Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-3778

LP:611396 - RQG: crash in Item_field::register_field_in_read_map with semijoin=off and prepared statements and materialization

    XMLWordPrintable

    Details

      Description

      The following query:

      SELECT table1 .`pk` field3 , (
      SELECT `col_int_nokey`
      FROM C
      WHERE ( 7 , 6 ) IN (
      SELECT `pk` , `col_int_nokey`
      FROM C ) ) field9
      FROM CC table1 JOIN D table2 ON table2 .`col_varchar_key` = table1 .`col_varchar_key`
      WHERE table2 .`pk` = 8
      GROUP BY field3 , field9

      Crashes when executed twice as a prepared statement in maria 5.3 with semijoin=off . Maria 5.2 is not affected.

      backtrace:

      #3 0x0827e8f8 in handle_segfault (sig=11) at mysqld.cc:2703
      #4 <signal handler called>
      #5 0x081ba141 in Item_field::register_field_in_read_map (this=0xb5e6cbb8, arg=0xb5e0a8e8 "\340\257\340\265h\275", <incomplete sequence \340\265>)
      at item.cc:740
      #6 0x081cf5b2 in Item::walk (this=0xb5e6cbb8, processor=&virtual Item::register_field_in_read_map(uchar*), walk_subquery=true,
      arg=0xb5e0a8e8 "\340\257\340\265h\275", <incomplete sequence \340\265>) at item.h:903
      #7 0x0822f805 in Item_subselect::walk (this=0xb5e6cf68, processor=&virtual table offset 300, walk_subquery=true,
      argument=0xb5e0a8e8 "\340\257\340\265h\275", <incomplete sequence \340\265>) at item_subselect.cc:445
      #8 0x081e0ada in Item_func::walk (this=0xb5e6e168, processor=&virtual table offset 300, walk_subquery=true,
      argument=0xb5e0a8e8 "\340\257\340\265h\275", <incomplete sequence \340\265>) at item_func.cc:239
      #9 0x0822f757 in Item_subselect::walk (this=0xb5e6d080, processor=&virtual table offset 300, walk_subquery=true,
      argument=0xb5e0a8e8 "\340\257\340\265h\275", <incomplete sequence \340\265>) at item_subselect.cc:436
      #10 0x083c31b9 in register_used_fields (param=0xb61d1148) at filesort.cc:1017
      #11 0x083c1ead in find_all_keys (param=0xb61d1148, select=0xb5e33180, sort_keys=0xb5e7a598, buffpek_pointers=0xb61d0f80, tempfile=0xb61d1064, indexfile=0x0)
      at filesort.cc:558
      #12 0x083c0ed1 in filesort (thd=0x9fcefb8, table=0xb5e0a8e8, sortorder=0xb5e334e8, s_length=2, select=0xb5e33180, max_rows=18446744073709551615,
      sort_positions=false, examined_rows=0xb61d12b0) at filesort.cc:246
      #13 0x08324a74 in create_sort_index (thd=0x9fcefb8, join=0xb5e6f288, order=0xb5e6de40, filesort_limit=18446744073709551615,
      select_limit=18446744073709551615, is_order_by=false) at sql_select.cc:15849
      #14 0x08302dd4 in JOIN::exec (this=0xb5e6f288) at sql_select.cc:2298
      #15 0x08303802 in mysql_select (thd=0x9fcefb8, rref_pointer_array=0xb5e6b670, tables=0xb5e6d2a0, wild_num=0, fields=..., conds=0xb5e31ac0, og_num=2,
      order=0x0, group=0xb5e6de40, having=0x0, proc_param=0x0, select_options=2416200192, result=0xb5e6df40, unit=0xb5e6b2d4, select_lex=0xb5e6b56c)
      at sql_select.cc:2556
      #16 0x082fbecf in handle_select (thd=0x9fcefb8, lex=0xb5e6b278, result=0xb5e6df40, setup_tables_done_option=0) at sql_select.cc:276
      #17 0x0829a5f0 in execute_sqlcom_select (thd=0x9fcefb8, all_tables=0xb5e6d2a0) at sql_parse.cc:5081
      #18 0x08290fd0 in mysql_execute_command (thd=0x9fcefb8) at sql_parse.cc:2265
      #19 0x08342ce1 in Prepared_statement::execute (this=0xb5e5c528, expanded_query=0xb61d2410, open_cursor=false) at sql_prepare.cc:3588
      #20 0x083421e0 in Prepared_statement::execute_loop (this=0xb5e5c528, expanded_query=0xb61d2410, open_cursor=false, packet=0x0, packet_end=0x0)
      at sql_prepare.cc:3263
      #21 0x08340bcc in mysql_sql_stmt_execute (thd=0x9fcefb8) at sql_prepare.cc:2533
      #22 0x08290ffa in mysql_execute_command (thd=0x9fcefb8) at sql_parse.cc:2274
      #23 0x0829c7d1 in mysql_parse (thd=0x9fcefb8, inBuf=0xb5e31900 "EXECUTE st1", length=11, found_semicolon=0xb61d3230) at sql_parse.cc:6027
      #24 0x0828ea02 in dispatch_command (command=COM_QUERY, thd=0x9fcefb8, packet=0x9fe7311 "EXECUTE st1", packet_length=11) at sql_parse.cc:1184
      #25 0x0828dea8 in do_command (thd=0x9fcefb8) at sql_parse.cc:890
      #26 0x0828b008 in handle_one_connection (arg=0x9fcefb8) at sql_connect.cc:1153
      #27 0x00a08919 in start_thread () from /lib/libpthread.so.0
      #28 0x00951e5e in clone () from /lib/libc.so.6

        Attachments

          Activity

            People

            Assignee:
            timour Timour Katchaounov (Inactive)
            Reporter:
            philipstoev Philip Stoev (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: