Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
11.3.0, 10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL), 11.7
-
None
-
Ubuntu 20.04
Description
Run these queries in release build:
CREATE TABLE t0 ( c30 DECIMAL ( 13 ) NOT NULL ) ; |
INSERT INTO t0 VALUES ( 40 ) , ( -88 ) ; |
CREATE UNIQUE INDEX i0 ON t0 ( c30 ) ; |
INSERT INTO t0 VALUES ( -104 ) , ( 108 ) ; |
( SELECT c30 NOT IN ( DEGREES ( 94 < -30 AND 76 > -6 ) IS NOT NULL = SUM( t0 . c30 IN ( SELECT t0 . c30 AS c43 FROM t0 ) ) - AVG ( c30 ) OVER ( PARTITION BY t0 . c30 , LTRIM ( RTRIM ( t0 . c30 ) / EXP ( RAND ( t0 . c30 NOT IN ( VAR_SAMP( 110 NOT REGEXP 51.925892 | NULLIF ( t0 . c30 , 74 ) ) OVER ( PARTITION BY t0 . c30 ) , -12 , -95 ) ) + EXISTS ( SELECT t2 . c30 AS c61 FROM t0 JOIN t0 AS t1 LEFT OUTER JOIN t0 AS t2 ON TRUE ON t2 . c30 = t1 . c30 ) ) NOT LIKE REPLACE ( -12 , CONCAT ( t0 . c30 , 'wIqh36p$XE]6W3l/0A~RXY&r#NQ-ht(7H=1]4_1ITo' ) ^ COS ( MOD ( 123 , -75 ) SOUNDS LIKE IFNULL ( -40 , SUBSTRING( t0 . c30 , '1D,>N{I\\;M|W).)J>0WW^22,w@=Xd4%\'Y#C<(rgm[Q yETmw{05%jQH}<3-F^' ) >= 2883848735260353512 ) ) , '|z' ) ) ) , 119 , ACOS ( -47 ) | + + FLOOR ( 74 ) / EXP ( 105 ) NOT LIKE - ROUND ( -3120512921002175577 , -47.901984 ) ) AS c19 FROM t0 GROUP BY c30 , c30 ) ; |
Will trigger Segmentation fault.
GDB info:
Thread 16 "mariadbd" received signal SIGSEGV, Segmentation fault.
|
[Switching to Thread 0x7fffd242e300 (LWP 3479)]
|
0x00000000013fdab4 in Item_handled_func::val_str (this=0x6290000be500, to=0x7fffd2429d60) at /home/wx/mariadb-11.3.0/sql/item_func.h:771
|
771 return m_func_handler->val_str(this, to);
|
(gdb) p m_func_handler
|
$42 = (const Item_handled_func::Handler *) 0x0
|
 |
#0 0x00000000013fdab4 in Item_handled_func::val_str (this=0x6290000c3590, to=0x7fffd2429d60) at /home/wx/mariadb-11.3.0/sql/item_func.h:771
|
#1 0x00000000013e4148 in Regexp_processor_pcre::compile (this=<optimized out>, item=<optimized out>, send_error=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:6083
|
#2 0x00000000013e5a65 in Regexp_processor_pcre::recompile (this=<optimized out>, item=0x6290000c3590) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:3024
|
#3 Item_func_regex::val_int (this=0x6290000c3650) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:6218
|
#4 0x00000000010d6cd1 in Type_handler_int_result::Item_val_bool (this=<optimized out>, item=0x0) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:5082
|
#5 0x00000000013a5961 in Item_func_not::val_int (this=0x6290000c37d0) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:203
|
#6 0x000000000145d518 in Item_int_func::val_real (this=0x0) at /home/wx/mariadb-11.3.0/sql/item_func.cc:753
|
#7 0x00000000015fed26 in Item_sum_variance::add (this=0x6290000c3890) at /home/wx/mariadb-11.3.0/sql/item_sum.cc:2295
|
#8 0x0000000001138a9c in Frame_cursor::add_value_to_items (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_window.cc:1166
|
#9 Frame_scan_cursor::compute_values_for_current_row (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_window.cc:2273
|
#10 0x0000000001127500 in Cursor_manager::notify_cursors_partition_changed (this=0x603000107230, rownum=0) at /home/wx/mariadb-11.3.0/sql/sql_window.cc:1229
|
#11 compute_window_func (thd=<optimized out>, window_functions=..., cursor_managers=..., tbl=<optimized out>, filesort_result=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_window.cc:2907
|
#12 0x00000000011286a4 in Window_func_runner::exec (this=<optimized out>, thd=<optimized out>, tbl=<optimized out>, filesort_result=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_window.cc:3039
|
#13 0x0000000001128aca in Window_funcs_sort::exec (this=<optimized out>, join=join@entry=0x6290000ce9d0, keep_filesort_result=false) at /home/wx/mariadb-11.3.0/sql/sql_window.cc:3067
|
#14 0x000000000112ad0d in Window_funcs_computation::exec (this=<optimized out>, join=0x6290000ce9d0, keep_last_filesort_result=true) at /home/wx/mariadb-11.3.0/sql/sql_window.cc:3196
|
#15 0x0000000000c9d259 in AGGR_OP::end_send (this=<optimized out>, this@entry=0x62d0000d3fe8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:32300
|
#16 0x0000000000c388f1 in sub_select_postjoin_aggr (join=0x6290000ce9d0, join_tab=0x6290000d3898, end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23128
|
#17 0x0000000000c4536c in do_select (join=0x6290000ce9d0, procedure=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22963
|
#18 JOIN::exec_inner (this=0x6290000ce9d0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
|
#19 0x0000000000c428e9 in JOIN::exec (this=this@entry=0x6290000ce9d0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
|
#20 0x0000000000be5128 in mysql_select (thd=<optimized out>, thd@entry=0x62b00016c218, tables=<optimized out>, fields=..., conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=0x629000094a90, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x6290000ce9a0, unit=0x62b0001704a8, select_lex=0x629000091980) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
|
#21 0x0000000000be4596 in handle_select (thd=thd@entry=0x62b00016c218, lex=<optimized out>, lex@entry=0x62b0001703c8, result=<optimized out>, result@entry=0x6290000ce9a0, setup_tables_done_option=<optimized out>, setup_tables_done_option@entry=0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
|
#22 0x0000000000b3df18 in execute_sqlcom_select (thd=0x62b00016c218, all_tables=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
|
#23 0x0000000000b2cd51 in mysql_execute_command (thd=0x62b00016c218, is_called_from_prepared_stmt=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
|
#24 0x0000000000b1fe79 in mysql_parse (thd=thd@entry=0x62b00016c218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, parser_state@entry=0x7fffd242ca80) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
|
#25 0x0000000000b19069 in dispatch_command (command=<optimized out>, thd=0x62b00016c218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1893
|
#26 0x0000000000b20b71 in do_command (thd=0x62b00016c218, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
|
#27 0x0000000000f03476 in do_handle_one_connection (connect=<optimized out>, put_in_cache=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
|
#28 0x0000000000f02eb9 in handle_one_connection (arg=arg@entry=0x608001e1f1b8) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
|
#29 0x0000000001a00c1b in pfs_spawn_thread (arg=0x617000005118) at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
|
#30 0x00007ffff79f7609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
|
#31 0x00007ffff770f133 in clone () from /lib/x86_64-linux-gnu/libc.so.6
|
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-