Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-36353

MariaDB SEGV in Item_subselect::init when executing query

Details

    Description

      MariaDB crashes when executing the following statement: 

      drop database if exists test123;
      		 
      create database if not exists test123;
      		 
      use test123;
      		 
      DESC FOR CONNECTION + INTERVAL TRUE IN ( SELECT 'string' ) YEAR_MONTH + FALSE <=> TRUE NOT IN ( SELECT * );

      Crash stack: 

      #0  0x0000000001bbe8bc in Item_subselect::init (this=0xffff7e8f2640, select_lex=0xffff7e8f17b8, result=0xffff7e8f2850)
      		 
          at /home/mariadb/mariadb-server/sql/item_subselect.cc:124
      		 
      #1  0x0000000001bccc44 in Item_in_subselect::Item_in_subselect (this=0xffff7e8f2640, thd=0xffff58e5b218, left_exp=<optimized out>,
      		 
          select_lex=0xffff7e8f17b8) at /home/mariadb/mariadb-server/sql/item_subselect.cc:1664
      		 
      #2  0x0000000001649b48 in MYSQLparse (thd=<optimized out>) at /home/mariadb/mariadb-server/sql/sql_yacc.yy:9670
      		 
      #3  0x0000000000d575c0 in parse_sql (thd=0xffff58e5b218, parser_state=<optimized out>, creation_ctx=0x0, do_pfs_digest=true)
      		 
          at /home/mariadb/mariadb-server/sql/sql_parse.cc:10328
      		 
      #4  0x0000000000d1c8b8 in mysql_parse (thd=0xffff58e5b218,
      		 
          rawbuf=0xffff7e8f0438 "DESC FOR CONNECTION + INTERVAL TRUE IN ( SELECT 'string' ) YEAR_MONTH + FALSE <=> TRUE NOT IN ( SELECT * )",
      		 
          length=<optimized out>, parser_state=<optimized out>) at /home/mariadb/mariadb-server/sql/sql_parse.cc:7867
      		 
      #5  0x0000000000d120f0 in dispatch_command (command=<optimized out>, thd=<optimized out>, packet=<optimized out>, packet_length=<optimized out>,
      		 
          blocking=<optimized out>) at /home/mariadb/mariadb-server/sql/sql_parse.cc:1902
      		 
      #6  0x0000000000d1dbf4 in do_command (thd=0xffff58e5b218, blocking=true) at /home/mariadb/mariadb-server/sql/sql_parse.cc:1415
      		 
      #7  0x00000000012846f8 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /home/mariadb/mariadb-server/sql/sql_connect.cc:1415
      		 
      #8  0x00000000012841b4 in handle_one_connection (arg=0xffff84a34db8) at /home/mariadb/mariadb-server/sql/sql_connect.cc:1327
      		 
      #9  0x0000000002200c38 in pfs_spawn_thread (arg=0xffff7e405f18) at /home/mariadb/mariadb-server/storage/perfschema/pfs.cc:2198
      		 
      #10 0x0000ffff8a44d624 in start_thread (arg=0x883ac8 <asan_thread_start(void*)>) at pthread_create.c:477
      		 
      #11 0x0000ffff8a16f66c in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:78

      Attachments

        Issue Links

          is part of

          Task - A task that needs to be done. MDEV-25454 Make MariaDB server UBSAN safe

          • Major - Major loss of function.
          • Confirmed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-31292 Procedure call with boolean expression parameter using more than one exists function crash the server

          • Major - Major loss of function.
          • Confirmed

          Activity

            People

              psergei Sergei Petrunia
              luy70 Yu Liang
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.