Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-32848

Server crash via Item_equal::add_key_fields in /sql/sql_bitmap.h:196, member access within null pointer of type 'struct JOIN_TAB' in add_key_field

    XMLWordPrintable

Details

    • Bug
    • Status: In Progress (View Workflow)
    • Major
    • Resolution: Unresolved
    • None
    • 10.4
    • Optimizer
    • None

    Description

      MDEV-28509 describes two separate problems and the PR for it fixes the problem as described in the Description field. This ticket covers the second problem which is captured by queries found in the comments on that ticket, but replicated here in this Description field for clarity's sake.

      The following query crashes during make_join_statistics, primarily because of a pushdown condition created while optimizing inner queries where that condition utilizes Item_equal.

      SELECT * FROM ( SELECT 1 x ) ss WHERE x = 1 AND x < 1 HAVING ( WITH x AS ( SELECT 1 ) SELECT x FROM x WHERE x = 1 ) ;

      yields

      sql/sql_bitmap.h:220(Bitmap<64u>::merge(Bitmap<64u> const&))[0x55e63a123fdd]
      		 
      sql/sql_select.cc:6090(add_key_field(JOIN*, KEY_FIELD**, unsigned int, Item_bool_func*, Field*, bool, Item**, unsigned int, unsigned long long, SARGABLE_PARAM**, unsigned int))[0x55e63a05b90b]
      		 
      sql/sql_select.cc:6522(Item_equal::add_key_fields(JOIN*, KEY_FIELD**, unsigned int*, unsigned long long, SARGABLE_PARAM**))[0x55e63a05fa99]
      		 
      sql/sql_select.cc:6953(update_ref_and_keys(THD*, st_dynamic_array*, st_join_table*, unsigned int, Item*, unsigned long long, st_select_lex*, SARGABLE_PARAM**))[0x55e63a0639af]
      		 
      sql/sql_select.cc:5206(make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*))[0x55e63a053008]
      		 
      sql/sql_select.cc:2368(JOIN::optimize_inner())[0x55e63a035c15]
      		 
      sql/sql_select.cc:1711(JOIN::optimize())[0x55e63a02ec2b]
      		 
      sql/sql_lex.cc:4236(st_select_lex::optimize_unflattened_subqueries(bool))[0x55e639f075f2]
      		 
      sql/opt_subselect.cc:5603(JOIN::optimize_unflattened_subqueries())[0x55e63a478fa1]
      		 
      sql/sql_select.cc:3165(JOIN::optimize_stage2())[0x55e63a03de38]
      		 
      sql/sql_select.cc:2394(JOIN::optimize_inner())[0x55e63a035f20]
      		 
      sql/sql_select.cc:1711(JOIN::optimize())[0x55e63a02ec2b]
      		 
      sql/sql_select.cc:4812(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55e63a04fc1d]
      		 
      ...

      Attachments

        Activity

          People

            Gosselin Dave Gosselin
            Gosselin Dave Gosselin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.