Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
12.3.1
-
None
-
None
-
ubuntu22.04
12.3.1-MariaDB
Description
Summary
Server crash in Item_ref::const_item during trigger execution with derived query and COALESCE(CONVERT(a,CHAR), VERSION()) IN (a, VERSION()).
Description
MariaDB 12.3.1 crashes (SIGSEGV) when an INSERT fires a BEFORE INSERT trigger containing a nested derived-table scalar subquery.
How to reproduce
DROP DATABASE IF EXISTS mdev_crash; |
CREATE DATABASE mdev_crash; |
USE mdev_crash; |
|
|
CREATE TABLE t(a INT, b INT); |
INSERT INTO t VALUES (1,1),(2,2); |
|
|
SET optimizer_switch='condition_pushdown_for_derived=on,condition_pushdown_from_having=on'; |
|
|
CREATE TABLE out_ver(x INT); |
DROP TRIGGER IF EXISTS trg_ver; |
|
|
CREATE TRIGGER trg_ver |
BEFORE INSERT ON out_ver |
FOR EACH ROW |
SET NEW.x = ( |
SELECT a |
FROM (SELECT * FROM (SELECT a,b FROM t GROUP BY b HAVING a IS NOT NULL) q1) q2 |
WHERE COALESCE(CONVERT(a,CHAR), VERSION()) IN (a, VERSION()) |
LIMIT 1
|
);
|
|
|
INSERT INTO out_ver VALUES (0); |
Stack trace (key frames)
Item_ref::const_item
|
Item_direct_view_ref::const_item
|
Item::cache_const_expr_analyzer
|
JOIN::cache_const_exprs
|
JOIN::optimize_stage2
|
sp_head::execute_trigger
|
Table_triggers_list::process_triggers
|
mysql_insert
|
Actual result
Server crashes with SIGSEGV.
Version
12.3.1-MariaDB
source revision: 21a0714a118614982d20bfa504763d7247800091