Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Cannot Reproduce
-
5.3.12
-
None
Description
Note: I can only reproduce it on 5.3 with the provided test case, not sure whether it was fixed in 5.5 or just masked somehow.
SET optimizer_switch = 'index_merge=on,index_merge_sort_union=on,derived_merge=on,in_to_exists=on'; |
|
|
CREATE TABLE t1 (a INT, b INT, c VARCHAR(1), INDEX(a), INDEX(c)) ENGINE=Aria; |
INSERT INTO t1 VALUES |
(5,6,'z'),(2,6,'c'),(0,8,'a'),(1,2,'q'),(8,6,'y'), |
(1,8,'y'),(1,3,'r'),(9,3,'v'),(1,9,'z'),(5,6,'r'); |
|
|
CREATE TABLE t2 (d VARCHAR(1), INDEX(d)) ENGINE=Aria; |
INSERT INTO t2 VALUES ('x'),('a'); |
|
|
CREATE TABLE t3 (e VARCHAR(1)) ENGINE=Aria; |
INSERT INTO t3 VALUES ('x'),('d'); |
|
|
PREPARE stmt FROM " |
SELECT t1.* FROM t1
|
LEFT JOIN (
|
SELECT * FROM t2
|
WHERE EXISTS ( SELECT * FROM t3 WHERE e != d )
|
) AS sq ON (sq.d = c )
|
WHERE c < 'p' OR a > 43
|
ORDER BY t1.b
|
"; |
|
|
EXECUTE stmt; |
EXECUTE stmt; |
Result:
PREPARE stmt FROM "
|
SELECT t1.* FROM t1
|
LEFT JOIN (
|
SELECT * FROM t2
|
WHERE EXISTS ( SELECT * FROM t3 WHERE e != d )
|
) AS sq ON (sq.d = c )
|
WHERE c < 'p' OR a > 43
|
ORDER BY t1.b
|
";
|
EXECUTE stmt;
|
a b c
|
2 6 c
|
0 8 a
|
EXECUTE stmt;
|
a b c
|
16842752 16777216 q
|
21 NULL
|
==26834== Thread 4:
|
==26834== Invalid read of size 1
|
==26834== at 0x4C2A760: memcpy (mc_replace_strmem.c:838)
|
==26834== by 0x67318C: Field::unpack_int(unsigned char*, unsigned char const*, unsigned long) (field.h:651)
|
==26834== by 0x6731F6: Field::unpack_int32(unsigned char*, unsigned char const*) (field.h:658)
|
==26834== by 0x673ACD: Field_long::unpack(unsigned char*, unsigned char const*, unsigned char const*, unsigned int) (field.h:1029)
|
==26834== by 0x8228FC: unpack_addon_fields(st_sort_addon_field*, unsigned char*, unsigned char*) (filesort.cc:1734)
|
==26834== by 0x81D843: rr_unpack_from_buffer(READ_RECORD*) (records.cc:504)
|
==26834== by 0x802F26: QUICK_INDEX_MERGE_SELECT::get_next() (opt_range.cc:10604)
|
==26834== by 0x81D302: rr_quick(READ_RECORD*) (records.cc:327)
|
==26834== by 0x74FA09: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16290)
|
==26834== by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
|
==26834== by 0x72E434: JOIN::exec() (sql_select.cc:2786)
|
==26834== by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
|
==26834== by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
|
==26834== by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
|
==26834== by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
|
==26834== by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
|
==26834== Address 0xfa36566 is 0 bytes after a block of size 54 alloc'd
|
==26834== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
|
==26834== by 0xB73C16: _mymalloc (safemalloc.c:140)
|
==26834== by 0x7960C6: Unique::get(st_table*) (uniques.cc:721)
|
==26834== by 0x802CC4: read_keys_and_merge_scans(THD*, st_table*, List<QUICK_RANGE_SELECT>, QUICK_RANGE_SELECT*, READ_RECORD*, bool, Bitmap<64u>*, Unique**) (opt_range.cc:10561)
|
==26834== by 0x802E31: QUICK_INDEX_MERGE_SELECT::read_keys_and_merge() (opt_range.cc:10582)
|
==26834== by 0x7EF13D: QUICK_INDEX_SORT_SELECT::reset() (opt_range.cc:1873)
|
==26834== by 0x751932: join_init_read_record(st_join_table*) (sql_select.cc:17109)
|
==26834== by 0x74F8D3: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16267)
|
==26834== by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
|
==26834== by 0x72E434: JOIN::exec() (sql_select.cc:2786)
|
==26834== by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
|
==26834== by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
|
==26834== by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
|
==26834== by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
|
==26834== by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
|
==26834== by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
|
==26834== Invalid read of size 1
|
==26834== at 0x4C2A76E: memcpy (mc_replace_strmem.c:838)
|
==26834== by 0x67318C: Field::unpack_int(unsigned char*, unsigned char const*, unsigned long) (field.h:651)
