Details
-
Bug
-
Status: Open (View Workflow)
-
Critical
-
Resolution: Unresolved
-
10.5, 10.6, 10.11, 11.1(EOL), 11.2(EOL), 11.3(EOL), 11.4, 11.5(EOL)
Description
--source include/have_innodb.inc
|
--source include/have_query_cache.inc
|
--source include/have_partition.inc
|
SET sql_mode=''; |
SET GLOBAL query_cache_type=DEMAND; |
CREATE TABLE t1 (c1 SMALLINT NULL, c2 BINARY (25) NOT NULL, c3 TINYINT(4) NULL, c4 BINARY (15) NOT NULL PRIMARY KEY, c5 SMALLINT NOT NULL UNIQUE KEY,c6 DECIMAL(10,8) NOT NULL DEFAULT 3.141592) ENGINE=InnoDB; |
SET GLOBAL query_cache_size=81920; |
--error ER_BAD_FIELD_ERROR
|
SELECT * FROM t1 WHERE b=1 AND c=1; |
SET SESSION query_cache_type=1; |
DROP TABLE t1; |
CREATE TABLE t1 (c1 INT NOT NULL, c2 CHAR(5)) ENGINE=InnoDB PARTITION BY LINEAR KEY(c1) PARTITIONS 99; |
SELECT * FROM t1 WHERE c1 <='1998-12-29 00:00:00' ORDER BY c1,c2; |
--error ER_BAD_FIELD_ERROR
|
SELECT GROUP_CONCAT(a SEPARATOR '###') AS NAMES FROM t1 HAVING LEFT(NAMES, 1)='J'; |
SELECT * FROM t1; |
SELECT COUNT(*) FROM t1; |
--error ER_BAD_FIELD_ERROR
|
SELECT C.a, c.a FROM t1 c, t1 C; |
SELECT * FROM t1 WHERE c1 <='1998-12-29 00:00:00' ORDER BY c1,c2; |
CREATE TABLE bug19145a (e ENUM ('a','b','c') DEFAULT 'b', s SET('x', 'y', 'z') DEFAULT 'y') ENGINE=RocksDB; |
--error ER_BAD_FIELD_ERROR
|
SELECT * FROM t1 WHERE c1 <> 0 ORDER BY c1,c6 DESC; |
DROP DATABASE test; |
Leads to a variety of issues, including double free or corruption (!prev), a variety of crashing/asserting stacks and/or a hang.
A non-exhaustive selection of issues seen, one per line:
double free or corruption (!prev)
|
SIGSEGV|__strcmp_avx2|_ma_test_if_reopen|maria_open|ha_maria::open
|
SIGSEGV|my_free|_ma_end_block_record|maria_close|closefrm
|
SIGSEGV|open_table|open_and_process_table|open_tables|open_and_lock_tables
|
SIGSEGV|get_lock_data|mysql_lock_tables|lock_tables|open_and_lock_tables
|
SIGSEGV|extra_cb|ha_partition::loop_partitions|ha_partition::extra|close_thread_tables
|
SIGABRT|__libc_message|malloc_printerr|_int_free|__GI___libc_free
|
SIGSEGV|strmake_root|Query_arena::strmake_lex_string|Query_arena::strmake_lex_cstring|Query_arena::strmake_lex_cstring
|
SIGSEGV|TABLE_SHARE::period_info_t::start_field|period_get_condition|st_select_lex::vers_setup_conds|JOIN::prepare
|
SIGSEGV|bitmap_fast_test_and_set|TABLE::mark_column_with_deps|insert_fields|setup_wild
|
SIGSEGV|ha_partition::register_query_cache_dependant_tables|Query_cache::register_tables_from_list|Query_cache::register_all_tables|Query_cache::store_query
|
SIGSEGV|handler::ha_external_lock|ha_partition::external_lock|handler::ha_external_lock|handler::ha_external_unlock
|
SIGSEGV|open_table|open_and_process_table|open_tables|open_and_lock_tables
|
SIGSEGV|strmake_root|Query_arena::strmake_lex_string|Query_arena::strmake_lex_cstring|Query_arena::strmake_lex_cstring
|
table_block_data->m_cached_query_count == 0|SIGABRT|Query_cache::unlink_table|Query_cache::register_all_tables|Query_cache::store_query|execute_sqlcom_select
|
table_block_data->m_cached_query_count >= 0|SIGABRT|Query_cache::unlink_table|Query_cache::register_all_tables|Query_cache::store_query|execute_sqlcom_select
|
reinterpret_cast<size_t>(ptr) % Alignment == 0|SIGABRT|my_assume_aligned<8, LF_SLIST*>|my_assume_aligned<8, LF_SLIST*>|l_find|l_search
|
ASAN|heap-buffer-overflow|sql/sql_cache.cc|Query_cache_block::init|Query_cache::split_block|Query_cache::allocate_block|Query_cache::write_block_data
|
Attachments
Issue Links
- relates to
-
-
- Confirmed
-
-
-
- Confirmed
-