[MDEV-32411] Item_sum arguments incorrectly reset to temp table fields which causes crash - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 11.3.0, 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
Fix Version/s: 10.5.28, 10.6.21, 10.11.11, 11.4.5, 11.7.2
Component/s: Optimizer, Optimizer - Window functions, Server
Labels:
None
Environment:
Ubuntu 20.04

Description

Run these queries in release build:

CREATE TABLE t0 ( c51 TEXT DEFAULT ( ATAN ( 109 ) ) ) ;

INSERT INTO t0 VALUES ( -19 ) , ( 122 ) ;

ALTER TABLE t0 MODIFY COLUMN c51 INT NOT NULL ;

INSERT INTO t0 VALUES ( -83 ) , ( ATAN ( -89 LIKE EXISTS ( SELECT ROW_NUMBER ( ) OVER ( PARTITION BY c51 ORDER BY CASE c51 WHEN -107 THEN COUNT( DISTINCT c51 , + TRIM( TRAILING c51 FROM '/{;sxMhm&X$8fg7_ga#RG+7,>%)qs`b-Z7_\\><_k\'ML' ) NOT IN ( RAND ( ) NOT BETWEEN 69 AND -122 ) ) - - COS ( t0 . c51 ) ELSE 39 END IS TRUE ) NOT IN ( 107 , 15 , 57 ) AS c1 ) ) ) ;

Will trigger Segmentation fault. GDB info:

Thread 16 "mariadbd" received signal SIGSEGV, Segmentation fault.

[Switching to Thread 0x7fffd242e300 (LWP 3369)]

0x00000000013316dd in Field::type_std_attributes (this=0x6190000a3458) at /home/wx/mariadb-11.3.0/sql/field.h:902

902	    return Type_std_attributes(type_numeric_attributes(), dtcollation());

#0  0x00000000013316dd in Field::type_std_attributes (this=0x619000159258) at /home/wx/mariadb-11.3.0/sql/field.h:902

#1  Item_field::set_field (this=0x6290000bc7e0, field_par=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item.cc:3141

#2  0x000000000133122a in Item_field::Item_field (this=0x6290000bc7e0, thd=<optimized out>, f=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item.cc:3046

#3  0x00000000015ef5ab in Item_sum::get_tmp_table_item (this=<optimized out>, thd=0x62b00016c218) at /home/wx/mariadb-11.3.0/sql/item_sum.cc:563

#4  0x0000000000c2f1a9 in change_refs_to_tmp_fields (thd=<optimized out>, ref_pointer_array=..., res_selected_fields=..., res_all_fields=..., elements=1, all_fields=...) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:28691

#5  JOIN::make_aggr_tables_info (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:3798

#6  0x0000000000bfc660 in JOIN::optimize_stage2 (this=0x6290000ba0c8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:3438

#7  0x0000000000c13911 in JOIN::optimize_inner (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2650

#8  0x0000000000bfc156 in JOIN::optimize (this=0x6290000ba0c8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1944

#9  0x0000000000ab5421 in st_select_lex::optimize_unflattened_subqueries (this=<optimized out>, const_only=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4916

#10 0x0000000000a688a6 in mysql_insert (thd=<optimized out>, table_list=0x6290000915e0, fields=..., values_list=..., update_fields=..., update_values=..., duplic=<optimized out>, ignore=<optimized out>, result=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_insert.cc:875

#11 0x0000000000b36566 in mysql_execute_command (thd=0x62b00016c218, is_called_from_prepared_stmt=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:4417

#12 0x0000000000b1fe79 in mysql_parse (thd=thd@entry=0x62b00016c218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, parser_state@entry=0x7fffd242ca80) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734

#13 0x0000000000b19069 in dispatch_command (command=<optimized out>, thd=0x62b00016c218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1893

#14 0x0000000000b20b71 in do_command (thd=0x62b00016c218, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406

#15 0x0000000000f03476 in do_handle_one_connection (connect=<optimized out>, put_in_cache=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445

