[MDEV-7826] Server crashes in Item_subselect::enumerate_field_refs_processor - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 5.3.12, 5.5(EOL), 10.0(EOL), 10.1(EOL)
Fix Version/s: 10.1.26, 5.5.57, 10.0.32, 10.2.8
Component/s: Data Manipulation - Subquery
Labels:
- verified

Description

Note: the query is rather weird, but it is a crash, even on release binaries...

CREATE TABLE t1 (f1 INT) ENGINE=MyISAM;

INSERT INTO t1 VALUES (5),(9);

CREATE TABLE t2 (f2 INT) ENGINE=MyISAM;

INSERT INTO t2 VALUES (0),(6);

CREATE TABLE t3 (f3 INT) ENGINE=MyISAM;

INSERT INTO t3 VALUES (6),(3);

CREATE TABLE t4 (f4 INT) ENGINE=MyISAM;

INSERT INTO t4 VALUES (1),(0);

SELECT

( SELECT MIN(f1) FROM t1 WHERE f1 IN ( SELECT MIN(f4) FROM t2 ) ) AS field7,

( SELECT COUNT(*) FROM t3 WHERE f3 IN ( SELECT MAX(f4) FROM t2 GROUP BY field7 ) )

FROM t4;

Stack trace from 5.5 commit 86f46a3da4a6d82cb510dc4c270d46cfd6a8965b
#3 <signal handler called>
#4 0x000000000087c84c in Item_subselect::enumerate_field_refs_processor (this=0x7f16bba88e50, arg=0x7f16bc3b3b50 "0I7\001") at 5.5/sql/item_subselect.cc:315
#5 0x000000000087d212 in Item_subselect::walk (this=0x7f16bba88e50, processor=&virtual table offset 688, walk_subquery=false, argument=0x7f16bc3b3b50 "0I7\001") at 5.5/sql/item_subselect.cc:631
#6 0x000000000080822b in Item_ref::fix_fields (this=0x7f16bb935b80, thd=0x7f16bc950060, reference=0x7f16bb930468) at 5.5/sql/item.cc:7034
#7 0x0000000000802eaa in Item_field::fix_outer_field (this=0x7f16bb930358, thd=0x7f16bc950060, from_field=0x7f16bc3b3cf8, reference=0x7f16bb930468) at 5.5/sql/item.cc:5005
#8 0x00000000008034cb in Item_field::fix_fields (this=0x7f16bb930358, thd=0x7f16bc950060, reference=0x7f16bb930468) at 5.5/sql/item.cc:5172
#9 0x0000000000696352 in find_order_in_list (thd=0x7f16bc950060, ref_pointer_array=0x7f16bb933d18, tables=0x7f16bb92fd68, order=0x7f16bb930458, fields=..., all_fields=..., is_group_field=true) at 5.5/sql/sql_select.cc:20559
#10 0x0000000000696576 in setup_group (thd=0x7f16bc950060, ref_pointer_array=0x7f16bb933d18, tables=0x7f16bb92fd68, fields=..., all_fields=..., order=0x7f16bb930458, hidden_group_fields=0x7f16bb935898) at 5.5/sql/sql_select.cc:20637
#11 0x00000000006a4c38 in setup_without_group (thd=0x7f16bc950060, ref_pointer_array=0x7f16bb933d18, tables=0x7f16bb92fd68, leaves=..., fields=..., all_fields=..., conds=0x7f16bb9359b0, order=0x0, group=0x7f16bb930458, hidden_group_fields=0x7f16bb935898) at 5.5/sql/sql_select.cc:587
#12 0x0000000000663da4 in JOIN::prepare (this=0x7f16bb9355a0, rref_pointer_array=0x7f16bb92f2e8, tables_init=0x7f16bb92fd68, wild_num=0, conds_init=0x0, og_num=1, order_init=0x0, skip_order_by=false, group_init=0x7f16bb930458, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f16bb92f078, unit_arg=0x7f16bb92f3d8) at 5.5/sql/sql_select.cc:727
#13 0x0000000000883bfa in subselect_single_select_engine::prepare (this=0x7f16bb930638) at 5.5/sql/item_subselect.cc:3025
#14 0x000000000087c4eb in Item_subselect::fix_fields (this=0x7f16bb930498, thd_param=0x7f16bc950060, ref=0x7f16bb935488) at 5.5/sql/item_subselect.cc:245
#15 0x0000000000882f26 in Item_in_subselect::fix_fields (this=0x7f16bb930498, thd_arg=0x7f16bc950060, ref=0x7f16bb935488) at 5.5/sql/item_subselect.cc:2708
#16 0x00000000005e4040 in setup_conds (thd=0x7f16bc950060, tables=0x7f16bb96a920, leaves=..., conds=0x7f16bb935488) at 5.5/sql/sql_base.cc:8894
