[MDEV-32848] Server crash via Item_equal::add_key_fields in /sql/sql_bitmap.h:196, member access within null pointer of type 'struct JOIN_TAB' in add_key_field - Jira

XML

Word

Printable

Details

Type: Bug
Status: Stalled (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.11, 12.3
Fix Version/s: 10.11, 11.4, 11.8, 12.3
Component/s: Optimizer
Labels:
None

Description

MDEV-28509 describes two separate problems and the PR for it fixes the problem as described in the Description field. This ticket covers the second problem which is captured by queries found in the comments on that ticket, but replicated here in this Description field for clarity's sake.

The following query crashes during make_join_statistics, primarily because of a pushdown condition created while optimizing inner queries where that condition utilizes Item_equal.

SELECT * FROM ( SELECT 1 x ) ss WHERE x = 1 AND x < 1 HAVING ( WITH x AS ( SELECT 1 ) SELECT x FROM x WHERE x = 1 ) ;

yields

sql/sql_bitmap.h:220(Bitmap<64u>::merge(Bitmap<64u> const&))[0x55e63a123fdd]

sql/sql_select.cc:6090(add_key_field(JOIN*, KEY_FIELD**, unsigned int, Item_bool_func*, Field*, bool, Item**, unsigned int, unsigned long long, SARGABLE_PARAM**, unsigned int))[0x55e63a05b90b]

sql/sql_select.cc:6522(Item_equal::add_key_fields(JOIN*, KEY_FIELD**, unsigned int*, unsigned long long, SARGABLE_PARAM**))[0x55e63a05fa99]

sql/sql_select.cc:6953(update_ref_and_keys(THD*, st_dynamic_array*, st_join_table*, unsigned int, Item*, unsigned long long, st_select_lex*, SARGABLE_PARAM**))[0x55e63a0639af]

sql/sql_select.cc:5206(make_join_statistics(JOIN*, List<TABLE_LIST>&, st_dynamic_array*))[0x55e63a053008]

sql/sql_select.cc:2368(JOIN::optimize_inner())[0x55e63a035c15]

sql/sql_select.cc:1711(JOIN::optimize())[0x55e63a02ec2b]

sql/sql_lex.cc:4236(st_select_lex::optimize_unflattened_subqueries(bool))[0x55e639f075f2]

sql/opt_subselect.cc:5603(JOIN::optimize_unflattened_subqueries())[0x55e63a478fa1]

sql/sql_select.cc:3165(JOIN::optimize_stage2())[0x55e63a03de38]

sql/sql_select.cc:2394(JOIN::optimize_inner())[0x55e63a035f20]

sql/sql_select.cc:1711(JOIN::optimize())[0x55e63a02ec2b]

sql/sql_select.cc:4812(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55e63a04fc1d]

...

Attachments

Issue Links

relates to

MDEV-22825 Server crashes in Bitmap<64u>::merge / add_key_field with condition_pushdown_for_subquery=on

Confirmed

Activity

People

Assignee:: Oleksandr Byelkin

Reporter:: Dave Gosselin

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2023-11-20 22:28

Updated:: 2026-03-26 15:59

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.