[MDEV-38543] Inconsistent handling and crash with 0-length PRIMARY KEY - Jira

Details

Type: Bug
Status: Confirmed (View Workflow)
Priority: Major
Resolution: Unresolved
Affects Version/s: 10.6, 10.11, 11.4, 11.8, 12.3
Fix Version/s: 10.6, 10.11, 11.4, 11.8
Component/s: Data Definition - Alter Table, Storage Engine - InnoDB
Labels:
- crash

Bug Category:
Can result in hang or crash

Description

--source include/have_innodb.inc

CREATE TABLE t (a INT KEY,b INT)Engine=Innodb;

ALTER TABLE t ADD INDEX (a);

ALTER TABLE t CHANGE COLUMN a a BINARY (0);

EXPLAIN PARTITIONS SELECT * FROM t WHERE a<='';

Leads to:

CS 11.4.10 ab2e0d4f0d27803fb331b9d052f0dfe711a0e60c (Debug, Clang 18.1.3-11) Build 08/01/2026
Core was generated by `/test/MD080126-mariadb-11.4.10-linux-x86_64-dbg/bin/mariadbd --no-defaults --ma'.
Program terminated with signal SIGFPE, Arithmetic exception.
#0 0x00005d94788a7615 in handler::multi_range_read_info_const (this=0x7e799406dcc8, keyno=1, seq=0x7e7abc563bd0, seq_init_param=0x7e7abc563bf8, n_ranges_arg=0, bufsz=0x7e7abc563a68, flags=0x7e7abc563a6c, top_limit=18446744073709551615, cost=0x7e7abc564268)at /test/11.4_dbg/sql/multi_range_read.cc:193
193 size_t avg_block_records= ((uint) (stats.block_size*3/4))/len + 1;
[Current thread is 1 (LWP 1738061)]
(gdb) bt
#0 0x00005d94788a7615 in handler::multi_range_read_info_const (this=0x7e799406dcc8, keyno=1, seq=0x7e7abc563bd0, seq_init_param=0x7e7abc563bf8, n_ranges_arg=0, bufsz=0x7e7abc563a68, flags=0x7e7abc563a6c, top_limit=18446744073709551615, cost=0x7e7abc564268)at /test/11.4_dbg/sql/multi_range_read.cc:193
#1 0x00005d94788ab22b in DsMrr_impl::dsmrr_info_const (this=0x7e799406e210, keyno=1, seq=0x7e7abc563bd0, seq_init_param=0x7e7abc563bf8, n_ranges=0, bufsz=0x7e7abc564258, flags=0x7e7abc56425c, limit=18446744073709551615, cost=0x7e7abc564268) at /test/11.4_dbg/sql/multi_range_read.cc:1795
#2 0x00005d9478e72196 in ha_innobase::multi_range_read_info_const (this=0x7e799406dcc8, keyno=1, seq=0x7e7abc563bd0, seq_init_param=0x7e7abc563bf8, n_ranges=0, bufsz=0x7e7abc564258, flags=0x7e7abc56425c, limit=18446744073709551615, cost=0x7e7abc564268)at /test/11.4_dbg/storage/innobase/handler/ha_innodb.cc:20114
#3 0x00005d947850aec4 in check_quick_select (param=0x7e7abc5648e0, idx=1, limit=18446744073709551615, index_only=false, tree=0x7e7994088670, update_tbl_stats=true, mrr_flags=0x7e7abc56425c, bufsize=0x7e7abc564258, cost=0x7e7abc564268, is_ror_scan=0x7e7abc564257)at /test/11.4_dbg/sql/opt_range.cc:12136
#4 0x00005d94784ec363 in get_key_scans_params (param=0x7e7abc5648e0, tree=0x7e7994088568, index_read_must_be_used=false, for_range_access=true, read_time=0.0026289099999999999, limit=18446744073709551615, using_table_scan=false) at /test/11.4_dbg/sql/opt_range.cc:7861
#5 0x00005d94784eae23 in SQL_SELECT::test_quick_select (this=0x7e799401dee8, thd=0x7e7994000d58, keys_to_use={static BITS_PER_ELEMENT = 64, static ARRAY_ELEMENTS = 1, static ALL_BITS_SET = 18446744073709551615, buffer = {3}}, prev_tables=0, limit=18446744073709551615, force_quick_range=false, ordered_output=false, remove_false_parts_of_where=true, only_single_index_range_scan=false, note_unusable_keys=Item_func::BITMAP_EXCEPT_ANY_EQUALITY)at /test/11.4_dbg/sql/opt_range.cc:3001
#6 0x00005d947872deab in get_quick_record_count (thd=0x7e7994000d58, select=0x7e799401dee8, table=0x7e7994014ac8, keys=0x7e799401ca50, limit=18446744073709551615, quick_count=0x7e7abc565428)at /test/11.4_dbg/sql/sql_select.cc:5477
#7 0x00005d94786e6bef in make_join_statistics (join=0x7e799401bd50, tables_list=@0x7e7994019d50: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7e799401c510, last = 0x7e799401c510, elements = 1}, <No data fields>}, keyuse_array=0x7e799401c0b0) at /test/11.4_dbg/sql/sql_select.cc:6261
#8 0x00005d94786de9b8 in JOIN::optimize_inner (this=0x7e799401bd50)at /test/11.4_dbg/sql/sql_select.cc:2744
#9 0x00005d94786dc3ed in JOIN::optimize (this=0x7e799401bd50)at /test/11.4_dbg/sql/sql_select.cc:2016
#10 0x00005d94786d4268 in mysql_select (thd=0x7e7994000d58, tables=0x7e799401a170, fields=@0x7e7994019df0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7e799401a120, last = 0x7e799401c790, elements = 2}, <No data fields>}, conds=0x7e799401aa40, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2164525828, result=0x7e799401b600, unit=0x7e7994005018, select_lex=0x7e7994019b38)at /test/11.4_dbg/sql/sql_select.cc:5402
#11 0x00005d947872708d in mysql_explain_union (thd=0x7e7994000d58, unit=0x7e7994005018, result=0x7e799401b600)at /test/11.4_dbg/sql/sql_select.cc:31569
#12 0x00005d947867aba3 in execute_sqlcom_select (thd=0x7e7994000d58, all_tables=0x7e799401a170) at /test/11.4_dbg/sql/sql_parse.cc:6163
#13 0x00005d947866ff02 in mysql_execute_command (thd=0x7e7994000d58, is_called_from_prepared_stmt=false) at /test/11.4_dbg/sql/sql_parse.cc:3987
#14 0x00005d9478668084 in mysql_parse (thd=0x7e7994000d58, rawbuf=0x7e7994019a80 "EXPLAIN PARTITIONS SELECT * FROM t WHERE a<=''", length=46, parser_state=0x7e7abc567a30)at /test/11.4_dbg/sql/sql_parse.cc:7945
#15 0x00005d9478665519 in dispatch_command (command=COM_QUERY, thd=0x7e7994000d58, packet=0x7e799400af89 "", packet_length=46, blocking=true) at /test/11.4_dbg/sql/sql_parse.cc:1923
#16 0x00005d9478668c33 in do_command (thd=0x7e7994000d58, blocking=true)at /test/11.4_dbg/sql/sql_parse.cc:1433
#17 0x00005d947884d159 in do_handle_one_connection (connect=0x5d94aa740458, put_in_cache=true) at /test/11.4_dbg/sql/sql_connect.cc:1497
#18 0x00005d947884cef2 in handle_one_connection (arg=0x5d94aa77cdf8)at /test/11.4_dbg/sql/sql_connect.cc:1409
#19 0x00007e7abfc9caa4 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
#20 0x00007e7abfd29c6c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