#16 0x0000000000f02eb9 in handle_one_connection (arg=arg@entry=0x608001c51cb8) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347

#17 0x0000000001a00c1b in pfs_spawn_thread (arg=0x617000005498) at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201

#18 0x00007ffff79f7609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0

#19 0x00007ffff770f133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

Attachments

Issue Links

is duplicated by

MDEV-32410 make_aggr_tables_info: Use-After-Poison at /mariadb-11.3.0/sql/item.cc:3042

Closed

relates to

MDEV-35846 Query succeeds despite unresolved reference to column `a`

Closed

Activity

Ascending order - Click to sort in descending order

View 8 older comments

Igor Babaev added a comment - 2025-01-15 21:57

For the build just before the pushed patch we have:

MariaDB [test]> CREATE TABLE t1 (a int DEFAULT 2);

Query OK, 0 rows affected (0.014 sec)

MariaDB [test]> INSERT INTO t1 VALUES (1), (2);

Query OK, 2 rows affected (0.007 sec)

Records: 2  Duplicates: 0  Warnings: 0

MariaDB [test]> SELECT * FROM t1;

+------+

| a    |

+------+

|    1 |

|    2 |

+------+

2 rows in set (0.001 sec)

MariaDB [test]> INSERT INTO t1 SELECT avg(4);

Query OK, 1 row affected (0.004 sec)

Records: 1  Duplicates: 0  Warnings: 0

MariaDB [test]> SELECT * FROM t1;

+------+

| a    |

+------+

|    1 |

|    2 |

|    4 |

+------+

3 rows in set (0.001 sec)

MariaDB [test]> INSERT INTO t1 SELECT avg(4) OVER ();

Query OK, 1 row affected (0.003 sec)

Records: 1  Duplicates: 0  Warnings: 0

MariaDB [test]> SELECT * FROM t1;

+------+

| a    |

+------+

|    1 |

|    2 |

|    4 |

|    4 |

+------+

4 rows in set (0.001 sec)

MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(4)));

Query OK, 1 row affected (0.004 sec)

MariaDB [test]> SELECT * FROM t1;

+------+

| a    |

+------+

|    1 |

|    2 |

|    4 |

|    4 |

|    4 |

+------+

5 rows in set (0.003 sec)

MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(4) OVER ()));

Query OK, 1 row affected (0.005 sec)

MariaDB [test]> SELECT * FROM t1;

+------+

| a    |

+------+

|    1 |

|    2 |

|    4 |

|    4 |

|    4 |

| NULL |

+------+

6 rows in set (0.002 sec)

MariaDB [test]> SELECT avg(4) OVER ();

+----------------+

| avg(4) OVER () |

+----------------+

|         4.0000 |

+----------------+

1 row in set (0.001 sec)

MariaDB [test]> INSERT INTO t1 SELECT avg(4) OVER (ORDER BY t1.a);

ERROR 1109 (42S02): Unknown table 't1' in order clause

MariaDB [test]> INSERT INTO t1 SELECT avg(4) ORDER BY t1.a;

ERROR 1109 (42S02): Unknown table 't1' in order clause

MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(4) ORDER BY t1.a));

Query OK, 1 row affected (0.005 sec)

MariaDB [test]> SELECT * FROM t1;

+------+

| a    |

+------+

|    1 |

|    2 |

|    4 |

|    4 |

|    4 |

| NULL |

|    4 |

+------+

7 rows in set (0.001 sec)

MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(4) OVER (ORDER BY t1.a)));

Query OK, 1 row affected (0.005 sec)

MariaDB [test]> SELECT * FROM t1;

+------+

| a    |

+------+

|    1 |

|    2 |

|    4 |

|    4 |

|    4 |

| NULL |

|    4 |

| NULL |

+------+

8 rows in set (0.002 sec)

MariaDB [test]> CREATE TABLE t2 (b int);

Query OK, 0 rows affected (0.018 sec)

MariaDB [test]> INSERT INTO t2 VALUES (2);

Query OK, 1 row affected (0.006 sec)

