wen Xin Wen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.