Details
-
Bug
-
Status: Closed (View Workflow)
-
Minor
-
Resolution: Won't Fix
-
5.3.12
-
None
-
None
Description
SET optimizer_switch='semijoin=on,materialization=on'; |
|
|
CREATE TABLE t1 (a INT, b INT) ENGINE=MyISAM; |
INSERT INTO t1 VALUES (3,1),(0,3); |
|
|
CREATE TABLE t2 (c INT, d INT) ENGINE=MyISAM; |
INSERT INTO t2 VALUES (0, 4),(8, 6); |
|
|
SELECT b, COUNT(*) AS cnt FROM t1, t2 GROUP BY b |
HAVING b > ALL ( SELECT d FROM t2 WHERE c IN ( SELECT MAX( a ) FROM t1 ) ) AND cnt = 7; |
==28299== Thread 4:
|
==28299== Invalid read of size 8
|
==28299== at 0x58BB42: Item_field::print(String*, enum_query_type) (item.cc:6130)
|
==28299== by 0x5AF685: Item_func::print_op(String*, enum_query_type) (item_func.cc:475)
|
==28299== by 0x5DBC6C: Item_bool_func2::print(String*, enum_query_type) (item_cmpfunc.h:379)
|
==28299== by 0x74081F: st_select_lex::print(THD*, String*, enum_query_type) (sql_select.cc:22582)
|
==28299== by 0x618B23: subselect_single_select_engine::print(String*, enum_query_type) (item_subselect.cc:3631)
|
==28299== by 0x61097D: Item_subselect::print(String*, enum_query_type) (item_subselect.cc:813)
|
==28299== by 0x610D85: Item_maxmin_subselect::print(String*, enum_query_type) (item_subselect.cc:904)
|
==28299== by 0x5AF5B5: Item_func::print_op(String*, enum_query_type) (item_func.cc:470)
|
==28299== by 0x5DBC6C: Item_bool_func2::print(String*, enum_query_type) (item_cmpfunc.h:379)
|
==28299== by 0x5AF51E: Item_func::print_args(String*, unsigned int, enum_query_type) (item_func.cc:460)
|
==28299== by 0x5AF488: Item_func::print(String*, enum_query_type) (item_func.cc:449)
|
==28299== by 0x5AF51E: Item_func::print_args(String*, unsigned int, enum_query_type) (item_func.cc:460)
|
==28299== by 0x5AF488: Item_func::print(String*, enum_query_type) (item_func.cc:449)
|
==28299== by 0x5C91C3: Item_func_not_all::print(String*, enum_query_type) (item_cmpfunc.cc:384)
|
==28299== by 0x73AEA5: change_to_use_tmp_fields(THD*, Item**, List<Item>&, List<Item>&, unsigned int, List<Item>&) (sql_select.cc:20811)
|
==28299== by 0x70CA82: JOIN::exec() (sql_select.cc:2356)
|
==28299== Address 0xf877528 is 88 bytes inside a block of size 1,000 free'd
|
==28299== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==28299== by 0xB746E2: _myfree (safemalloc.c:337)
|
==28299== by 0xB7397A: free_root (my_alloc.c:372)
|
==28299== by 0x72DECC: free_tmp_table(THD*, st_table*) (sql_select.cc:15610)
|
==28299== by 0x61A5F0: subselect_hash_sj_engine::cleanup() (item_subselect.cc:4440)
|
==28299== by 0x60EF0D: Item_subselect::cleanup() (item_subselect.cc:130)
|
==28299== by 0x60F0E8: Item_in_subselect::cleanup() (item_subselect.cc:167)
|
==28299== by 0x720B9B: st_join_table::cleanup() (sql_select.cc:10130)
|
==28299== by 0x721667: JOIN::cleanup(bool) (sql_select.cc:10440)
|
==28299== by 0x721364: JOIN::join_free() (sql_select.cc:10360)
|
==28299== by 0x72E68C: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15799)
|
==28299== by 0x70E6B7: JOIN::exec() (sql_select.cc:2786)
|
==28299== by 0x617A17: subselect_single_select_engine::exec() (item_subselect.cc:3141)
|
==28299== by 0x61016E: Item_subselect::exec() (item_subselect.cc:588)
|
==28299== by 0x6119CB: Item_singlerow_subselect::val_int() (item_subselect.cc:1155)
|
==28299== by 0x5CB6C8: Arg_comparator::compare_int_signed() (item_cmpfunc.cc:1165)
|
==28299== Invalid read of size 1
