[MDEV-32716] Segmentation fault at /mariadb-11.3.0/sql/item.h:5647 - Jira

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 11.3.0, 10.4(EOL), 10.5, 10.6, 10.9(EOL), 10.10(EOL), 10.11, 11.0(EOL), 11.1(EOL), 11.2(EOL)
Fix Version/s: 10.5, 10.6, 10.11
Component/s: Optimizer, Server
Labels:
None
Environment:
Ubuntu 20.04

Description

Run these queries in debug build:

CREATE TABLE x ( x INT ) ;
INSERT INTO x ( x ) VALUES ( 1 ) ;
UPDATE x SET x = 1 WHERE x = 1 ;
INSERT INTO x ( x ) VALUES ( 1 ) , ( 1 ) ;
WITH RECURSIVE x ( x ) AS ( SELECT 1.000000 ^ 1.000000 UNION SELECT 1 - x FROM x ) SELECT DISTINCT * FROM x UNION SELECT NOT ( SELECT x FROM ( SELECT 1.000000 ^ 'x' * 1.000000 / 1 ^ x = ( SELECT x FROM x WHERE x IN ( WITH x AS ( WITH x AS ( SELECT * FROM x WHERE x / 1 = x % 1 ) SELECT ( NULL = 1.000000 ) OR ( ( x % 1 ) = 1 ) OR ( x BETWEEN 1 AND 1 ) AS x , x + NULL FROM x WHERE x = CASE x WHEN 'x' THEN 'x' WHEN 1 THEN 'x' ELSE x END WINDOW x AS ( PARTITION BY x ORDER BY x DESC ) ) SELECT x FROM x AS x WHERE ( x = 'x' OR x = 'x' ) AND x IS NOT NULL GROUP BY - 'x' >= x ) UNION SELECT 1 - x FROM x ) AND ( x = CASE WHEN 'x' THEN 'x' ELSE x END ) = 1 FROM x GROUP BY x ) AS x WHERE x = 'x' AND x IN ( SELECT - 1 BETWEEN ( SELECT x FROM x AS x WHERE EXISTS ( SELECT x , x * x FROM x ORDER BY ( x BETWEEN ( SELECT DISTINCT x WHERE x BETWEEN ( WITH x AS ( SELECT * FROM x GROUP BY x HAVING ( 1 NOT IN ( ( x < 1 OR 1 - 1 ) , 1 ) ) WINDOW x AS ( ) ) SELECT x AS x FROM x AS x GROUP BY x HAVING x ) AND 1 ) AND 1 ) , x ) GROUP BY x ORDER BY x * 1 ) AND 1 AS x FROM x WHERE x = 'x' GROUP BY x HAVING x ) ) FROM x WHERE ( x = 1 ) OR ( x = 1 ) OR ( x BETWEEN 1 AND 1 ) OR ( x = 1 ) OR ( x BETWEEN 1 AND 1 ) OR 1 OR ( 1 IN ( 1 , 1 ) ) OR ( x BETWEEN 1 AND 1 ) OR ( x = 1 ) OR ( x + 1 = ( SELECT DISTINCT x IS NULL FROM x ) OR x > 1 OR ( x = 1 AND ( x = x OR x = x ) ) ) OR ( x = 1 ) GROUP BY x , x HAVING ( 1 = 1 AND ( FALSE < x ) = 1 ) ORDER BY x + x ;

