Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32715

Segmentation fault at /mariadb-11.3.0/sql/item_cmpfunc.h:104

    XMLWordPrintable

Details

    Description

      Run these queries in debug build:

      CREATE TABLE x ( x FLOAT PRIMARY KEY ) ;
      INSERT INTO x ( x ) VALUES ( 1 ) ;
      UPDATE x SET x = 1 ORDER BY ( SELECT 1 / 1 WHERE ( ( x = ( SELECT x FROM ( SELECT x FROM x WHERE ( FALSE IS NOT NULL AND x BETWEEN 1 AND 1 ) OR ( ( CASE 'x' WHEN 'x' THEN 1 ELSE 1 END OR x = 'x' ) AND x IS NOT NULL AND NULL BETWEEN x NOT LIKE 1.000000 + 1 AND 'x' ) GROUP BY x ) AS x WHERE x IN ( SELECT ( TRUE , x , x ) < ( 1 , 1 , 1 ) FROM ( SELECT * FROM x WHERE x IN ( SELECT x FROM x ) ) AS x WHERE CASE WHEN x = 1 THEN x WHEN 'x' THEN 'x' WHEN 'x' THEN 'x' ELSE ( SELECT x WHERE x != 1 GROUP BY x ) != 'x' END = x GROUP BY x ) ) OR x = 'x' ) AND x IS NOT NULL ) OR x = 1 ) != 'x' + 1 ;

