Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-34082

MariaDB Server crashes at JOIN::exec_inner()

    XMLWordPrintable

Details

    • Bug
    • Status: Confirmed (View Workflow)
    • Major
    • Resolution: Unresolved
    • 11.3.2, 11.4.1
    • 10.5
    • None
    • None
    • Ubuntu 20.04 x86_64, docker image mariadb:11.4.1-rc

    Description

      PoC:

      SELECT ( WITH RECURSIVE x AS ( WITH x AS ( SELECT ST_GEOMFROMTEXT ( 'LINESTRING(4 4)' ) FROM x ) SELECT 1 UNION SELECT 1 FROM x ) SELECT 1 FROM x );

      Backtrace:

      #0  0x000056086bd020af in JOIN::exec_inner() ()
      		 
      #1  0x000056086bd0343f in JOIN::exec() ()
      		 
      #2  0x000056086bd013cc in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) ()
      		 
      #3  0x000056086bc380ab in ?? ()
      		 
      #4  0x000056086bc37ce5 in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) ()
      		 
      #5  0x000056086bcceee0 in st_join_table::preread_init() ()
      		 
      #6  0x000056086bccf148 in sub_select(JOIN*, st_join_table*, bool) ()
      		 
      #7  0x000056086bd02ff8 in JOIN::exec_inner() ()
      		 
      #8  0x000056086bd0343f in JOIN::exec() ()
      		 
      #9  0x000056086bd5a07c in st_select_lex_unit::exec_recursive() ()
      		 
      #10 0x000056086bc38348 in ?? ()
      		 
      #11 0x000056086bc37ce5 in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) ()
      		 
      #12 0x000056086bcceee0 in st_join_table::preread_init() ()
      		 
      #13 0x000056086bccf148 in sub_select(JOIN*, st_join_table*, bool) ()
      		 
      #14 0x000056086bd02ff8 in JOIN::exec_inner() ()
      		 
      #15 0x000056086bd0343f in JOIN::exec() ()
      		 
      #16 0x000056086bd013cc in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) ()
      		 
      #17 0x000056086bc380ab in ?? ()
      		 
      ...
      		 
      #1355 0x000056086bd013cc in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) ()
      		 
      #1356 0x000056086bd01bc4 in handle_select(THD*, LEX*, select_result*, unsigned long long) ()
      		 
      #1357 0x000056086bc74285 in ?? ()
      		 
      #1358 0x000056086bc834af in mysql_execute_command(THD*, bool) ()
      		 
      #1359 0x000056086bc84a17 in mysql_parse(THD*, char*, unsigned int, Parser_state*) ()
      		 
      #1360 0x000056086bc8720d in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) ()
      		 
      #1361 0x000056086bc89118 in do_command(THD*, bool) ()
      		 
      #1362 0x000056086bdb5f6f in do_handle_one_connection(CONNECT*, bool) ()
      		 
      #1363 0x000056086bdb62bd in handle_one_connection ()
      		 
      #1364 0x000056086c138af6 in ?? ()
      		 
      #1365 0x00007f8776320ac3 in ?? () from target:/lib/x86_64-linux-gnu/libc.so.6
      		 
      #1366 0x00007f87763b1a04 in clone () from target:/lib/x86_64-linux-gnu/libc.so.6

      Attachments

        Activity

          People

            Johnston Rex Johnston
            ApplePie Peng Zongrui
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.