Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.0.1, 5.5.30, 5.3.12
-
None
Description
The problem appeared in 5.3 with the following revision:
revno: 3628
|
revision-id: igor@askmonty.org-20130225031611-jk8lyhhjazov66qc
|
committer: Igor Babaev <igor@askmonty.org>
|
branch nick: maria-5.3-mdev4177
|
timestamp: Sun 2013-02-24 19:16:11 -0800
|
message:
|
Fixed bug mdev-4177
|
Crash on 5.5:
#3 <signal handler called>
|
#4 0x000000000067e2f8 in Item_equal_iterator<List_iterator_fast, Item>::get_curr_field (this=0x7f489637a860) at 5.5/sql/item_cmpfunc.h:1849
|
#5 0x00000000008d3945 in get_full_func_mm_tree (param=0x7f489637ac70, cond_func=0x7f488c009060, field_item=0x7f488c008ec8, value=0x7f488c008fd0, inv=false) at 5.5/sql/opt_range.cc:7307
|
#6 0x00000000008d46ab in get_mm_tree (param=0x7f489637ac70, cond=0x7f488c009060) at 5.5/sql/opt_range.cc:7492
|
#7 0x00000000008d3b34 in get_mm_tree (param=0x7f489637ac70, cond=0x7f488c022488) at 5.5/sql/opt_range.cc:7341
|
#8 0x00000000008ca974 in SQL_SELECT::test_quick_select (this=0x7f488c024788, thd=0x2423240, keys_to_use=..., prev_tables=0, limit=18446744073709551615, force_quick_range=false, ordered_output=false) at 5.5/sql/opt_range.cc:3052
|
#9 0x000000000064673f in get_quick_record_count (thd=0x2423240, select=0x7f488c024788, table=0x7f488c01b8f0, keys=0x7f488c023210, limit=18446744073709551615) at 5.5/sql/sql_select.cc:3099
|
#10 0x00000000006484b1 in make_join_statistics (join=0x7f488c021a38, tables_list=..., conds=0x7f488c022488, keyuse_array=0x7f488c021d40) at 5.5/sql/sql_select.cc:3648
|
#11 0x000000000063fb3d in JOIN::optimize (this=0x7f488c021a38) at 5.5/sql/sql_select.cc:1209
|
#12 0x00000000006464ad in mysql_select (thd=0x2423240, rref_pointer_array=0x2425fa8, tables=0x7f488c007728, wild_num=1, fields=..., conds=0x7f488c021918, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f488c021a18, unit=0x2425678, select_lex=0x2425d50) at 5.5/sql/sql_select.cc:3048
|
#13 0x000000000063d0b6 in handle_select (thd=0x2423240, lex=0x24255c8, result=0x7f488c021a18, setup_tables_done_option=0) at 5.5/sql/sql_select.cc:318
|
#14 0x0000000000615fae in execute_sqlcom_select (thd=0x2423240, all_tables=0x7f488c007728) at 5.5/sql/sql_parse.cc:4641
|
#15 0x000000000060ea61 in mysql_execute_command (thd=0x2423240) at 5.5/sql/sql_parse.cc:2195
|
#16 0x0000000000618832 in mysql_parse (thd=0x2423240, rawbuf=0x7f488c0074c8 "SELECT * FROM t1 INNER JOIN t2 ON ( c = a ) \nWHERE 1 IS NULL OR b < 33 AND b = c", length=80, parser_state=0x7f489637e500) at 5.5/sql/sql_parse.cc:5756
|
#17 0x000000000060bfd4 in dispatch_command (command=COM_QUERY, thd=0x2423240, packet=0x2517641 "SELECT * FROM t1 INNER JOIN t2 ON ( c = a ) \nWHERE 1 IS NULL OR b < 33 AND b = c ", packet_length=81) at 5.5/sql/sql_parse.cc:1068
|
#18 0x000000000060b219 in do_command (thd=0x2423240) at 5.5/sql/sql_parse.cc:794
|
#19 0x000000000070f7f6 in do_handle_one_connection (thd_arg=0x2423240) at 5.5/sql/sql_connect.cc:1266
|
#20 0x000000000070f1e1 in handle_one_connection (arg=0x2423240) at 5.5/sql/sql_connect.cc:1181
|
#21 0x0000000000a9bc40 in pfs_spawn_thread (arg=0x24b72e0) at 5.5/storage/perfschema/pfs.cc:1015
|
#22 0x00007f48a1a6be9a in start_thread (arg=0x7f489637f700) at pthread_create.c:308
|
#23 0x00007f48a0d5fcbd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
|
revision-id: elenst@gmail.com-20130314125220-1je2vyildyigre1b
|
revno: 3697
|
branch-nick: 5.5
|
Test case:
CREATE TABLE t1 (a INT, b INT, KEY (b)) ENGINE=MyISAM; |
INSERT INTO t1 VALUES (6,8); |
 |
CREATE TABLE t2 (c INT, KEY (c)) ENGINE=MyISAM; |
INSERT INTO t2 VALUES (6),(9); |
 |
SELECT * FROM t1 INNER JOIN t2 ON ( c = a ) |
WHERE 1 IS NULL OR b < 33 AND b = c ; |
Reproducible with the default optimizer_switch as well as with all OFF values (except for in_to_exists or materialization, one of which is required to execute the query).
