[MDEV-32391] Segmentation fault at /mariadb-11.3.0/sql/sql_lex.h:1399 - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 11.3.0
Fix Version/s: N/A
Component/s: Server
Labels:
None
Environment:
Ubuntu 20.04

Description

Run these queries in release build:

CREATE TABLE t0 ( c15 INT , c33 INT ) ;
INSERT INTO t0 ( c15 ) WITH t1 AS ( SELECT SQRT ( 123 ) NOT REGEXP MOD ( 91 , -121 ) = ALL ( SELECT c15 AS c33 FROM t0 ) AS c49 FROM t0 ) SELECT t1 . c49 IS UNKNOWN AS c59 FROM t1 CROSS JOIN t0 AS t2 WHERE t1 . c49 = + EXISTS ( SELECT -5839312620871436105 AS c17 GROUP BY c49 ) BETWEEN -109 AND CHAR_LENGTH ( 2694839150676403988 ) - - LOWER ( -13 ) ;

Will trigger Segmentation fault.
GDB info:
Thread 17 "mariadbd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe011a700 (LWP 45418)]
Item_subselect::is_expensive (this=0x7fff98015868)
at /home/wx/mariadb-11.3.0/sql/sql_lex.h:1399
1399 st_select_lex* next_select()

{ return (st_select_lex*) next; }

#0 Item_subselect::is_expensive (this=0x7fff98015868)
at /home/wx/mariadb-11.3.0/sql/sql_lex.h:1399
#1 0x0000555555ca607d in Item_args::walk_args (arg=0x0, walk_subquery=false,
processor=<optimized out>, this=0x7fff98072770) at /home/wx/mariadb-11.3.0/sql/item.h:2796
#2 Item_func_or_sum::walk (this=0x7fff980726f8, processor=&virtual table offset 928,
walk_subquery=false, arg=0x0) at /home/wx/mariadb-11.3.0/sql/item.h:5496
#3 0x0000555555ca607d in Item_args::walk_args (arg=0x0, walk_subquery=false,
processor=<optimized out>, this=0x7fff98015b60) at /home/wx/mariadb-11.3.0/sql/item.h:2796
#4 Item_func_or_sum::walk (this=0x7fff98015ae8, processor=&virtual table offset 928,
walk_subquery=false, arg=0x0) at /home/wx/mariadb-11.3.0/sql/item.h:5496
#5 0x0000555556007631 in Item_direct_view_ref::walk (this=0x7fff980735e0,
processor=<optimized out>, walk_subquery=<optimized out>, arg=0x0)
at /home/wx/mariadb-11.3.0/sql/item.h:6103
#6 0x0000555555f3794f in Item_cache::walk (this=0x7fff98074ac8,
processor=&virtual table offset 928, walk_subquery=<optimized out>, arg=0x0)
at /home/wx/mariadb-11.3.0/sql/item.h:7199
#7 0x0000555555ca607d in Item_args::walk_args (arg=0x0, walk_subquery=false,
processor=<optimized out>, this=0x7fff9803bcc0) at /home/wx/mariadb-11.3.0/sql/item.h:2796
#8 Item_func_or_sum::walk (this=0x7fff9803bc48, processor=&virtual table offset 928,
walk_subquery=false, arg=0x0) at /home/wx/mariadb-11.3.0/sql/item.h:5496
#9 0x0000555555ca5f91 in Item::is_expensive (this=0x7fff9803bc48)
at /home/wx/mariadb-11.3.0/sql/item.h:2617
#10 0x0000555555dd2f25 in make_join_select (join=join@entry=0x7fff98072ba0,
select=0x7fff98074940, cond=0x7fff9803bc48)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:13614
#11 0x0000555555de9ac2 in JOIN::optimize_stage2 (this=this@entry=0x7fff98072ba0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2917
#12 0x0000555555ded98c in JOIN::optimize_inner (this=this@entry=0x7fff98072ba0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2650
#13 0x0000555555defccd in JOIN::optimize (this=this@entry=0x7fff98072ba0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1944
#14 0x0000555555defdc1 in mysql_select (thd=thd@entry=0x7fff98000c58, tables=0x7fff98038ce0,
fields=..., conds=0x7fff9803bc48, og_num=0, order=0x0, group=0x0, having=0x0,
proc_param=0x0, select_options=<optimized out>, result=0x7fff98072ae0,
unit=0x7fff98004ee8, select_lex=0x7fff98038660)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5235
#15 0x0000555555df0607 in handle_select (thd=thd@entry=0x7fff98000c58,
lex=lex@entry=0x7fff98004e08, result=result@entry=0x7fff98072ae0,
setup_tables_done_option=setup_tables_done_option@entry=35184372088832)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
#16 0x0000555555d7cf47 in mysql_execute_command (thd=thd@entry=0x7fff98000c58,
is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:4566
#17 0x0000555555d68c27 in mysql_parse (thd=0x7fff98000c58, rawbuf=<optimized out>,
length=<optimized out>, parser_state=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
#18 0x0000555555d74fdd in dispatch_command (command=command@entry=COM_QUERY,
thd=thd@entry=0x7fff98000c58,
packet=packet@entry=0x7fff98008509 "INSERT INTO t0 ( c15 ) WITH t1 AS ( SELECT SQRT ( 123 ) NOT REGEXP MOD ( 91 , -121 ) = ALL ( SELECT c15 AS c33 FROM t0 ) AS c49 FROM t0 ) SELECT t1 . c49 IS UNKNOWN AS c59 FROM t1 CROSS JOIN t0 AS t2 "...,
packet_length=packet_length@entry=348, blocking=blocking@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_class.h:251
#19 0x0000555555d7721e in do_command (thd=0x7fff98000c58, blocking=blocking@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
#20 0x0000555555e9a617 in do_handle_one_connection (connect=<optimized out>,
connect@entry=0x555557e0aff8, put_in_cache=put_in_cache@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
#21 0x0000555555e9a94d in handle_one_connection (arg=arg@entry=0x555557e0aff8)
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
#22 0x00005555561e658d in pfs_spawn_thread (arg=0x555557db4608)
at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
#23 0x00007ffff7b48609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#24 0x00007ffff7719133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

Attachments

Issue Links

duplicates

MDEV-28621 group by optimization incorrectly removing subquery where subject buried in a function

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Xin Wen

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2023-10-10 02:35

Updated:: 2023-10-10 15:57

Resolved:: 2023-10-10 15:49

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.