Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
11.3.2, 11.4.1
-
None
-
Ubuntu 20.04 x86_64,CC=clang-12 CXX=clang++-12 cmake ../mariadb
Description
PoC:
SELECT CASE WHEN (SELECT AVG('1000009:10:10') GROUP BY x HAVING x = 'a') THEN TRUE END FROM (SELECT '-Infinity' AS x UNION SELECT UPDATEXML(NULL, 1, 1)) AS x GROUP BY x; |
Backtrace:
#0 0x561622997603 (_ZN10Item_equal7val_intEv+0x153)
|
#1 0x56162255dd54 (_Z14end_send_groupP4JOINP13st_join_tableb+0x924)
|
#2 0x56162252eb25 (_ZN4JOIN10exec_innerEv+0x22f5)
|
#3 0x56162252c746 (_ZN4JOIN4execEv+0x66)
|
#4 0x561622a8593b (_ZN30subselect_single_select_engine4execEv+0x5ab)
|
#5 0x561622a7603a (_ZN14Item_subselect4execEv+0x5a)
|
#6 0x561622a787c6 (_ZN24Item_singlerow_subselect8val_realEv+0x66)
|
#7 0x56162295f077 (_ZN15Item_cache_real11cache_valueEv+0x57)
|
#8 0x561622958595 (_ZN18Item_cache_wrapper8val_boolEv+0x145)
|
#9 0x561622980a62 (_ZN23Item_func_case_searched9find_itemEv+0x62)
|
#10 0x5616229810d3 (_ZN14Item_func_case6int_opEv+0x33)
|
#11 0x56162294e50b (_ZN4Item17save_int_in_fieldEP5Fieldb+0x3b)
|
#12 0x56162294e5f1 (_ZN4Item13save_in_fieldEP5Fieldb+0x51)
|
#13 0x56162255d0f9 (_ZL9end_writeP4JOINP13st_join_tableb+0x1b9)
|
#14 0x56162255f22d (_ZL20evaluate_join_recordP4JOINP13st_join_tablei+0x59d)
|
#15 0x5616224f8ea6 (_Z10sub_selectP4JOINP13st_join_tableb+0x4f6)
|
#16 0x56162252e275 (_ZN4JOIN10exec_innerEv+0x1a45)
|
#17 0x56162252c746 (_ZN4JOIN4execEv+0x66)
|
#18 0x5616224f9e4b (_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x5ab)
|
#19 0x5616224f97e5 (_Z13handle_selectP3THDP3LEXP13select_resulty+0x265)
|
#20 0x561622498fe9 (_ZL21execute_sqlcom_selectP3THDP10TABLE_LIST+0x639)
|
#21 0x56162248f0fa (_Z21mysql_execute_commandP3THDb+0x3daa)
|
#22 0x561622484e05 (_Z11mysql_parseP3THDPcjP12Parser_state+0x345)
|
#23 0x5616224812ae (_Z16dispatch_command19enum_server_commandP3THDPcjb+0x17de)
|
#24 0x561622485646 (_Z10do_commandP3THDb+0x4a6)
|
#25 0x5616226ad115 (_Z24do_handle_one_connectionP7CONNECTb+0x2b5)
|
#26 0x5616226acd47 (handle_one_connection+0xc7)
|
#27 0x561622cf33ff (pfs_spawn_thread+0xff)
|
#28 0x7fb0cb611609 (start_thread+0xd9)
|
#29 0x7fb0cb333353 (clone+0x43)
|
Attachments
Issue Links
- is duplicated by
-
-
- In Review
-