Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-5504

Server crashes in String::length on SELECT with MONTHNAME, GROUP BY, ROLLUP

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.3.12
    • Fix Version/s: 5.3.13
    • Component/s: None
    • Labels:
      None

      Description

      I could only reproduce it on 5.3, not sure whether it is fixed in higher versions or just masked.

      CREATE TABLE t1 (i INT);
      INSERT INTO t1 VALUES (1),(2);
      SELECT 1 FROM t1 GROUP BY MONTHNAME(0) WITH ROLLUP;

      #3  <signal handler called>
      #4  0x000000000059e102 in String::length (this=0x0) at sql_string.h:116
      #5  0x0000000000692771 in sortcmp (s=0x7f8d9801ad98, t=0x0, cs=0x1217f00 <my_charset_latin1>) at sql_string.cc:758
      #6  0x00000000005d147a in Cached_item_str::cmp (this=0x7f8d9801ad78) at item_buff.cc:88
      #7  0x0000000000758d75 in test_if_group_changed (list=...) at sql_select.cc:20558
      #8  0x000000000075110e in end_send_group (join=0x7f8d980197a8, join_tab=0x7f8d9801aab8, end_of_records=false) at sql_select.cc:17489
      #9  0x000000000074e76e in evaluate_join_record (join=0x7f8d980197a8, join_tab=0x7f8d9801a798, error=0) at sql_select.cc:16469
      #10 0x000000000074df85 in sub_select (join=0x7f8d980197a8, join_tab=0x7f8d9801a798, end_of_records=false) at sql_select.cc:16271
      #11 0x000000000074d693 in do_select (join=0x7f8d980197a8, fields=0x7f8d98019b38, table=0x0, procedure=0x0) at sql_select.cc:15924
      #12 0x000000000072cb6d in JOIN::exec (this=0x7f8d980197a8) at sql_select.cc:2788
      #13 0x000000000072d406 in mysql_select (thd=0x31858d8, rref_pointer_array=0x31885c8, tables=0x7f8d98019100, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7f8d980196b0, having=0x0, proc_param=0x0, select_options=2147764736, result=0x7f8d98019788, unit=0x3187e68, select_lex=0x3188370) at sql_select.cc:3009
      #14 0x0000000000723d9d in handle_select (thd=0x31858d8, lex=0x3187dc8, result=0x7f8d98019788, setup_tables_done_option=0) at sql_select.cc:288
      #15 0x00000000006b381c in execute_sqlcom_select (thd=0x31858d8, all_tables=0x7f8d98019100) at sql_parse.cc:5172
      #16 0x00000000006aabba in mysql_execute_command (thd=0x31858d8) at sql_parse.cc:2305
      #17 0x00000000006b6124 in mysql_parse (thd=0x31858d8, rawbuf=0x7f8d98018f40 "SELECT 1 FROM t1 GROUP BY MONTHNAME(0) WITH ROLLUP", length=50, found_semicolon=0x7f8db0145d08) at sql_parse.cc:6173
      #18 0x00000000006a83db in dispatch_command (command=COM_QUERY, thd=0x31858d8, packet=0x31ffbd9 "", packet_length=50) at sql_parse.cc:1243
      #19 0x00000000006a76f7 in do_command (thd=0x31858d8) at sql_parse.cc:923
      #20 0x00000000006a45cb in handle_one_connection (arg=0x31858d8) at sql_connect.cc:1231
      #21 0x00007f8db1c730db in start_thread () from /lib64/libpthread.so.0

      revision-id: sanja@askmonty.org-20131218135951-agw2htf09w418t91
      revno: 3737
      branch-nick: 5.3

        Attachments

          Activity

            People

            • Assignee:
              bar Alexander Barkov
              Reporter:
              elenst Elena Stepanova
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: