Details
-
Bug
-
Status: Confirmed (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.6, 10.11, 11.4, 12.1(EOL), 11.8, 12.0.2
-
None
Description
The MariaDB server crashes when the DATE_ADD function is called with an INTERVAL value that originates from a MEDIUMTEXT column formatted with the UTF16LE character set.
CREATE TABLE t1559 (c1 YEAR, c2 MEDIUMTEXT CHARACTER SET UTF16LE, c3 NUMERIC); |
INSERT INTO t1559 (c1,c2,c3) VALUES ('2004','DJo4t8wc',-2); |
SELECT * FROM t1559 WHERE (DATE_ADD((LOCALTIMESTAMP()), INTERVAL ((CASE (AES_ENCRYPT(t1559.c3, 2246)) WHEN (RADIANS(t1559.c3)) THEN (BINARY t1559.c1) ELSE t1559.c2 END)) HOUR_SECOND)); |
Server version: 12.0.2-MariaDB-ubu2404 source revision: aab83aecdca15738d114cf5a2f223f1d12e4e6bd
|
|
|
The information page at https://mariadb.com/kb/en/how-to-produce-a-full-stack-trace-for-mariadbd/
|
contains instructions to obtain a better version of the backtrace below.
|
Following these instructions will help MariaDB developers provide a fix quicker.
|
|
|
Attempting backtrace. Include this in the bug report.
|
(note: Retrieving this information may fail)
|
|
|
Thread pointer: 0x764bb8000c68
|
stack_bottom = 0x764bec110000 thread_stack 0x49000
|
Printing to addr2line failed
|
mariadbd(my_print_stacktrace+0x30)[0x648bcda4b250]
|
mariadbd(handle_fatal_signal+0x1f3)[0x648bcd5ab463]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x45330)[0x764c0434c330]
|
mariadbd(_Z18get_interval_valueP3THDP4Item13interval_typeP8INTERVAL+0xe0)[0x648bcd6b1f20]
|
mariadbd(+0x6fc4c8)[0x648bcd12a4c8]
|
mariadbd(_ZN18Temporal_with_date14make_from_itemEP3THDP4Item11date_mode_t+0x70)[0x648bcd4cb010]
|
mariadbd(+0x6f5319)[0x648bcd123319]
|
mariadbd(_ZNK28Type_handler_temporal_result13Item_val_boolEP4Item+0x14)[0x648bcd4c20d4]
|
mariadbd(+0x8e3a04)[0x648bcd311a04]
|
mariadbd(_Z10sub_selectP4JOINP13st_join_tableb+0x225)[0x648bcd311f25]
|
mariadbd(_ZN4JOIN10exec_innerEv+0xd21)[0x648bcd2dd461]
|
mariadbd(_ZN4JOIN4execEv+0x37)[0x648bcd2dd7c7]
|
mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x128)[0x648bcd2e9a48]
|
mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x17a)[0x648bcd2cfa3a]
|
mariadbd(+0x85eda1)[0x648bcd28cda1]
|
mariadbd(_Z21mysql_execute_commandP3THDb+0x37e1)[0x648bcd294701]
|
mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x19a)[0x648bcd295a7a]
|
mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x1064)[0x648bcd2984c4]
|
mariadbd(_Z10do_commandP3THDb+0x199)[0x648bcd2999e9]
|
mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x6b3)[0x648bcd42d043]
|
mariadbd(handle_one_connection+0x71)[0x648bcd42d481]
|
mariadbd(+0xd9e7ce)[0x648bcd7cc7ce]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x9caa4)[0x764c043a3aa4]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x129c3c)[0x764c04430c3c]
|
|
|
Connection ID (thread ID): 3
|
Status: NOT_KILLED
|
Query (0x764bb80f5610): SELECT * FROM t1559 WHERE (DATE_ADD((LOCALTIMESTAMP()), INTERVAL ((CASE (AES_ENCRYPT(t1559.c3, 2246)) WHEN (RADIANS(t1559.c3)) THEN (BINARY t1559.c1) ELSE t1559.c2 END)) HOUR_SECOND)) LIMIT 100
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,duplicateweedout=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=on,sargable_casefold=on
|
|
|
Writing a core file...
|
Working directory at /var/lib/mysql
|
Resource Limits (excludes unlimited resources):
|
Limit Soft Limit Hard Limit Units
|
Max stack size 8388608 unlimited bytes
|
Max core file size 0 unlimited bytes
|
Max open files 1048576 1048576 files
|
Max locked memory 83968000 83968000 bytes
|
Max pending signals 63381 63381 signals
|
Max msgqueue size 819200 819200 bytes
|
Max nice priority 0 0
|
Max realtime priority 0 0
|
Core pattern: |/wsl-capture-crash %t %E %p %s
|
|
|
Kernel version: Linux version 6.6.87.2-microsoft-standard-WSL2 (root@439a258ad544) (gcc (GCC) 11.2.0, GNU ld (GNU Binutils) 2.37) #1 SMP PREEMPT_DYNAMIC Thu Jun 5 18:30:46 UTC 2025
|
Attachments
Issue Links
- relates to
-
-
- Confirmed
-