Will trigger Segmentation fault.
GDB info:
#0 0x00005555570327e2 in Item_ref::type_handler (this=0x62f000017f58) at /home/wx/mariadb-11.3.0/sql/item.h:5647
#1 0x000055555703288f in Item_ref::type_handler (this=0x62f000017a50) at /home/wx/mariadb-11.3.0/sql/item.h:5647
#2 0x0000555556ea63b4 in Item::result_type (this=0x62f000017a50) at /home/wx/mariadb-11.3.0/sql/item.h:1273
#3 0x00005555570342b6 in Item_ref::check_cols (this=0x62f000017a50, c=1) at /home/wx/mariadb-11.3.0/sql/item.h:5749
#4 0x0000555556f040ec in Item::fix_fields_if_needed_for_scalar (this=0x62f000017a50, thd=0x62c0001e0288, ref=0x62f000017a40) at /home/wx/mariadb-11.3.0/sql/item.h:1156
#5 0x0000555557bd0e55 in Item_direct_ref::fix_fields (this=0x62f000017930, thd=0x62c0001e0288, it=0x62f000017da0) at /home/wx/mariadb-11.3.0/sql/item.h:5841
#6 0x0000555556f0404f in Item::fix_fields_if_needed (this=0x62f000017930, thd=0x62c0001e0288, ref=0x62f000017da0) at /home/wx/mariadb-11.3.0/sql/item.h:1147
#7 0x0000555557c6c9f2 in Item_func::fix_fields (this=0x62f000017d20, thd=0x62c0001e0288, ref=0x62f000027218) at /home/wx/mariadb-11.3.0/sql/item_func.cc:349
#8 0x0000555556f0404f in Item::fix_fields_if_needed (this=0x62f000017d20, thd=0x62c0001e0288, ref=0x62f000027218) at /home/wx/mariadb-11.3.0/sql/item.h:1147
#9 0x0000555556f04089 in Item::fix_fields_if_needed_for_scalar (this=0x62f000017d20, thd=0x62c0001e0288, ref=0x62f000027218) at /home/wx/mariadb-11.3.0/sql/item.h:1156
#10 0x000055555703235b in Item::fix_fields_if_needed_for_bool (this=0x62f000017d20, thd=0x62c0001e0288, ref=0x62f000027218) at /home/wx/mariadb-11.3.0/sql/item.h:1160
#11 0x0000555557c13a3b in Item_cond::fix_fields (this=0x62f0000270f0, thd=0x62c0001e0288, ref=0x62f0000027d8) at /home/wx/mariadb-11.3.0/sql/item_cmpfunc.cc:4941
#12 0x00005555572bf966 in JOIN::optimize_inner (this=0x62f0000025c0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2319
#13 0x00005555572bbba6 in JOIN::optimize (this=0x62f0000025c0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1944
#14 0x0000555557daa63f in Item_in_subselect::optimize (this=0x62d00007b240, out_rows=0x7fffd192c1f0, cost=0x7fffd192c210) at /home/wx/mariadb-11.3.0/sql/item_subselect.cc:850
#15 0x00005555577bc289 in setup_jtbm_semi_joins (join=0x62d000088a38, join_list=0x62900015f150, eq_list=...) at /home/wx/mariadb-11.3.0/sql/opt_subselect.cc:6593
#16 0x00005555572c0b41 in JOIN::optimize_inner (this=0x62d000088a38) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2403
#17 0x00005555572bbba6 in JOIN::optimize (this=0x62d000088a38) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1944
#18 0x0000555557143851 in st_select_lex::optimize_unflattened_subqueries (this=0x62900015eae8, const_only=false) at /home/wx/mariadb-11.3.0/sql/sql_lex.cc:4916
#19 0x00005555577b7509 in JOIN::optimize_unflattened_subqueries (this=0x62d000088208) at /home/wx/mariadb-11.3.0/sql/opt_subselect.cc:5864
#20 0x00005555572c91e7 in JOIN::optimize_stage2 (this=0x62d000088208) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:3229
#21 0x00005555572c2f34 in JOIN::optimize_inner (this=0x62d000088208) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:2650
#22 0x00005555572bbba6 in JOIN::optimize (this=0x62d000088208) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:1944
#23 0x0000555557527ce3 in st_select_lex_unit::optimize (this=0x62c0001e46d8) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:2262
#24 0x00005555575288de in st_select_lex_unit::exec_inner (this=0x62c0001e46d8) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:2310
#25 0x0000555557528545 in st_select_lex_unit::exec (this=0x62c0001e46d8) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:2292
#26 0x0000555557514186 in mysql_union (thd=0x62c0001e0288, lex=0x62c0001e45f8, result=0x62d0000859e8, unit=0x62c0001e46d8, setup_tables_done_option=0) at /home/wx/mariadb-11.3.0/sql/sql_union.cc:45
#27 0x00005555572acea8 in handle_select (thd=0x62c0001e0288, lex=0x62c0001e45f8, result=0x62d0000859e8, setup_tables_done_option=0) at /home/wx/mariadb-11.3.0/sql/sql_select.cc:618
#28 0x00005555571ce583 in execute_sqlcom_select (thd=0x62c0001e0288, all_tables=0x6290000f8ab8) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:6013
#29 0x00005555571becf6 in mysql_execute_command (thd=0x62c0001e0288, is_called_from_prepared_stmt=false) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:3912
#30 0x00005555571d95e2 in mysql_parse (thd=0x62c0001e0288, rawbuf=0x6290000f52a8 "WITH RECURSIVE x ( x ) AS ( SELECT 1.000000 ^ 1.000000 UNION SELECT 1 - x FROM x ) SELECT DISTINCT * FROM x UNION SELECT NOT ( SELECT x FROM ( SELECT 1.000000 ^ 'x' * 1.000000 / 1 ^ x = ( SELECT x FRO"..., length=1444, parser_state=0x7fffd192e870) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:7734
#31 0x00005555571b1237 in dispatch_command (command=COM_QUERY, thd=0x62c0001e0288, packet=0x6290000fa289 " WITH RECURSIVE x ( x ) AS ( SELECT 1.000000 ^ 1.000000 UNION SELECT 1 - x FROM x ) SELECT DISTINCT * FROM x UNION SELECT NOT ( SELECT x FROM ( SELECT 1.000000 ^ 'x' * 1.000000 / 1 ^ x = ( SELECT x FR"..., packet_length=1448, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1893
#32 0x00005555571adf7c in do_command (thd=0x62c0001e0288, blocking=true) at /home/wx/mariadb-11.3.0/sql/sql_parse.cc:1406
#33 0x000055555768e557 in do_handle_one_connection (connect=0x611000065ec8, put_in_cache=true) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1445
#34 0x000055555768deb4 in handle_one_connection (arg=0x611000065d88) at /home/wx/mariadb-11.3.0/sql/sql_connect.cc:1347
#35 0x00005555582fa350 in pfs_spawn_thread (arg=0x618000005508) at /home/wx/mariadb-11.3.0/storage/perfschema/pfs.cc:2201
#36 0x00007ffff7115609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#37 0x00007ffff6ce8133 in clone () from /lib/x86_64-linux-gnu/libc.so.6

Segmentation fault at /mariadb-11.3.0/sql/item.h:5647

Details

Description

Attachments

Activity

People

Dates

Git Integration