Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-3987

uninitialized read in Item_cond::fix_fields leads to crash: select .. where .. in ( select ... )

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.0.0, 5.5.28a
    • Fix Version/s: 10.0.2, 5.5.29
    • Component/s: None
    • Labels:
      None
    • Environment:
      windows, linux

      Description

      How to repeat:
      ----------------
      #Run mysqld in valgrind. Execute:

      drop table if exists `t1`;
      create table `t1`(`a` char(1) character set utf8)engine=innodb;
      select 1 from `t1` where `a` in (select group_concat(`a`) from t1);

      Windows call stack:
      ---------------------

      Version: '10.0.0-MariaDB-log'  socket: ''  port: 3306  Source distribution
      121228  7:46:33 [ERROR] mysqld got exception 0xc0000005 ;
      mysqld.exe!setup_jtbm_semi_joins()[opt_subselect.cc:5224]
      mysqld.exe!JOIN::optimize_inner()[sql_select.cc:1123]
      mysqld.exe!JOIN::optimize()[sql_select.cc:992]
      mysqld.exe!mysql_select()[sql_select.cc:3176]
      mysqld.exe!handle_select()[sql_select.cc:362]
      mysqld.exe!execute_sqlcom_select()[sql_parse.cc:4937]
      mysqld.exe!mysql_execute_command()[sql_parse.cc:2421]
      mysqld.exe!mysql_parse()[sql_parse.cc:6061]
      mysqld.exe!dispatch_command()[sql_parse.cc:1219]
      mysqld.exe!do_command()[sql_parse.cc:951]
      mysqld.exe!threadpool_process_request()[threadpool_common.cc:225]
      mysqld.exe!io_completion_callback()[threadpool_win.cc:568]

      See attached file for full valgrind outputs.

        Attachments

          Activity

            People

            • Assignee:
              serg Sergei Golubchik
              Reporter:
              sbester1 sbester1
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: