Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
11.3.0
-
None
-
Ubuntu 20.04
Description
Run these queries in release build:
CREATE TABLE x ( x INT ) ;
INSERT INTO x ( x ) VALUES ( 1 ) ;
UPDATE x SET x = 1 WHERE x = 1 ;
INSERT INTO x ( x ) VALUES ( 1 ) , ( 1 ) ;
WITH RECURSIVE x ( x ) AS ( SELECT 1 INTERSECT SELECT - ( SELECT 1.000000 AS x UNION SELECT 1.000000 ORDER BY NOT x < 'x' , - ( SELECT 1 + x / 1.000000 IN ( 1 , 1 ) FROM x WHERE x ORDER BY 1 - x ) DESC LIMIT 1 OFFSET 1 ) + 1 FROM x ) SELECT DISTINCT x , 1 , NULL , 1.000000 FROM x WHERE ( SELECT ( SELECT x WHERE x IN ( SELECT x FROM x ) ) ) > ( SELECT ( SELECT x ORDER BY x = x OR ( x = 1 AND x = 1 ) DESC ) ) ORDER BY x ASC , x DESC , x ;
Will trigger Segmentation fault.
GDB info:
Thread 17 "mariadbd" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd1c17300 (LWP 3211)]
JOIN::optimize_inner (this=0x6290000ba440) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2126
2126 do_send_rows = (unit->lim.get_select_limit()) ? 1 : 0;
(gdb) p unit
$97 = (SELECT_LEX_UNIT *) 0x0
#0 JOIN::optimize_inner (this=0x6290000bf440) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2126
#1 0x0000000000bfc156 in JOIN::optimize (this=0x6290000bf440) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1944
#2 0x0000000000defccf in st_select_lex_unit::optimize (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:2262
#3 0x0000000000a54ab6 in mysql_derived_optimize (thd=<optimized out>, lex=0x62b0001703c8, derived=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:1006
#4 0x0000000000a57cc2 in mysql_handle_single_derived (lex=0x62b0001703c8, derived=derived@entry=0x6290000af620, phases=phases@entry=4) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:200
#5 0x0000000000c1312d in JOIN::optimize_inner (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2442
#6 0x0000000000bfc156 in JOIN::optimize (this=0x6290000c1aa8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1944
#7 0x00000000015d7954 in subselect_single_select_engine::exec (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4075
#8 0x00000000015b3edc in Item_subselect::exec (this=0x6290000b0ce8) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
#9 0x00000000015b9773 in Item_singlerow_subselect::val_int (this=0x6290000b0ce8) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1462
#10 0x000000000146aa4c in Item_func_neg::fix_length_and_dec_int (this=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_func.cc:1874
#11 0x00000000010e738c in Type_handler_int_result::Item_func_neg_fix_length_and_dec (this=<optimized out>, item=0x788) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:6591
#12 0x0000000001459602 in Item_func::fix_fields (this=<optimized out>, thd=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_func.cc:361
#13 0x0000000000bf8308 in Item::fix_fields_if_needed (this=<optimized out>, thd=<optimized out>, ref=0x843) at /home/wx/mariadb-11.3.0/sql/item.h:1147
#14 Item::fix_fields_if_needed_for_scalar (this=<optimized out>, thd=<optimized out>, ref=0x843) at /home/wx/mariadb-11.3.0/sql/item.h:1156
#15 Item::fix_fields_if_needed_for_order_by (this=<optimized out>, thd=<optimized out>, ref=0x843) at /home/wx/mariadb-11.3.0/sql/item.h:1164
#16 find_order_in_list (thd=<optimized out>, ref_pointer_array=..., tables=<optimized out>, order=0x6290000b0f90, fields=..., all_fields=..., is_group_field=<optimized out>, add_to_all_fields=<optimized out>, from_window_spec=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:27533
#17 0x0000000000ca79c6 in setup_order (thd=thd@entry=0x62b00016c218, ref_pointer_array=..., tables=tables@entry=0x629000092ff0, fields=..., all_fields=..., order=0x6290000b0f90, from_window_spec=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:27580
#18 0x0000000000bf371b in setup_without_group (thd=0x788, ref_pointer_array=..., tables=0x629000092ff0, leaves=..., fields=..., all_fields=..., conds=0x6290000c1530, order=0x6290000948c0, group=0x0, win_specs=..., win_funcs=..., hidden_group_fields=<optimized out>, reserved=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:947
#19 JOIN::prepare (this=0x6290000c10a0, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1531
#20 0x0000000000de0ed3 in st_select_lex_unit::prepare (this=0x629000092fa8, derived_arg=<optimized out>, sel_result=<optimized out>, additional_options=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1939
#21 0x00000000015d5e57 in subselect_union_engine::prepare (this=<optimized out>, thd_arg=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:3961
#22 0x00000000015b1a8e in Item_subselect::fix_fields (this=<optimized out>, thd_param=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:296
#23 0x0000000001459380 in Item::fix_fields_if_needed (this=0x788, thd=0x62b00016c218, ref=0x6290000b13b8) at /home/wx/mariadb-11.3.0/sql/item.h:1147
#24 Item_func::fix_fields (this=<optimized out>, thd=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_func.cc:349
