Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-3777

LP:612543 - Crash in Item_field::used_tables() with view + subquery + prepared statements

    XMLWordPrintable

    Details

      Description

      When executing the following query as a prepared statement twice, maria 5.3 crashes if certain optimizations are disabled. 5.2 is not affected.

      query:

      SELECT table1 .`col_int_key`
      FROM C table1 JOIN view_B table2 ON table1 .`col_varchar_key`
      WHERE table2 .`col_varchar_nokey` IN (
      SELECT `col_varchar_key`
      FROM C )

      explain:

      id select_type table type possible_keys key key_len ref rows filtered Extra
      1 PRIMARY B system NULL NULL NULL NULL 1 100.00
      1 PRIMARY table1 index NULL col_varchar_key 9 NULL 20 100.00 Using where; Using index
      2 SUBQUERY C index NULL col_varchar_key 9 NULL 20 100.00 Using index
      Warnings:
      Note 1003 select `test`.`table1`.`col_int_key` AS `col_int_key` from `test`.`C` `table1` join `test`.`B` where (<in_optimizer>('f','f' in ( <materialize> (select `test`.`C`.`col_varchar_key` from `test`.`C` ), <primary_index_lookup>('f' in <temporary table> on distinct_key where (('f' = `materialized subselect`.`col_varchar_key`))))) and `test`.`table1`.`col_varchar_key`)

      backtrace:

      #3 0x0827e86a in handle_segfault (sig=11) at mysqld.cc:2703
      #4 <signal handler called>
      #5 0x081bdb4e in Item_field::used_tables (this=0xb5e728b0) at item.cc:2265
      #6 0x0823402c in Item_in_subselect::update_used_tables (this=0xb5e58358) at item_subselect.cc:2194
      #7 0x081e10e7 in Item_func::update_used_tables (this=0xb5e58730) at item_func.cc:384
      #8 0x08313ca3 in build_equal_items_for_cond (thd=0x98eb4f8, cond=0xb5e58730, inherited=0xb5e73940) at sql_select.cc:9055
      #9 0x08313809 in build_equal_items_for_cond (thd=0x98eb4f8, cond=0xb5e738a8, inherited=0xb5e73940) at sql_select.cc:8973
      #10 0x08313d08 in build_equal_items (thd=0x98eb4f8, cond=0xb5e738a8, inherited=0x0, join_list=0xb5e71e08, cond_equal_ref=0xb5e66988) at sql_select.cc:9136
      #11 0x08316754 in optimize_cond (join=0xb5e61b78, conds=0xb5e738a8, join_list=0xb5e71e08, cond_value=0xb5e668dc) at sql_select.cc:10403
      #12 0x082fce38 in JOIN::optimize (this=0xb5e61b78) at sql_select.cc:802
      #13 0x083030a4 in mysql_select (thd=0x98eb4f8, rref_pointer_array=0xb5e71e50, tables=0xb5e72628, wild_num=0, fields=..., conds=0xb5e738a8, og_num=0,
      order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416200192, result=0xb5e584c0, unit=0xb5e71a94, select_lex=0xb5e71d34)
      at sql_select.cc:2542
      #14 0x082fb71b in handle_select (thd=0x98eb4f8, lex=0xb5e71a38, result=0xb5e584c0, setup_tables_done_option=0) at sql_select.cc:276
      #15 0x0829a164 in execute_sqlcom_select (thd=0x98eb4f8, all_tables=0xb5e72628) at sql_parse.cc:5081
      #16 0x08290b3c in mysql_execute_command (thd=0x98eb4f8) at sql_parse.cc:2265
      #17 0x0834247f in Prepared_statement::execute (this=0xb5e73508, expanded_query=0xb619f410, open_cursor=false) at sql_prepare.cc:3588
      #18 0x0834197e in Prepared_statement::execute_loop (this=0xb5e73508, expanded_query=0xb619f410, open_cursor=false, packet=0x0, packet_end=0x0)
      at sql_prepare.cc:3263
      #19 0x0834036a in mysql_sql_stmt_execute (thd=0x98eb4f8) at sql_prepare.cc:2533
      #20 0x08290b66 in mysql_execute_command (thd=0x98eb4f8) at sql_parse.cc:2274
      #21 0x0829c325 in mysql_parse (thd=0x98eb4f8, inBuf=0xb5e58978 "EXECUTE st1", length=11, found_semicolon=0xb61a0230) at sql_parse.cc:6027
      #22 0x0828e5f2 in dispatch_command (command=COM_QUERY, thd=0x98eb4f8, packet=0x98ed519 "EXECUTE st1", packet_length=11) at sql_parse.cc:1184
      #23 0x0828dae0 in do_command (thd=0x98eb4f8) at sql_parse.cc:890
      #24 0x0828ac78 in handle_one_connection (arg=0x98eb4f8) at sql_connect.cc:1153
      #25 0x00a08919 in start_thread () from /lib/libpthread.so.0
      #26 0x00951e5e in clone () from /lib/libc.so.6

        Attachments

          Activity

            People

            Assignee:
            timour Timour Katchaounov (Inactive)
            Reporter:
            philipstoev Philip Stoev (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: