Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32714

Segmentation fault at /mariadb-11.3.0/sql/item_cmpfunc.cc:7290

    XMLWordPrintable

Details

    • Bug
    • Status: Confirmed (View Workflow)
    • Major
    • Resolution: Unresolved
    • 11.3.0, 10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
    • 10.5, 10.6, 10.11
    • Server
    • None
    • Ubuntu 20.04

    Description

      Run these queries in debug build:

      CREATE TABLE x ( x TEXT ( 1 ) ) ;
      INSERT INTO x ( x ) VALUES ( 1 ) ;
      UPDATE x SET x = 1 WHERE x = 1 ;
      INSERT INTO x ( x ) VALUES ( 1 ) , ( 1 ) ;
      SELECT x FROM x WHERE x IN ( ( SELECT x FROM x AS x GROUP BY ( SELECT CASE WHEN 1 = 1 THEN 1 / 1 WHEN 1 = 1 THEN 1 ELSE 1 / 'x' END ) HAVING ( SELECT x WHERE x BETWEEN ( SELECT x WHERE ( x = 'x' OR x = 'x' ) AND x IS NOT NULL GROUP BY x ) AND x ) IN ( x = - CASE WHEN 1 = 1 THEN 1 / 1 WHEN 1 = 1 THEN 1.000000 ELSE 1 / 1 END ) ) = 1 ) ORDER BY x DESC , 1 , 1 LIMIT 1 ;

