[MDEV-9604] crash in Item::save_in_field with empty enum value - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.1.8, 10.1.11
Fix Version/s: 10.1.13
Component/s: Optimizer
Labels:
None

Sprint:
10.1.13

Description

Version: '10.1.11-MariaDB' mariadb.org binary distribution

[ERROR] mysqld got exception 0xc0000005 ;

mysqld.exe!Item::save_in_field()[item.cc:5908]

mysqld.exe!Item::save_in_field_no_warnings()[item.cc:1353]

mysqld.exe!Item_bool_func::get_mm_leaf()[opt_range.cc:7794]

mysqld.exe!Item_bool_func::get_mm_parts()[opt_range.cc:7611]

mysqld.exe!Item_bool_func2_with_rev::get_func_mm_tree()[item_cmpfunc.h:422]

mysqld.exe!Item_bool_func::get_full_func_mm_tree()[opt_range.cc:7311]

mysqld.exe!Item_bool_func::get_full_func_mm_tree_for_args()[item_cmpfunc.h:180]

mysqld.exe!Item_bool_func2_with_rev::get_mm_tree()[item_cmpfunc.h:450]

mysqld.exe!SQL_SELECT::test_quick_select()[opt_range.cc:2540]

mysqld.exe!get_quick_record_count()[sql_select.cc:3490]

mysqld.exe!make_join_statistics()[sql_select.cc:4108]

mysqld.exe!JOIN::optimize_inner()[sql_select.cc:1375]

mysqld.exe!JOIN::optimize()[sql_select.cc:1036]

mysqld.exe!mysql_select()[sql_select.cc:3437]

mysqld.exe!handle_select()[sql_select.cc:384]

mysqld.exe!execute_sqlcom_select()[sql_parse.cc:5903]

mysqld.exe!mysql_execute_command()[sql_parse.cc:2962]

mysqld.exe!mysql_parse()[sql_parse.cc:7308]

mysqld.exe!dispatch_command()[sql_parse.cc:1491]

mysqld.exe!do_command()[sql_parse.cc:1109]

mysqld.exe!threadpool_process_request()[threadpool_common.cc:239]

mysqld.exe!io_completion_callback()[threadpool_win.cc:568]

How to repeat
---------------

set sql_mode='';

drop table if exists t;

create table t (a enum('a'),b time,c int,key(b)) engine=innodb;

insert into t values ('','00:00:00',0);

select 1 from t where (select a from t group by c) = b;

Attachments

Issue Links

relates to

MDEV-9777 MyISAM and InnoDB work differently when comparing a TIME column to an empty string

Closed

Activity

Ascending order - Click to sort in descending order

Elena Stepanova added a comment - 2016-02-21 23:14 - edited

Thanks for the report.

The problem appeared in 10.1 tree with this revision:

commit 7e29f2d64fb463559a7c9c178ffe899b9bcab113

Author: Alexander Barkov <bar@mariadb.org>

Date:   Thu Oct 15 18:25:54 2015 +0400

    MDEV-8948 ALTER ... INPLACE does work for BINARY, BLOB

Stack trace from 10.1 commit fd8e846a3b049903706267d58e6d8e61eea97df8
#3 <signal handler called>
#4 0x000055f291882e98 in String::length (this=0x0) at /src/10.1/sql/sql_string.h:167
#5 0x000055f291b975be in Item::save_in_field (this=0x7f3c41454138, field=0x7f3c415982a0, no_conversions=true) at /src/10.1/sql/item.cc:5908
#6 0x000055f291b8b94a in Item::save_in_field_no_warnings (this=0x7f3c41454138, field=0x7f3c415982a0, no_conversions=true) at /src/10.1/sql/item.cc:1349
#7 0x000055f291ca03d0 in Item_bool_func::get_mm_leaf (this=0x7f3c414543a8, param=0x7f3c57f265e0, field=0x7f3c415982a0, key_part=0x7f3c41465888, type=Item_func::EQ_FUNC, value=0x7f3c41454138) at /src/10.1/sql/opt_range.cc:7788
#8 0x000055f291c9f8ee in Item_bool_func::get_mm_parts (this=0x7f3c414543a8, param=0x7f3c57f265e0, field=0x7f3c415982a0, type=Item_func::EQ_FUNC, value=0x7f3c41454138) at /src/10.1/sql/opt_range.cc:7605
#9 0x000055f2918e546b in Item_bool_func2_with_rev::get_func_mm_tree (this=0x7f3c414543a8, param=0x7f3c57f265e0, field=0x7f3c415982a0, value=0x7f3c41454138) at /src/10.1/sql/item_cmpfunc.h:421
#10 0x000055f291c9e984 in Item_bool_func::get_full_func_mm_tree (this=0x7f3c414543a8, param=0x7f3c57f265e0, field_item=0x7f3c414542b8, value=0x7f3c41454138) at /src/10.1/sql/opt_range.cc:7305
#11 0x000055f2918e51b8 in Item_bool_func::get_full_func_mm_tree_for_args (this=0x7f3c414543a8, param=0x7f3c57f265e0, item=0x7f3c414542b8, value=0x7f3c41454138) at /src/10.1/sql/item_cmpfunc.h:180
#12 0x000055f2918e5607 in Item_bool_func2_with_rev::get_mm_tree (this=0x7f3c414543a8, param=0x7f3c57f265e0, cond_ptr=0x7f3c414580f8) at /src/10.1/sql/item_cmpfunc.h:449
#13 0x000055f291c94006 in SQL_SELECT::test_quick_select (this=0x7f3c414580f0, thd=0x7f3c4e91aa30, keys_to_use=..., prev_tables=0, limit=18446744073709551615, force_quick_range=false, ordered_output=false, remove_false_parts_of_where=true) at /src/10.1/sql/opt_range.cc:2540
#14 0x000055f29197f4e1 in get_quick_record_count (thd=0x7f3c4e91aa30, select=0x7f3c414580f0, table=0x7f3c4123f470, keys=0x7f3c41457858, limit=18446744073709551615) at /src/10.1/sql/sql_select.cc:3488
#15 0x000055f291981956 in make_join_statistics (join=0x7f3c41454610, tables_list=..., keyuse_array=0x7f3c41454940) at /src/10.1/sql/sql_select.cc:4108
#16 0x000055f291977cf6 in JOIN::optimize_inner (this=0x7f3c41454610) at /src/10.1/sql/sql_select.cc:1374
#17 0x000055f291976bbc in JOIN::optimize (this=0x7f3c41454610) at /src/10.1/sql/sql_select.cc:1036
#18 0x000055f29197f251 in mysql_select (thd=0x7f3c4e91aa30, rref_pointer_array=0x7f3c4e91edc0, tables=0x7f3c41452840, wild_num=0, fields=..., conds=0x7f3c414543a8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f3c414545f0, unit=0x7f3c4e91e448, select_lex=0x7f3c4e91eb48) at /src/10.1/sql/sql_select.cc:3437
#19 0x000055f291974d89 in handle_select (thd=0x7f3c4e91aa30, lex=0x7f3c4e91e380, result=0x7f3c414545f0, setup_tables_done_option=0) at /src/10.1/sql/sql_select.cc:384
#20 0x000055f291945133 in execute_sqlcom_select (thd=0x7f3c4e91aa30, all_tables=0x7f3c41452840) at /src/10.1/sql/sql_parse.cc:5903
#21 0x000055f29193b20d in mysql_execute_command (thd=0x7f3c4e91aa30) at /src/10.1/sql/sql_parse.cc:2962
#22 0x000055f29194877a in mysql_parse (thd=0x7f3c4e91aa30, rawbuf=0x7f3c41452688 "select 1 from t where (select a from t group by c) = b", length=54, parser_state=0x7f3c57f285e0) at /src/10.1/sql/sql_parse.cc:7303
#23 0x000055f291937474 in dispatch_command (command=COM_QUERY, thd=0x7f3c4e91aa30, packet=0x7f3c4ebe2271 "select 1 from t where (select a from t group by c) = b", packet_length=54) at /src/10.1/sql/sql_parse.cc:1488
#24 0x000055f2919361a6 in do_command (thd=0x7f3c4e91aa30) at /src/10.1/sql/sql_parse.cc:1109
#25 0x000055f291a6b798 in do_handle_one_connection (thd_arg=0x7f3c4e91aa30) at /src/10.1/sql/sql_connect.cc:1349
#26 0x000055f291a6b4fc in handle_one_connection (arg=0x7f3c4e91aa30) at /src/10.1/sql/sql_connect.cc:1261
#27 0x000055f292171cb6 in pfs_spawn_thread (arg=0x7f3c4e8bfa70) at /src/10.1/storage/perfschema/pfs.cc:1860
#28 0x00007f3c57bab0a4 in start_thread () from /lib64/libpthread.so.0

