Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-37167

Nested BEGINs (4600+) cause a segmentation fault

    XMLWordPrintable

Details

    Description

      Running the following script as a test case:

      CREATE PROCEDURE proc_overflow()
      		 
        BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
      		 
      ... (20 BEGINs in a string repeated 231 times in total)
      		 
        BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN
      		 
      ;

      leads to:

      Thread 1 (Thread 0x7e172e6cd6c0 (LWP 804133)):
      		 
      #0  0x00005cdcb6593cbf in _db_enter_ (_func_=0x0, _file_=0x0, _line_=0, _stack_frame_=0x0) at /src/mariadb2/dbug/dbug.c:1135
      		 
      #1  0x00005cdcb655e97e in my_free (ptr=0x7e171cf989e8) at /src/mariadb2/mysys/my_malloc.c:200
      		 
      #2  0x00005cdcb652977d in delete_dynamic (array=0x7e171cf69510) at /src/mariadb2/mysys/array.c:345
      		 
      #3  0x00005cdcb55e4c12 in Dynamic_array<sp_pcontext*>::~Dynamic_array (this=0x7e171cf69510, __in_chrg=<optimized out>) at /src/mariadb2/sql/sql_array.h:299
      		 
      #4  0x00005cdcb55e257e in sp_pcontext::~sp_pcontext (this=0x7e171cf69370, __in_chrg=<optimized out>) at /src/mariadb2/sql/sp_pcontext.cc:123
      		 
      ...
      		 
      #4604 0x00005cdcb55e253d in sp_pcontext::~sp_pcontext (this=0x7e171c0ffc18, __in_chrg=<optimized out>) at /src/mariadb2/sql/sp_pcontext.cc:122
      		 
      #4605 0x00005cdcb55d19ad in sp_head::~sp_head (this=0x7e171c0ff0b0, __in_chrg=<optimized out>) at /src/mariadb2/sql/sp_head.cc:909
      		 
      #4606 0x00005cdcb55d1a4c in sp_head::~sp_head (this=0x7e171c0ff0b0, __in_chrg=<optimized out>) at /src/mariadb2/sql/sp_head.cc:926
      		 
      #4607 0x00005cdcb55cfd23 in sp_head::destroy (sp=0x7e171c0ff0b0) at /src/mariadb2/sql/sp_head.cc:537
      		 
      #4608 0x00005cdcb56b3f28 in lex_end_nops (lex=0x7e171c0052d8) at /src/mariadb2/sql/sql_lex.cc:1385
      		 
      #4609 0x00005cdcb56b3df5 in lex_end (lex=0x7e171c0052d8) at /src/mariadb2/sql/sql_lex.cc:1354
      		 
      #4610 0x00005cdcb56686be in THD::end_statement (this=0x7e171c000dc8) at /src/mariadb2/sql/sql_class.cc:4372
      		 
      #4611 0x00005cdcb5713332 in mysql_parse (thd=0x7e171c000dc8, rawbuf=0x7e171c018370 "CREATE PROCEDURE proc_overflow()\nBEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN\nBEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN"..., length=27632, parser_state=0x7e172e6cc2c0) at /src/mariadb2/sql/sql_parse.cc:7913
      		 
      #4612 0x00005cdcb56fe967 in dispatch_command (command=COM_QUERY, thd=0x7e171c000dc8, packet=0x7e171c253b29 "CREATE PROCEDURE proc_overflow()\nBEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN\nBEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN"..., packet_length=27633, blocking=true) at /src/mariadb2/sql/sql_parse.cc:1877
      		 
      #4613 0x00005cdcb56fd24c in do_command (thd=0x7e171c000dc8, blocking=true) at /src/mariadb2/sql/sql_parse.cc:1416
      		 
      #4614 0x00005cdcb5918a6a in do_handle_one_connection (connect=0x5cdcf08d2f58, put_in_cache=true) at /src/mariadb2/sql/sql_connect.cc:1414
      		 
      #4615 0x00005cdcb59187df in handle_one_connection (arg=0x5cdcf08adf18) at /src/mariadb2/sql/sql_connect.cc:1326
      		 
      #4616 0x00005cdcb5ef944e in pfs_spawn_thread (arg=0x5cdcf0838e08) at /src/mariadb2/storage/perfschema/pfs.cc:2198
      		 
      #4617 0x00007e17398a2ef1 in start_thread (arg=<optimized out>) at ./nptl/pthread_create.c:448
      		 
      #4618 0x00007e173993445c in __GI___clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      It seems that the segmentation fault only reproduces in an MTR test case; running the same script in a client does not trigger it (and needs many more nested BEGINs):

      (echo "connect t1; CREATE PROCEDURE proc_overflow()"; for i in {1..800}; do echo " BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN BEGIN"; done; echo ";" ) | client/mariadb


      ERROR 1064 (42000) at line 1: memory exhausted near 'BEGIN BEGIN BEGIN' at line 801

      Attachments

        Activity

          People

            shulga Dmitry Shulga
            qobood Vasilii Lakhin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.