Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32413

Segmentation fault at /mariadb-11.3.0/sql/item_cmpfunc.h:104

    XMLWordPrintable

Details

    Description

      Run these queries in release build:

      CREATE TABLE t0 ( c3 DECIMAL ( 35 ) NOT NULL ) ;
      INSERT INTO t0 VALUES ( 107 ) , ( 16 ) ;
      CREATE UNIQUE INDEX i0 ON t0 ( c3 ) ;
      INSERT INTO t0 VALUES ( -49 ) , ( 6359926900298652327 ) ;
      ( SELECT c3 NOT IN ( DEGREES ( -105 < 32 AND 106 > -4 ) IS NOT NULL = SUM( t0 . c3 IN ( SELECT t0 . c3 AS c38 FROM t0 ) ) - AVG ( c3 ) OVER ( PARTITION BY t0 . c3 , LTRIM ( RTRIM ( t0 . c3 ) / EXP ( RAND ( ) + EXISTS ( SELECT t0 . c3 AS c43 FROM t0 JOIN t0 AS t1 LEFT OUTER JOIN t0 AS t2 ON TRUE ON t2 . c3 = t0 . c3 ) ) NOT LIKE REPLACE ( -105 , SUM( -110 = 7630906268540546188 LIKE EXP ( -95 ) XOR ROUND ( 83 , ( CONCAT ( 94 , '~3{>*:sRe

      {(\'j%Hq<?]CX3j3v}

      2U1^xW9ixo76cT,!L' ) + TAN ( -52 ) ^ OCT ( 51 ) = 85 IS NULL ) ) NOT BETWEEN -35 AND -52 ) OVER ( PARTITION BY t0 . c3 ROWS UNBOUNDED PRECEDING ) ^ COS ( MOD ( -87 , -2787301830726818039 ) SOUNDS LIKE IFNULL ( 2997521584933561420 , SUBSTRING( t0 . c3 , 'B#k zTEh_5mjL\'z[[5*.+.w[!e7T"e}VE)T<IRc<}$-v~m7n' ) >= 121 ) ) , 'a>No7qX==+2dW~%cxSrrL-hZ

      {bkFF9}

      zq01gK>,JT"S5X|T]M^Y5AnAh5RmxJNbf' ) ) ) , -54 , ACOS ( 40 ) | + + FLOOR ( 78 ) / EXP ( -85 ) NOT LIKE - ROUND ( -58 , -32.342714 ) ) AS c53 FROM t0 GROUP BY c3 , c3 ) ;

      Will trigger Segmentation fault.
      GDB info:
      Thread 16 "mariadbd" received signal SIGSEGV, Segmentation fault.
      [Switching to Thread 0x7fffe011a700 (LWP 46364)]
      0x0000000000000004 in ?? ()
      (gdb) frame 1
      #1 0x0000555556010caf in Arg_comparator::compare (this=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:104
      104 inline int compare()

