Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-37563

Crash on a FOR loop with a row comparison in the upper bound

    XMLWordPrintable

Details

    Description

      This script:

      DELIMITER //
      		 
      CREATE OR REPLACE PROCEDURE p1()
      		 
      NO SQL
      		 
      BEGIN
      		 
         DECLARE i INTEGER;
      		 
         FOR i IN 0..((1,'b1')=(1,'b1')) DO
      		 
            SELECT i;
      		 
         END FOR;
      		 
      END;
      		 
      //
      		 
       
      		 
      DELIMITER ;
      		 
       
      		 
      CALL p1;
      		 
      CALL p1;

      Crashed with the following stack trace:

      #0  0x0000555555e9cf34 in Binary_string::free_buffer (this=0x5e5ede5dee63c350)
      		 
          at /home/bar/maria-git/10.11/sql/sql_string.h:305
      		 
      #1  0x0000555555e9d0be in Binary_string::free (this=0x5e5ede5dee63c350)
      		 
          at /home/bar/maria-git/10.11/sql/sql_string.h:782
      		 
      #2  0x0000555555e9d03e in Binary_string::~Binary_string (
      		 
          this=0x5e5ede5dee63c350, __in_chrg=<optimized out>)
      		 
          at /home/bar/maria-git/10.11/sql/sql_string.h:352
      		 
      #3  0x0000555555e9d214 in String::~String (this=0x5e5ede5dee63c348, 
          __in_chrg=<optimized out>)
      		 
          at /home/bar/maria-git/10.11/sql/sql_string.h:894
      		 
      #4  0x0000555555ede9a2 in Arg_comparator::~Arg_comparator (
      		 
          this=0x5e5ede5dee63c1f8, __in_chrg=<optimized out>)
      		 
          at /home/bar/maria-git/10.11/sql/item_cmpfunc.h:45
      		 
      #5  0x0000555555edea32 in Arg_comparator::cleanup (this=0x7fff90023680)
      		 
          at /home/bar/maria-git/10.11/sql/item_cmpfunc.h:164
      		 
      #6  0x0000555555edf3e8 in Item_bool_rowready_func2::cleanup (
      		 
          this=0x7fff900235d0) at /home/bar/maria-git/10.11/sql/item_cmpfunc.h:606
      		 
      #7  0x0000555556037a4f in cleanup_items (item=0x7fff900235d0)
      		 
          at /home/bar/maria-git/10.11/sql/sql_parse.cc:1136
      		 
      #8  0x0000555555f2a22b in sp_head::execute (this=0x7fff90021b10, 
          thd=0x7fff90000dc8, merge_da_on_success=true)
      		 
          at /home/bar/maria-git/10.11/sql/sp_head.cc:1544
      		 
      #9  0x0000555555f2cc52 in sp_head::execute_procedure (this=0x7fff90021b10, 
          thd=0x7fff90000dc8, args=0x7fff900061e0)
      		 
          at /home/bar/maria-git/10.11/sql/sp_head.cc:2480
      		 
      #10 0x000055555603d378 in do_execute_sp (thd=0x7fff90000dc8, sp=0x7fff90021b10)
      		 
          at /home/bar/maria-git/10.11/sql/sql_parse.cc:3089
      		 
      #11 0x000055555603e00e in Sql_cmd_call::execute (this=0x7fff90016a70, 
          thd=0x7fff90000dc8) at /home/bar/maria-git/10.11/sql/sql_parse.cc:3334

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-26115 Crash when calling stored function in FOR loop argument

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              shulga Dmitry Shulga
              bar Alexander Barkov
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.