Details
Description
Run these queries in release build:
CREATE TABLE x ( x VARCHAR ( 1 ) ) ; |
INSERT INTO x ( x ) VALUES ( 'x' ) , ( NULL ) , ( 'x' ) , ( NULL ) ; |
SELECT 1 - x IN ( SELECT x FROM x ORDER BY x + 1 ) FROM x GROUP BY x HAVING x = ( SELECT x AS x FROM x WHERE x = x ORDER BY ( 1 < x AND x = 1 ) ) AND x IN ( 1 , x ) ; |
Will trigger Segmentation fault.
GDB info:
Thread 16 "mariadbd" received signal SIGSEGV, Segmentation fault.
|
[Switching to Thread 0x7fffe011a700 (LWP 46873)]
|
JOIN::exec (this=0x7fff94079fa0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4717
|
4717 ANALYZE_START_TRACKING(thd, &explain->time_tracker);
|
(gdb) p explain
|
$62 = (Explain_select *) 0x0
|
(gdb) p &explain->time_tracker
|
$64 = (Time_and_counter_tracker *) 0xb0
|
 |
#0 JOIN::exec (this=0x7fff94079fa0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4717
|
#1 0x00005555560b1422 in subselect_single_select_engine::exec (this=0x7fff940725d0)
|
at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4159
|
#2 0x00005555560b040c in Item_subselect::exec (this=0x7fff94072440)
|
at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
|
#3 0x00005555560afda4 in Item_singlerow_subselect::val_str (this=0x7fff94072440,
|
str=0x7fffe0118280) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1484
|
#4 0x0000555556028ab8 in cmp_item_sort_string::cmp (this=0x7fff94079c20, arg=0x7fff94072440)
|
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:1742
|
#5 0x0000555556020ce6 in Predicant_to_list_comparator::cmp_arg (i=1, args=0x7fff94072ba8,
|
this=0x7fff94072c08) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:2083
|
#6 Predicant_to_list_comparator::cmp (found_unknown_values=0x7fff94072b9c,
|
idx=<synthetic pointer>, args=0x7fff94072ba8, this=0x7fff94072c08)
|
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:2260
|
#7 Item_func_in::val_int (this=0x7fff94072b30)
|
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:4761
|
#8 0x0000555555f211e4 in Type_handler_int_result::Item_val_bool (this=<optimized out>,
|
item=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:5082
|
#9 0x0000555556011c6c in Item_cond_and::val_int (this=0x7fff9407ce00)
|
at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:5524
|
#10 0x0000555555dad3fd in evaluate_join_record (join=join@entry=0x7fff94073708,
|
join_tab=join_tab@entry=0x7fff9407be10, error=<optimized out>)
|
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23545
|
#11 0x0000555555dbf7fb in sub_select (join=0x7fff94073708, join_tab=0x7fff9407be10,
|
end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23444
|
#12 0x0000555555df19b2 in do_select (procedure=<optimized out>, join=0x7fff94073708)
|
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
|
#13 JOIN::exec_inner (this=this@entry=0x7fff94073708)
|
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
|
#14 0x0000555555df1d78 in JOIN::exec (this=this@entry=0x7fff94073708)
|
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
|
#15 0x0000555555defe1c in mysql_select (thd=thd@entry=0x7fff94000c58, tables=0x7fff940150f0,
|
fields=..., conds=0x0, og_num=1, order=0x0, group=0x7fff94015940, having=0x7fff94072c98,
|
proc_param=0x0, select_options=<optimized out>, result=0x7fff940736e0,
|
unit=0x7fff94004ee8, select_lex=0x7fff94012de8)
|
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
|
#16 0x0000555555df0607 in handle_select (thd=thd@entry=0x7fff94000c58,
|
lex=lex@entry=0x7fff94004e08, result=result@entry=0x7fff940736e0,
|
setup_tables_done_option=setup_tables_done_option@entry=0)
|
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
|
#17 0x0000555555d6de41 in execute_sqlcom_select (thd=thd@entry=0x7fff94000c58,
|
all_tables=0x7fff940150f0) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
|
#18 0x0000555555d7c2aa in mysql_execute_command (thd=thd@entry=0x7fff94000c58,
|
is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)
|
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
|
#19 0x0000555555d68c27 in mysql_parse (thd=0x7fff94000c58, rawbuf=<optimized out>,
|
length=<optimized out>, parser_state=<optimized out>)
|
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
|
#20 0x0000555555d74fdd in dispatch_command (command=command@entry=COM_QUERY,
|
thd=thd@entry=0x7fff94000c58, packet=packet@entry=0x7fff94008509 "",
|
packet_length=packet_length@entry=164, blocking=blocking@entry=true)
|
at /home/wx/mariadb-11.3.0/sql/sql_class.h:251
|
#21 0x0000555555d7721e in do_command (thd=0x7fff94000c58, blocking=blocking@entry=true)
|
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
|
#22 0x0000555555e9a617 in do_handle_one_connection (connect=<optimized out>,
|
connect@entry=0x555557e14ea8, put_in_cache=put_in_cache@entry=true)
|
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
|
#23 0x0000555555e9a94d in handle_one_connection (arg=arg@entry=0x555557e14ea8)
|
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
|
#24 0x00005555561e658d in pfs_spawn_thread (arg=0x555557dbe968)
|
at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
|
#25 0x00007ffff7b48609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
|
#26 0x00007ffff7719133 in clone () from /lib/x86_64-linux-gnu/libc.so.6
|
Attachments
Issue Links
- duplicates
-
MDEV-29363 Constant subquery causing a crash in pushdown optimization
-
- Closed
-
- is blocked by
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-