      Will trigger Segmentation fault.
      GDB info:
      #0 0x0000555557c2e0f3 in Arg_comparator::compare (this=0x0) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:104
      #1 0x0000555557bee75c in Arg_comparator::compare_row (this=0x62d00007e930) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1075
      #2 0x0000555557c2e1d4 in Arg_comparator::compare (this=0x62d00007e930) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:104
      #3 0x0000555557bf6137 in Item_func_lt::val_int (this=0x62d00007e878) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1835
      #4 0x0000555557ba521f in Item::save_int_in_field (this=0x62d00007e878, field=0x62d0000801e8, no_conversions=true) at /home/wx/mariadb-11.3.0/sql/item.cc:6843
      #5 0x00005555578b2242 in Type_handler_int_result::Item_save_in_field (this=0x55555b7b68c0 <type_handler_bool>, item=0x62d00007e878, field=0x62d0000801e8, no_conversions=true) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:4341
      #6 0x0000555557ba540b in Item::save_in_field (this=0x62d00007e878, field=0x62d0000801e8, no_conversions=true) at /home/wx/mariadb-11.3.0/sql/item.cc:6853
      #7 0x00005555573b87aa in store_key_item::copy_inner (this=0x62d0000801a8) at /home/wx/mariadb-11.3.0/sql/sql_select.h:2142
      #8 0x00005555573b7c69 in store_key::copy (this=0x62d0000801a8, thd=0x62c0001d0288) at /home/wx/mariadb-11.3.0/sql/sql_select.h:2035
      #9 0x000055555737ce69 in cp_buffer_from_ref (thd=0x62c0001d0288, table=0x619000095208, ref=0x62d00007f6a0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:27348
      #10 0x000055555737cc24 in cmp_buffer_with_ref (thd=0x62c0001d0288, table=0x619000095208, tab_ref=0x62d00007f6a0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:27330
      #11 0x0000555557364d7b in join_read_key2 (thd=0x62c0001d0288, tab=0x62d00007f3b8, table=0x619000095208, table_ref=0x62d00007f6a0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24117
      #12 0x0000555557364ac1 in join_read_key (tab=0x62d00007f3b8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24084
      #13 0x0000555557360006 in sub_select (join=0x62900016e3b0, join_tab=0x62d00007f3b8, end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23441
      #14 0x000055555735dadd in do_select (join=0x62900016e3b0, procedure=0x0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
      #15 0x00005555572dbfe9 in JOIN::exec_inner (this=0x62900016e3b0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #16 0x00005555572d93a0 in JOIN::exec (this=0x62900016e3b0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #17 0x00005555572ddbab in mysql_select (thd=0x62c0001d0288, tables=0x6290000f7658, fields=..., conds=0x62d00007eef8, og_num=1, order=0x0, group=0x62900015eb48, having=0x0, proc_param=0x0, select_options=2201188305408, result=0x62900016e2b8, unit=0x62900015ebc0, select_lex=0x6290000f6ff0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:5249
      #18 0x00005555570d9bea in mysql_derived_fill (thd=0x62c0001d0288, lex=0x62c0001d45f8, derived=0x62900015f458) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:1266
      #19 0x00005555570d27b6 in mysql_handle_single_derived (lex=0x62c0001d45f8, derived=0x62900015f458, phases=96) at /home/wx/mariadb-11.3.0/sql/sql_derived.cc:200
      #20 0x000055555732a50c in st_join_table::preread_init (this=0x62d000082920) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:16029
      #21 0x000055555735f8c8 in sub_select (join=0x62d00006e4a8, join_tab=0x62d000082920, end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23392
      #22 0x000055555736194d in evaluate_join_record (join=0x62d00006e4a8, join_tab=0x62d0000824a8, error=0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23677
      #23 0x00005555573601c2 in sub_select (join=0x62d00006e4a8, join_tab=0x62d0000824a8, end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23444
      #24 0x000055555735dadd in do_select (join=0x62d00006e4a8, procedure=0x0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
      #25 0x00005555572dbfe9 in JOIN::exec_inner (this=0x62d00006e4a8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #26 0x00005555572d93a0 in JOIN::exec (this=0x62d00006e4a8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #27 0x0000555557dce72f in subselect_single_select_engine::exec (this=0x629000169fc8) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4159
      #28 0x0000555557da9c85 in Item_subselect::exec (this=0x629000169e28) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
      #29 0x0000555557daf7a1 in Item_singlerow_subselect::val_real (this=0x629000169e28) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1441
      #30 0x0000555557beab71 in Arg_comparator::compare_real (this=0x62900016a0c8) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:848
      #31 0x0000555557c2e1d4 in Arg_comparator::compare (this=0x62900016a0c8) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:104
      #32 0x0000555557bf5bdb in Item_func_eq::val_int (this=0x62900016a010) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1780
      #33 0x00005555578b4b6e in Type_handler_int_result::Item_val_bool (this=0x55555b7b68c0 <type_handler_bool>, item=0x62900016a010) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:5082
      #34 0x0000555556e147f6 in Item::val_bool (this=0x62900016a010) at /home/wx/mariadb-11.3.0/sql/item.h:1701
      #35 0x0000555557c17d32 in Item_cond_or::val_int (this=0x62900016a658) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:5542
      #36 0x00005555578b4b6e in Type_handler_int_result::Item_val_bool (this=0x55555b7b68c0 <type_handler_bool>, item=0x62900016a658) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:5082
      #37 0x0000555556e147f6 in Item::val_bool (this=0x62900016a658) at /home/wx/mariadb-11.3.0/sql/item.h:1701
      #38 0x0000555557c1797a in Item_cond_and::val_int (this=0x62900016a960) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:5524
      #39 0x00005555578b4b6e in Type_handler_int_result::Item_val_bool (this=0x55555b7b68c0 <type_handler_bool>, item=0x62900016a960) at /home/wx/mariadb-11.3.0/sql/sql_type.cc:5082
      #40 0x0000555556e147f6 in Item::val_bool (this=0x62900016a960) at /home/wx/mariadb-11.3.0/sql/item.h:1701
      #41 0x0000555557c17d32 in Item_cond_or::val_int (this=0x62900016aea0) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:5542
      #42 0x00005555572da56e in JOIN::exec_inner (this=0x62900016fe88) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4801
      #43 0x00005555572d93a0 in JOIN::exec (this=0x62900016fe88) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #44 0x0000555557dce72f in subselect_single_select_engine::exec (this=0x62900016b9a8) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:4159
      #45 0x0000555557da9c85 in Item_subselect::exec (this=0x62900016b808) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:812
      #46 0x0000555557db09eb in Item_singlerow_subselect::val_decimal (this=0x62900016b808, decimal_value=0x62d000087ff0) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:1525
      #47 0x0000555556e14c67 in Item::val_decimal_result (this=0x62900016b808, val=0x62d000087ff0) at /home/wx/mariadb-11.3.0/sql/item.h:1796
      #48 0x0000555557bc6422 in Item_cache_decimal::cache_value (this=0x62d000087f50) at /home/wx/mariadb-11.3.0/sql/item.cc:10455
      #49 0x0000555557bdad9f in Item_cache_wrapper::cache (this=0x62d000087ea0) at /home/wx/mariadb-11.3.0/sql/item.cc:8915
      #50 0x0000555557bb89ff in Item_cache_wrapper::val_real (this=0x62d000087ea0) at /home/wx/mariadb-11.3.0/sql/item.cc:8996
      #51 0x0000555557bea9d3 in Arg_comparator::compare_real (this=0x62900016bca0) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:845
      #52 0x0000555557c2e1d4 in Arg_comparator::compare (this=0x62900016bca0) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.h:104
      #53 0x0000555557bf5dc7 in Item_func_ne::val_int (this=0x62900016bbe8) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:1804
      #54 0x0000555556e14b78 in Item::val_int_result (this=0x62900016bbe8) at /home/wx/mariadb-11.3.0/sql/item.h:1793
      #55 0x0000555557b00dff in Type_handler_int_result::make_sort_key_part (this=0x55555b7b68c0 <type_handler_bool>, to=0x62c0001e0288 '\276' <repeats 200 times>..., item=0x62900016bbe8, sort_field=0x62d000088a20, tmp_buffer=0x7fffd192c8a8) at /home/wx/mariadb-11.3.0/sql/filesort.cc:1245
      #56 0x0000555557b0cd2d in make_sortkey (param=0x7fffd192c830, to=0x62c0001e0288 '\276' <repeats 200 times>...) at /home/wx/mariadb-11.3.0/sql/filesort.cc:2954
      #57 0x0000555557b02449 in make_sortkey (param=0x7fffd192c830, to=0x62c0001e0288 '\276' <repeats 200 times>..., ref_pos=0x61a0002ddbf8 "", using_packed_sortkeys=false) at /home/wx/mariadb-11.3.0/sql/filesort.cc:1414
      #58 0x0000555557aff864 in find_all_keys (thd=0x62c0001d0288, param=0x7fffd192c830, select=0x62d0000742d8, fs_info=0x6150000b4580, buffpek_pointers=0x7fffd192cb30, tempfile=0x7fffd192c980, pq=0x0, found_rows=0x6150000b4770) at /home/wx/mariadb-11.3.0/sql/filesort.cc:1030
      #59 0x0000555557afab66 in filesort (thd=0x62c0001d0288, table=0x619000094d08, filesort=0x62d0000881d8, tracker=0x62d000088980, join=0x62900016ef50, first_table_bit=1) at /home/wx/mariadb-11.3.0/sql/filesort.cc:408
      #60 0x00005555573791c3 in create_sort_index (thd=0x62c0001d0288, join=0x62900016ef50, tab=0x62d0000730d8, fsort=0x62d0000881d8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:26843
      #61 0x00005555573677dd in st_join_table::sort_table (this=0x62d0000730d8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24485
      #62 0x0000555557366bdc in join_init_read_record (tab=0x62d0000730d8) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:24405
      #63 0x0000555557360006 in sub_select (join=0x62900016ef50, join_tab=0x62d0000730d8, end_of_records=false) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:23441
      #64 0x000055555735dadd in do_select (join=0x62900016ef50, procedure=0x0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:22961
      #65 0x00005555572dbfe9 in JOIN::exec_inner (this=0x62900016ef50) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4941
      #66 0x00005555572d93a0 in JOIN::exec (this=0x62900016ef50) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:4718
      #67 0x00005555573a840c in Sql_cmd_dml::execute_inner (this=0x6290000f6158, thd=0x62c0001d0288) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:33413
      #68 0x0000555557569d49 in Sql_cmd_update::execute_inner (this=0x6290000f6158, thd=0x62c0001d0288) at /home/wx/mariadb-11.3.0/sql/sql_update.cc:3069
      #69 0x00005555573a7f0d in Sql_cmd_dml::execute (this=0x6290000f6158, thd=0x62c0001d0288) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:33350
      #70 0x00005555571c1637 in mysql_execute_command (thd=0x62c0001d0288, is_called_from_prepared_stmt=false) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:4361
      #71 0x00005555571d95e2 in mysql_parse (thd=0x62c0001d0288, rawbuf=0x6290000f52a8 "UPDATE x SET x = 1 ORDER BY ( SELECT 1 / 1 WHERE ( ( x = ( SELECT x FROM ( SELECT x FROM x WHERE ( FALSE IS NOT NULL AND x BETWEEN 1 AND 1 ) OR ( ( CASE 'x' WHEN 'x' THEN 1 ELSE 1 END OR x = 'x' ) AND"..., length=589, parser_state=0x7fffd192e870) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
      #72 0x00005555571b1237 in dispatch_command (command=COM_QUERY, thd=0x62c0001d0288, packet=0x6290000fa289 " UPDATE x SET x = 1 ORDER BY ( SELECT 1 / 1 WHERE ( ( x = ( SELECT x FROM ( SELECT x FROM x WHERE ( FALSE IS NOT NULL AND x BETWEEN 1 AND 1 ) OR ( ( CASE 'x' WHEN 'x' THEN 1 ELSE 1 END OR x = 'x' ) AN"..., packet_length=593, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1893
      #73 0x00005555571adf7c in do_command (thd=0x62c0001d0288, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
      #74 0x000055555768e557 in do_handle_one_connection (connect=0x61100003c848, put_in_cache=true) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
      #75 0x000055555768deb4 in handle_one_connection (arg=0x61100003c708) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
      #76 0x00005555582fa350 in pfs_spawn_thread (arg=0x618000005508) at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
      #77 0x00007ffff7115609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
      #78 0x00007ffff6ce8133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32988 SQL Simplification for the SQL Query

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-37647 Crash at set_field_to_null_with_conversions

          • Major - Major loss of function.
          • Confirmed

          Activity

            People

              psergei Sergei Petrunia
              Xin Wen Xin Wen
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.