EXPLAIN also crashes.
Please note that the condition 1 IS NULL does not have to be this degenerative, for example a query like
SELECT * FROM t1 INNER JOIN t2 ON ( c = a ) |
WHERE ( SELECT SUM(d) FROM t3 ) IS NULL OR ( b < 33 ) AND ( b = c ); |
where t3 is not empty, crashes too.
Valgrind warnings on 5.3 (built with BUILD/compile-pentium-valgrind-max-no-ndb):
==12137== Thread 4:
|
==12137== Conditional jump or move depends on uninitialised value(s)
|
==12137== at 0x7E6548: get_full_func_mm_tree(RANGE_OPT_PARAM*, Item_func*, Item_field*, Item*, bool) (opt_range.cc:7181)
|
==12137== by 0x7E72AE: get_mm_tree(RANGE_OPT_PARAM*, Item*) (opt_range.cc:7368)
|
==12137== by 0x7E669F: get_mm_tree(RANGE_OPT_PARAM*, Item*) (opt_range.cc:7217)
|
==12137== by 0x7DD7CA: SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool, bool) (opt_range.cc:3081)
|
==12137== by 0x714A52: get_quick_record_count(THD*, SQL_SELECT*, st_table*, Bitmap<64u> const*, unsigned long long) (sql_select.cc:3039)
|
==12137== by 0x7167DC: make_join_statistics(JOIN*, List<TABLE_LIST>&, Item*, st_dynamic_array*) (sql_select.cc:3583)
|
==12137== by 0x70DBDC: JOIN::optimize() (sql_select.cc:1158)
|
==12137== by 0x71472E: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976)
|
==12137== by 0x70B16E: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
|
==12137== by 0x69658E: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
|
==12137== by 0x68D34D: mysql_execute_command(THD*) (sql_parse.cc:2305)
|
==12137== by 0x699008: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
|
==12137== by 0x68AAF1: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
|
==12137== by 0x689D8F: do_command(THD*) (sql_parse.cc:923)
|
==12137== by 0x6867EA: handle_one_connection (sql_connect.cc:1231)
|
==12137== by 0x548DE99: start_thread (pthread_create.c:308)
|
==12137== Use of uninitialised value of size 8
|
==12137== at 0x5DF2FA: Item_equal_iterator<List_iterator_fast, Item>::get_curr_field() (item_cmpfunc.h:1847)
|
==12137== by 0x7E6485: get_full_func_mm_tree(RANGE_OPT_PARAM*, Item_func*, Item_field*, Item*, bool) (opt_range.cc:7183)
|
==12137== by 0x7E72AE: get_mm_tree(RANGE_OPT_PARAM*, Item*) (opt_range.cc:7368)
|
==12137== by 0x7E669F: get_mm_tree(RANGE_OPT_PARAM*, Item*) (opt_range.cc:7217)
|
==12137== by 0x7DD7CA: SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool, bool) (opt_range.cc:3081)
|
==12137== by 0x714A52: get_quick_record_count(THD*, SQL_SELECT*, st_table*, Bitmap<64u> const*, unsigned long long) (sql_select.cc:3039)
|
==12137== by 0x7167DC: make_join_statistics(JOIN*, List<TABLE_LIST>&, Item*, st_dynamic_array*) (sql_select.cc:3583)
|
==12137== by 0x70DBDC: JOIN::optimize() (sql_select.cc:1158)
|
==12137== by 0x71472E: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976)
|
==12137== by 0x70B16E: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
|
==12137== by 0x69658E: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
|
==12137== by 0x68D34D: mysql_execute_command(THD*) (sql_parse.cc:2305)
|
==12137== by 0x699008: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
|
==12137== by 0x68AAF1: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
