[MDEV-8756] MariaDB 10.0.21 crashes during PREPARE - Jira

XML

Word

Printable

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 5.5(EOL), 10.0(EOL), 10.1(EOL)
Fix Version/s: 5.5.47, 10.0.22, 10.1.9
Component/s: Data Manipulation - Subquery, Data Manipulation - Update, Platform Debian, Prepared Statements
Labels:
None
Environment:
MariaDB 10.0.21 Docker Container running on Ubuntu 15.04.

MariaDB 10.0.21 crashes during preparation of an UPDATE statement with a SELECT subquery in combination with ONLY_FULL_GROUP_BY.

One can reproduce the issue using docker as follows:

docker run -it --rm --name crasher -e MYSQL_ROOT_PASSWORD=root mariadb:10.0.21

Afterwards connect with the MariaDB command line client:

docker run -ti --rm --link crasher:mariadb mariadb mysql --host=mariadb -proot

Inside the command line client perform the following querys:

-- create test database

CREATE DATABASE IF NOT EXISTS db; use db;

-- drop test tables

DROP TABLE IF EXISTS t1; DROP TABLE IF EXISTS t2;

-- create test tables

CREATE TABLE t1 ( id INT(10), value INT(10) ); CREATE TABLE t2 ( id INT(10) );

-- enable full group by

SET SESSION sql_mode = 'ONLY_FULL_GROUP_BY';

-- try to prepare query

PREPARE stmt FROM 'UPDATE t1 t1 SET value = (SELECT 1 FROM t2 WHERE id = t1.id)';

The last query will return:

ERROR 2013 (HY000): Lost connection to MySQL server during query

And the server crashes because of signal 11. The stack trace is a follows:

Thread pointer: 0x0x7fa1d3641008

Attempting backtrace. You can use the following information to find out

where mysqld died. If you see no messages after this, something went

terribly wrong...

stack_bottom = 0x7fa1f779ce70 thread_stack 0x48000

mysqld(my_print_stacktrace+0x3d)[0x7fa1f7195a2d]

mysqld(handle_fatal_signal+0x31a)[0x7fa1f6cd375a]

/lib/x86_64-linux-gnu/libpthread.so.0(+0xf8d0)[0x7fa1f633d8d0]

mysqld(_ZN10Item_field15fix_outer_fieldEP3THDPP5FieldPP4Item+0x14c)[0x7fa1f6cf8a1c]

mysqld(_ZN10Item_field10fix_fieldsEP3THDPP4Item+0x4f2)[0x7fa1f6cf9742]

mysqld(_ZN9Item_func10fix_fieldsEP3THDPP4Item+0x1b3)[0x7fa1f6d2f3a3]

mysqld(_Z11setup_condsP3THDP10TABLE_LISTR4ListIS1_EPP4Item+0x1c3)[0x7fa1f6b09573]

mysqld(+0x42f111)[0x7fa1f6b9d111]

mysqld(_ZN30subselect_single_select_engine7prepareEv+0x688)[0x7fa1f6d62788]

mysqld(_ZN14Item_subselect10fix_fieldsEP3THDPP4Item+0xed)[0x7fa1f6d60aed]

mysqld(_Z12setup_fieldsP3THDPP4ItemR4ListIS1_E17enum_mark_columnsPS5_b+0x184)[0x7fa1f6b07594]

mysqld(+0x3f7f7a)[0x7fa1f6b65f7a]

mysqld(_ZN18Prepared_statement7prepareEPKcj+0x6dd)[0x7fa1f6b6771d]

mysqld(_Z22mysql_sql_stmt_prepareP3THD+0x39f)[0x7fa1f6b67caf]

mysqld(_Z21mysql_execute_commandP3THD+0x90e)[0x7fa1f6b4edfe]

mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x1e2)[0x7fa1f6b551d2]

mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x1787)[0x7fa1f6b56f87]

mysqld(_Z24do_handle_one_connectionP3THD+0x28b)[0x7fa1f6c2da5b]

mysqld(handle_one_connection+0x40)[0x7fa1f6c2dac0]

/lib/x86_64-linux-gnu/libpthread.so.0(+0x80a4)[0x7fa1f63360a4]

/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7fa1f493e04d]

Trying to get some variables.

Some pointers may be invalid and cause the dump to abort.

Query (0x7fa1be042408): is an invalid pointer

Connection ID (thread ID): 2

Status: NOT_KILLED

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.