Details
Description
SELECT * FROM ( SELECT x FROM ( SELECT * FROM ( SELECT 1 AS x UNION SELECT 2 UNION SELECT 3 UNION SELECT 4 INTERSECT SELECT ST_ASTEXT ( ST_ENVELOPE ( ST_GEOMFROMTEXT ( 'MULTILINESTRING((0 0,0 5,5 5,5 0,0 0))' ) ) ) ) AS x ) AS x GROUP BY x , x HAVING x = CASE WHEN ( SELECT ( 1 ) WHERE x IS NULL OR ST_LONGFROMGEOHASH ( ST_GEOHASH ( -180 , 0 , 20 ) ) GROUP BY 'x' ) - 1 THEN ( 1 ^ x ) ELSE CASE WHEN CASE WHEN extractvalue ( '<a>A<b>B1</b><b>B2</b></a>' , '/a/b[count(.)=1]' ) NOT IN ( SELECT * FROM ( SELECT 2 UNION SELECT 3 UNION SELECT 'LINESTRING(0 0,-0.00 0)' ) AS x GROUP BY x HAVING NOT NOT ( x ) ) THEN 1 ELSE 1 END THEN 1 WHEN 'x' LIKE 'x' THEN 1 END END EXCEPT SELECT x FROM ( SELECT * FROM ( SELECT 1 AS x UNION SELECT 2 UNION SELECT 3 ) AS x ) AS x ) AS x ; |
-
- Expected result
The server should either execute the query or return a normal SQL error without crashing.
- Expected result
-
- Actual result
The fuzzing run observed a server crash. The deduplicated stack signature is:stack:_ma_unique_hash|maria_write|_ZN7handler16ha_write_tmp_rowEPh|_ZL9end_writeP4JOINP13st_join_tableb|_ZL20evaluate_join_recordP4JOINP13st_join_tablei|_Z10sub_selectP4JOINP13st_join_tableb|_ZN4JOIN10exec_innerEv|_ZN4JOIN4execEv
- Actual result
Top frames:
_ma_unique_hash
|
maria_write
|
_ZN7handler16ha_write_tmp_rowEPh
|
_ZL9end_writeP4JOINP13st_join_tableb
|
_ZL20evaluate_join_recordP4JOINP13st_join_tablei
|
_Z10sub_selectP4JOINP13st_join_tableb
|
_ZN4JOIN10exec_innerEv
|
_ZN4JOIN4execEv
|
Attachments
Issue Links
- relates to
-
MDEV-28506 SIGSEGV's in find_field_in_table[s][_ref], Item_field::fix_fields, create_view_field and MemcmpInterceptorCommon | Assertions `(*select_ref)->fixed' or '->is_fixed' and `table_list->table' failed
-
- Stalled
-