Bug Detection Matrix
Rel o/d Build Commit UniqueID observed
CS 10.6 dbg 080126 635a8500ed8d62763ac57c26b2de821f255c84b0 SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|ha_innobase::multi_range_read_info_const\|check_quick_select
CS 10.6 opt 080126 635a8500ed8d62763ac57c26b2de821f255c84b0 SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|check_quick_select\|get_key_scans_params
CS 10.11 dbg 080126 15e4ae4a91a6bda41a6bb036cb105ba104c731e9 SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|ha_innobase::multi_range_read_info_const\|check_quick_select
CS 10.11 opt 080126 15e4ae4a91a6bda41a6bb036cb105ba104c731e9 SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|check_quick_select\|get_key_scans_params
CS 11.4 dbg 080126 ab2e0d4f0d27803fb331b9d052f0dfe711a0e60c SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|ha_innobase::multi_range_read_info_const\|check_quick_select
CS 11.4 opt 080126 ab2e0d4f0d27803fb331b9d052f0dfe711a0e60c SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|check_quick_select\|get_key_scans_params
CS 11.8 dbg 080126 afbad3b02bdcb0ed98789311632c7f87268322ed SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|ha_innobase::multi_range_read_info_const\|check_quick_select
CS 11.8 opt 080126 afbad3b02bdcb0ed98789311632c7f87268322ed SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|check_quick_select\|get_key_scans_params
CS 12.3 dbg 080126 e19be4919fec58a70c88023bcb1f88793fb4c90e SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|ha_innobase::multi_range_read_info_const\|check_quick_select
CS 12.3 opt 080126 e19be4919fec58a70c88023bcb1f88793fb4c90e SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|check_quick_select\|get_key_scans_params
ES 10.6 dbg 080126 0fe345fff3a0463224ca714831303d40fb83648b SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|ha_innobase::multi_range_read_info_const\|check_quick_select
ES 10.6 opt 080126 0fe345fff3a0463224ca714831303d40fb83648b SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|check_quick_select\|get_key_scans_params
ES 11.4 dbg 080126 34f616d5fd2c649d0c79acb4e2423c90b8f10436 SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|ha_innobase::multi_range_read_info_const\|check_quick_select
ES 11.4 opt 080126 34f616d5fd2c649d0c79acb4e2423c90b8f10436 SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|check_quick_select\|get_key_scans_params
ES 11.8 dbg 080126 405ee76b60c4ab82155f339136ed20d3b7363717 SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|ha_innobase::multi_range_read_info_const\|check_quick_select
ES 11.8 opt 080126 405ee76b60c4ab82155f339136ed20d3b7363717 SIGFPE\|handler::multi_range_read_info_const\|DsMrr_impl::dsmrr_info_const\|check_quick_select\|get_key_scans_params

Inconsistent handling and crash with 0-length PRIMARY KEY

Details

Description

Attachments

Activity

People

Dates

Git Integration