Details
Description
PoC:
SELECT 1 FROM ( WITH x ( x ) AS ( SELECT json_normalize ( 'uri1' ) ) SELECT x FROM ( SELECT REPEAT ( instr ( ( x ) , -128 ) , CASE WHEN 0 THEN 'b' ELSE '1995-09-01' END ) x , 10 FROM x UNION SELECT x , x FROM x ) x ) x WHERE ( SELECT x IN ( WITH x AS ( SELECT 1 ) SELECT x FROM x ) ) |
docker log:
#0 0x58af501e1363 (_Z34set_field_to_null_with_conversionsP5Fieldb+0x23)
|
#1 0x58af5023d8c9 (_ZN8Item_ref8save_valEP5Field+0x39)
|
#2 0x58af4fe2632d (_ZN14store_key_item10copy_innerEv+0x6d)
|
#3 0x58af4fe16815 (_ZN9store_key4copyEP3THD+0x155)
|
#4 0x58af4fe12529 (_Z14join_read_key2P3THDP13st_join_tableP5TABLEP12st_table_ref+0x1e9)
|
#5 0x58af4fff579e (_ZN25Expression_cache_tmptable11check_valueEPP4Item+0x4e)
|
#6 0x58af5023fbfa (_ZN18Item_cache_wrapper11val_decimalEP10my_decimal+0xea)
|
#7 0x58af5006dbb6 (_ZN4VDecC2EP4Item+0x46)
|
#8 0x58af5026a1a6 (_ZN17Item_func_between19val_int_cmp_decimalEv+0x76)
|
#9 0x58af4fbb5234 (_ZN17Item_func_between8val_boolEv+0x34)
|
#10 0x58af5027a25c (_ZN13Item_cond_and8val_boolEv+0x4c)
|
#11 0x58af5023565b (_ZN4Item18save_bool_in_fieldEP5Fieldb+0x3b)
|
#12 0x58af50235741 (_ZN4Item13save_in_fieldEP5Fieldb+0x51)
|
#13 0x58af4fe0fe19 (_ZL9end_writeP4JOINP13st_join_tableb+0x1b9)
|
#14 0x58af4fe11f06 (_ZL20evaluate_join_recordP4JOINP13st_join_tablei+0x596)
|
#15 0x58af4fda5d09 (_Z10sub_selectP4JOINP13st_join_tableb+0x4e9)
|
#16 0x58af4fddca29 (_ZN4JOIN10exec_innerEv+0x1489)
|
#17 0x58af4fddb4b6 (_ZN4JOIN4execEv+0x66)
|
#18 0x58af4fda6cd4 (_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x5e4)
|
#19 0x58af4fcc3999 (_ZL18mysql_derived_fillP3THDP3LEXP10TABLE_LIST+0x419)
|
#20 0x58af4fcc4418 (_Z27mysql_handle_single_derivedP3LEXP10TABLE_LISTj+0x158)
|
#21 0x58af4fdfd2d6 (_ZN13st_join_table12preread_initEv+0xe6)
|
#22 0x58af4fda5a70 (_Z10sub_selectP4JOINP13st_join_tableb+0x250)
|
#23 0x58af4fddca29 (_ZN4JOIN10exec_innerEv+0x1489)
|
#24 0x58af4fddb4b6 (_ZN4JOIN4execEv+0x66)
|
#25 0x58af4fda6cd4 (_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x5e4)
|
#26 0x58af4fda6635 (_Z13handle_selectP3THDP3LEXP13select_resulty+0x265)
|
#27 0x58af4fd46fc8 (_ZL21execute_sqlcom_selectP3THDP10TABLE_LIST+0x698)
|
#28 0x58af4fd3d095 (_Z21mysql_execute_commandP3THDb+0x3f65)
|
#29 0x58af4fd32485 (_Z11mysql_parseP3THDPcjP12Parser_state+0x345)
|
#30 0x58af4fd2e9d1 (_Z16dispatch_command19enum_server_commandP3THDPcjb+0x16b1)
|
#31 0x58af4fd32cd1 (_Z10do_commandP3THDb+0x4b1)
|
#32 0x58af4ff68b74 (_Z24do_handle_one_connectionP7CONNECTb+0x2a4)
|
#33 0x58af4ff687a3 (handle_one_connection+0xd3)
|
#34 0x58af506310b4 (pfs_spawn_thread+0x104)
|
#35 0x73bb0c5ac609 (start_thread+0xd9)
|
#36 0x73bb0c2ce353 (clone+0x43)
|
Attachments
Issue Links
- is duplicated by
-
MDEV-37624 Server crashes at Item_string::save_in_field
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- relates to
-
-
- Confirmed
-
-
-
- Open
-
-
-
- In Review
-