#17 0x00000000006a4b3a in setup_without_group (thd=0x7f16bc950060, ref_pointer_array=0x7f16bb933bc8, tables=0x7f16bb96a920, leaves=..., fields=..., all_fields=..., conds=0x7f16bb935488, order=0x0, group=0x0, hidden_group_fields=0x7f16bb935370) at 5.5/sql/sql_select.cc:577
#18 0x0000000000663da4 in JOIN::prepare (this=0x7f16bb935078, rref_pointer_array=0x7f16bb969f98, tables_init=0x7f16bb96a920, wild_num=0, conds_init=0x7f16bb930498, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f16bb969d28, unit_arg=0x7f16bb96a088) at 5.5/sql/sql_select.cc:727
#19 0x0000000000883bfa in subselect_single_select_engine::prepare (this=0x7f16bb9307b0) at 5.5/sql/item_subselect.cc:3025
#20 0x000000000087c4eb in Item_subselect::fix_fields (this=0x7f16bb930678, thd_param=0x7f16bc950060, ref=0x7f16bb9307f8) at 5.5/sql/item_subselect.cc:245
#21 0x00000000005e2368 in setup_fields (thd=0x7f16bc950060, ref_pointer_array=0x7f16bb9325a0, fields=..., mark_used_columns=MARK_COLUMNS_READ, sum_func_list=0x7f16bb9323a0, allow_sum_func=true) at 5.5/sql/sql_base.cc:8169
#22 0x0000000000663cec in JOIN::prepare (this=0x7f16bb932078, rref_pointer_array=0x7f16bc953cd0, tables_init=0x7f16bb930930, wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f16bc953a60, unit_arg=0x7f16bc953380) at 5.5/sql/sql_select.cc:723
#23 0x000000000066c43b in mysql_select (thd=0x7f16bc950060, rref_pointer_array=0x7f16bc953cd0, tables=0x7f16bb930930, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f16bb930fd0, unit=0x7f16bc953380, select_lex=0x7f16bc953a60) at 5.5/sql/sql_select.cc:3074
#24 0x0000000000662fbd in handle_select (thd=0x7f16bc950060, lex=0x7f16bc9532d0, result=0x7f16bb930fd0, setup_tables_done_option=0) at 5.5/sql/sql_select.cc:319
#25 0x000000000063c1fc in execute_sqlcom_select (thd=0x7f16bc950060, all_tables=0x7f16bb930930) at 5.5/sql/sql_parse.cc:4689
#26 0x00000000006353de in mysql_execute_command (thd=0x7f16bc950060) at 5.5/sql/sql_parse.cc:2234
#27 0x000000000063ece2 in mysql_parse (thd=0x7f16bc950060, rawbuf=0x7f16bba87078 "SELECT \n( SELECT MIN(f1) FROM t1 WHERE f1 IN ( SELECT MIN(f4) FROM t2 ) ) AS field7,\n( SELECT COUNT(*) FROM t3 WHERE f3 IN ( SELECT MAX(f4) FROM t2 GROUP BY field7 ) )\nFROM t4", length=175, parser_state=0x7f16bc3b5620) at 5.5/sql/sql_parse.cc:5909
#28 0x0000000000632925 in dispatch_command (command=COM_QUERY, thd=0x7f16bc950060, packet=0x7f16bca09061 "SELECT \n( SELECT MIN(f1) FROM t1 WHERE f1 IN ( SELECT MIN(f4) FROM t2 ) ) AS field7,\n( SELECT COUNT(*) FROM t3 WHERE f3 IN ( SELECT MAX(f4) FROM t2 GROUP BY field7 ) )\nFROM t4", packet_length=175) at 5.5/sql/sql_parse.cc:1079
#29 0x0000000000631ab1 in do_command (thd=0x7f16bc950060) at 5.5/sql/sql_parse.cc:793
#30 0x0000000000734122 in do_handle_one_connection (thd_arg=0x7f16bc950060) at 5.5/sql/sql_connect.cc:1266
#31 0x0000000000733be1 in handle_one_connection (arg=0x7f16bc950060) at 5.5/sql/sql_connect.cc:1181
#32 0x0000000000b6c629 in pfs_spawn_thread (arg=0x7f16bc971fc0) at 5.5/storage/perfschema/pfs.cc:1015
#33 0x00007f16c2b46b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
#34 0x00007f16c0dfc70d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

Attachments

Issue Links

relates to

MDEV-13180 Unused left join causes server crash

Closed

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Elena Stepanova

Votes:: 2 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2015-03-24 17:53

Updated:: 2017-07-12 16:56

Resolved:: 2017-07-12 16:56

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.