#25 0x0000000001459380 in Item::fix_fields_if_needed (this=0x788, thd=0x62b00016c218, ref=0x6290000b1510) at /home/wx/mariadb-11.3.0/sql/item.h:1147
#26 Item_func::fix_fields (this=<optimized out>, thd=<optimized out>, ref=<optimized out>) at /home/wx/mariadb-11.3.0/sql/item_func.cc:349
#27 0x00000000009d3359 in Item::fix_fields_if_needed (this=0x6290000b1490, thd=0x62b00016c218, ref=0x6290000b1558) at /home/wx/mariadb-11.3.0/sql/item.h:1147
#28 Item::fix_fields_if_needed_for_scalar (this=0x6290000b1490, thd=0x62b00016c218, ref=0x6290000b1558) at /home/wx/mariadb-11.3.0/sql/item.h:1156
#29 setup_fields (thd=0x62b00016c218, ref_pointer_array=..., fields=..., column_usage=<optimized out>, sum_func_list=sum_func_list@entry=0x6290000bf7e8, pre_fix=0x6290000927c0, allow_sum_func=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_base.cc:8061
#30 0x0000000000bf311c in JOIN::prepare (this=0x6290000bf440, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1526
#31 0x0000000000dec22a in st_select_lex_unit::prepare_join (this=this@entry=0x629000091cb0, thd_arg=<optimized out>, sl=sl@entry=0x6290000924f0, tmp_result=tmp_result@entry=0x6290000be838, additional_options=additional_options@entry=0, is_union_select=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1103
#32 0x0000000000de1743 in st_select_lex_unit::prepare (this=0x629000091cb0, derived_arg=<optimized out>, sel_result=<optimized out>, additional_options=0) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:1659
#33 0x0000000000a52e38 in mysql_derived_prepare (thd=<optimized out>, lex=<optimized out>, derived=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:840
#34 0x0000000000a57cc2 in mysql_handle_single_derived (lex=lex@entry=0x62b0001703c8, derived=derived@entry=0x6290000b16c0, phases=phases@entry=2) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:200
#35 0x0000000000e7cf8d in TABLE_LIST::handle_derived (this=0x6290000b16c0, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/table.cc:9651
#36 0x0000000000ab86cc in LEX::handle_list_of_derived (this=0x62b0001703c8, table_list=<optimized out>, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.h:4579
#37 st_select_lex::handle_derived (this=<optimized out>, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4989
#38 0x0000000000e7cfc6 in TABLE_LIST::handle_derived (this=0x6290000b4238, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/table.cc:9648
#39 0x0000000000ab86cc in LEX::handle_list_of_derived (this=0x62b0001703c8, table_list=<optimized out>, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.h:4579
#40 st_select_lex::handle_derived (this=<optimized out>, lex=0x62b0001703c8, phases=2) at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4989
#41 0x0000000000bf2a78 in JOIN::prepare (this=0x6290000be238, tables_init=<optimized out>, conds_init=<optimized out>, og_num=<optimized out>, order_init=<optimized out>, skip_order_by=<optimized out>, group_init=<optimized out>, having_init=<optimized out>, proc_param_init=<optimized out>, select_lex_arg=<optimized out>, unit_arg=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1439
#42 0x0000000000be4c97 in mysql_select (thd=<optimized out>, thd@entry=0x62b00016c218, tables=0x254db60 <str>, fields=..., conds=0x843, og_num=98025, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x6290000bce48, unit=0x62b0001704a8, select_lex=0x6290000b23d0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5224
#43 0x0000000000be4596 in handle_select (thd=thd@entry=0x62b00016c218, lex=<optimized out>, lex@entry=0x62b0001703c8, result=<optimized out>, result@entry=0x6290000bce48, setup_tables_done_option=<optimized out>, setup_tables_done_option@entry=0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
#44 0x0000000000b3df18 in execute_sqlcom_select (thd=0x62b00016c218, all_tables=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
#45 0x0000000000b2cd51 in mysql_execute_command (thd=0x62b00016c218, is_called_from_prepared_stmt=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
#46 0x0000000000b1fe79 in mysql_parse (thd=thd@entry=0x62b00016c218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, parser_state@entry=0x7fffd242ca80) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
#47 0x0000000000b19069 in dispatch_command (command=<optimized out>, thd=0x62b00016c218, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1893
#48 0x0000000000b20b71 in do_command (thd=0x62b00016c218, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
#49 0x0000000000f03476 in do_handle_one_connection (connect=<optimized out>, put_in_cache=<optimized out>) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
#50 0x0000000000f02eb9 in handle_one_connection (arg=arg@entry=0x608000b9c7b8) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
#51 0x0000000001a00c1b in pfs_spawn_thread (arg=0x617000005498) at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
#52 0x00007ffff79f7609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#53 0x00007ffff770f133 in clone () from /lib/x86_64-linux-gnu/libc.so.6
Attachments
Issue Links
- duplicates
-
-
- Closed
-