Details
-
Bug
-
Status: Stalled (View Workflow)
-
Major
-
Resolution: Unresolved
-
10.6, 12.0.1
-
None
Description
Reproduction Steps
CREATE TABLE v0 (v1 INT, v2 INT, v3 INT);
SELECT ( AVG ( 69 ) , - 'x' ) NOT IN ( SELECT v3 , v1 = -1 OR ( v3 , v2 , v1 ) < ( 255 , 3 , 0 ) ) FROM v0;
Key Point: The query involves a row expression ( AVG ( 69 ) , - 'x' ) with an IN subquery, combined with
aggregate functions and row comparisons.
Stack Trace
#0 __pthread_kill_implementation
#1 raise
#2 abort
#3 __assert_fail_base.cold
#4 __assert_fail
#5 Item_in_subselect::val_str (sql/item_subselect.cc:1980)
#6 Item_copy_string::copy (sql/item.cc:5443)
#7 copy_fields (sql/sql_select.cc:29405)
#8 end_send_group (sql/sql_select.cc:25867)
#9 evaluate_join_record (sql/sql_select.cc:24515)
#10 sub_select (sql/sql_select.cc:24282)
#11 do_select (sql/sql_select.cc:23793)
#12 JOIN::exec_inner (sql/sql_select.cc:5059)
...
From AI:
Root Cause Analysis
The issue occurs in Item_in_subselect::val_str() method:
// sql/item_subselect.cc:1974-1980
String *Item_in_subselect::val_str(String *str)
Problem Flow:
1. Query contains a row expression with IN subquery
2. During query execution, copy_fields() is called to copy field values
3. An Item_copy_string object tries to copy the value of an Item_in_subselect
4. Item_copy_string::copy() calls val_str() on the Item_in_subselect
5. However, Item_in_subselect::val_str() is marked as "should not be used" with DBUG_ASSERT(0)
6. The assertion fails, causing the server to crash
Root Cause: The optimizer incorrectly creates an Item_copy_string wrapper for an Item_in_subselect when the
subquery result should be converted to a string value. The Item_in_subselect class does not properly support
val_str() method.