Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-3725

LP:675248 - select->prep_where references on freed memory

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • None
    • None
    • None

    Description

      The query with -ps-protocol crashes the rserver because select>prep_where references on freed memory (it was Item_outer_ref):

      CREATE TABLE `t1` (
      `pk` int(11) NOT NULL AUTO_INCREMENT,
      `col_varchar_key` varchar(1) DEFAULT NULL,
      PRIMARY KEY (`pk`),
      KEY `col_varchar_key` (`col_varchar_key`)
      ) DEFAULT CHARSET=latin1;
      INSERT INTO `t1` VALUES (10,'v');
      INSERT INTO `t1` VALUES (11,'r');
      CREATE TABLE `t2` (
      `pk` int(11) NOT NULL AUTO_INCREMENT,
      `col_varchar_key` varchar(1) DEFAULT NULL,
      PRIMARY KEY (`pk`),
      KEY `col_varchar_key` (`col_varchar_key`)
      ) DEFAULT CHARSET=latin1;
      INSERT INTO `t2` VALUES (1,'r');
      INSERT INTO `t2` VALUES (2,'c');
      CREATE TABLE `t3` (
      `pk` int(11) NOT NULL AUTO_INCREMENT,
      `col_varchar_key` varchar(1) DEFAULT NULL,
      PRIMARY KEY (`pk`),
      KEY `col_varchar_key` (`col_varchar_key`)
      ) DEFAULT CHARSET=latin1;
      INSERT INTO `t3` VALUES (1,'w');

      SELECT SUM( DISTINCT table2 . `pk` ) AS field2 ,
      (SELECT SUM( SUBQUERY1_t2 . `pk` ) AS SUBQUERY1_field1
      FROM t2 AS SUBQUERY1_t2 STRAIGHT_JOIN
      t3 AS SUBQUERY1_t3 ON (SUBQUERY1_t3 . `pk` = SUBQUERY1_t2 . `pk` )
      WHERE table1 . `col_varchar_key` ) AS field3
      FROM ( t1 AS table1 LEFT JOIN
      ( t2 AS table2 STRAIGHT_JOIN
      t3 AS table3 ON (table3 . `pk` = table2 . `pk` ) )
      ON (table3 . `col_varchar_key` = table1 . `col_varchar_key` ) )
      WHERE ( table1 . `pk` < 5 ) OR ( table1 . `col_varchar_key` IS NOT NULL)
      GROUP BY field3
      HAVING (field3 <= 'h' AND field2 != 4) ;
      drop tables t1, t2, t3;

      Attachments

        Activity

          Ascending order - Click to sort in descending order
          sanja Oleksandr Byelkin added a comment -

          Re: select->prep_where references on freed memory
          Here is more simple test suite:

          CREATE TABLE t1 (a int, b int);
          insert into t1 values (1,1),(0,0);

          CREATE TABLE t2 (c int);
          insert into t2 values (1),(2);

          select sum(a),(select sum(c) from t2 where table1.b) as sub
          from t1 as table1 group by sub;

          sanja Oleksandr Byelkin added a comment - Re: select->prep_where references on freed memory Here is more simple test suite: CREATE TABLE t1 (a int, b int); insert into t1 values (1,1),(0,0); CREATE TABLE t2 (c int); insert into t2 values (1),(2); select sum(a),(select sum(c) from t2 where table1.b) as sub from t1 as table1 group by sub;
          sanja Oleksandr Byelkin added a comment -

          Re: select->prep_where references on freed memory
          Test suite for usual execution:

          CREATE TABLE t1 (a int, b int);
          insert into t1 values (1,1),(0,0);

          CREATE TABLE t2 (c int);
          insert into t2 values (1),(2);

          prepare stmt1 from "select sum(a),(select sum(c) from t2 where table1.b) as sub
          from t1 as table1 group by sub";

          execute stmt1;

          drop table t1,t2;

          sanja Oleksandr Byelkin added a comment - Re: select->prep_where references on freed memory Test suite for usual execution: CREATE TABLE t1 (a int, b int); insert into t1 values (1,1),(0,0); CREATE TABLE t2 (c int); insert into t2 values (1),(2); prepare stmt1 from "select sum(a),(select sum(c) from t2 where table1.b) as sub from t1 as table1 group by sub"; execute stmt1; drop table t1,t2;
          sanja Oleksandr Byelkin added a comment -

          Re: select->prep_where references on freed memory
          Here is example of the bug during conversion Item_ref to Item_field

          CREATE TABLE t1 (a int, b int);
          insert into t1 values (1,1),(0,0);

          CREATE TABLE t2 (c int);
          insert into t2 values (1),(2);

          prepare stmt1 from "select sum(a),(select sum(c) from t2 having table1.b) as sub
          from t1 as table1";

          execute stmt1;

          drop table t1,t2;

          sanja Oleksandr Byelkin added a comment - Re: select->prep_where references on freed memory Here is example of the bug during conversion Item_ref to Item_field CREATE TABLE t1 (a int, b int); insert into t1 values (1,1),(0,0); CREATE TABLE t2 (c int); insert into t2 values (1),(2); prepare stmt1 from "select sum(a),(select sum(c) from t2 having table1.b) as sub from t1 as table1"; execute stmt1; drop table t1,t2;
          ratzpo Rasmus Johansson (Inactive) added a comment -

          Launchpad bug id: 675248

          ratzpo Rasmus Johansson (Inactive) added a comment - Launchpad bug id: 675248

          People

            sanja Oleksandr Byelkin
            sanja Oleksandr Byelkin
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.