MariaDB [test]> INSERT INTO t1 SELECT avg(4) OVER () FROM t2;

Query OK, 1 row affected (0.005 sec)

Records: 1  Duplicates: 0  Warnings: 0

MariaDB [test]> SELECT * FROM t1;

+------+

| a    |

+------+

|    1 |

|    2 |

|    4 |

|    4 |

|    4 |

| NULL |

|    4 |

| NULL |

|    4 |

+------+

9 rows in set (0.002 sec)

MariaDB [test]> INSERT INTO t1 SELECT avg(4) OVER (ORDER BY t1.a) FROM t2;

ERROR 1054 (42S22): Unknown column 't1.a' in 'order clause'

MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(4) OVER () FROM t2));

Query OK, 1 row affected (0.006 sec)

MariaDB [test]> SELECT * FROM t1;

+------+

| a    |

+------+

|    1 |

|    2 |

|    4 |

|    4 |

|    4 |

| NULL |

|    4 |

| NULL |

|    4 |

|    4 |

+------+

10 rows in set (0.002 sec)

MariaDB [test]> INSERT INTO t1 SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT a , hex(a)));

ERROR 1054 (42S22): Unknown column 'a' in 'order clause'

MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT a , hex(a)))));

Query OK, 1 row affected (0.005 sec)

MariaDB [test]> SELECT * FROM t1;

+------+

| a    |

+------+

|    1 |

|    2 |

|    4 |

|    4 |

|    4 |

| NULL |

|    4 |

| NULL |

|    4 |

|    4 |

| NULL |

+------+

11 rows in set (0.002 sec)

MariaDB [test]> INSERT INTO t1 VALUES(EXISTS(SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT a , hex(a)))));

ERROR 2013 (HY000): Lost connection to MySQL server during query

MariaDB [test]>  INSERT INTO t1 VALUES(EXISTS(SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a)))));

ERROR 2013 (HY000): Lost connection to MySQL server during query

MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a)))));

Query OK, 1 row affected (0.015 sec)

MariaDB [test]> SELECT * FROM t1;

+------+

| a    |

+------+

|    1 |

|    2 |

|    4 |

|    4 |

|    4 |

| NULL |

|    4 |

| NULL |

|    4 |

|    4 |

| NULL |

| NULL |

+------+

12 rows in set (0.002 sec)

MariaDB [test]> INSERT INTO t1 SELECT * FROM t2 WHERE (SELECT avg(t1.a) FROM t1 t) > 0;

ERROR 1054 (42S22): Unknown column 't1.a' in 'field list'

MariaDB [test]>  INSERT INTO t1 VALUES(( SELECT * FROM t2 WHERE (SELECT avg(t1.a) FROM t1 t) > 0));

Query OK, 1 row affected (0.005 sec)

MariaDB [test]> SELECT * FROM t1;

+------+

| a    |

+------+

|    1 |

|    2 |

|    4 |

|    4 |

|    4 |

| NULL |

|    4 |

| NULL |

|    4 |

|    4 |

| NULL |

| NULL |

|    2 |

+------+

13 rows in set (0.002 sec)

MariaDB [test]> INSERT INTO t1 VALUES((SELECT t2.b FROM t2 WHERE (SELECT 1 FROM (VALUES((SELECT avg(3) FROM t2))) dt) > 0));

Query OK, 1 row affected (0.004 sec)

MariaDB [test]>  SELECT * FROM t1;

+------+

| a    |

+------+

|    1 |

|    2 |

|    4 |

|    4 |

|    4 |

| NULL |

|    4 |

| NULL |

|    4 |

|    4 |

| NULL |

| NULL |

|    2 |

|    2 |

+------+

14 rows in set (0.001 sec)

MariaDB [test]>  INSERT INTO t1 VALUES((SELECT t2.b FROM t2 WHERE (SELECT 1 FROM (VALUES((SELECT avg(t1.a) FROM t2))) dt) > 0));

ERROR 1054 (42S22): Unknown column 't1.a' in 'field list'

MariaDB [test]> INSERT INTO t1 VALUES((SELECT t2.b FROM t2 WHERE (SELECT 1 FROM (SELECT avg(t1.a) FROM t2) dt) > 0));

ERROR 1054 (42S22): Unknown column 't1.a' in 'field list'

Igor Babaev added a comment - 2025-01-15 21:57 For the build just before the pushed patch we have: MariaDB [test]> CREATE TABLE t1 (a int DEFAULT 2); Query OK, 0 rows affected (0.014 sec) MariaDB [test]> INSERT INTO t1 VALUES (1), (2); Query OK, 2 rows affected (0.007 sec) Records: 2 Duplicates: 0 Warnings: 0 MariaDB [test]> SELECT * FROM t1; +------+ | a | +------+ | 1 | | 2 | +------+ 2 rows in set (0.001 sec) MariaDB [test]> INSERT INTO t1 SELECT avg(4); Query OK, 1 row affected (0.004 sec) Records: 1 Duplicates: 0 Warnings: 0 MariaDB [test]> SELECT * FROM t1; +------+ | a | +------+ | 1 | | 2 | | 4 | +------+ 3 rows in set (0.001 sec) MariaDB [test]> INSERT INTO t1 SELECT avg(4) OVER (); Query OK, 1 row affected (0.003 sec) Records: 1 Duplicates: 0 Warnings: 0 MariaDB [test]> SELECT * FROM t1; +------+ | a | +------+ | 1 | | 2 | | 4 | | 4 | +------+ 4 rows in set (0.001 sec) MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(4))); Query OK, 1 row affected (0.004 sec) MariaDB [test]> SELECT * FROM t1; +------+ | a | +------+ | 1 | | 2 | | 4 | | 4 | | 4 | +------+ 5 rows in set (0.003 sec) MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(4) OVER ())); Query OK, 1 row affected (0.005 sec) MariaDB [test]> SELECT * FROM t1; +------+ | a | +------+ | 1 | | 2 | | 4 | | 4 | | 4 | | NULL | +------+ 6 rows in set (0.002 sec) MariaDB [test]> SELECT avg(4) OVER (); +----------------+ | avg(4) OVER () | +----------------+ | 4.0000 | +----------------+ 1 row in set (0.001 sec) MariaDB [test]> INSERT INTO t1 SELECT avg(4) OVER (ORDER BY t1.a); ERROR 1109 (42S02): Unknown table 't1' in order clause MariaDB [test]> INSERT INTO t1 SELECT avg(4) ORDER BY t1.a; ERROR 1109 (42S02): Unknown table 't1' in order clause MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(4) ORDER BY t1.a)); Query OK, 1 row affected (0.005 sec) MariaDB [test]> SELECT * FROM t1; +------+ | a | +------+ | 1 | | 2 | | 4 | | 4 | | 4 | | NULL | | 4 | +------+ 7 rows in set (0.001 sec) MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(4) OVER (ORDER BY t1.a))); Query OK, 1 row affected (0.005 sec) MariaDB [test]> SELECT * FROM t1; +------+ | a | +------+ | 1 | | 2 | | 4 | | 4 | | 4 | | NULL | | 4 | | NULL | +------+ 8 rows in set (0.002 sec) MariaDB [test]> CREATE TABLE t2 (b int); Query OK, 0 rows affected (0.018 sec) MariaDB [test]> INSERT INTO t2 VALUES (2); Query OK, 1 row affected (0.006 sec) MariaDB [test]> INSERT INTO t1 SELECT avg(4) OVER () FROM t2; Query OK, 1 row affected (0.005 sec) Records: 1 Duplicates: 0 Warnings: 0 MariaDB [test]> SELECT * FROM t1; +------+ | a | +------+ | 