Elena Stepanova added a comment - 2016-02-21 23:14 - edited Thanks for the report. The problem appeared in 10.1 tree with this revision: commit 7e29f2d64fb463559a7c9c178ffe899b9bcab113 Author: Alexander Barkov <bar@mariadb.org> Date: Thu Oct 15 18:25:54 2015 +0400 MDEV-8948 ALTER ... INPLACE does work for BINARY, BLOB Stack trace from 10.1 commit fd8e846a3b049903706267d58e6d8e61eea97df8 #3 <signal handler called> #4 0x000055f291882e98 in String::length (this=0x0) at /src/10.1/sql/sql_string.h:167 #5 0x000055f291b975be in Item::save_in_field (this=0x7f3c41454138, field=0x7f3c415982a0, no_conversions=true) at /src/10.1/sql/item.cc:5908 #6 0x000055f291b8b94a in Item::save_in_field_no_warnings (this=0x7f3c41454138, field=0x7f3c415982a0, no_conversions=true) at /src/10.1/sql/item.cc:1349 #7 0x000055f291ca03d0 in Item_bool_func::get_mm_leaf (this=0x7f3c414543a8, param=0x7f3c57f265e0, field=0x7f3c415982a0, key_part=0x7f3c41465888, type=Item_func::EQ_FUNC, value=0x7f3c41454138) at /src/10.1/sql/opt_range.cc:7788 #8 0x000055f291c9f8ee in Item_bool_func::get_mm_parts (this=0x7f3c414543a8, param=0x7f3c57f265e0, field=0x7f3c415982a0, type=Item_func::EQ_FUNC, value=0x7f3c41454138) at /src/10.1/sql/opt_range.cc:7605 #9 0x000055f2918e546b in Item_bool_func2_with_rev::get_func_mm_tree (this=0x7f3c414543a8, param=0x7f3c57f265e0, field=0x7f3c415982a0, value=0x7f3c41454138) at /src/10.1/sql/item_cmpfunc.h:421 #10 0x000055f291c9e984 in Item_bool_func::get_full_func_mm_tree (this=0x7f3c414543a8, param=0x7f3c57f265e0, field_item=0x7f3c414542b8, value=0x7f3c41454138) at /src/10.1/sql/opt_range.cc:7305 #11 0x000055f2918e51b8 in Item_bool_func::get_full_func_mm_tree_for_args (this=0x7f3c414543a8, param=0x7f3c57f265e0, item=0x7f3c414542b8, value=0x7f3c41454138) at /src/10.1/sql/item_cmpfunc.h:180 #12 0x000055f2918e5607 in Item_bool_func2_with_rev::get_mm_tree (this=0x7f3c414543a8, param=0x7f3c57f265e0, cond_ptr=0x7f3c414580f8) at /src/10.1/sql/item_cmpfunc.h:449 #13 0x000055f291c94006 in SQL_SELECT::test_quick_select (this=0x7f3c414580f0, thd=0x7f3c4e91aa30, keys_to_use=..., prev_tables=0, limit=18446744073709551615, force_quick_range=false, ordered_output=false, remove_false_parts_of_where=true) at /src/10.1/sql/opt_range.cc:2540 #14 0x000055f29197f4e1 in get_quick_record_count (thd=0x7f3c4e91aa30, select=0x7f3c414580f0, table=0x7f3c4123f470, keys=0x7f3c41457858, limit=18446744073709551615) at /src/10.1/sql/sql_select.cc:3488 #15 0x000055f291981956 in make_join_statistics (join=0x7f3c41454610, tables_list=..., keyuse_array=0x7f3c41454940) at /src/10.1/sql/sql_select.cc:4108 #16 0x000055f291977cf6 in JOIN::optimize_inner (this=0x7f3c41454610) at /src/10.1/sql/sql_select.cc:1374 #17 0x000055f291976bbc in JOIN::optimize (this=0x7f3c41454610) at /src/10.1/sql/sql_select.cc:1036 #18 0x000055f29197f251 in mysql_select (thd=0x7f3c4e91aa30, rref_pointer_array=0x7f3c4e91edc0, tables=0x7f3c41452840, wild_num=0, fields=..., conds=0x7f3c414543a8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f3c414545f0, unit=0x7f3c4e91e448, select_lex=0x7f3c4e91eb48) at /src/10.1/sql/sql_select.cc:3437 #19 0x000055f291974d89 in handle_select (thd=0x7f3c4e91aa30, lex=0x7f3c4e91e380, result=0x7f3c414545f0, setup_tables_done_option=0) at /src/10.1/sql/sql_select.cc:384 #20 0x000055f291945133 in execute_sqlcom_select (thd=0x7f3c4e91aa30, all_tables=0x7f3c41452840) at /src/10.1/sql/sql_parse.cc:5903 #21 0x000055f29193b20d in mysql_execute_command (thd=0x7f3c4e91aa30) at /src/10.1/sql/sql_parse.cc:2962 #22 0x000055f29194877a in mysql_parse (thd=0x7f3c4e91aa30, rawbuf=0x7f3c41452688 "select 1 from t where (select a from t group by c) = b", length=54, parser_state=0x7f3c57f285e0) at /src/10.1/sql/sql_parse.cc:7303 #23 0x000055f291937474 in dispatch_command (command=COM_QUERY, thd=0x7f3c4e91aa30, packet=0x7f3c4ebe2271 "select 1 from t where (select a from t group by c) = b", packet_length=54) at /src/10.1/sql/sql_parse.cc:1488 #24 0x000055f2919361a6 in do_command (thd=0x7f3c4e91aa30) at /src/10.1/sql/sql_parse.cc:1109 #25 0x000055f291a6b798 in do_handle_one_connection (thd_arg=0x7f3c4e91aa30) at /src/10.1/sql/sql_connect.cc:1349 #26 0x000055f291a6b4fc in handle_one_connection (arg=0x7f3c4e91aa30) at /src/10.1/sql/sql_connect.cc:1261 #27 0x000055f292171cb6 in pfs_spawn_thread (arg=0x7f3c4e8bfa70) at /src/10.1/storage/perfschema/pfs.cc:1860 #28 0x00007f3c57bab0a4 in start_thread () from /lib64/libpthread.so.0

