Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
10.4, 10.5, 10.6, 10.9, 10.10, 10.11, 11.0, 11.1, 11.2, 11.3.0
-
None
-
Ubuntu 20.04
Description
Run these queries in release build:
CREATE TABLE t0 ( c38 DOUBLE ( 87 , 18 ) ) ;
INSERT INTO t0 VALUES ( DEFAULT ) , ( DEFAULT ) ;
CREATE INDEX i0 ON t0 ( c38 ) ;
INSERT INTO t0 VALUES ( 34 ) , ( -14 ) ;
SELECT t0 . c38 AS c5 FROM ( SELECT c38 AS c27 FROM t0 ) AS t1 JOIN t0 ON t0 . c38 >= LN ( c27 IS TRUE ) LIKE EXISTS ( SELECT SPACE ( c24 ) - UNHEX ( c38 ) + STD( ORD ( -26 ) & RADIANS ( 62 ) / TRIM( LEADING 110 FROM 'a4~mq;A825}$&%(C
.!
{S&pATQJb%F}qU@UH?VHFyU4%))Gx' ) AND -19.704435 | ACOS ( -69 IS TRUE ) ) % + RAND ( CONVERT ( -75 , UNSIGNED ) IN ( -64 , 10 , -118 ) XOR -85 = MAKE_SET ( 11 , ROUND ( -89 , -20 ) SOUNDS LIKE TRIM( TRAILING FROM 34 ) AND RAND ( ) ) ) AS c17 FROM ( SELECT t2 . c38 AS c24 FROM t0 LEFT OUTER JOIN t0 AS t2 USING ( c38 ) ) AS t3 JOIN t0 ON t3 . c24 = t0 . c38 GROUP BY c38 , c24 UNION SELECT c38 + 35 AS c48 FROM t0 WHERE c38 IN ( SELECT c38 AS c12 FROM t0 ) ) ;
Will trigger Segmentation fault.
GDB info:
Thread 16 "mariadbd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe011a700 (LWP 45648)]
join_read_next_same (info=0x7fff940a6658) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24300
24300 JOIN_TAB *tab=table->reginfo.join_tab;
(gdb) p table
$14 = (TABLE *) 0x0
#0 join_read_next_same (info=0x7fff940a6658)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24300
#1 0x0000555555dbf837 in READ_RECORD::read_record (this=0x7fff940a6658)
at /home/wx/mariadb-11.3.0/sql/records.h:81
#2 sub_select (join=0x7fff9408bac0, join_tab=0x7fff940a6588, end_of_records=false)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23461
#3 0x0000555555dad6d4 in evaluate_join_record (join=join@entry=0x7fff9408bac0,
join_tab=join_tab@entry=0x7fff940a6110, error=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23677
#4 0x0000555555dbf874 in sub_select (join=0x7fff9408bac0, join_tab=0x7fff940a6110,
end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23481
#5 0x0000555555df19b2 in do_select (procedure=<optimized out>, join=0x7fff9408bac0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
#6 JOIN::exec_inner (this=this@entry=0x7fff9408bac0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
#7 0x0000555555df1d78 in JOIN::exec (this=0x7fff9408bac0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
#8 0x0000555555e444bc in st_select_lex_unit::exec_inner (this=0x7fff9407b198)
at /home/wx/mariadb-11.3.0/sql/sql_union.cc:2389
#9 0x0000555555e44821 in st_select_lex_unit::exec (this=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_union.cc:2292
#10 0x00005555560af942 in subselect_union_engine::exec (this=0x7fff9407e860)
at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4187
#11 0x00005555560b040c in Item_subselect::exec (this=0x7fff9407e6b8)
at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
#12 0x00005555560af1a3 in Item_exists_subselect::val_str (this=0x7fff9407e6b8,
str=0x7fff9407ea38) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1865
#13 0x0000555556023f3d in Item_func_like::val_int (this=0x7fff9407e918)
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:5721
#14 0x00005555560464b2 in Item_int_func::val_real (this=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/item_func.cc:753
#15 0x00005555560104d4 in Arg_comparator::compare_real_fixed (this=0x7fff9407eb18)
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:914
#16 0x0000555556010d2f in Arg_comparator::compare (this=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:104
