Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32409

Window funcs: Segv at /mariadb-11.3.0/sql/item.cc:6826

    XMLWordPrintable

Details

    Description

      Run these queries in release build:

      CREATE TABLE t0 ( c48 INT , c31 INT ) ;
      INSERT INTO t0 VALUES ( DEFAULT , DEFAULT ) , ( DEFAULT , DEFAULT ) ;
      DELETE FROM t0 WHERE c31 = 83 ;
      SELECT t1 . c2 AS c7 FROM ( SELECT CONVERT ( CONVERT ( 100 , UNSIGNED ) % RAND ( ) & STD( c31 ) OVER ( PARTITION BY c31 , c31 , c31 , c48 , c31 , c48 , c31 , TRIM( TRAILING FROM + EXP ( 41 ) NOT REGEXP IF ( 90 , -3 , -85 ) IS NULL ) * RTRIM ( c31 ) / EXP ( c48 ) + TRUNCATE ( -50 , -9 ) - STD( 52.391113 ) OVER ( ) ) - ASCII ( t0 . c48 ) * SUBSTRING_INDEX ( c31 , '<eZe#U@*wo$=Mv`mfO6r7qQQb,iDId/AM
      ",OM+UBz' , c48 = c48 IS FALSE ) , UNSIGNED ) / RAND ( ) % HEX ( c48 ) IS TRUE AS c2 FROM t0 GROUP BY c31 , c48 ) AS t1 ;

      Will trigger Segmentation fault.
      GDB info:
      Thread 16 "mariadbd" received signal SIGSEGV, Segmentation fault.
      [Switching to Thread 0x7fffe011a700 (LWP 46188)]
      Item::save_real_in_field (this=0x7fff94015d80, field=0x0, no_conversions=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/item.cc:6826
      6826 field->set_notnull();
      (gdb) p field
      $36 = (Field *) 0x0

      #0 Item::save_real_in_field (this=0x7fff94015d80, field=0x0, no_conversions=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/item.cc:6826
      #1 0x0000555555ff36d7 in Item::save_in_field (this=0x7fff94015d80, field=0x0,
      no_conversions=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item.cc:6853
      #2 0x0000555555f420af in save_window_function_values (
      rowid_buf=0x7fff94026a28 "\2108\b\224\377\177", tbl=0x7fff9403c7e0, window_functions=...)
      at /home/wx/mariadb-11.3.0/sql/sql_window.cc:2775
      #3 compute_window_func (thd=thd@entry=0x7fff94000c58, window_functions=...,
      cursor_managers=..., tbl=tbl@entry=0x7fff9403c7e0,
      filesort_result=filesort_result@entry=0x7fff9403e040)
      at /home/wx/mariadb-11.3.0/sql/sql_window.cc:2927
      #4 0x0000555555f4249e in Window_func_runner::exec (this=this@entry=0x7fff9407ab18,
      thd=thd@entry=0x7fff94000c58, tbl=0x7fff9403c7e0, filesort_result=0x7fff9403e040)
      at /home/wx/mariadb-11.3.0/sql/sql_window.cc:3039
      #5 0x0000555555f425c6 in Window_funcs_sort::exec (this=0x7fff9407ab10,
      join=join@entry=0x7fff94074770, keep_filesort_result=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/sql_window.cc:3067
      #6 0x0000555555f42efb in Window_funcs_computation::exec (this=0x7fff9407aaf0,
      join=join@entry=0x7fff94074770,
      keep_last_filesort_result=keep_last_filesort_result@entry=false)
      at /home/wx/mariadb-11.3.0/sql/sql_window.cc:3196
      #7 0x0000555555de7e01 in AGGR_OP::end_send (this=0x7fff940791b0)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:32300
      #8 0x0000555555de8150 in sub_select_postjoin_aggr (join=0x7fff94074770,
      join_tab=0x7fff940784e8, end_of_records=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23128
      #9 0x0000555555df1814 in do_select (procedure=<optimized out>, join=0x7fff94074770)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22963
      #10 JOIN::exec_inner (this=this@entry=0x7fff94074770)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #11 0x0000555555df1d78 in JOIN::exec (this=this@entry=0x7fff94074770)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #12 0x0000555555defe1c in mysql_select (thd=thd@entry=0x7fff94000c58, tables=0x7fff94071bc8,
      fields=..., conds=0x0, og_num=9, order=0x0, group=0x7fff940141a0, having=0x0,
      proc_param=0x0, select_options=<optimized out>, result=0x7fff94074680,
      unit=0x7fff94072600, select_lex=0x7fff940136b0)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
      #13 0x0000555555d2f54b in mysql_derived_fill (thd=<optimized out>, lex=0x7fff94004e08,
      derived=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:1266
      #14 0x0000555555d2f1fc in mysql_handle_single_derived (lex=0x7fff94004e08,
      derived=derived@entry=0x7fff94072e78, phases=phases@entry=96)
      at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:200
      #15 0x0000555555dbf4f0 in st_join_table::preread_init (this=this@entry=0x7fff9407c3c8)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:16029
      #16 0x0000555555dbf758 in sub_select (join=0x7fff94073ec8, join_tab=0x7fff9407c3c8,
      end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23392
      #17 0x0000555555df19b2 in do_select (procedure=<optimized out>, join=0x7fff94073ec8)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
      #18 JOIN::exec_inner (this=this@entry=0x7fff94073ec8)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #19 0x0000555555df1d78 in JOIN::exec (this=this@entry=0x7fff94073ec8)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #20 0x0000555555defe1c in mysql_select (thd=thd@entry=0x7fff94000c58, tables=0x7fff94072e78,
      fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0,
      select_options=<optimized out>, result=0x7fff94073ea0, unit=0x7fff94004ee8,
      select_lex=0x7fff940130a8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
      #21 0x0000555555df0607 in handle_select (thd=thd@entry=0x7fff94000c58,
      lex=lex@entry=0x7fff94004e08, result=result@entry=0x7fff94073ea0,
      setup_tables_done_option=setup_tables_done_option@entry=0)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
      #22 0x0000555555d6de41 in execute_sqlcom_select (thd=thd@entry=0x7fff94000c58,
      all_tables=0x7fff94072e78) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
      #23 0x0000555555d7c2aa in mysql_execute_command (thd=thd@entry=0x7fff94000c58,
      is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)
      at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
      #24 0x0000555555d68c27 in mysql_parse (thd=0x7fff94000c58, rawbuf=<optimized out>,
      length=<optimized out>, parser_state=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
      #25 0x0000555555d74fdd in dispatch_command (command=command@entry=COM_QUERY,
      thd=thd@entry=0x7fff94000c58, packet=packet@entry=0x7fff94008509 "",
      packet_length=packet_length@entry=519, blocking=blocking@entry=true)
      at /home/wx/mariadb-11.3.0/sql/sql_class.h:251
      #26 0x0000555555d7721e in do_command (thd=0x7fff94000c58, blocking=blocking@entry=true)
      at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
      #27 0x0000555555e9a617 in do_handle_one_connection (connect=<optimized out>,
      connect@entry=0x555557e11588, put_in_cache=put_in_cache@entry=true)
      at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
      #28 0x0000555555e9a94d in handle_one_connection (arg=arg@entry=0x555557e11588)
      at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
      #29 0x00005555561e658d in pfs_spawn_thread (arg=0x555557dbafb8)
      at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
      #30 0x00007ffff7b48609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
      #31 0x00007ffff7719133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Activity

          People

            psergei Sergei Petrunia
            Xin Wen Xin Wen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.