Alexander Barkov added a comment - 2016-03-21 17:43

According to "git bisect", the problem was actually introduced by this commit:

39b46ae934bfa886314f918068d1e195970fe65e is the first bad commit

commit 39b46ae934bfa886314f918068d1e195970fe65e

Author: Alexander Barkov <bar@mariadb.org>

Date:   Wed Sep 9 15:39:09 2015 +0400

    MDEV-8706 Wrong result for SELECT..WHERE time_column=TIMESTAMP'2015-08-30 00:00:00' AND time_column='00:00:00'

Alexander Barkov added a comment - 2016-03-21 17:43 According to "git bisect", the problem was actually introduced by this commit: 39b46ae934bfa886314f918068d1e195970fe65e is the first bad commit commit 39b46ae934bfa886314f918068d1e195970fe65e Author: Alexander Barkov <bar@mariadb.org> Date: Wed Sep 9 15:39:09 2015 +0400 MDEV-8706 Wrong result for SELECT..WHERE time_column=TIMESTAMP'2015-08-30 00:00:00' AND time_column='00:00:00'

Alexander Barkov added a comment - 2016-03-21 17:52 - edited

The crash is not repeatable with ENGINE=MyISAM in 10.1.

10.0 does not crash, but works inconsistently:

DROP TABLE IF EXISTS t1;

CREATE TABLE t1 (a ENUM('a'), b TIME, c INT, KEY(b)) ENGINE=InnoDB;

INSERT INTO t1 VALUES ('','00:00:00',0);

SELECT 1 FROM t1 WHERE (SELECT a FROM t1 group by c) = b;

ALTER TABLE t1 ENGINE=MyISAM;

SELECT 1 FROM t1 WHERE (SELECT a FROM t1 group by c) = b;

returns 0 rows with InnoDB in 10.0.23
returns 1 row with MyISAM in 10.0.23

Alexander Barkov added a comment - 2016-03-21 17:52 - edited The crash is not repeatable with ENGINE=MyISAM in 10.1. 10.0 does not crash, but works inconsistently: DROP TABLE IF EXISTS t1; CREATE TABLE t1 (a ENUM('a'), b TIME, c INT, KEY(b)) ENGINE=InnoDB; INSERT INTO t1 VALUES ('','00:00:00',0); SELECT 1 FROM t1 WHERE (SELECT a FROM t1 group by c) = b; ALTER TABLE t1 ENGINE=MyISAM; SELECT 1 FROM t1 WHERE (SELECT a FROM t1 group by c) = b; returns 0 rows with InnoDB in 10.0.23 returns 1 row with MyISAM in 10.0.23