|
==12137== by 0x689D8F: do_command(THD*) (sql_parse.cc:923)
|
==12137== by 0x6867EA: handle_one_connection (sql_connect.cc:1231)
|
==12137== Use of uninitialised value of size 8
|
==12137== at 0x5DF31B: Item_equal_iterator<List_iterator_fast, Item>::get_curr_field() (item_cmpfunc.h:1848)
|
==12137== by 0x7E6485: get_full_func_mm_tree(RANGE_OPT_PARAM*, Item_func*, Item_field*, Item*, bool) (opt_range.cc:7183)
|
==12137== by 0x7E72AE: get_mm_tree(RANGE_OPT_PARAM*, Item*) (opt_range.cc:7368)
|
==12137== by 0x7E669F: get_mm_tree(RANGE_OPT_PARAM*, Item*) (opt_range.cc:7217)
|
==12137== by 0x7DD7CA: SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool, bool) (opt_range.cc:3081)
|
==12137== by 0x714A52: get_quick_record_count(THD*, SQL_SELECT*, st_table*, Bitmap<64u> const*, unsigned long long) (sql_select.cc:3039)
|
==12137== by 0x7167DC: make_join_statistics(JOIN*, List<TABLE_LIST>&, Item*, st_dynamic_array*) (sql_select.cc:3583)
|
==12137== by 0x70DBDC: JOIN::optimize() (sql_select.cc:1158)
|
==12137== by 0x71472E: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976)
|
==12137== by 0x70B16E: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
|
==12137== by 0x69658E: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
|
==12137== by 0x68D34D: mysql_execute_command(THD*) (sql_parse.cc:2305)
|
==12137== by 0x699008: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
|
==12137== by 0x68AAF1: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
|
==12137== by 0x689D8F: do_command(THD*) (sql_parse.cc:923)
|
==12137== by 0x6867EA: handle_one_connection (sql_connect.cc:1231)
|
==12137== Use of uninitialised value of size 8
|
==12137== at 0x566547: base_list_iterator::next_fast() (sql_list.h:449)
|
==12137== by 0x5689AC: List_iterator_fast<Item>::operator++(int) (sql_list.h:561)
|
==12137== by 0x5DF2D3: Item_equal_iterator<List_iterator_fast, Item>::operator++(int) (item_cmpfunc.h:1835)
|
==12137== by 0x7E653F: get_full_func_mm_tree(RANGE_OPT_PARAM*, Item_func*, Item_field*, Item*, bool) (opt_range.cc:7181)
|
==12137== by 0x7E72AE: get_mm_tree(RANGE_OPT_PARAM*, Item*) (opt_range.cc:7368)
|
==12137== by 0x7E669F: get_mm_tree(RANGE_OPT_PARAM*, Item*) (opt_range.cc:7217)
|
==12137== by 0x7DD7CA: SQL_SELECT::test_quick_select(THD*, Bitmap<64u>, unsigned long long, unsigned long long, bool, bool) (opt_range.cc:3081)
|
==12137== by 0x714A52: get_quick_record_count(THD*, SQL_SELECT*, st_table*, Bitmap<64u> const*, unsigned long long) (sql_select.cc:3039)
|
==12137== by 0x7167DC: make_join_statistics(JOIN*, List<TABLE_LIST>&, Item*, st_dynamic_array*) (sql_select.cc:3583)
|
==12137== by 0x70DBDC: JOIN::optimize() (sql_select.cc:1158)
|
==12137== by 0x71472E: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:2976)
|
==12137== by 0x70B16E: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
|
==12137== by 0x69658E: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
|
==12137== by 0x68D34D: mysql_execute_command(THD*) (sql_parse.cc:2305)
|
==12137== by 0x699008: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
|
==12137== by 0x68AAF1: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
|