[MDEV-33644] Server crashes at Item_func_nullif::decimal_op - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Duplicate
Affects Version/s: 11.3.2, 11.4.1
Fix Version/s: N/A
Component/s: N/A
Labels:
None
Environment:
Ubuntu 20.04 x86-64, docker image mariadb:11.4-rc

Description

PoC:

SELECT NULLIF ( AVG ( 999999 ) OVER ( ORDER BY 1 ) , '1' ) ORDER BY 1 , 1 , 1 ;

gdb backtrace:

#0  0x000055d7b756a0f0 in ?? ()

#1  0x000055d7b70d6982 in Item_sum_avg::val_decimal(my_decimal*) ()

#2  0x000055d7b716c0c0 in Item_window_func::val_decimal(my_decimal*) ()

#3  0x000055d7b6ff8383 in Item_ref::val_decimal(my_decimal*) ()

#4  0x000055d7b6f32caf in VDec::VDec(Item*) ()

#5  0x000055d7b7022bd7 in Arg_comparator::compare_decimal() ()

#6  0x000055d7b702c156 in Item_func_nullif::decimal_op(my_decimal*) ()

#7  0x000055d7b6f32eef in VDec_op::VDec_op(Item_func_hybrid_field_type*) ()

#8  0x000055d7b6f33049 in Type_handler_decimal_result::Item_func_hybrid_field_type_val_decimal(Item_func_hybrid_field_type*, my_decimal*) const ()

#9  0x000055d7b6ff8383 in Item_ref::val_decimal(my_decimal*) ()

#10 0x000055d7b702c16e in Item_func_nullif::decimal_op(my_decimal*) ()

#11 0x000055d7b6f32eef in VDec_op::VDec_op(Item_func_hybrid_field_type*) ()

...

#5525 0x000055d7b6ff8383 in Item_ref::val_decimal(my_decimal*) ()

#5526 0x000055d7b702c16e in Item_func_nullif::decimal_op(my_decimal*) ()

#5527 0x000055d7b6f32eef in VDec_op::VDec_op(Item_func_hybrid_field_type*) ()

#5528 0x000055d7b6f33049 in Type_handler_decimal_result::Item_func_hybrid_field_type_val_decimal(Item_func_hybrid_field_type*, my_decimal*) const ()

#5529 0x000055d7b6ff8383 in Item_ref::val_decimal(my_decimal*) ()

#5530 0x000055d7b702c16e in Item_func_nullif::decimal_op(my_decimal*) ()

#5531 0x000055d7b6f32eef in VDec_op::VDec_op(Item_func_hybrid_field_type*) ()

#5532 0x000055d7b6f33049 in Type_handler_decimal_result::Item_func_hybrid_field_type_val_decimal(Item_func_hybrid_field_type*, my_decimal*) const ()

#5533 0x000055d7b6ff8383 in Item_ref::val_decimal(my_decimal*) ()

#5534 0x000055d7b702c16e in Item_func_nullif::decimal_op(my_decimal*) ()

#5535 0x000055d7b6f32eef in VDec_op::VDec_op(Item_func_hybrid_field_type*) ()

#5536 0x000055d7b6f33049 in Type_handler_decimal_result::Item_func_hybrid_field_type_val_decimal(Item_func_hybrid_field_type*, my_decimal*) const ()

#5537 0x000055d7b6ff8383 in Item_ref::val_decimal(my_decimal*) ()

#5538 0x000055d7b702c16e in Item_func_nullif::decimal_op(my_decimal*) ()

#5539 0x000055d7b6f32eef in VDec_op::VDec_op(Item_func_hybrid_field_type*) ()

#5540 0x000055d7b6f33049 in Type_handler_decimal_result::Item_func_hybrid_field_type_val_decimal(Item_func_hybrid_field_type*, my_decimal*) const ()

#5541 0x000055d7b6ff8383 in Item_ref::val_decimal(my_decimal*) ()

#5542 0x000055d7b702c16e in Item_func_nullif::decimal_op(my_decimal*) ()

#5543 0x000055d7b6f32eef in VDec_op::VDec_op(Item_func_hybrid_field_type*) ()

#5544 0x000055d7b6f33049 in Type_handler_decimal_result::Item_func_hybrid_field_type_val_decimal(Item_func_hybrid_field_type*, my_decimal*) const ()

#5545 0x000055d7b6f32caf in VDec::VDec(Item*) ()

#5546 0x000055d7b700c013 in Item::save_decimal_in_field(Field*, bool) ()

#5547 0x000055d7b6ffb687 in Item::save_in_field(Field*, bool) ()

#5548 0x000055d7b6f47dbb in compute_window_func(THD*, List<Item_window_func>&, List<Cursor_manager>&, TABLE*, SORT_INFO*) ()

#5549 0x000055d7b6f4814f in Window_func_runner::exec(THD*, TABLE*, SORT_INFO*) ()

#5550 0x000055d7b6f48267 in Window_funcs_sort::exec(JOIN*, bool) ()

#5551 0x000055d7b6f48dd6 in Window_funcs_computation::exec(JOIN*, bool) ()

#5552 0x000055d7b6dd59fe in AGGR_OP::end_send() ()

#5553 0x000055d7b6dd5d40 in sub_select_postjoin_aggr(JOIN*, st_join_table*, bool) ()

#5554 0x000055d7b6ddfeaf in JOIN::exec_inner() ()

#5555 0x000055d7b6de043f in JOIN::exec() ()

#5556 0x000055d7b6dde3cc in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) ()

#5557 0x000055d7b6ddebc4 in handle_select(THD*, LEX*, select_result*, unsigned long long) ()

#5558 0x000055d7b6d51285 in ?? ()

#5559 0x000055d7b6d604af in mysql_execute_command(THD*, bool) ()

#5560 0x000055d7b6d61a17 in mysql_parse(THD*, char*, unsigned int, Parser_state*) ()

#5561 0x000055d7b6d6420d in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) ()

#5562 0x000055d7b6d66118 in do_command(THD*, bool) ()

#5563 0x000055d7b6e92f6f in do_handle_one_connection(CONNECT*, bool) ()

#5564 0x000055d7b6e932bd in handle_one_connection ()

#5565 0x000055d7b7215af6 in ?? ()

#5566 0x00007f4700ed1ac3 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:442

#5567 0x00007f4700f62a04 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:100

Attachments

Issue Links

duplicates

MDEV-32317 Prepare phase: Server crashes at Item_bool_rowready_func2::cleanup

Confirmed

Activity

People

Assignee:: Unassigned

Reporter:: Jingzhou Fu

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2024-03-10 04:05

Updated:: 2024-03-11 10:02

Resolved:: 2024-03-11 10:02

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.