[MDEV-7821] Server crashes in Item_func_group_concat::fix_fields on 2nd execution of PS - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.1.67, 5.2.14, 5.3.12, 5.5(EOL), 10.0(EOL), 10.1(EOL)
Fix Version/s: 5.5.45, 10.0.21, 10.1.7
Component/s: Data Manipulation - Subquery, Prepared Statements
Labels:
- upstream

Sprint:
5.5.45

Description

Stack trace from 5.5 commit 86f46a3da4a6d82cb510dc4c270d46cfd6a8965b
#3 <signal handler called>
#4 0x0000000000896832 in Item_func_group_concat::fix_fields (this=0x7fac14d3cd28, thd=0x7fac20226060, ref=0x7fac14d3afa8) at 5.5/sql/item_sum.cc:3415
#5 0x00000000005e2368 in setup_fields (thd=0x7fac20226060, ref_pointer_array=0x7fac14d3f0b8, fields=..., mark_used_columns=MARK_COLUMNS_READ, sum_func_list=0x7fac14d515c0, allow_sum_func=true) at 5.5/sql/sql_base.cc:8169
#6 0x0000000000663cec in JOIN::prepare (this=0x7fac14d51298, rref_pointer_array=0x7fac14d39a80, tables_init=0x7fac14d3d338, wild_num=0, conds_init=0x0, og_num=1, order_init=0x0, skip_order_by=false, group_init=0x7fac14d3f078, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fac14d39810, unit_arg=0x7fac14d39130) at 5.5/sql/sql_select.cc:723
#7 0x000000000066c43b in mysql_select (thd=0x7fac20226060, rref_pointer_array=0x7fac14d39a80, tables=0x7fac14d3d338, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0, group=0x7fac14d3f078, having=0x0, proc_param=0x0, select_options=2416184064, result=0x7fac14d3e018, unit=0x7fac14d39130, select_lex=0x7fac14d39810) at 5.5/sql/sql_select.cc:3074
#8 0x0000000000662fbd in handle_select (thd=0x7fac20226060, lex=0x7fac14d39080, result=0x7fac14d3e018, setup_tables_done_option=0) at 5.5/sql/sql_select.cc:319
#9 0x000000000063c1fc in execute_sqlcom_select (thd=0x7fac20226060, all_tables=0x7fac14d3d338) at 5.5/sql/sql_parse.cc:4689
#10 0x00000000006353de in mysql_execute_command (thd=0x7fac20226060) at 5.5/sql/sql_parse.cc:2234
#11 0x0000000000656655 in Prepared_statement::execute (this=0x7fac14ddf460, expanded_query=0x7fac27393c90, open_cursor=false) at 5.5/sql/sql_prepare.cc:3928
#12 0x000000000065576c in Prepared_statement::execute_loop (this=0x7fac14ddf460, expanded_query=0x7fac27393c90, open_cursor=false, packet=0x0, packet_end=0x0) at 5.5/sql/sql_prepare.cc:3587
#13 0x0000000000653890 in mysql_sql_stmt_execute (thd=0x7fac20226060) at 5.5/sql/sql_prepare.cc:2737
#14 0x000000000063540c in mysql_execute_command (thd=0x7fac20226060) at 5.5/sql/sql_parse.cc:2244
#15 0x000000000063ece2 in mysql_parse (thd=0x7fac20226060, rawbuf=0x7fac14d51078 "EXECUTE stmt", length=12, parser_state=0x7fac27394620) at 5.5/sql/sql_parse.cc:5909
#16 0x0000000000632925 in dispatch_command (command=COM_QUERY, thd=0x7fac20226060, packet=0x7fac16cb5061 "EXECUTE stmt", packet_length=12) at 5.5/sql/sql_parse.cc:1079
#17 0x0000000000631ab1 in do_command (thd=0x7fac20226060) at 5.5/sql/sql_parse.cc:793
#18 0x0000000000734122 in do_handle_one_connection (thd_arg=0x7fac20226060) at 5.5/sql/sql_connect.cc:1266
#19 0x0000000000733be1 in handle_one_connection (arg=0x7fac20226060) at 5.5/sql/sql_connect.cc:1181
#20 0x0000000000b6c629 in pfs_spawn_thread (arg=0x7fac2022ea20) at 5.5/storage/perfschema/pfs.cc:1015
#21 0x00007fac26fcdb50 in start_thread (arg=<optimized out>) at pthread_create.c:304
#22 0x00007fac2528370d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

Test case
CREATE TABLE t1 (f1 INT);
INSERT INTO t1 VALUES (2),(3);

CREATE TABLE t2 (f2 INT);
INSERT INTO t2 VALUES (1),(8);

PREPARE stmt FROM "
SELECT GROUP_CONCAT( t2a.f2 ORDER BY 1, ( t2a.f2 IN ( SELECT f1 FROM t1 ) ) ), t2a.f2
FROM t2 AS t2a, t2 AS t2b
GROUP BY t2a.f2
";

EXECUTE stmt;
EXECUTE stmt;

Attachments

Issue Links

links to

Bug #76458 - Server crashes in Item_func_group_concat::fix_fields on 2nd execution of PS

Github revision

Activity

Ascending order - Click to sort in descending order

Elena Stepanova added a comment - 2015-03-23 14:32

It's an upstream bug (http://bugs.mysql.com/bug.php?id=76458), which is why it stays unassigned for now; we can either wait to see whether it gets fixed in MySQL 5.5, or somebody can just pick it up and fix directly in MariaDB.

Elena Stepanova added a comment - 2015-03-23 14:32 It's an upstream bug ( http://bugs.mysql.com/bug.php?id=76458 ), which is why it stays unassigned for now; we can either wait to see whether it gets fixed in MySQL 5.5, or somebody can just pick it up and fix directly in MariaDB.

Sergey Vojtovich added a comment - 2015-07-30 10:41

Not fixed in mysql-5.5.45 and mysql-5.6.26.

Sergey Vojtovich added a comment - 2015-07-30 10:41 Not fixed in mysql-5.5.45 and mysql-5.6.26.

Sergey Vojtovich added a comment - 2015-07-30 14:49

Somewhat simpler test:

CREATE TABLE t1(a INT);

INSERT INTO t1 VALUES(1),(2);

PREPARE stmt FROM "SELECT GROUP_CONCAT(t1a.a ORDER BY 1, t1a.a=0) FROM t1 AS t1a, t1 AS t1b GROUP BY t1a.a";

EXECUTE stmt;

EXECUTE stmt;

Sergey Vojtovich added a comment - 2015-07-30 14:49 Somewhat simpler test: CREATE TABLE t1(a INT); INSERT INTO t1 VALUES(1),(2); PREPARE stmt FROM "SELECT GROUP_CONCAT(t1a.a ORDER BY 1, t1a.a=0) FROM t1 AS t1a, t1 AS t1b GROUP BY t1a.a"; EXECUTE stmt; EXECUTE stmt;

Sergey Vojtovich added a comment - 2015-07-30 18:03

serg, please review fix for this bug. Note that I'm not completely sure about fix correctness, it's mostly expansion of revision mentioned in the commit message.

Sergey Vojtovich added a comment - 2015-07-30 18:03 serg , please review fix for this bug. Note that I'm not completely sure about fix correctness, it's mostly expansion of revision mentioned in the commit message.

People

Assignee:: Sergey Vojtovich

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2015-03-23 14:30

Updated:: 2015-07-31 23:11

Resolved:: 2015-07-31 12:07

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server