|
==28299== at 0x58BB46: Item_field::print(String*, enum_query_type) (item.cc:6130)
|
==28299== by 0x5AF685: Item_func::print_op(String*, enum_query_type) (item_func.cc:475)
|
==28299== by 0x5DBC6C: Item_bool_func2::print(String*, enum_query_type) (item_cmpfunc.h:379)
|
==28299== by 0x74081F: st_select_lex::print(THD*, String*, enum_query_type) (sql_select.cc:22582)
|
==28299== by 0x618B23: subselect_single_select_engine::print(String*, enum_query_type) (item_subselect.cc:3631)
|
==28299== by 0x61097D: Item_subselect::print(String*, enum_query_type) (item_subselect.cc:813)
|
==28299== by 0x610D85: Item_maxmin_subselect::print(String*, enum_query_type) (item_subselect.cc:904)
|
==28299== by 0x5AF5B5: Item_func::print_op(String*, enum_query_type) (item_func.cc:470)
|
==28299== by 0x5DBC6C: Item_bool_func2::print(String*, enum_query_type) (item_cmpfunc.h:379)
|
==28299== by 0x5AF51E: Item_func::print_args(String*, unsigned int, enum_query_type) (item_func.cc:460)
|
==28299== by 0x5AF488: Item_func::print(String*, enum_query_type) (item_func.cc:449)
|
==28299== by 0x5AF51E: Item_func::print_args(String*, unsigned int, enum_query_type) (item_func.cc:460)
|
==28299== by 0x5AF488: Item_func::print(String*, enum_query_type) (item_func.cc:449)
|
==28299== by 0x5C91C3: Item_func_not_all::print(String*, enum_query_type) (item_cmpfunc.cc:384)
|
==28299== by 0x73AEA5: change_to_use_tmp_fields(THD*, Item**, List<Item>&, List<Item>&, unsigned int, List<Item>&) (sql_select.cc:20811)
|
==28299== by 0x70CA82: JOIN::exec() (sql_select.cc:2356)
|
==28299== Address 0xf876d2f is 2,143 bytes inside a block of size 4,020 free'd
|
==28299== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==28299== by 0xB746E2: _myfree (safemalloc.c:337)
|
==28299== by 0xB73940: free_root (my_alloc.c:366)
|
==28299== by 0x72DECC: free_tmp_table(THD*, st_table*) (sql_select.cc:15610)
|
==28299== by 0x61A5F0: subselect_hash_sj_engine::cleanup() (item_subselect.cc:4440)
|
==28299== by 0x60EF0D: Item_subselect::cleanup() (item_subselect.cc:130)
|
==28299== by 0x60F0E8: Item_in_subselect::cleanup() (item_subselect.cc:167)
|
==28299== by 0x720B9B: st_join_table::cleanup() (sql_select.cc:10130)
|
==28299== by 0x721667: JOIN::cleanup(bool) (sql_select.cc:10440)
|
==28299== by 0x721364: JOIN::join_free() (sql_select.cc:10360)
|
==28299== by 0x72E68C: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15799)
|
==28299== by 0x70E6B7: JOIN::exec() (sql_select.cc:2786)
|
==28299== by 0x617A17: subselect_single_select_engine::exec() (item_subselect.cc:3141)
|
==28299== by 0x61016E: Item_subselect::exec() (item_subselect.cc:588)
|
==28299== by 0x6119CB: Item_singlerow_subselect::val_int() (item_subselect.cc:1155)
|
==28299== by 0x5CB6C8: Arg_comparator::compare_int_signed() (item_cmpfunc.cc:1165)
|
bzr version-info
|
revision-id: igor@askmonty.org-20130817050147-k5dvrilf0u0vz8cr
|
revno: 3677
|
branch-nick: 5.3
|
Built with BUILD/compile-pentium-debug-max-no-ndb or BUILD/compile-pentium-valgrind-max-no-ndb
Reproducible on previous versions of 5.3 as well; but I couldn't reproduce it on 5.5 or 10.0, maybe it was fixed there along with MDEV-3874.
If you consider it not important enough to fix in 5.3 only, please feel free to close it as "Won't fix", I just need to have it filed so that I can find it next time instead of investigating from scratch.