#17 Item_func_ge::val_int (this=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1812
#18 0x0000555555ec7e3c in SQL_SELECT::skip_record (this=<optimized out>, thd=0x7fff94000c58)
at /home/wx/mariadb-11.3.0/sql/opt_range.h:1914
#19 JOIN_CACHE::check_match (rec_ptr=0x7fff940253b3 <incomplete sequence \375>,
this=0x7fff94094060) at /home/wx/mariadb-11.3.0/sql/sql_join_cache.cc:2560
#20 JOIN_CACHE::generate_full_extensions (this=0x7fff94094060,
rec_ptr=0x7fff940253b3 <incomplete sequence \375>)
at /home/wx/mariadb-11.3.0/sql/sql_join_cache.cc:2503
#21 0x0000555555ec8297 in JOIN_CACHE::join_matching_records (this=0x7fff94094060,
skip_last=false) at /home/wx/mariadb-11.3.0/sql/sql_join_cache.cc:2403
#22 0x0000555555ec7bf3 in JOIN_CACHE::join_records (this=this@entry=0x7fff94094060,
skip_last=skip_last@entry=false) at /home/wx/mariadb-11.3.0/sql/sql_join_cache.cc:2158
#23 0x0000555555dbfcba in sub_select_cache (join=0x7fff9407fdd0, join_tab=0x7fff94092fc8,
end_of_records=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23192
#24 0x0000555555df1814 in do_select (procedure=<optimized out>, join=0x7fff9407fdd0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22963
#25 JOIN::exec_inner (this=this@entry=0x7fff9407fdd0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
#26 0x0000555555df1d78 in JOIN::exec (this=this@entry=0x7fff9407fdd0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
#27 0x0000555555defe1c in mysql_select (thd=thd@entry=0x7fff94000c58, tables=0x7fff94014e08,
fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0,
select_options=<optimized out>, result=0x7fff9407fda8, unit=0x7fff94004ee8,
select_lex=0x7fff94013210) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
#28 0x0000555555df0607 in handle_select (thd=thd@entry=0x7fff94000c58,
lex=lex@entry=0x7fff94004e08, result=result@entry=0x7fff9407fda8,
setup_tables_done_option=setup_tables_done_option@entry=0)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
#29 0x0000555555d6de41 in execute_sqlcom_select (thd=thd@entry=0x7fff94000c58,
all_tables=0x7fff94014e08) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
#30 0x0000555555d7c2aa in mysql_execute_command (thd=thd@entry=0x7fff94000c58,
is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
#31 0x0000555555d68c27 in mysql_parse (thd=0x7fff94000c58, rawbuf=<optimized out>,
length=<optimized out>, parser_state=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
#32 0x0000555555d74fdd in dispatch_command (command=command@entry=COM_QUERY,
thd=thd@entry=0x7fff94000c58, packet=packet@entry=0x7fff94008509 "",
packet_length=packet_length@entry=696, blocking=blocking@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_class.h:251
#33 0x0000555555d7721e in do_command (thd=0x7fff94000c58, blocking=blocking@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
#34 0x0000555555e9a617 in do_handle_one_connection (connect=<optimized out>,
connect@entry=0x555557e0c5c8, put_in_cache=put_in_cache@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
#35 0x0000555555e9a94d in handle_one_connection (arg=arg@entry=0x555557e0c5c8)
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
#36 0x00005555561e658d in pfs_spawn_thread (arg=0x555557db5e18)
at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
#37 0x00007ffff7b48609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#38 0x00007ffff7719133 in clone () from /lib/x86_64-linux-gnu/libc.so.6
Attachments
Issue Links
- relates to
-
-
- Open
-
-
-
- In Review
-