Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-6736

[10.0] Valgrind warnings 'Invalid read' in subselect_engine::calc_const_tables with SQ in WHERE and HAVING, ORDER BY, materialization+semijoin

    Details

    • Sprint:
      10.1.32

      Description

      CREATE TABLE t1 (a INT) ENGINE=MyISAM;
      INSERT INTO t1 VALUES (3),(8);
       
      CREATE TABLE t2 (b INT) ENGINE=MyISAM;
      INSERT INTO t2 VALUES (2),(1);
       
      SELECT a FROM t1
      WHERE 9 IN ( SELECT MIN( a ) FROM t1 )  
      HAVING a <> ( SELECT COUNT(*) FROM t2 ) 
      ORDER BY a;
      

      ==30848== Invalid read of size 1
      ==30848==    at 0x90E68F: subselect_engine::calc_const_tables(List<TABLE_LIST>&) (item_subselect.cc:4166)
      ==30848==    by 0x90E708: subselect_single_select_engine::upper_select_const_tables() (item_subselect.cc:4175)
      ==30848==    by 0x904F8B: Item_subselect::update_used_tables() (item_subselect.cc:888)
      ==30848==    by 0x8C917E: Item_func::update_used_tables() (item_func.cc:445)
      ==30848==    by 0x6B6F0A: JOIN::exec_inner() (sql_select.cc:2927)
      ==30848==    by 0x6B4CDB: JOIN::exec() (sql_select.cc:2369)
      ==30848==    by 0x6B8046: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3307)
      ==30848==    by 0x6AE640: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:372)
      ==30848==    by 0x683345: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5269)
      ==30848==    by 0x67B646: mysql_execute_command(THD*) (sql_parse.cc:2552)
      ==30848==    by 0x685AD0: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:6415)
      ==30848==    by 0x6788E7: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1307)
      ==30848==    by 0x677C8C: do_command(THD*) (sql_parse.cc:1004)
      ==30848==    by 0x7941C9: do_handle_one_connection(THD*) (sql_connect.cc:1379)
      ==30848==    by 0x793F1C: handle_one_connection (sql_connect.cc:1293)
      ==30848==    by 0xCC9D29: pfs_spawn_thread (pfs.cc:1860)
      ==30848==  Address 0xdbe21dd is 2,269 bytes inside a block of size 4,772 free'd
      ==30848==    at 0x4C27BF4: free (vg_replace_malloc.c:469)
      ==30848==    by 0xE52CEE: free_memory (safemalloc.c:276)
      ==30848==    by 0xE529B2: sf_free (safemalloc.c:194)
      ==30848==    by 0xE41D2D: my_free (my_malloc.c:216)
      ==30848==    by 0xE362D9: free_root (my_alloc.c:385)
      ==30848==    by 0x6D96E1: free_tmp_table(THD*, TABLE*) (sql_select.cc:17081)
      ==30848==    by 0x91013E: subselect_hash_sj_engine::cleanup() (item_subselect.cc:5002)
      ==30848==    by 0x9034AB: Item_subselect::cleanup() (item_subselect.cc:152)
      ==30848==    by 0x90364A: Item_in_subselect::cleanup() (item_subselect.cc:189)
      ==30848==    by 0x6CB94E: st_join_table::cleanup() (sql_select.cc:11224)
      ==30848==    by 0x6CC748: JOIN::cleanup(bool) (sql_select.cc:11620)
      ==30848==    by 0x6CC35B: JOIN::join_free() (sql_select.cc:11507)
      ==30848==    by 0x6B68B7: JOIN::exec_inner() (sql_select.cc:2844)
      ==30848==    by 0x6B4CDB: JOIN::exec() (sql_select.cc:2369)
      ==30848==    by 0x6B8046: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3307)
      ==30848==    by 0x6AE640: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:372)
      ==30848== Invalid read of size 8
      ==30848==    at 0x90E69E: subselect_engine::calc_const_tables(List<TABLE_LIST>&) (item_subselect.cc:4167)
      ==30848==    by 0x90E708: subselect_single_select_engine::upper_select_const_tables() (item_subselect.cc:4175)
      ==30848==    by 0x904F8B: Item_subselect::update_used_tables() (item_subselect.cc:888)
      ==30848==    by 0x8C917E: Item_func::update_used_tables() (item_func.cc:445)
      ==30848==    by 0x6B6F0A: JOIN::exec_inner() (sql_select.cc:2927)
      ==30848==    by 0x6B4CDB: JOIN::exec() (sql_select.cc:2369)
      ==30848==    by 0x6B8046: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3307)
      ==30848==    by 0x6AE640: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:372)
      ==30848==    by 0x683345: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5269)
      ==30848==    by 0x67B646: mysql_execute_command(THD*) (sql_parse.cc:2552)
      ==30848==    by 0x685AD0: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:6415)
      ==30848==    by 0x6788E7: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1307)
      ==30848==    by 0x677C8C: do_command(THD*) (sql_parse.cc:1004)
      ==30848==    by 0x7941C9: do_handle_one_connection(THD*) (sql_connect.cc:1379)
      ==30848==    by 0x793F1C: handle_one_connection (sql_connect.cc:1293)
      ==30848==    by 0xCC9D29: pfs_spawn_thread (pfs.cc:1860)
      ==30848==  Address 0xdbe21a0 is 2,208 bytes inside a block of size 4,772 free'd
      ==30848==    at 0x4C27BF4: free (vg_replace_malloc.c:469)
      ==30848==    by 0xE52CEE: free_memory (safemalloc.c:276)
      ==30848==    by 0xE529B2: sf_free (safemalloc.c:194)
      ==30848==    by 0xE41D2D: my_free (my_malloc.c:216)
      ==30848==    by 0xE362D9: free_root (my_alloc.c:385)
      ==30848==    by 0x6D96E1: free_tmp_table(THD*, TABLE*) (sql_select.cc:17081)
      ==30848==    by 0x91013E: subselect_hash_sj_engine::cleanup() (item_subselect.cc:5002)
      ==30848==    by 0x9034AB: Item_subselect::cleanup() (item_subselect.cc:152)
      ==30848==    by 0x90364A: Item_in_subselect::cleanup() (item_subselect.cc:189)
      ==30848==    by 0x6CB94E: st_join_table::cleanup() (sql_select.cc:11224)
      ==30848==    by 0x6CC748: JOIN::cleanup(bool) (sql_select.cc:11620)
      ==30848==    by 0x6CC35B: JOIN::join_free() (sql_select.cc:11507)
      ==30848==    by 0x6B68B7: JOIN::exec_inner() (sql_select.cc:2844)
      ==30848==    by 0x6B4CDB: JOIN::exec() (sql_select.cc:2369)
      ==30848==    by 0x6B8046: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3307)
      ==30848==    by 0x6AE640: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:372)
      

