Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.5, 10.6, 10.11, 11.4, 11.8, 12.0
-
None
Description
The latest release version of MariaDB crashes when executing the following query:
drop database if exists test123; |
create database if not exists test123; |
use test123; |
CREATE TABLE v00 (c01 INT, c02 TEXT); |
CREATE INDEX i03 ON v00 (c01); |
INSERT INTO v00 (c01, c02) VALUES (0, 'abc'); |
( ( SELECT TRUE <=> FALSE IN ( SELECT 'string' ), TRUE <=> TRUE IN ( SELECT 'string' ) FROM ( v00 AS ta01 JOIN v00 AS ta02 NATURAL STRAIGHT_JOIN v00 AS ta03 USING ( c01 ) ) ) LIMIT 1234567890 OFFSET 1234567890 ROWS EXAMINED 1234567890 LOCK IN SHARE MODE SKIP LOCKED ); |
INSERT LOW_PRIORITY IGNORE v00 SET c01 = TRUE <=> TRUE IN ( SELECT 'string' ) NOT IN ( FALSE <=> VALUE ( c02 ) DIV INTERVAL ( FALSE <=> FALSE IN ( SELECT 'string' ), FALSE ) & TRUE ^ FALSE IN ( SELECT NOT TRUE <=> TRUE IN ( SELECT 'string' ) ), TRUE <=> FALSE IN ( SELECT 'string' ) ) ON DUPLICATE KEY UPDATE c01 = DEFAULT RETURNING *; |
Here is the crash stack:
#0 0x0000000002fafcd8 in internal_str2dec (from=<optimized out>, to=<optimized out>, end=0xffff7d5fab40, fixed=<optimized out>)
|
at /home/mariadb/mariadb-server/strings/decimal.c:809
|
#1 0x0000000001db64c0 in str2my_decimal (mask=<optimized out>, from=<optimized out>, length=<optimized out>, charset=<optimized out>,
|
decimal_value=<optimized out>, end_ptr=<optimized out>) at /home/mariadb/mariadb-server/sql/my_decimal.cc:257
|
#2 0x00000000017b10a8 in Value_source::Converter_str2my_decimal::Converter_str2my_decimal (this=0xffff7d5fac60, mask=22, cs=0xffffa9616088,
|
str=0x900 <error: Cannot access memory at address 0x900>, length=255, buf=0xffff7d5fae08) at /home/mariadb/mariadb-server/sql/field.h:273
|
#3 Value_source::Converter_str2my_decimal_with_warn::Converter_str2my_decimal_with_warn (this=<optimized out>, thd=0xffff7d862218, filter=..., mask=22,
|
cs=0xffffa9616088, str=0x900 <error: Cannot access memory at address 0x900>, length=255, buf=0xffff7d5fae08)
|
at /home/mariadb/mariadb-server/sql/field.h:325
|
#4 Field_blob::val_decimal (this=<optimized out>, decimal_value=<optimized out>) at /home/mariadb/mariadb-server/sql/field.cc:8978
|
#5 0x000000000188975c in Item_field::val_decimal (this=<optimized out>, decimal_value=0x1fffefabf568) at /home/mariadb/mariadb-server/sql/item.cc:3493
|
#6 0x00000000014f3a4c in VDec::VDec (this=0xffff7d5fae00, item=0xffffa38f23c8) at /home/mariadb/mariadb-server/sql/sql_type.cc:357
|
#7 0x0000000001a486a0 in VDec2_lazy::VDec2_lazy (this=0xffff7d5fae00, a=0x1fffefabf568, b=0xffffa38f3a68)
|
at /home/mariadb/mariadb-server/sql/sql_type.h:540
|
#8 0x0000000001a034ac in Item_func_int_div::val_int (this=0xffffa38f3b38) at /home/mariadb/mariadb-server/sql/item_func.cc:1568
|
#9 0x0000000001989e80 in Item::to_longlong_null (this=0xffffa38f3b38) at /home/mariadb/mariadb-server/sql/item.h:1475
|
#10 Func_handler_bit_and_int_to_ulonglong::to_longlong_null (this=<optimized out>, item=0x1fffefabf568)
|
at /home/mariadb/mariadb-server/sql/item_cmpfunc.cc:4999
|
#11 0x0000000001988acc in Item_handled_func::Handler_int::val_int (this=0x900, item=0xffffa38f3dc0) at /home/mariadb/mariadb-server/sql/item_func.h:773
|
#12 0x000000000192037c in Arg_comparator::compare_int_unsigned_signed (this=0xffff71e67648) at /home/mariadb/mariadb-server/sql/item_cmpfunc.cc:1099
|
#13 0x000000000192a694 in Arg_comparator::compare (this=<optimized out>) at /home/mariadb/mariadb-server/sql/item_cmpfunc.h:114
|
#14 Item_func_eq::val_bool (this=<optimized out>) at /home/mariadb/mariadb-server/sql/item_cmpfunc.cc:1881
|
#15 0x00000000009a20c8 in Item_bool_func::val_int (this=0x900) at /home/mariadb/mariadb-server/sql/item_cmpfunc.h:245
|
#16 0x000000000191f750 in Arg_comparator::compare_e_int (this=0xffffa38f6450) at /home/mariadb/mariadb-server/sql/item_cmpfunc.cc:1125
|
#17 0x000000000192a8dc in Arg_comparator::compare (this=<optimized out>) at /home/mariadb/mariadb-server/sql/item_cmpfunc.h:114
|
#18 Item_func_equal::val_bool (this=<optimized out>) at /home/mariadb/mariadb-server/sql/item_cmpfunc.cc:1909
|
#19 0x00000000009a20c8 in Item_bool_func::val_int (this=0x900) at /home/mariadb/mariadb-server/sql/item_cmpfunc.h:245
|
#20 0x0000000001987700 in cmp_item_int::cmp (this=0xffff71e68420, arg=0xffffa38f6398) at /home/mariadb/mariadb-server/sql/item_cmpfunc.h:1828
|
#21 0x0000000001977550 in Predicant_to_list_comparator::cmp_arg (this=0xffffa38f7ae8, args=0xffffa38f7a88, i=0)
|
at /home/mariadb/mariadb-server/sql/item_cmpfunc.h:2128
|
#22 Predicant_to_list_comparator::cmp (this=<optimized out>, args=<optimized out>, idx=0xffff7d5fb2e0, found_unknown_values=0xffffa38f7a7c)
|
at /home/mariadb/mariadb-server/sql/item_cmpfunc.h:2305
|
#23 0x00000000019516bc in Item_func_in::val_bool (this=0xffffa38f7a10) at /home/mariadb/mariadb-server/sql/item_cmpfunc.cc:4927
|
#24 0x00000000009a20c8 in Item_bool_func::val_int (this=0x900) at /home/mariadb/mariadb-server/sql/item_cmpfunc.h:245
|
#25 0x000000000191f750 in Arg_comparator::compare_e_int (this=0xffffa38f7c50) at /home/mariadb/mariadb-server/sql/item_cmpfunc.cc:1125
|
#26 0x000000000192a8dc in Arg_comparator::compare (this=<optimized out>) at /home/mariadb/mariadb-server/sql/item_cmpfunc.h:114
|
#27 Item_func_equal::val_bool (this=<optimized out>) at /home/mariadb/mariadb-server/sql/item_cmpfunc.cc:1909
|
#28 0x00000000018ad0f4 in Item::save_bool_in_field (this=0xffffa38f7b98, field=0xffff7c45ab08, no_conversions=false)
|
at /home/mariadb/mariadb-server/sql/item.cc:7124
|
#29 0x00000000018ad344 in Item::save_in_field (this=0xffffa38f7b98, field=0xffff7c45ab08, no_conversions=false)
|
at /home/mariadb/mariadb-server/sql/item.cc:7134
|
#30 0x0000000000b57ea8 in fill_record (thd=<optimized out>, table_arg=<optimized out>, fields=..., values=..., ignore_errors=<optimized out>, update=false)
|
at /home/mariadb/mariadb-server/sql/sql_base.cc:9049
|
#31 0x0000000000b5a8a4 in fill_record_n_invoke_before_triggers (thd=0xffff7d862218, table=0xffffaac96598, fields=..., values=...,
|
ignore_errors=<optimized out>, event=TRG_EVENT_INSERT) at /home/mariadb/mariadb-server/sql/sql_base.cc:9218
|
#32 0x0000000000c27ccc in mysql_insert (thd=<optimized out>, table_list=0xffffa38f07b8, fields=..., values_list=..., update_fields=..., update_values=...,
|
duplic=<optimized out>, ignore=<optimized out>, result=<optimized out>) at /home/mariadb/mariadb-server/sql/sql_insert.cc:1070
|
#33 0x0000000000d3f5dc in mysql_execute_command (thd=0xffff7d862218, is_called_from_prepared_stmt=<optimized out>)
|
at /home/mariadb/mariadb-server/sql/sql_parse.cc:4484
|
#34 0x0000000000d1cd24 in mysql_parse (thd=0xffff7d862218, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>)
|
at /home/mariadb/mariadb-server/sql/sql_parse.cc:7915
|
#35 0x0000000000d120f0 in dispatch_command (command=<optimized out>, thd=<optimized out>, packet=<optimized out>, packet_length=<optimized out>,
|
blocking=<optimized out>) at /home/mariadb/mariadb-server/sql/sql_parse.cc:1902
|
#36 0x0000000000d1dbf4 in do_command (thd=0xffff7d862218, blocking=true) at /home/mariadb/mariadb-server/sql/sql_parse.cc:1415
|
#37 0x00000000012846f8 in do_handle_one_connection (connect=<optimized out>, put_in_cache=true) at /home/mariadb/mariadb-server/sql/sql_connect.cc:1415
|
#38 0x00000000012841b4 in handle_one_connection (arg=0xffffa9a613b8) at /home/mariadb/mariadb-server/sql/sql_connect.cc:1327
|
#39 0x0000000002200c38 in pfs_spawn_thread (arg=0xffffa3409718) at /home/mariadb/mariadb-server/storage/perfschema/pfs.cc:2198
|
#40 0x0000ffffaf44c624 in start_thread (arg=0x883ac8 <asan_thread_start(void*)>) at pthread_create.c:477
|
#41 0x0000ffffaf16e66c in thread_start () at ../sysdeps/unix/sysv/linux/aarch64/clone.S:78
|
Attachments
Issue Links
- relates to
-
-
- Confirmed
-
-
-
- Stalled
-
-
-
- Confirmed
-