Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-37643

Server crash as field_conv

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Duplicate
    • 12.1.1
    • N/A
    • Server
    • Ubuntu 20.04 x86-64, docker image mariadb:12.1.1
    • Not for Release Notes

    Description

      PoC:

      SELECT ( WITH x ( x ) AS ( SELECT ( json_normalize ( REPEAT ( ( TRUNCATE ( 'x' , -61 ) ) , 'GERMANY' ) ) ) ) ( SELECT x FROM ( SELECT REPEAT ( REPEAT ( 'I2Rm21I.E099H<DHr)>JkQFR*\\JrC|i`pb}Ju lz<ZY>`U50/=L:8An<DN]3<y' , 1.500000 ) , 357 ) x , 10 FROM x UNION SELECT x , x FROM x ) x HAVING ( x IN ( SELECT x FROM x ) ) ) )

      docker log:

      #0 0x5a62999c5f12 (_Z10field_convP5FieldS0_+0x32)
      		 
      #1 0x5a6299a1f8c9 (_ZN8Item_ref8save_valEP5Field+0x39)
      		 
      #2 0x5a629960832d (_ZN14store_key_item10copy_innerEv+0x6d)
      		 
      #3 0x5a62995f8815 (_ZN9store_key4copyEP3THD+0x155)
      		 
      #4 0x5a62995f4529 (_Z14join_read_key2P3THDP13st_join_tableP5TABLEP12st_table_ref+0x1e9)
      		 
      #5 0x5a62997d779e (_ZN25Expression_cache_tmptable11check_valueEPP4Item+0x4e)
      		 
      #6 0x5a6299a21dbb (_ZN18Item_cache_wrapper8val_boolEv+0xdb)
      		 
      #7 0x5a6299a5c25c (_ZN13Item_cond_and8val_boolEv+0x4c)
      		 
      #8 0x5a62995b6875 (_ZL8end_sendP4JOINP13st_join_tableb+0x245)
      		 
      #9 0x5a62995f3f06 (_ZL20evaluate_join_recordP4JOINP13st_join_tablei+0x596)
      		 
      #10 0x5a62995f3379 (_ZN7AGGR_OP8end_sendEv+0x419)
      		 
      #11 0x5a62995b78b5 (_Z24sub_select_postjoin_aggrP4JOINP13st_join_tableb+0xc5)
      		 
      #12 0x5a62995beaa5 (_ZN4JOIN10exec_innerEv+0x1505)
      		 
      #13 0x5a62995bd4b6 (_ZN4JOIN4execEv+0x66)
      		 
      #14 0x5a6299b6916b (_ZN30subselect_single_select_engine4execEv+0x5ab)
      		 
      #15 0x5a6299b59c9d (_ZN17Item_in_subselect4execEv+0xbd)
      		 
      #16 0x5a6299b5e02c (_ZN17Item_in_subselect8val_boolEv+0x6c)
      		 
      #17 0x5a6299a48bcf (_ZN17Item_in_optimizer8val_boolEv+0x1ef)
      		 
      #18 0x5a62995bd9a9 (_ZN4JOIN10exec_innerEv+0x409)
      		 
      #19 0x5a62995bd4b6 (_ZN4JOIN4execEv+0x66)
      		 
      #20 0x5a6299588cd4 (_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x5e4)
      		 
      #21 0x5a6299588635 (_Z13handle_selectP3THDP3LEXP13select_resulty+0x265)
      		 
      #22 0x5a6299528fc8 (_ZL21execute_sqlcom_selectP3THDP10TABLE_LIST+0x698)
      		 
      #23 0x5a629951f095 (_Z21mysql_execute_commandP3THDb+0x3f65)
      		 
      #24 0x5a6299514485 (_Z11mysql_parseP3THDPcjP12Parser_state+0x345)
      		 
      #25 0x5a62995109d1 (_Z16dispatch_command19enum_server_commandP3THDPcjb+0x16b1)
      		 
      #26 0x5a6299514cd1 (_Z10do_commandP3THDb+0x4b1)
      		 
      #27 0x5a629974ab74 (_Z24do_handle_one_connectionP7CONNECTb+0x2a4)
      		 
      #28 0x5a629974a7a3 (handle_one_connection+0xd3)
      		 
      #29 0x5a6299e130b4 (pfs_spawn_thread+0x104)
      		 
      #30 0x7783bbd6c609 (start_thread+0xd9)
      		 
      #31 0x7783bba8e353 (clone+0x43)

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. MDEV-37647 Crash at set_field_to_null_with_conversions

          • Major - Major loss of function.
          • Confirmed

          Activity

            People

              Unassigned Unassigned
              Yuxiao Guo Yuxiao Guo
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.