      Will trigger Segmentation fault;
      GDB info:
      #0 0x0000555557c25bae in Item_equal::val_int (this=0x629000169620) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:7290
      #1 0x00005555578b4b6e in Type_handler_int_result::Item_val_bool (this=0x55555b7b68c0 <type_handler_bool>, item=0x629000169620) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:5082
      #2 0x0000555556e147f6 in Item::val_bool (this=0x629000169620) at /home/wx/mariadb-11.3.0/sql/item.h:1701
      #3 0x0000555557c17d32 in Item_cond_or::val_int (this=0x62900014b5d8) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:5542
      #4 0x00005555578b4b6e in Type_handler_int_result::Item_val_bool (this=0x55555b7b68c0 <type_handler_bool>, item=0x62900014b5d8) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:5082
      #5 0x0000555556e147f6 in Item::val_bool (this=0x62900014b5d8) at /home/wx/mariadb-11.3.0/sql/item.h:1701
      #6 0x0000555557c1797a in Item_cond_and::val_int (this=0x62900014b8e0) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:5524
      #7 0x00005555572da56e in JOIN::exec_inner (this=0x629000164ab8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4801
      #8 0x00005555572d93a0 in JOIN::exec (this=0x629000164ab8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #9 0x0000555557dce72f in subselect_single_select_engine::exec (this=0x62900014c5a8) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4159
      #10 0x0000555557da9c85 in Item_subselect::exec (this=0x62900014c408) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
      #11 0x0000555557db0117 in Item_singlerow_subselect::val_str (this=0x62900014c408, str=0x62900014c820) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1484
      #12 0x0000555557bfac0d in Item_func_between::val_int_cmp_string (this=0x62900014c728) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:2239
      #13 0x00005555578b8b58 in Type_handler_string_result::Item_func_between_val_int (this=0x55555b7b71c0 <type_handler_long_blob>, func=0x62900014c728) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:5677
      #14 0x0000555556eaae67 in Item_func_between::val_int (this=0x62900014c728) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:996
      #15 0x00005555572da56e in JOIN::exec_inner (this=0x629000164290) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4801
      #16 0x00005555572d93a0 in JOIN::exec (this=0x629000164290) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #17 0x0000555557dce72f in subselect_single_select_engine::exec (this=0x62900014d280) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4159
      #18 0x0000555557da9c85 in Item_subselect::exec (this=0x62900014d0e0) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
      #19 0x0000555557db0117 in Item_singlerow_subselect::val_str (this=0x62900014d0e0, str=0x62900016a0c0) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1484
      #20 0x0000555556e14bef in Item::str_result (this=0x62900014d0e0, tmp=0x62900016a0c0) at /home/wx/mariadb-11.3.0/sql/item.h:1794
      #21 0x0000555557bc6f08 in Item_cache_str::cache_value (this=0x629000169fc8) at /home/wx/mariadb-11.3.0/sql/item.cc:10512
      #22 0x0000555557bdad9f in Item_cache_wrapper::cache (this=0x629000169f18) at /home/wx/mariadb-11.3.0/sql/item.cc:8915
      #23 0x0000555557bb9bf7 in Item_cache_wrapper::val_decimal (this=0x629000169f18, decimal_value=0x7fffd163a7f8) at /home/wx/mariadb-11.3.0/sql/item.cc:9073
      #24 0x000055555789a036 in VDec::VDec (this=0x7fffd163a7f0, item=0x629000169f18) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:293
      #25 0x0000555557beaf4b in Arg_comparator::compare_decimal (this=0x62900015e598) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:865
      #26 0x0000555557c2e1d4 in Arg_comparator::compare (this=0x62900015e598) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:104
      #27 0x0000555557bf5bdb in Item_func_eq::val_int (this=0x62900015e4e0) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1780
      #28 0x000055555736b3f4 in end_send_group (join=0x6290001616b0, join_tab=0x629000168720, end_of_records=true) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24872
      #29 0x000055555735f713 in sub_select (join=0x6290001616b0, join_tab=0x6290001682a8, end_of_records=true) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23378
      #30 0x000055555735dbe3 in do_select (join=0x6290001616b0, procedure=0x0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22963
      #31 0x00005555572dbfe9 in JOIN::exec_inner (this=0x6290001616b0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #32 0x00005555572d93a0 in JOIN::exec (this=0x6290001616b0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #33 0x0000555557dce72f in subselect_single_select_engine::exec (this=0x62900015f0c0) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4159
      #34 0x0000555557da9c85 in Item_subselect::exec (this=0x62900015ef58) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
      #35 0x0000555557db09eb in Item_singlerow_subselect::val_decimal (this=0x62900015ef58, decimal_value=0x629000165fe0) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1525
      #36 0x0000555556e14c67 in Item::val_decimal_result (this=0x62900015ef58, val=0x629000165fe0) at /home/wx/mariadb-11.3.0/sql/item.h:1796
      #37 0x0000555557bc6422 in Item_cache_decimal::cache_value (this=0x629000165f40) at /home/wx/mariadb-11.3.0/sql/item.cc:10455
      #38 0x00005555578eb11e in Item_cache::has_value (this=0x629000165f40) at /home/wx/mariadb-11.3.0/sql/item.h:7171
      #39 0x0000555557bc66ea in Item_cache_decimal::val_decimal (this=0x629000165f40, val=0x7fffd163b8b8) at /home/wx/mariadb-11.3.0/sql/item.cc:10480
      #40 0x000055555789a036 in VDec::VDec (this=0x7fffd163b8b0, item=0x629000165f40) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:293
      #41 0x0000555557beaf4b in Arg_comparator::compare_decimal (this=0x62900015f258) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:865
      #42 0x0000555557c2e1d4 in Arg_comparator::compare (this=0x62900015f258) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:104
      #43 0x0000555557bf5bdb in Item_func_eq::val_int (this=0x62900015f1a0) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1780
      #44 0x0000555557b6efeb in Item::val_decimal_from_int (this=0x62900015f1a0, decimal_value=0x6290001661c0) at /home/wx/mariadb-11.3.0/sql/item.cc:343
      #45 0x0000555556ea8f23 in Item_int_func::val_decimal (this=0x62900015f1a0, decimal_value=0x6290001661c0) at /home/wx/mariadb-11.3.0/sql/item_func.h:1167
      #46 0x0000555556e14c67 in Item::val_decimal_result (this=0x62900015f1a0, val=0x6290001661c0) at /home/wx/mariadb-11.3.0/sql/item.h:1796
      #47 0x0000555557bc6422 in Item_cache_decimal::cache_value (this=0x629000166120) at /home/wx/mariadb-11.3.0/sql/item.cc:10455
      #48 0x00005555578eb11e in Item_cache::has_value (this=0x629000166120) at /home/wx/mariadb-11.3.0/sql/item.h:7171
      #49 0x0000555557bc66ea in Item_cache_decimal::val_decimal (this=0x629000166120, val=0x7fffd163bbf8) at /home/wx/mariadb-11.3.0/sql/item.cc:10480
      #50 0x000055555789a036 in VDec::VDec (this=0x7fffd163bbf0, item=0x629000166120) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:293
      #51 0x0000555557beafcd in Arg_comparator::compare_decimal (this=0x62900015f490) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:868
      #52 0x0000555557c2e1d4 in Arg_comparator::compare (this=0x62900015f490) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:104
      #53 0x0000555557bf5bdb in Item_func_eq::val_int (this=0x62900015f3d8) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1780
      #54 0x00005555570d0aa1 in SQL_SELECT::skip_record (this=0x62900016bf80, thd=0x62c0001d0288) at /home/wx/mariadb-11.3.0/sql/opt_range.h:1914
      #55 0x0000555557aff70e in find_all_keys (thd=0x62c0001d0288, param=0x7fffd163c0e0, select=0x62900016bf80, fs_info=0x615000264b00, buffpek_pointers=0x7fffd163c3e0, tempfile=0x7fffd163c230, pq=0x7fffd163c070, found_rows=0x615000264cf0) at /home/wx/mariadb-11.3.0/sql/filesort.cc:1004
      #56 0x0000555557afab66 in filesort (thd=0x62c0001d0288, table=0x619000092f08, filesort=0x62900016c190, tracker=0x62d0000d3fc8, join=0x629000160378, first_table_bit=1) at /home/wx/mariadb-11.3.0/sql/filesort.cc:408
      #57 0x00005555573791c3 in create_sort_index (thd=0x62c0001d0288, join=0x629000160378, tab=0x62d0000d2b90, fsort=0x62900016c190) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:26843
      #58 0x00005555573677dd in st_join_table::sort_table (this=0x62d0000d2b90) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24485
      #59 0x0000555557366bdc in join_init_read_record (tab=0x62d0000d2b90) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24405
      #60 0x0000555557360006 in sub_select (join=0x629000160378, join_tab=0x62d0000d2b90, end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23441
      #61 0x000055555735dadd in do_select (join=0x629000160378, procedure=0x0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
      #62 0x00005555572dbfe9 in JOIN::exec_inner (this=0x629000160378) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #63 0x00005555572d93a0 in JOIN::exec (this=0x629000160378) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #64 0x00005555572ddbab in mysql_select (thd=0x62c0001d0288, tables=0x6290000f5c58, fields=..., conds=0x62900015f3d8, og_num=3, order=0x62900015ffc0, group=0x0, having=0x0, proc_param=0x0, select_options=2165049856, result=0x629000160348, unit=0x62c0001d46d8, select_lex=0x6290000f55f0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
      #65 0x00005555572ad18a in handle_select (thd=0x62c0001d0288, lex=0x62c0001d45f8, result=0x629000160348, setup_tables_done_option=0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:628
      #66 0x00005555571ce583 in execute_sqlcom_select (thd=0x62c0001d0288, all_tables=0x6290000f5c58) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
      #67 0x00005555571becf6 in mysql_execute_command (thd=0x62c0001d0288, is_called_from_prepared_stmt=false) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
      #68 0x00005555571d95e2 in mysql_parse (thd=0x62c0001d0288, rawbuf=0x6290000f52a8 "SELECT x FROM x WHERE x IN ( ( SELECT x FROM x AS x GROUP BY ( SELECT CASE WHEN 1 = 1 THEN 1 / 1 WHEN 1 = 1 THEN 1 ELSE 1 / 'x' END ) HAVING ( SELECT x WHERE x BETWEEN ( SELECT x WHERE ( x = 'x' OR x "..., length=366, parser_state=0x7fffd163e870) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
      #69 0x00005555571b1237 in dispatch_command (command=COM_QUERY, thd=0x62c0001d0288, packet=0x6290000fa289 "", packet_length=370, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1893
      #70 0x00005555571adf7c in do_command (thd=0x62c0001d0288, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
      #71 0x000055555768e557 in do_handle_one_connection (connect=0x61100003fb88, put_in_cache=true) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
      #72 0x000055555768deb4 in handle_one_connection (arg=0x61100003fa48) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
      #73 0x00005555582fa350 in pfs_spawn_thread (arg=0x618000005508) at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
      #74 0x00007ffff7115609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
      #75 0x00007ffff6ce8133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Activity

          People

            psergei Sergei Petrunia
            Xin Wen Xin Wen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.