Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-37414

SIGSEGV in Binary_string::c_ptr | Item_func_trunc::get_date

    XMLWordPrintable

Details

    • Can result in hang or crash
    • Fixed in bb-12.1-monty-MDEV-20023

    Description

      SET SQL_MODE=EMPTY_STRING_IS_NULL;
      		 
      SELECT trunc(time'24:00:00','');

      Leads to

      CS MDEV-20023 7a1b6dc7f8084f4d63a5cec5708abe0fc4fb33f8 (Optimized, Clang) Build 08/08/2025

      		 
      Core was generated by `/test/mtest/MD080825-mariadb-12.1.1-linux-x86_64-opt/bin/mariadbd --no-defaults'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  Binary_string::c_ptr (this=<optimized out>)at /test/mtest/12.1_opt/sql/sql_string.h:698
      		 
      698	    if (unlikely(!Ptr))
      		 
      [Current thread is 1 (LWP 343474)]
      		 
      (gdb) bt
      		 
      #0  Binary_string::c_ptr (this=<optimized out>)at /test/mtest/12.1_opt/sql/sql_string.h:698
      		 
      #1  Item_func_trunc::get_date (this=0x7a7004017db0, thd=0x7a7004000c68, ltime=0x7a8ee40d1108, fuzzydate=<optimized out>)at /test/mtest/12.1_opt/sql/item_timefunc.cc:4143
      		 
      #2  0x0000619954c95ae8 in Type_handler::Item_send_datetime (this=<optimized out>, item=0x7a7004017db0, protocol=0x7a70040012a8, buf=<optimized out>) at /test/mtest/12.1_opt/sql/sql_type.cc:7657
      		 
      #3  0x0000619954a075b1 in Protocol::send_result_set_row (this=0x7a70040012a8, row_items=<optimized out>) at /test/mtest/12.1_opt/sql/protocol.cc:1359
      		 
      #4  0x0000619954a7720f in select_send::send_data (this=0x7a70040187d8, items=@0x7a70040179d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7a7004017e70, last = 0x7a7004017e70, elements = 1}, <No data fields>})at /test/mtest/12.1_opt/sql/sql_class.cc:3348
      		 
      #5  0x0000619954a76fbf in select_result_sink::send_data_with_check (this=0x7a7004017d08, items=@0x7a8ee40d0e38: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x619955dc6a60 <my_charset_bin>, last = 0x0, elements = 0}, <No data fields>}, u=0x1f, sent=17037322985861543168)at /test/mtest/12.1_opt/sql/sql_class.cc:3246
      		 
      #6  0x0000619954b22e31 in JOIN::exec_inner (this=this@entry=0x7a7004018800)at /test/mtest/12.1_opt/sql/sql_select.cc:4957
      		 
      #7  0x0000619954b08997 in JOIN::exec (this=0x7a7004018800)at /test/mtest/12.1_opt/sql/sql_select.cc:4874
      		 
      #8  mysql_select (thd=thd@entry=0x7a7004000c68, tables=<optimized out>, fields=@0x7a70040179d0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7a7004017e70, last = 0x7a7004017e70, elements = 1}, <No data fields>}, conds=<optimized out>, og_num=<optimized out>, order=<optimized out>, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x7a70040187d8, unit=0x7a7004005090, select_lex=0x7a7004017718)at /test/mtest/12.1_opt/sql/sql_select.cc:5402
      		 
      #9  0x0000619954b08619 in handle_select (thd=thd@entry=0x7a7004000c68, lex=lex@entry=0x7a7004004fb0, result=result@entry=0x7a70040187d8, setup_tables_done_option=setup_tables_done_option@entry=0)at /test/mtest/12.1_opt/sql/sql_select.cc:634
      		 
      #10 0x0000619954ad5ab7 in execute_sqlcom_select (thd=thd@entry=0x7a7004000c68, all_tables=0x0) at /test/mtest/12.1_opt/sql/sql_parse.cc:6167
      		 
      #11 0x0000619954ad45d1 in mysql_execute_command (thd=thd@entry=0x7a7004000c68, is_called_from_prepared_stmt=false)at /test/mtest/12.1_opt/sql/sql_parse.cc:3950
      		 
      #12 0x0000619954acca21 in mysql_parse (thd=thd@entry=0x7a7004000c68, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7a8ee40d2420)at /test/mtest/12.1_opt/sql/sql_parse.cc:7883
      		 
      #13 0x0000619954acaf3f in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7a7004000c68, packet=packet@entry=0x7a70040089f9 "", packet_length=packet_length@entry=31, blocking=true)at /test/mtest/12.1_opt/sql/sql_parse.cc:1878
      		 
      #14 0x0000619954acce31 in do_command (thd=thd@entry=0x7a7004000c68, blocking=true) at /test/mtest/12.1_opt/sql/sql_parse.cc:1417
      		 
      #15 0x0000619954bf9d2d in do_handle_one_connection (connect=<optimized out>, connect@entry=0x61998438daa8, put_in_cache=true)at /test/mtest/12.1_opt/sql/sql_connect.cc:1414
      		 
      #16 0x0000619954bf9aef in handle_one_connection (arg=arg@entry=0x61998438daa8)at /test/mtest/12.1_opt/sql/sql_connect.cc:1326
      		 
      #17 0x0000619954fa7959 in pfs_spawn_thread (arg=0x619984333a38)at /test/mtest/12.1_opt/storage/perfschema/pfs.cc:2198
      		 
      #18 0x00007a8ee5c9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #19 0x00007a8ee5d29c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      Attachments

        Issue Links

          is caused by

          New Feature - A new feature of the product, which has yet to be developed. MDEV-20023 Implement Oracle TRUNC() function

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              bar Alexander Barkov
              ramesh Ramesh Sivaraman
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.