Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-38658

SIGSEGV and UBSAN detected null-pointer-use in setup_copy_fields on SELECT

    XMLWordPrintable

Details

    • Can result in hang or crash

    Description

      Split from MDEV-32317 on request from midenok, here.

      select * from (select x,0 from (select * from (select * from (select x,0 from (select 1 as x) as x where x in (select 1 as x from (select 0 as x from (select 1 as x) as x where x in (1)) as x where x in (select * from (select 1 as x) as x where x in (select x in ((select * from (select 1 as x from (select 1 as x) as x where x in (1)) as x group by x having not x)) group by x having not x)) group by x having not not x)) as x) as x group by x,x in (select 1 where x in (select 1 where not x in (1)))) as x where x in (1)) as x group by not x in (select (select 1 as x from (select * from (select * from (select 1 as x group by x having not 1) as x where x in (1) group by x,x) as x) as x) in ((select (select * from (select 1 as x from (select 1 as x) as x where x in (1)) as x group by x having not x) in (select 1 as x from (select 1 as x from (select * from (select 1 as x) as x where x in (select x) group by x,x having x in (select x in (select 1 as x from (select 0 as x) as x where x in (select * from (select 1 as x) as x where x in (select 1 as x from (select 1 as x from (select 1 as x) as x where x in (1)) as x where x in (1) group by x having x in (select not (select * from (select * from (select x in (select 1 as x where x in ((select 1 as x from (select 1 as x) as x where x in (select 1 in (1) as x)))) as x from (select 1 as x from (select * from (select * from (select x,0 from (select 1 as x) as x where x in (select 1 as x from (select 1 as x from (select 1 as x) as x where x in (1)) as x where x in (1) group by x having not not x)) as x) as x) as x) as x) as x where x in (1)) as x) from (select 1 as x) as x)))) where not x in (1))) as x where x in (1)) as x where x in (1) group by x having not not x) as x from (select * from (select * from (select 1 as x from (select 1 as x) as x) as x where x in (1)) as x) as x where x in (1))));

      Leads to:

      CS 12.2.2 6ca70dd64ce56da40fad3bcd0641493210dd0a4c (Debug, Clang 21.1.3-20250923) Build 23/01/2026

      		 
      Core was generated by `/test/MD230126-mariadb-12.2.2-linux-x86_64-dbg/bin/mariadbd --no-defaults --max'.
      		 
      Program terminated with signal SIGSEGV, Segmentation fault.
      		 
      #0  0x00005e7d26b7001f in setup_copy_fields (thd=0x787390000d58, param=0x787390092c28, ref_pointer_array=..., res_selected_fields=..., res_all_fields=..., elements=1, all_fields=...)at /test/12.2_dbg/sql/sql_select.cc:29587
      		 
       
      		 
      [Current thread is 1 (LWP 304783)]
      		 
      (gdb) bt
      		 
      #0  0x00005e7d26b7001f in setup_copy_fields (thd=0x787390000d58, param=0x787390092c28, ref_pointer_array={m_array = 0x787390093250, m_size = 20}, res_selected_fields=@0x787390092e08: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5e7d27b7ea50 <end_of_list>, last = 0x787390092e08, elements = 0}, <No data fields>}, res_all_fields=@0x787390092dc0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5e7d27b7ea50 <end_of_list>, last = 0x787390092dc0, elements = 0}, <No data fields>}, elements=1, all_fields=@0x787390092d78: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x787390095250, last = 0x78739002a3c8, elements = 2}, <No data fields>}) at /test/12.2_dbg/sql/sql_select.cc:29587
      		 
      #1  0x00005e7d26b6c388 in JOIN::make_aggr_tables_info (this=0x7873900929d0)at /test/12.2_dbg/sql/sql_select.cc:4221
      		 
      #2  0x00005e7d26b5c476 in JOIN::optimize_stage2 (this=0x7873900929d0)at /test/12.2_dbg/sql/sql_select.cc:3622
      		 
      #3  0x00005e7d26b5a068 in JOIN::optimize_inner (this=0x7873900929d0)at /test/12.2_dbg/sql/sql_select.cc:2794
      		 
      #4  0x00005e7d26b57c46 in JOIN::optimize (this=0x7873900929d0)at /test/12.2_dbg/sql/sql_select.cc:2021
      		 
      #5  0x00005e7d26aab976 in st_select_lex::optimize_unflattened_subqueries (this=0x78739001e5e8, const_only=false)at /test/12.2_dbg/sql/sql_lex.cc:5128
      		 
      #6  0x00005e7d26d6817e in JOIN::optimize_unflattened_subqueries (this=0x787390077730) at /test/12.2_dbg/sql/opt_subselect.cc:5915
      		 
      #7  0x00005e7d26b5c4c8 in JOIN::optimize_stage2 (this=0x787390077730)at /test/12.2_dbg/sql/sql_select.cc:3637
      		 
      #8  0x00005e7d26b5a068 in JOIN::optimize_inner (this=0x787390077730)at /test/12.2_dbg/sql/sql_select.cc:2794
      		 
      #9  0x00005e7d26b57c46 in JOIN::optimize (this=0x787390077730)at /test/12.2_dbg/sql/sql_select.cc:2021
      		 
      #10 0x00005e7d26a1b4bf in Item_in_subselect::optimize (this=0x78739002cbf8, out_rows=0x7874bc528088, cost=0x7874bc528080)at /test/12.2_dbg/sql/item_subselect.cc:851
      		 
      #11 0x00005e7d26d69846 in setup_jtbm_semi_joins (join=0x787390097090, join_list=0x78739001bde0, eq_list=@0x7874bc528468: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5e7d27b7ea50 <end_of_list>, last = 0x7874bc528468, elements = 0}, <No data fields>}) at /test/12.2_dbg/sql/opt_subselect.cc:6641
      		 
      #12 0x00005e7d26b593dc in JOIN::optimize_inner (this=0x787390097090)at /test/12.2_dbg/sql/sql_select.cc:2543
      		 
      #13 0x00005e7d26b57c46 in JOIN::optimize (this=0x787390097090)at /test/12.2_dbg/sql/sql_select.cc:2021
      		 
      #14 0x00005e7d26a839ff in mysql_derived_optimize (thd=0x787390000d58, lex=0x787390005098, derived=0x7873900322f8)at /test/12.2_dbg/sql/sql_derived.cc:1048
      		 
      #15 0x00005e7d26a853cf in mysql_handle_single_derived (lex=0x787390005098, derived=0x7873900322f8, phases=4) at /test/12.2_dbg/sql/sql_derived.cc:203
      		 
      #16 0x00005e7d26b59717 in JOIN::optimize_inner (this=0x787390075938)at /test/12.2_dbg/sql/sql_select.cc:2588
      		 
      #17 0x00005e7d26b57c46 in JOIN::optimize (this=0x787390075938)at /test/12.2_dbg/sql/sql_select.cc:2021
      		 
      #18 0x00005e7d26b5057d in mysql_select (thd=0x787390000d58, tables=0x787390033718, fields=@0x78739001b218: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x78739001b560, last = 0x78739009be68, elements = 2}, <No data fields>}, conds=0x0, og_num=1, order=0x0, group=0x787390074f80, having=0x0, proc_param=0x0, select_options=2164525824, result=0x787390075910, unit=0x787390005178, select_lex=0x78739001af60)at /test/12.2_dbg/sql/sql_select.cc:5430
      		 
      #19 0x00005e7d26b500fd in handle_select (thd=0x787390000d58, lex=0x787390005098, result=0x787390075910, setup_tables_done_option=0)at /test/12.2_dbg/sql/sql_select.cc:636
      		 
      #20 0x00005e7d26afb75a in execute_sqlcom_select (thd=0x787390000d58, all_tables=0x787390033718) at /test/12.2_dbg/sql/sql_parse.cc:6210
      		 
      #21 0x00005e7d26af1ac3 in mysql_execute_command (thd=0x787390000d58, is_called_from_prepared_stmt=false) at /test/12.2_dbg/sql/sql_parse.cc:3967
      		 
      #22 0x00005e7d26aeaa08 in mysql_parse (thd=0x787390000d58, rawbuf=0x78739001a078 "select * from (select x,0 from (select * from (select * from (select x,0 from (select 1 as x) as x where x in (select 1 as x from (select 0 as x from (select 1 as x) as x where x in (1)) as x where x "..., length=1862, parser_state=0x7874bc52aa00)at /test/12.2_dbg/sql/sql_parse.cc:7932
      		 
      #23 0x00005e7d26ae81ce in dispatch_command (command=COM_QUERY, thd=0x787390000d58, packet=0x78739000b249 "select * from (select x,0 from (select * from (select * from (select x,0 from (select 1 as x) as x where x in (select 1 as x from (select 0 as x from (select 1 as x) as x where x in (1)) as x where x "..., packet_length=1862, blocking=true) at /test/12.2_dbg/sql/sql_parse.cc:1896
      		 
      #24 0x00005e7d26aeb48a in do_command (thd=0x787390000d58, blocking=true)at /test/12.2_dbg/sql/sql_parse.cc:1432
      		 
      #25 0x00005e7d26cdf0fe in do_handle_one_connection (connect=0x5e7d29cf5e78, put_in_cache=true) at /test/12.2_dbg/sql/sql_connect.cc:1503
      		 
      #26 0x00005e7d26cdeee1 in handle_one_connection (arg=0x5e7d29c51a98)at /test/12.2_dbg/sql/sql_connect.cc:1415
      		 
      #27 0x00007874bf29ca94 in start_thread (arg=<optimized out>)at ./nptl/pthread_create.c:447
      		 
      #28 0x00007874bf329c3c in clone3 ()at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78

      Bug Detection Matrix

      		 
          Rel    o/d  Build   Commit                                    UniqueID observed             
      CS  10.6   dbg  230126  cd02709a315c9f08965d6b8fb7e75baaae17a4f4  No bug found                  
      CS  10.6   opt  230126  cd02709a315c9f08965d6b8fb7e75baaae17a4f4  No bug found                  
      CS  10.11  dbg  230126  b061b5ab1f2cd2a6993e53dc24a865304ced14cd  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  10.11  opt  230126  b061b5ab1f2cd2a6993e53dc24a865304ced14cd  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  11.4   dbg  260126  b6d0e23d76fe5936b6a29379ab494852e4d493b1  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  11.4   opt  260126  b6d0e23d76fe5936b6a29379ab494852e4d493b1  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  11.8   dbg  230126  01ff5ae6b677bead4c41d91bf5afb25c593a1d02  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  11.8   opt  230126  01ff5ae6b677bead4c41d91bf5afb25c593a1d02  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  12.2   dbg  230126  6ca70dd64ce56da40fad3bcd0641493210dd0a4c  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  12.2   opt  230126  6ca70dd64ce56da40fad3bcd0641493210dd0a4c  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  12.3   dbg  230126  4528b8a585c09611d61340b721b3efaf13018f65  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  12.3   opt  230126  4528b8a585c09611d61340b721b3efaf13018f65  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  10.6   dbg  230126  0fe345fff3a0463224ca714831303d40fb83648b  No bug found                  
      ES  10.6   opt  230126  0fe345fff3a0463224ca714831303d40fb83648b  No bug found                  
      ES  11.4   dbg  230126  34f616d5fd2c649d0c79acb4e2423c90b8f10436  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  11.4   opt  230126  34f616d5fd2c649d0c79acb4e2423c90b8f10436  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  11.8   dbg  230126  405ee76b60c4ab82155f339136ed20d3b7363717  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  11.8   opt  230126  405ee76b60c4ab82155f339136ed20d3b7363717  SIGSEGV|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      MS  5.5    dbg  070123  bac287c315b1792e7ae33f91add6a60292f9bae8  No bug found                  
      MS  5.5    opt  070123  bac287c315b1792e7ae33f91add6a60292f9bae8  No bug found                  
      MS  5.6    dbg  070123  dab95781a1244104d6b87020ac2fc4d190ba2946  No bug found                  
      MS  5.6    opt  070123  dab95781a1244104d6b87020ac2fc4d190ba2946  No bug found                  
      MS  5.7    dbg  070525  f7680e98b6bbe3500399fbad465d08a6b75d7a5c  No bug found                  
      MS  5.7    opt  070525  f7680e98b6bbe3500399fbad465d08a6b75d7a5c  No bug found                  
      MS  8.0    dbg  060224  49ef33f7edadef3ae04665e73d1babd40179a4f1  No bug found                  
      MS  8.0    opt  060224  49ef33f7edadef3ae04665e73d1babd40179a4f1  No bug found                  
      MS  9.1    dbg  211024  61a3a1d8ef15512396b4c2af46e922a19bf2b174  No bug found                  
      MS  9.1    opt  211024  61a3a1d8ef15512396b4c2af46e922a19bf2b174  No bug found

      And

      CS 12.2.2 6ca70dd64ce56da40fad3bcd0641493210dd0a4c (Debug, UBASAN, Clang 21.1.3-20250923) Build 23/01/2026

      		 
      /test/12.2_dbg_san/sql/sql_select.cc:29587:24: runtime error: member access within null pointer of type 'Field'
      		 
          #0 0x5e5291544a7a in setup_copy_fields(THD*, TMP_TABLE_PARAM*, Bounds_checked_array<Item*>, List<Item>&, List<Item>&, unsigned int, List<Item>&) /test/12.2_dbg_san/sql/sql_select.cc:29587:24
      		 
          #1 0x5e52915300c5 in JOIN::make_aggr_tables_info() /test/12.2_dbg_san/sql/sql_select.cc:4221:5
      		 
          #2 0x5e52914d409f in JOIN::optimize_stage2() /test/12.2_dbg_san/sql/sql_select.cc:3622:9
      		 
          #3 0x5e52914d13e3 in JOIN::optimize_inner() /test/12.2_dbg_san/sql/sql_select.cc:2794:9
      		 
          #4 0x5e52914cc536 in JOIN::optimize() /test/12.2_dbg_san/sql/sql_select.cc:2021:10
      		 
          #5 0x5e5291256d28 in st_select_lex::optimize_unflattened_subqueries(bool) /test/12.2_dbg_san/sql/sql_lex.cc:5128:31
      		 
          #6 0x5e52914d414c in JOIN::optimize_stage2() /test/12.2_dbg_san/sql/sql_select.cc:3637:7
      		 
          #7 0x5e52914d13e3 in JOIN::optimize_inner() /test/12.2_dbg_san/sql/sql_select.cc:2794:9
      		 
          #8 0x5e52914cc536 in JOIN::optimize() /test/12.2_dbg_san/sql/sql_select.cc:2021:10
      		 
          #9 0x5e5291020eb3 in Item_in_subselect::optimize(double*, double*) /test/12.2_dbg_san/sql/item_subselect.cc:851:19
      		 
          #10 0x5e5291cdfb28 in setup_jtbm_semi_joins(JOIN*, List<TABLE_LIST>*, List<Item>&) /test/12.2_dbg_san/sql/opt_subselect.cc:6641:22
      		 
          #11 0x5e52914d0674 in JOIN::optimize_inner() /test/12.2_dbg_san/sql/sql_select.cc:2543:7
      		 
          #12 0x5e52914cc536 in JOIN::optimize() /test/12.2_dbg_san/sql/sql_select.cc:2021:10
      		 
          #13 0x5e52911a6365 in mysql_derived_optimize(THD*, LEX*, TABLE_LIST*) /test/12.2_dbg_san/sql/sql_derived.cc:1048:23
      		 
          #14 0x5e52911ae0b7 in mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int) /test/12.2_dbg_san/sql/sql_derived.cc:203:15
      		 
          #15 0x5e52914d0b60 in JOIN::optimize_inner() /test/12.2_dbg_san/sql/sql_select.cc:2588:11
      		 
          #16 0x5e52914cc536 in JOIN::optimize() /test/12.2_dbg_san/sql/sql_select.cc:2021:10
      		 
          #17 0x5e52914ab7df in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/12.2_dbg_san/sql/sql_select.cc:5430:19
      		 
          #18 0x5e52914aa5c7 in handle_select(THD*, LEX*, select_result*, unsigned long long) /test/12.2_dbg_san/sql/sql_select.cc:636:10
      		 
          #19 0x5e529135bc5d in execute_sqlcom_select(THD*, TABLE_LIST*) /test/12.2_dbg_san/sql/sql_parse.cc:6210:12
      		 
          #20 0x5e5291345fe0 in mysql_execute_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:3967:12
      		 
          #21 0x5e529131fb78 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/12.2_dbg_san/sql/sql_parse.cc:7932:18
      		 
          #22 0x5e529131796f in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1896:7
      		 
          #23 0x5e5291321fba in do_command(THD*, bool) /test/12.2_dbg_san/sql/sql_parse.cc:1432:17
      		 
          #24 0x5e5291b30f1c in do_handle_one_connection(CONNECT*, bool) /test/12.2_dbg_san/sql/sql_connect.cc:1503:11
      		 
          #25 0x5e5291b30a25 in handle_one_connection /test/12.2_dbg_san/sql/sql_connect.cc:1415:5
      		 
          #26 0x5e529027c7ca in asan_thread_start(void*) crtstuff.c
      		 
          #27 0x7abcc729ca93 in start_thread nptl/pthread_create.c:447:8
      		 
          #28 0x7abcc7329c3b in clone3 misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
      		 
       
      		 
      SUMMARY: UndefinedBehaviorSanitizer: null-pointer-use /test/12.2_dbg_san/sql/sql_select.cc:29587:24

      Setup:

      Compiled with a recent version of Clang and LLVM. Ubuntu instructions for Clang/LLVM 18:
      		 
        # Note: It is strongly recommended to uninstall all old Clang & LLVM packages (ref  dpkg --list | grep -iE 'clang|llvm'  and use  apt purge  and  dpkg --purge  to remove the packages), before installing Clang/LLVM 18
      		 
           sudo apt install clang llvm-18 llvm-18-linker-tools llvm-18-runtime llvm-18-tools llvm-18-dev libstdc++-14-dev llvm-dev lld-18
      		 
      Compiled with: "-DCMAKE_C_COMPILER=/usr/bin/clang -DCMAKE_CXX_COMPILER=/usr/bin/clang++ -DCMAKE_C{,XX}_FLAGS='-march=native -mtune=native'" and:
      		 
          -DWITH_ASAN=ON -DWITH_ASAN_SCOPE=ON -DWITH_UBSAN=ON -DWSREP_LIB_WITH_ASAN=ON
      		 
      Set before execution:
      		 
          export UBSAN_OPTIONS=print_stacktrace=1:report_error_type=1   # And you may also want to supress UBSAN startup issues using 'suppressions=UBSAN.filter' in UBSAN_OPTIONS. For an example of UBSAN.filter, which includes current startup issues see: https://github.com/mariadb-corporation/mariadb-qa/blob/master/UBSAN.filter

      SAN Bug Detection Matrix

      		 
          Rel    o/d  Build   Commit                                    UniqueID observed             
      CS  10.6   dbg  230126  cd02709a315c9f08965d6b8fb7e75baaae17a4f4  No bug found                  
      CS  10.6   opt  230126  cd02709a315c9f08965d6b8fb7e75baaae17a4f4  No bug found                  
      CS  10.11  dbg  230126  b061b5ab1f2cd2a6993e53dc24a865304ced14cd  UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  10.11  opt  230126  b061b5ab1f2cd2a6993e53dc24a865304ced14cd  UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  11.4   dbg  260126  b6d0e23d76fe5936b6a29379ab494852e4d493b1 UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  11.4   opt  260126  b6d0e23d76fe5936b6a29379ab494852e4d493b1  UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  11.8   dbg  230126  01ff5ae6b677bead4c41d91bf5afb25c593a1d02  UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  11.8   opt  230126  01ff5ae6b677bead4c41d91bf5afb25c593a1d02  UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  12.2   dbg  230126  6ca70dd64ce56da40fad3bcd0641493210dd0a4c  UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  12.2   opt  230126  6ca70dd64ce56da40fad3bcd0641493210dd0a4c  UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  12.3   dbg  230126  4528b8a585c09611d61340b721b3efaf13018f65  UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      CS  12.3   opt  230126  4528b8a585c09611d61340b721b3efaf13018f65  UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  10.6   dbg  260126  0fe345fff3a0463224ca714831303d40fb83648b  No bug found                  
      ES  10.6   opt  230126  0fe345fff3a0463224ca714831303d40fb83648b  No bug found                
      ES  11.4   dbg  260126  34f616d5fd2c649d0c79acb4e2423c90b8f10436  UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  11.4   opt  260126  34f616d5fd2c649d0c79acb4e2423c90b8f10436  UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  11.8   dbg  230126  405ee76b60c4ab82155f339136ed20d3b7363717  UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner
      		 
      ES  11.8   opt  230126  405ee76b60c4ab82155f339136ed20d3b7363717  UBSAN|member access within null pointer of type 'Field'|sql/sql_select.cc|setup_copy_fields|JOIN::make_aggr_tables_info|JOIN::optimize_stage2|JOIN::optimize_inner

      If it would help to reduce the testcase further manually, please let me know and I will be happy to do so.

      Attachments

        Issue Links

          split from

          Bug - A problem which impairs or prevents the functions of the product. MDEV-32317 ref_ptrs exhaust on multiple ORDER by func from winfunc

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              midenok Aleksey Midenkov
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.