Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8833

Crash of server on prepared statement with conversion to semi-join

Details

    • 10.1.8-3, 10.1.8-4, 10.1.9-2, 10.1.9-3, 5.5.47-1, 10.0.23, 5.5.50

    Description

      INSERT INTO t2 VALUES (1),(4);

      CREATE TABLE t3 (column3 INT) ENGINE=MyISAM;
      INSERT INTO t3 VALUES (6),(8);

      CREATE TABLE t4 (column4 INT) ENGINE=MyISAM;
      INSERT INTO t4 VALUES (2),(5);

      PREPARE stmt FROM "
      SELECT (
      SELECT MAX( table1.column1 ) AS field1
      FROM t1 AS table1
      WHERE table3.column3 IN ( SELECT table2.column2 AS field2 FROM t2 AS table2 )
      ) AS sq
      FROM t3 AS table3, t4 AS table4";

      EXECUTE stmt;
      EXECUTE stmt;

      deallocate prepare stmt;
      drop table t1,t2,t3,t4;

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-7691 Assertion `outer_context || !*from_field || *from_field == not_found_field' failed on 2nd execution of PS with nested subqueries

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MDEV-7846 Server crashes in Item_subselect::fix_fields or fails with Thread stack overrun

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            Ascending order - Click to sort in descending order
            sanja Oleksandr Byelkin added a comment -

            The problem is that artificially created context created in hope on automatic 'fix_field' by cache has different select_lex which trigger fix_outer_field call which cause problems because context is artificial.

            sanja Oleksandr Byelkin added a comment - The problem is that artificially created context created in hope on automatic 'fix_field' by cache has different select_lex which trigger fix_outer_field call which cause problems because context is artificial.
            sanja Oleksandr Byelkin added a comment -

            the problem is that the Item (left expr) which we "pull out" from inner subquery is actually external reference.
            Artificial context created for it during pullout can't be processed by fix_outer_field() which will be called because the field is outer.

            Mysql has no such problem because the do not create new name resolution context but 'fix' existing one.

            sanja Oleksandr Byelkin added a comment - the problem is that the Item (left expr) which we "pull out" from inner subquery is actually external reference. Artificial context created for it during pullout can't be processed by fix_outer_field() which will be called because the field is outer. Mysql has no such problem because the do not create new name resolution context but 'fix' existing one.
            sanja Oleksandr Byelkin added a comment -

            I see 2 ways:
            1) use Mysql way (a lot of rewriting)
            2) somehow cache and restore outer field/dependency information

            sanja Oleksandr Byelkin added a comment - I see 2 ways: 1) use Mysql way (a lot of rewriting) 2) somehow cache and restore outer field/dependency information
            sanja Oleksandr Byelkin added a comment -

            226a5d281a2498f0066cfee2ed4307b425f536e0 is looks like fix of MySQL

            sanja Oleksandr Byelkin added a comment - 226a5d281a2498f0066cfee2ed4307b425f536e0 is looks like fix of MySQL
            sanja Oleksandr Byelkin added a comment -

            revision-id: 517e206b8d9855aea64f044b48f740a0df3a48c7 (mariadb-5.5.46-6-g517e206)
            parent(s): 7e4da9b370d032db9015adb47ad2ff585aeaea5d
            committer: Oleksandr Byelkin
            timestamp: 2015-11-10 12:41:26 +0100
            message:

            MDEV-8833 Crash of server on prepared statement with conversion to semi-join

            Correct context chain made to allow outer fields pullout.

            sanja Oleksandr Byelkin added a comment - revision-id: 517e206b8d9855aea64f044b48f740a0df3a48c7 (mariadb-5.5.46-6-g517e206) parent(s): 7e4da9b370d032db9015adb47ad2ff585aeaea5d committer: Oleksandr Byelkin timestamp: 2015-11-10 12:41:26 +0100 message: MDEV-8833 Crash of server on prepared statement with conversion to semi-join Correct context chain made to allow outer fields pullout. —
            psergei Sergei Petrunia added a comment -

            Discussed with sanja : This addon to the patch looks like it won't hurt:
            https://gist.github.com/spetrunia/3c9b5d5c7bb22db5661274b77702eb58

            We're not sure when exactly contex->select_lex==NULL. Here's one example: https://gist.github.com/spetrunia/cc93df028313406b238f10c7c482afd9 .

            psergei Sergei Petrunia added a comment - Discussed with sanja : This addon to the patch looks like it won't hurt: https://gist.github.com/spetrunia/3c9b5d5c7bb22db5661274b77702eb58 We're not sure when exactly contex->select_lex==NULL. Here's one example: https://gist.github.com/spetrunia/cc93df028313406b238f10c7c482afd9 .
            psergei Sergei Petrunia added a comment -

            Ok to push the patch with addon.

            psergei Sergei Petrunia added a comment - Ok to push the patch with addon.

            People

              sanja Oleksandr Byelkin
              sanja Oleksandr Byelkin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.