[MDEV-32608] Expression with constant subquery causes a crash in pushdown from HAVING - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 11.1
Fix Version/s: 10.5.26, 10.6.19, 10.11.9, 11.1.6, 11.2.5, 11.4.3
Component/s: Optimizer, Server
Labels:
None

Description

CREATE TABLE v0 ( v1 NUMERIC NOT NULL PRIMARY KEY , v2 NUMERIC ) engine=MYISAM;

INSERT INTO v0 VALUES ( 127 , -1 ) ;

UPDATE v0 SET v1 = -128 WHERE v2 = 255 ;

UPDATE v0 SET v1 = 5 WHERE v1 = NULL ;

UPDATE v0 SET v2 = 89 WHERE v1 = -2147483648 OR v1 = 57 ;

UPDATE v0 SET v2 = 49 WHERE v1 = 95 ;

SELECT * FROM v0 ORDER BY v1 ;

SELECT * FROM v0 GROUP BY v2 HAVING ( SELECT v2 FROM v0 WHERE v1 > 57 OR v2 > 83 AND v2 NOT LIKE 'x' ORDER BY v1 * v2 ) = v1 AND v1 * v2 + 52 = 'x' ORDER BY v2 ;

Stack Trace:
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x7f8c4b87d880 thread_stack 0x5fc00
/usr/local/mysql/bin/mariadbd(__interceptor_backtrace+0x5b)[0x781b5b]
mysys/stacktrace.c:215(my_print_stacktrace)[0x228cfae]
sql/signal_handler.cc:0(handle_fatal_signal)[0x12bd0d2]
sigaction.c:0(__restore_rt)[0x7f8c6f617420]
sql/sql_analyze_stmt.h:172(Time_and_counter_tracker::incr_loops())[0xc45ee8]
/usr/local/mysql/bin/mariadbd(_ZN30subselect_single_select_engine4execEv+0xb26)[0x15b5176]
sql/item_subselect.cc:817(Item_subselect::exec())[0x159115c]
sql/item_subselect.cc:1525(Item_singlerow_subselect::val_decimal(my_decimal*))[0x1596fec]
sql/sql_type.cc:293(VDec)[0x10a15d0]
sql/sql_type.h:541(VDec2_lazy)[0x1443b5b]
sql/sql_type.cc:300(VDec_op)[0x10c4c0a]
sql/sql_type.cc:293(VDec)[0x10a15d0]
sql/sql_type.h:541(VDec2_lazy)[0x14416cb]
sql/sql_type.cc:300(VDec_op)[0x10c4c0a]
sql/sql_type.cc:293(VDec)[0x10a15d0]
sql/sql_type.h:433(Dec_ptr::is_null() const)[0x1393ea4]
sql/item_cmpfunc.cc:1830(Item_func_eq::val_int())[0x13982b2]
sql_select.cc:0(evaluate_join_record(JOIN*, st_join_table*, int))[0xca1131]
/usr/local/mysql/bin/mariadbd(_Z10sub_selectP4JOINP13st_join_tableb+0x661)[0xbe6c51]
/usr/local/mysql/bin/mariadbd(_ZN4JOIN10exec_innerEv+0x2681)[0xc48751]
sql/sql_select.cc:4721(JOIN::exec())[0xc45f19]
sql/sql_select.cc:5251(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0xbe89b8]
sql/sql_select.cc:628(handle_select(THD*, LEX*, select_result*, unsigned long long))[0xbe7e59]
sql/sql_parse.cc:6041(execute_sqlcom_select(THD*, TABLE_LIST*))[0xb41bc6]
/usr/local/mysql/bin/mariadbd(_Z21mysql_execute_commandP3THDb+0x18b7)[0xb319a7]
sql/sql_class.h:2830(THD::enter_stage(PSI_stage_info_v1 const*, char const*, char const*, unsigned int))[0xb24c79]
/usr/local/mysql/bin/mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x2cf8)[0xb1e648]
sql/sql_parse.cc:1407(do_command(THD*, bool))[0xb25971]
sql/sql_connect.cc:1416(do_handle_one_connection(CONNECT*, bool))[0xf0d066]
sql/sql_connect.cc:1322(handle_one_connection)[0xf0caa9]
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x19d710b]
nptl/pthread_create.c:478(start_thread)[0x7f8c6f60b609]
addr2line: DWARF error: section .debug_info is larger than its filesize! (0x93ef57 vs 0x530f28)
/lib/x86_64-linux-gnu/libc.so.6(clone+0x43)[0x7f8c6f323133]

Attachments

Issue Links

relates to

MDEV-34650 main.having_cond_pushdown test failure - crash server (s390x)

In Review

Activity

People

Assignee:: Galina Shalygina (Inactive)

Reporter:: csfuzz

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2023-10-27 09:36

Updated:: 2024-08-13 00:58

Resolved:: 2024-07-11 12:26

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.