|
==26834== by 0x6731F6: Field::unpack_int32(unsigned char*, unsigned char const*) (field.h:658)
|
==26834== by 0x673ACD: Field_long::unpack(unsigned char*, unsigned char const*, unsigned char const*, unsigned int) (field.h:1029)
|
==26834== by 0x8228FC: unpack_addon_fields(st_sort_addon_field*, unsigned char*, unsigned char*) (filesort.cc:1734)
|
==26834== by 0x81D843: rr_unpack_from_buffer(READ_RECORD*) (records.cc:504)
|
==26834== by 0x802F26: QUICK_INDEX_MERGE_SELECT::get_next() (opt_range.cc:10604)
|
==26834== by 0x81D302: rr_quick(READ_RECORD*) (records.cc:327)
|
==26834== by 0x74FA09: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16290)
|
==26834== by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
|
==26834== by 0x72E434: JOIN::exec() (sql_select.cc:2786)
|
==26834== by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
|
==26834== by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
|
==26834== by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
|
==26834== by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
|
==26834== by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
|
==26834== Address 0xfa36567 is 1 bytes after a block of size 54 alloc'd
|
==26834== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
|
==26834== by 0xB73C16: _mymalloc (safemalloc.c:140)
|
==26834== by 0x7960C6: Unique::get(st_table*) (uniques.cc:721)
|
==26834== by 0x802CC4: read_keys_and_merge_scans(THD*, st_table*, List<QUICK_RANGE_SELECT>, QUICK_RANGE_SELECT*, READ_RECORD*, bool, Bitmap<64u>*, Unique**) (opt_range.cc:10561)
|
==26834== by 0x802E31: QUICK_INDEX_MERGE_SELECT::read_keys_and_merge() (opt_range.cc:10582)
|
==26834== by 0x7EF13D: QUICK_INDEX_SORT_SELECT::reset() (opt_range.cc:1873)
|
==26834== by 0x751932: join_init_read_record(st_join_table*) (sql_select.cc:17109)
|
==26834== by 0x74F8D3: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16267)
|
==26834== by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
|
==26834== by 0x72E434: JOIN::exec() (sql_select.cc:2786)
|
==26834== by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
|
==26834== by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
|
==26834== by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
|
==26834== by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
|
==26834== by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
|
==26834== by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
|
==26834== Invalid read of size 1
|
==26834== at 0x66965A: Field_varstring::unpack(unsigned char*, unsigned char const*, unsigned char const*, unsigned int) (field.cc:7169)
|
==26834== by 0x8228FC: unpack_addon_fields(st_sort_addon_field*, unsigned char*, unsigned char*) (filesort.cc:1734)
|
==26834== by 0x81D843: rr_unpack_from_buffer(READ_RECORD*) (records.cc:504)
|
==26834== by 0x802F26: QUICK_INDEX_MERGE_SELECT::get_next() (opt_range.cc:10604)
|
==26834== by 0x81D302: rr_quick(READ_RECORD*) (records.cc:327)
|
==26834== by 0x74FA09: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16290)
|
==26834== by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
|
==26834== by 0x72E434: JOIN::exec() (sql_select.cc:2786)
|
==26834== by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
|
==26834== by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
|
==26834== by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
|
==26834== by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
|
==26834== by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
|
==26834== by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
|
==26834== by 0x783E41: mysql_sql_stmt_execute(THD*) (sql_prepare.cc:2670)
|
==26834== by 0x6AB665: mysql_execute_command(THD*) (sql_parse.cc:2314)
|
==26834== Address 0xfa3656d is 7 bytes after a block of size 54 alloc'd
|
==26834== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
|
==26834== by 0xB73C16: _mymalloc (safemalloc.c:140)
|
==26834== by 0x7960C6: Unique::get(st_table*) (uniques.cc:721)
|
==26834== by 0x802CC4: read_keys_and_merge_scans(THD*, st_table*, List<QUICK_RANGE_SELECT>, QUICK_RANGE_SELECT*, READ_RECORD*, bool, Bitmap<64u>*, Unique**) (opt_range.cc:10561)
|
==26834== by 0x802E31: QUICK_INDEX_MERGE_SELECT::read_keys_and_merge() (opt_range.cc:10582)
|
==26834== by 0x7EF13D: QUICK_INDEX_SORT_SELECT::reset() (opt_range.cc:1873)
|
==26834== by 0x751932: join_init_read_record(st_join_table*) (sql_select.cc:17109)
|
==26834== by 0x74F8D3: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:16267)
|
==26834== by 0x74F042: do_select(JOIN*, List<Item>*, st_table*, Procedure*) (sql_select.cc:15923)
|
==26834== by 0x72E434: JOIN::exec() (sql_select.cc:2786)
|
==26834== by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
|
==26834== by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
|
==26834== by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
|
==26834== by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
|
==26834== by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
|
==26834== by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
|
==26834== Syscall param write(buf) points to uninitialised byte(s)
|
==26834== at 0x58EE12D: ??? (syscall-template.S:82)
|
==26834== by 0xB65495: vio_write (viosocket.c:121)
|
==26834== by 0x68925D: net_real_write (net_serv.cc:620)
|
==26834== by 0x6888C4: net_flush (net_serv.cc:346)
|
==26834== by 0x68B011: net_send_eof(THD*, unsigned int, unsigned int) (protocol.cc:291)
|
==26834== by 0x68B4EC: net_end_statement(THD*) (protocol.cc:495)
|
==26834== by 0x6AA14A: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1635)
|
==26834== by 0x6A8103: do_command(THD*) (sql_parse.cc:923)
|
==26834== by 0x6A4F8C: handle_one_connection (sql_connect.cc:1231)
|
==26834== by 0x58E6B4F: start_thread (pthread_create.c:304)
|
==26834== by 0x657DA7C: clone (clone.S:112)
|
==26834== Address 0xf8dfbca is 186 bytes inside a block of size 16,436 alloc'd
|
==26834== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
|
==26834== by 0xB73C16: _mymalloc (safemalloc.c:140)
|
==26834== by 0x68839D: my_net_init (net_serv.cc:118)
|
==26834== by 0x69BDDA: handle_connections_sockets (mysqld.cc:5436)
|
==26834== by 0x69AD43: main (mysqld.cc:4757)
|
^ Found warnings in /data/repo/5.3/mysql-test/var/log/mysqld.1.err
|
ok
|
|
|
- saving '/data/repo/5.3/mysql-test/var/log/bug.t3b/' to '/data/repo/5.3/mysql-test/var/log/bug.t3b/'
|
***Warnings generated in error logs during shutdown after running tests: bug.t3b
|
|
|
==26834== Thread 1:
|
==26834== 68 bytes in 1 blocks are still reachable in loss record 2 of 4
|
==26834== at 0x4C28BED: malloc (vg_replace_malloc.c:263)
|
==26834== by 0xB73C16: _mymalloc (safemalloc.c:140)
|
==26834== by 0x820DAF: save_index(st_sort_param*, unsigned char**, unsigned int, st_filesort_info*) (filesort.cc:1067)
|
==26834== by 0x81E98F: filesort(THD*, st_table*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long long, bool, unsigned long long*) (filesort.cc:256)
|
==26834== by 0x757C46: create_sort_index(THD*, JOIN*, st_order*, unsigned long long, unsigned long long, bool) (sql_select.cc:19341)
|
==26834== by 0x72E107: JOIN::exec() (sql_select.cc:2735)
|
==26834== by 0x72ECCE: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3007)
|
==26834== by 0x725764: handle_select(THD*, st_lex*, select_result*, unsigned long) (sql_select.cc:288)
|
==26834== by 0x6B449B: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5172)
|
==26834== by 0x6AB637: mysql_execute_command(THD*) (sql_parse.cc:2305)
|
==26834== by 0x78679D: Prepared_statement::execute(String*, bool) (sql_prepare.cc:3764)
|
==26834== by 0x7859EA: Prepared_statement::execute_loop(String*, bool, unsigned char*, unsigned char*) (sql_prepare.cc:3445)
|
==26834== by 0x783E41: mysql_sql_stmt_execute(THD*) (sql_prepare.cc:2670)
|
==26834== by 0x6AB665: mysql_execute_command(THD*) (sql_parse.cc:2314)
|
==26834== by 0x6B6E02: mysql_parse(THD*, char*, unsigned int, char const**) (sql_parse.cc:6173)
|
==26834== by 0x6A8E17: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1243)
|
Stack traces from:
revision-id: igor@askmonty.org-20140206014738-psis7gfarq2ozdtg
|
revno: 3748
|
branch-nick: 5.3
|