[MDEV-32426] Segmentation fault at /mariadb-11.3.0/sql/sql_select.cc:2624 - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Duplicate
Affects Version/s: 11.3.0
Fix Version/s: N/A
Component/s: Server
Labels:
None
Environment:
Ubuntu 20.04

Description

Run these queries in release build:

CREATE TABLE x ( x FLOAT PRIMARY KEY ) ;
INSERT INTO x ( x ) VALUES ( 1 ) ;
UPDATE x SET x = 1 WHERE ( WITH x AS ( WITH RECURSIVE x ( x ) AS ( SELECT 1.000000 ^ 1 ) SELECT x FROM x WHERE x IN ( SELECT DISTINCT x FROM x WHERE ( WITH RECURSIVE x AS ( SELECT 1.000000 ) SELECT x FROM x AS x GROUP BY x > 1 OR x > 1 AND x < ( SELECT x FROM x AS x GROUP BY x ^ CASE WHEN 1.000000 = 1 THEN 1 NOT IN ( SELECT 1 / ( SELECT x FROM x AS x GROUP BY 'x' , x IN ( 1 , 1 , 1 ) , x , EXISTS ( SELECT 1 FROM x ) , 'x' , 'x' , 'x' , 'x' ) >= x = ( SELECT CASE WHEN 1 = 1 THEN 1 / 1 WHEN 1 = 1 THEN 1 ELSE 1 / 1 END AS x FROM x WHERE x = x ) FROM x WHERE x LIKE 1.000000 ) ELSE x END , x ) ) IS NOT NULL >= x IS NOT NULL = ( 1 < x AND x < 'x' ) ) ) SELECT x IN ( 1 , x = 'x' AND x > 1 AND x >= 1 ) FROM ( SELECT x FROM x UNION SELECT x FROM x ) AS x UNION SELECT x IN ( x IN ( SELECT x FROM ( SELECT x FROM x UNION SELECT x FROM x ) AS x ORDER BY x % 1 ) ) FROM x ) > 1 ;

Will trigger Segmentation fault.
GDB info:
Thread 17 "mariadbd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe011a700 (LWP 46990)]
JOIN::optimize_inner (this=this@entry=0x7fff9819a028)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2624
2624 if (unlikely(make_join_statistics(this, select_lex->leaf_tables,

#0 JOIN::optimize_inner (this=this@entry=0x7fff9819a028)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2624
#1 0x0000555555defccd in JOIN::optimize (this=this@entry=0x7fff9819a028)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1944
#2 0x0000555555d4db06 in st_select_lex::optimize_unflattened_subqueries (
this=0x7fff98081c28, const_only=const_only@entry=false)
at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4916
#3 0x0000555555ede872 in JOIN::optimize_unflattened_subqueries (
this=this@entry=0x7fff981a3b20) at /home/wx/mariadb-11.3.0/sql/opt_subselect.cc:5864
#4 0x0000555555dea9b7 in JOIN::optimize_stage2 (this=this@entry=0x7fff981a3b20)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:3229
#5 0x0000555555ded98c in JOIN::optimize_inner (this=this@entry=0x7fff981a3b20)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2650
#6 0x0000555555defccd in JOIN::optimize (this=0x7fff981a3b20)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1944
#7 0x0000555555e43dee in st_select_lex_unit::optimize (this=this@entry=0x7fff98082980)
at /home/wx/mariadb-11.3.0/sql/sql_union.cc:2262
#8 0x0000555555d2fa98 in mysql_derived_optimize (thd=0x7fff98000c58, lex=0x7fff98004e08,
derived=0x7fff980843f8) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:1006
#9 0x0000555555d2f1fc in mysql_handle_single_derived (lex=0x7fff98004e08,
derived=derived@entry=0x7fff980843f8, phases=phases@entry=4)
at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:200
#10 0x0000555555dec98c in JOIN::optimize_inner (this=this@entry=0x7fff981a7508)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2442
#11 0x0000555555defccd in JOIN::optimize (this=this@entry=0x7fff981a7508)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1944
#12 0x0000555555d4db06 in st_select_lex::optimize_unflattened_subqueries (
this=this@entry=0x7fff98005720, const_only=const_only@entry=false)
at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4916
#13 0x0000555555e5290a in Sql_cmd_update::update_single_table (this=0x7fff98013cb8,
thd=0x7fff98000c58) at /home/wx/mariadb-11.3.0/sql/sql_update.cc:421
#14 0x0000555555e5509d in Sql_cmd_update::execute_inner (this=0x7fff98013cb8,
thd=0x7fff98000c58) at /home/wx/mariadb-11.3.0/sql/sql_update.cc:3065
#15 0x0000555555dab46b in Sql_cmd_dml::execute (this=0x7fff98013cb8, thd=0x7fff98000c58)
at /home/wx/mariadb-11.3.0/sql/sql_select.cc:33350
#16 0x0000555555d7920d in mysql_execute_command (thd=thd@entry=0x7fff98000c58,
is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:4361
#17 0x0000555555d68c27 in mysql_parse (thd=0x7fff98000c58, rawbuf=<optimized out>,
length=<optimized out>, parser_state=<optimized out>)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
#18 0x0000555555d74fdd in dispatch_command (command=command@entry=COM_QUERY,
thd=thd@entry=0x7fff98000c58,
packet=packet@entry=0x7fff98008509 "UPDATE x SET x = 1 WHERE ( WITH x AS ( WITH RECURSIVE x ( x ) AS ( SELECT 1.000000 ^ 1 ) SELECT x FROM x WHERE x IN ( SELECT DISTINCT x FROM x WHERE ( WITH RECURSIVE x AS ( SELECT 1.000000 ) SELECT x "...,
packet_length=packet_length@entry=875, blocking=blocking@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_class.h:251
#19 0x0000555555d7721e in do_command (thd=0x7fff98000c58, blocking=blocking@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
#20 0x0000555555e9a617 in do_handle_one_connection (connect=<optimized out>,
connect@entry=0x555557e15328, put_in_cache=put_in_cache@entry=true)
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
#21 0x0000555555e9a94d in handle_one_connection (arg=arg@entry=0x555557e15328)
at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
#22 0x00005555561e658d in pfs_spawn_thread (arg=0x555557dbede8)
at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
#23 0x00007ffff7b48609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#24 0x00007ffff7719133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

Attachments

Issue Links

duplicates

MDEV-29681 Server crashes when optimizing SQL with ORDER BY

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Xin Wen

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2023-10-10 11:22

Updated:: 2023-10-25 08:35

Resolved:: 2023-10-25 08:35

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.