Alexander Barkov added a comment - 2016-03-22 05:15 - edited

This script:

DROP TABLE IF EXISTS t1;

CREATE TABLE t1 (a ENUM('a'), b TIME, c INT, KEY(b)) ENGINE=INNODB;

INSERT INTO t1 VALUES ('','00:00:00',0);

SELECT * FROM t1 WHERE b='';

ALTER TABLE t1 ENGINE=MyISAM;

SELECT * FROM t1 WHERE b='';

returns 0 rows for InnoDB in 10.0.23.
returns 1 row in MyISAM in 10.0.23.
returns 0 rows for InnoDB and MyISAM in 10.1.13.

Alexander Barkov added a comment - 2016-03-22 05:15 - edited This script: DROP TABLE IF EXISTS t1; CREATE TABLE t1 (a ENUM('a'), b TIME, c INT, KEY(b)) ENGINE=INNODB; INSERT INTO t1 VALUES ('','00:00:00',0); SELECT * FROM t1 WHERE b=''; ALTER TABLE t1 ENGINE=MyISAM; SELECT * FROM t1 WHERE b=''; returns 0 rows for InnoDB in 10.0.23. returns 1 row in MyISAM in 10.0.23. returns 0 rows for InnoDB and MyISAM in 10.1.13.

Alexander Barkov added a comment - 2016-03-22 06:12 - edited

This script (with no key on t1.b):

DROP TABLE IF EXISTS t1;

CREATE TABLE t1 (a ENUM('a'), b TIME, c INT) ENGINE=InnoDB;

INSERT INTO t1 VALUES ('','00:00:00',0);

SELECT * FROM t1 WHERE b='';

ALTER TABLE t1 ENGINE=MyISAM;

SELECT * FROM t1 WHERE b='';

returns 1 row for InnoDB and MyISAM in 10.0.23
returns 0 rows for InnoDB and MyISAM in 10.1.13

Alexander Barkov added a comment - 2016-03-22 06:12 - edited This script (with no key on t1.b): DROP TABLE IF EXISTS t1; CREATE TABLE t1 (a ENUM('a'), b TIME, c INT) ENGINE=InnoDB; INSERT INTO t1 VALUES ('','00:00:00',0); SELECT * FROM t1 WHERE b=''; ALTER TABLE t1 ENGINE=MyISAM; SELECT * FROM t1 WHERE b=''; returns 1 row for InnoDB and MyISAM in 10.0.23 returns 0 rows for InnoDB and MyISAM in 10.1.13

Alexander Barkov added a comment - 2016-03-22 06:14 - edited

This script:

DROP TABLE IF EXISTS t1;

CREATE TABLE t1 (a ENUM('a'), b TIME, c INT, KEY(b)) ENGINE=InnoDB;

INSERT INTO t1 VALUES ('','00:00:00',0);

SELECT * FROM t1 WHERE a=b;

ALTER TABLE t1 ENGINE=MyISAM;

SELECT * FROM t1 WHERE a=b;

returns 1 row for both InnoDB and MyISAM in 10.0.23
returns 1 row for both InnoDB and MyISAM in 10.1.13

Alexander Barkov added a comment - 2016-03-22 06:14 - edited This script: DROP TABLE IF EXISTS t1; CREATE TABLE t1 (a ENUM('a'), b TIME, c INT, KEY(b)) ENGINE=InnoDB; INSERT INTO t1 VALUES ('','00:00:00',0); SELECT * FROM t1 WHERE a=b; ALTER TABLE t1 ENGINE=MyISAM; SELECT * FROM t1 WHERE a=b; returns 1 row for both InnoDB and MyISAM in 10.0.23 returns 1 row for both InnoDB and MyISAM in 10.1.13

Alexander Barkov added a comment - 2016-03-22 08:39

Similar sort of inconsistency is observed with the DATE and DATETIME data types.

Alexander Barkov added a comment - 2016-03-22 08:39 Similar sort of inconsistency is observed with the DATE and DATETIME data types.

People

Assignee:: Alexander Barkov

Reporter:: sbester1

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2016-02-21 17:06

Updated:: 2022-10-26 10:29

Resolved:: 2016-03-23 04:53

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server