1 | | 2 | | 4 | | 4 | | 4 | | NULL | | 4 | | NULL | | 4 | +------+ 9 rows in set (0.002 sec) MariaDB [test]> INSERT INTO t1 SELECT avg(4) OVER (ORDER BY t1.a) FROM t2; ERROR 1054 (42S22): Unknown column 't1.a' in 'order clause' MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(4) OVER () FROM t2)); Query OK, 1 row affected (0.006 sec) MariaDB [test]> SELECT * FROM t1; +------+ | a | +------+ | 1 | | 2 | | 4 | | 4 | | 4 | | NULL | | 4 | | NULL | | 4 | | 4 | +------+ 10 rows in set (0.002 sec) MariaDB [test]> INSERT INTO t1 SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT a , hex(a))); ERROR 1054 (42S22): Unknown column 'a' in 'order clause' MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT a , hex(a))))); Query OK, 1 row affected (0.005 sec) MariaDB [test]> SELECT * FROM t1; +------+ | a | +------+ | 1 | | 2 | | 4 | | 4 | | 4 | | NULL | | 4 | | NULL | | 4 | | 4 | | NULL | +------+ 11 rows in set (0.002 sec) MariaDB [test]> INSERT INTO t1 VALUES(EXISTS(SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT a , hex(a))))); ERROR 2013 (HY000): Lost connection to MySQL server during query MariaDB [test]> INSERT INTO t1 VALUES(EXISTS(SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a))))); ERROR 2013 (HY000): Lost connection to MySQL server during query MariaDB [test]> INSERT INTO t1 VALUES((SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a))))); Query OK, 1 row affected (0.015 sec) MariaDB [test]> SELECT * FROM t1; +------+ | a | +------+ | 1 | | 2 | | 4 | | 4 | | 4 | | NULL | | 4 | | NULL | | 4 | | 4 | | NULL | | NULL | +------+ 12 rows in set (0.002 sec) MariaDB [test]> INSERT INTO t1 SELECT * FROM t2 WHERE (SELECT avg(t1.a) FROM t1 t) > 0; ERROR 1054 (42S22): Unknown column 't1.a' in 'field list' MariaDB [test]> INSERT INTO t1 VALUES(( SELECT * FROM t2 WHERE (SELECT avg(t1.a) FROM t1 t) > 0)); Query OK, 1 row affected (0.005 sec) MariaDB [test]> SELECT * FROM t1; +------+ | a | +------+ | 1 | | 2 | | 4 | | 4 | | 4 | | NULL | | 4 | | NULL | | 4 | | 4 | | NULL | | NULL | | 2 | +------+ 13 rows in set (0.002 sec) MariaDB [test]> INSERT INTO t1 VALUES((SELECT t2.b FROM t2 WHERE (SELECT 1 FROM (VALUES((SELECT avg(3) FROM t2))) dt) > 0)); Query OK, 1 row affected (0.004 sec) MariaDB [test]> SELECT * FROM t1; +------+ | a | +------+ | 1 | | 2 | | 4 | | 4 | | 4 | | NULL | | 4 | | NULL | | 4 | | 4 | | NULL | | NULL | | 2 | | 2 | +------+ 14 rows in set (0.001 sec) MariaDB [test]> INSERT INTO t1 VALUES((SELECT t2.b FROM t2 WHERE (SELECT 1 FROM (VALUES((SELECT avg(t1.a) FROM t2))) dt) > 0)); ERROR 1054 (42S22): Unknown column 't1.a' in 'field list' MariaDB [test]> INSERT INTO t1 VALUES((SELECT t2.b FROM t2 WHERE (SELECT 1 FROM (SELECT avg(t1.a) FROM t2) dt) > 0)); ERROR 1054 (42S22): Unknown column 't1.a' in 'field list'

Oleg Smirnov added a comment - 2025-01-16 03:35

The crash for the query is eliminated, however it was found that the query itself is not valid. I filed ~~MDEV-35846~~ for addressing that.

Oleg Smirnov added a comment - 2025-01-16 03:35 The crash for the query is eliminated, however it was found that the query itself is not valid. I filed MDEV-35846 for addressing that.

Igor Babaev added a comment - 2025-01-16 18:01

Before the patch the same crash can be reproduced with the following test case as well:

CREATE TABLE t1 (a int DEFAULT 2);

INSERT INTO t1 VALUES (1), (2);

SELECT * FROM t1 WHERE EXISTS(SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a))));

Igor Babaev added a comment - 2025-01-16 18:01 Before the patch the same crash can be reproduced with the following test case as well: CREATE TABLE t1 (a int DEFAULT 2); INSERT INTO t1 VALUES (1), (2); SELECT * FROM t1 WHERE EXISTS( SELECT avg (3) OVER ( ORDER BY COUNT ( DISTINCT t1.a , hex(t1.a))));

Igor Babaev added a comment - 2025-01-16 21:02 - edited

The query in the last test case uses degenerated subquery with a window function with ORDER BY list that is eliminated. If we use a FROM clause for the subquery the query is executed without any problems returning the expected result:

MariaDB [test]> CREATE TABLE t2 (b int);

Query OK, 0 rows affected (0.019 sec)

MariaDB [test]> INSERT INTO t2 VALUES (4);

Query OK, 1 row affected (0.013 sec)

MariaDB [test]> SELECT * FROM t1 WHERE EXISTS(SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a))) FROM t2);

+------+

| a    |

+------+

|    1 |

|    2 |

+------+

2 rows in set (0.006 sec)

If we set a breakpoint in the function JOIN::make_aggr_tables_info() at the code:

   /* Change sum_fields reference to calculated fields in tmp_table */

    items1= ref_ptr_array_slice(2);

    if ((sort_and_group || curr_tab->table->group ||

         tmp_table_param.precomputed_group_by) &&

	!implicit_grouping_without_tables)

      if (change_to_use_tmp_fields(thd, items1,

                                   tmp_fields_list1, tmp_all_fields1,

                                   fields_list.elements, all_fields))

        DBUG_RETURN(true);

    else

      if (change_refs_to_tmp_fields(thd, items1,

                                    tmp_fields_list1, tmp_all_fields1,

                                    fields_list.elements, all_fields))

        DBUG_RETURN(true);

we see that for the query

SELECT * FROM t1 WHERE EXISTS(SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a))));

the 'else' branch with a call of change_refs_to_tmp_fields() is used while for the query

SELECT * FROM t1 WHERE EXISTS(SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a))) FROM t2);

the 'then' branch is used with a call of change_to_use_tmp_fields()
Let's use the call of change_to_use_tmp_fields() for the first query with the following diff:

     if ((sort_and_group || curr_tab->table->group ||

          tmp_table_param.precomputed_group_by) &&

-         !implicit_grouping_without_tables)

+        (!implicit_grouping_without_tables ||

+          (implicit_grouping_with_window_funcs &&

+           !select_lex->table_list.elements)))

       if (change_to_use_tmp_fields(thd, items1,

After having applied this patch I have:

MariaDB [test]> SELECT * FROM t1 WHERE EXISTS(SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a))));

+------+

| a    |

+------+

|    1 |

|    2 |

+------+

2 rows in set (0.003 sec)

This is the expected result.

However for the query

SELECT * FROM t1 WHERE (SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a)))) = 3;

as well as for the query

SELECT * FROM t1 WHERE (SELECT avg(3) OVER ()) = 3;

we don't have expected results:

MariaDB [test]> SELECT * FROM t1 WHERE (SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a)))) = 3;

Empty set (0.001 sec)

MariaDB [test]> SELECT * FROM t1 WHERE (SELECT avg(3) OVER ()) = 3;

Empty set (0.000 sec)

Indeed

MariaDB [test]> SELECT avg(3) OVER ();

+----------------+

| avg(3) OVER () |

+----------------+

|         3.0000 |

+----------------+

1 row in set (0.001 sec)

This because of another bug concerning degenerated subqueries with window functions noticed in the previous comments. This bug is reported in ~~MDEV-35869~~. It makes sense to fix ~~MDEV-35869~~ first.

Igor Babaev added a comment - 2025-01-16 21:02 - edited The query in the last test case uses degenerated subquery with a window function with ORDER BY list that is eliminated. If we use a FROM clause for the subquery the query is executed without any problems returning the expected result: MariaDB [test]> CREATE TABLE t2 (b int); Query OK, 0 rows affected (0.019 sec) MariaDB [test]> INSERT INTO t2 VALUES (4); Query OK, 1 row affected (0.013 sec) MariaDB [test]> SELECT * FROM t1 WHERE EXISTS(SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a))) FROM t2); +------+ | a | +------+ | 1 | | 2 | +------+ 2 rows in set (0.006 sec) If we set a breakpoint in the function JOIN::make_aggr_tables_info() at the code: /* Change sum_fields reference to calculated fields in tmp_table */ items1= ref_ptr_array_slice(2); if ((sort_and_group || curr_tab->table->group || tmp_table_param.precomputed_group_by) && !implicit_grouping_without_tables) { if (change_to_use_tmp_fields(thd, items1, tmp_fields_list1, tmp_all_fields1, fields_list.elements, all_fields)) DBUG_RETURN(true); } else { if (change_refs_to_tmp_fields(thd, items1, tmp_fields_list1, tmp_all_fields1, fields_list.elements, all_fields)) DBUG_RETURN(true); } we see that for the query SELECT * FROM t1 WHERE EXISTS( SELECT avg (3) OVER ( ORDER BY COUNT ( DISTINCT t1.a , hex(t1.a)))); the 'else' branch with a call of change_refs_to_tmp_fields() is used while for the query SELECT * FROM t1 WHERE EXISTS( SELECT avg (3) OVER ( ORDER BY COUNT ( DISTINCT t1.a , hex(t1.a))) FROM t2); the 'then' branch is used with a call of change_to_use_tmp_fields() Let's use the call of change_to_use_tmp_fields() for the first query with the following diff: if ((sort_and_group || curr_tab->table->group || tmp_table_param.precomputed_group_by) && - !implicit_grouping_without_tables) + (!implicit_grouping_without_tables || + (implicit_grouping_with_window_funcs && + !select_lex->table_list.elements))) { if (change_to_use_tmp_fields(thd, items1, After having applied this patch I have: MariaDB [test]> SELECT * FROM t1 WHERE EXISTS(SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a)))); +------+ | a | +------+ | 1 | | 2 | +------+ 2 rows in set (0.003 sec) This is the expected result. However for the query SELECT * FROM t1 WHERE (SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a)))) = 3; as well as for the query SELECT * FROM t1 WHERE ( SELECT avg (3) OVER ()) = 3; we don't have expected results: MariaDB [test]> SELECT * FROM t1 WHERE (SELECT avg(3) OVER (ORDER BY COUNT( DISTINCT t1.a , hex(t1.a)))) = 3; Empty set (0.001 sec) MariaDB [test]> SELECT * FROM t1 WHERE (SELECT avg(3) OVER ()) = 3; Empty set (0.000 sec) Indeed MariaDB [test]> SELECT avg(3) OVER (); +----------------+ | avg(3) OVER () | +----------------+ | 3.0000 | +----------------+ 1 row in set (0.001 sec) This because of another bug concerning degenerated subqueries with window functions noticed in the previous comments. This bug is reported in MDEV-35869 . It makes sense to fix MDEV-35869 first.

Sergei Golubchik added a comment - 2025-02-04 09:04

The fix is pushed and released, so this issue is closed with specific fix versions. A followup is moved into MDEV-36021. Please, feel free to add more content to MDEV-36021 description

Sergei Golubchik added a comment - 2025-02-04 09:04 The fix is pushed and released, so this issue is closed with specific fix versions. A followup is moved into MDEV-36021 . Please, feel free to add more content to MDEV-36021 description

People

Assignee:: Oleg Smirnov

Reporter:: Xin Wen

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 2023-10-10 04:36

Updated:: 2025-02-04 09:04

Resolved:: 2025-02-04 09:04

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server