Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-3556

LP:736791 - Crash in make_truncated_value_warningwith LEAST()/GREATEST/COALESCE

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Critical
    • Resolution: Fixed
    • None
    • None
    • None

    Description

      Not repeatable in mysql-5.1.

      backtrace:

      #5 0x08366f43 in make_truncated_value_warning (thd=0x8f8f8f8f, level=MYSQL_ERROR::WARN_LEVEL_WARN, sval=0xb6d7e6d0, time_type=MYSQL_TIMESTAMP_DATETIME,
      field_name=0xb6a04740 "f1") at time.cc:730
      #6 0x081e3497 in get_datetime_value (thd=0x8f8f8f8f, item_arg=0xb6d7e734, cache_arg=0x0, warn_item=0xb6a04748, is_null=0xb6d7e733) at item_cmpfunc.cc:879
      #7 0x081d26bb in Item_func_min_max::cmp_datetimes (this=0xb6a047e0, ltime=0xb6d7e774) at item_func.cc:2285
      #8 0x081d2d50 in Item_func_min_max::val_int (this=0xb6a047e0) at item_func.cc:2416
      #9 0x081a8513 in Item::get_date (this=0xb6a047e0, ltime=0xb6d7e890, fuzzydate=1) at item.cc:998
      #10 0x081b3398 in Item::send (this=0xb6a047e0, protocol=0x898b3a0, buffer=0xb6d7ec44) at item.cc:5676
      #11 0x08249b4d in select_send::send_data (this=0xb6a04b30, items=...) at sql_class.cc:1691
      #12 0x082f0e8e in end_send (join=0xb6a04b48, join_tab=0x0, end_of_records=false) at sql_select.cc:12317
      #13 0x082ee8ca in do_select (join=0xb6a04b48, fields=0x898c50c, table=0x0, procedure=0x0) at sql_select.cc:11146
      #14 0x082d96ef in JOIN::exec (this=0xb6a04b48) at sql_select.cc:2334
      #15 0x082d9f02 in mysql_select (thd=0x898b090, rref_pointer_array=0x898c570, tables=0xb6a048e0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0,
      group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0xb6a04b30, unit=0x898c208, select_lex=0x898c478) at sql_select.cc:2544
      #16 0x082d28ee in handle_select (thd=0x898b090, lex=0x898c1ac, result=0xb6a04b30, setup_tables_done_option=0) at sql_select.cc:269
      #17 0x0827aa2f in execute_sqlcom_select (thd=0x898b090, all_tables=0xb6a048e0) at sql_parse.cc:5129
      #18 0x082718e6 in mysql_execute_command (thd=0x898b090) at sql_parse.cc:2278
      #19 0x0827cbe8 in mysql_parse (thd=0x898b090, rawbuf=0xb6a04628 "SELECT LEAST( 1 , f1 ) FROM t1", length=30, found_semicolon=0xb6d80210) at sql_parse.cc:6054
      #20 0x0826f540 in dispatch_command (command=COM_QUERY, thd=0x898b090, packet=0x89d0539 "", packet_length=31) at sql_parse.cc:1249
      #21 0x0826e770 in do_command (thd=0x898b090) at sql_parse.cc:889
      #22 0x0826cab5 in handle_one_connection (arg=0x898b090) at sql_connect.cc:1136
      #23 0x00821919 in start_thread () from /lib/libpthread.so.0
      #24 0x0076acce in clone () from /lib/libc.so.6

      valgrind:

      ==12635== Invalid read of size 4
      ==12635== at 0x8366F43: make_truncated_value_warning(THD*, MYSQL_ERROR::enum_warning_level, Lazy_string const*, enum_mysql_timestamp_type, char const*) (time.cc:730)
      ==12635== by 0x81E3496: get_datetime_value(THD*, Item**, Item, Item, bool*) (item_cmpfunc.cc:879)
      ==12635== by 0x81D26BA: Item_func_min_max::cmp_datetimes(st_mysql_time*) (item_func.cc:2285)
      ==12635== by 0x81D2D4F: Item_func_min_max::val_int() (item_func.cc:2416)
      ==12635== by 0x81A8512: Item::get_date(st_mysql_time*, unsigned int) (item.cc:998)
      ==12635== by 0x81B3397: Item::send(Protocol*, String*) (item.cc:5676)
      ==12635== by 0x8249B4C: select_send::send_data(List<Item>&) (sql_class.cc:1691)
      ==12635== by 0x82F0E8D: end_send(JOIN*, st_join_table*, bool) (sql_select.cc:12317)
      ==12635== by 0x82EE8C9: do_select(JOIN*, List<Item>, st_table, Procedure*) (sql_select.cc:11146)
      ==12635== by 0x82D96EE: JOIN::exec() (sql_select.cc:2334)
      ==12635== by 0x82D9F01: mysql_select(THD*, Item**, TABLE_LIST, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2544)
      ==12635== by 0x82D28ED: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:269)
      ==12635== by 0x827AA2E: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5129)
      ==12635== by 0x82718E5: mysql_execute_command(THD*) (sql_parse.cc:2278)
      ==12635== by 0x827CBE7: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6054)
      ==12635== by 0x826F53F: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1249)
      ==12635== Address 0x8f8f9fef is not stack'd, malloc'd or (recently) free'd

      test case:

      CREATE TABLE t1 ( f1 timestamp);
      INSERT INTO t1 VALUES ('0000-00-00 00:00:00');

      SELECT LEAST( 1 , f1 ) FROM t1 ;

      Attachments

        Activity

          People

            serg Sergei Golubchik
            philipstoev Philip Stoev (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.