      { return (this->*func)(); }

      #0 0x0000000000000004 in ?? ()
      #1 0x0000555556010caf in Arg_comparator::compare (this=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:104
      #2 Item_func_eq::val_int (this=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1780
      #3 0x0000555556011e2c in Item_func_xor::val_int (this=0x7fff94074cd0)
      at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:6497
      #4 0x00005555560464b2 in Item_int_func::val_real (this=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/item_func.cc:753
      #5 0x00005555560c5342 in Item_sum_sum::add_helper (this=0x7fff94074d88,
      perform_removal=perform_removal@entry=false)
      at /home/wx/mariadb-11.3.0/sql/item_sum.cc:1695
      #6 0x00005555560c567f in Item_sum_sum::add (this=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/item_sum.cc:1622
      #7 0x0000555555f445d9 in Frame_cursor::add_value_to_items (this=0x7fff94085b28)
      at /home/wx/mariadb-11.3.0/sql/sql_window.cc:1166
      #8 Frame_cursor::add_value_to_items (this=0x7fff94085b28)
      at /home/wx/mariadb-11.3.0/sql/sql_window.cc:1157
      #9 Frame_rows_current_row_bottom::pre_next_partition (this=0x7fff94085b28, rownum=0)
      at /home/wx/mariadb-11.3.0/sql/sql_window.cc:2012
      #10 0x0000555555f41ff9 in Cursor_manager::notify_cursors_partition_changed (rownum=0,
      this=0x7fff94026190) at /home/wx/mariadb-11.3.0/sql/sql_window.cc:1225
      #11 compute_window_func (thd=thd@entry=0x7fff94000c58, window_functions=...,
      cursor_managers=..., tbl=tbl@entry=0x7fff9408b160,
      filesort_result=filesort_result@entry=0x7fff9403de40)
      at /home/wx/mariadb-11.3.0/sql/sql_window.cc:2907
      #12 0x0000555555f4249e in Window_func_runner::exec (this=this@entry=0x7fff94085198,
      thd=thd@entry=0x7fff94000c58, tbl=0x7fff9408b160, filesort_result=0x7fff9403de40)
      at /home/wx/mariadb-11.3.0/sql/sql_window.cc:3039
      #13 0x0000555555f425c6 in Window_funcs_sort::exec (this=0x7fff94085190,
      join=join@entry=0x7fff94079048, keep_filesort_result=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/sql_window.cc:3067
      #14 0x0000555555f42efb in Window_funcs_computation::exec (this=0x7fff94085170,
      join=join@entry=0x7fff94079048,
      keep_last_filesort_result=keep_last_filesort_result@entry=true)
      at /home/wx/mariadb-11.3.0/sql/sql_window.cc:3196
      #15 0x0000555555de7e01 in AGGR_OP::end_send (this=0x7fff94084a20)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:32300
      #16 0x0000555555de8150 in sub_select_postjoin_aggr (join=0x7fff94079048,
      join_tab=0x7fff9407fef0, end_of_records=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23128
      #17 0x0000555555df1814 in do_select (procedure=<optimized out>, join=0x7fff94079048)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22963
      #18 JOIN::exec_inner (this=this@entry=0x7fff94079048)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #19 0x0000555555df1d78 in JOIN::exec (this=this@entry=0x7fff94079048)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #20 0x0000555555defe1c in mysql_select (thd=thd@entry=0x7fff94000c58, tables=0x7fff94077cb0,
      fields=..., conds=0x0, og_num=3, order=0x0, group=0x7fff94016380, having=0x0,
      proc_param=0x0, select_options=<optimized out>, result=0x7fff94079020,
      unit=0x7fff94004ee8, select_lex=0x7fff94013448)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
      #21 0x0000555555df0607 in handle_select (thd=thd@entry=0x7fff94000c58,
      lex=lex@entry=0x7fff94004e08, result=result@entry=0x7fff94079020,
      setup_tables_done_option=setup_tables_done_option@entry=0)
      at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
      #22 0x0000555555d6de41 in execute_sqlcom_select (thd=thd@entry=0x7fff94000c58,
      all_tables=0x7fff94077cb0) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
      #23 0x0000555555d7c2aa in mysql_execute_command (thd=thd@entry=0x7fff94000c58,
      is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)
      at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
      #24 0x0000555555d68c27 in mysql_parse (thd=0x7fff94000c58, rawbuf=<optimized out>,
      length=<optimized out>, parser_state=<optimized out>)
      at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
      #25 0x0000555555d74fdd in dispatch_command (command=command@entry=COM_QUERY,
      thd=thd@entry=0x7fff94000c58, packet=packet@entry=0x7fff94008509 "",
      packet_length=packet_length@entry=978, blocking=blocking@entry=true)
      at /home/wx/mariadb-11.3.0/sql/sql_class.h:251
      #26 0x0000555555d7721e in do_command (thd=0x7fff94000c58, blocking=blocking@entry=true)
      at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
      #27 0x0000555555e9a617 in do_handle_one_connection (connect=<optimized out>,
      connect@entry=0x555557e11218, put_in_cache=put_in_cache@entry=true)
      at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
      #28 0x0000555555e9a94d in handle_one_connection (arg=arg@entry=0x555557e11218)
      at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
      #29 0x00005555561e658d in pfs_spawn_thread (arg=0x555557dbaf88)
      at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
      #30 0x00007ffff7b48609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
      #31 0x00007ffff7719133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32415 Nested window funcs? SEGV at /mariadb-11.3.0/sql/item_func.h:771

          • Major - Major loss of function.
          • Confirmed

          Activity

            People

              Unassigned Unassigned
              Xin Wen Xin Wen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.