      Stack trace from:

      revision-id: elenst@montyprogram.com-20140911232154-8kfkykep1qtsn8fi
      revno: 4393
      branch-nick: 10.0
      

      EXPLAIN:

      id	select_type	table	type	possible_keys	key	key_len	ref	rows	filtered	Extra
      1	PRIMARY	<subquery2>	const	distinct_key	distinct_key	4	const	1	100.00	Using temporary; Using filesort
      1	PRIMARY	t1	ALL	NULL	NULL	NULL	NULL	2	100.00	Using join buffer (flat, BNL join)
      3	SUBQUERY	NULL	NULL	NULL	NULL	NULL	NULL	NULL	NULL	Select tables optimized away
      2	MATERIALIZED	t1	ALL	NULL	NULL	NULL	NULL	2	100.00	
      Warnings:
      Note	1003	select `test`.`t1`.`a` AS `a` from  <materialize> (select min(`test`.`t1`.`a`) from `test`.`t1`) join `test`.`t1` where (`<subquery2>`.`MIN( a )` = 9) having (`test`.`t1`.`a` <> (select count(0) from `test`.`t2`)) order by `test`.`t1`.`a`
      

      Minimal optimizer_switch: materialization=on,semijoin=on

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                varun Varun Gupta
                Reporter:
                elenst Elena Stepanova
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: