[MDEV-9683] Server crashes in Item::basic_const_item on numerous nested NULLIFs - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: 10.1(EOL)
Fix Version/s: 10.1.13
Component/s: Optimizer
Labels:
None

Description

Test case
CREATE TABLE t1 (i INT);
INSERT INTO t1 VALUES (1),(2);

SELECT * FROM t1 WHERE
NULLIF(
NULLIF(
NULLIF(
NULLIF(
NULLIF(
NULLIF(
NULLIF(
NULLIF(
NULLIF(
NULLIF(
NULLIF(
NULLIF(
NULLIF(
NULLIF(
i = ROUND(0),
14),
13),
12),
11),
10),
9),
8),
7),
6),
5),
4),
3),
2),
1)
;

Abridged stack trace from bb-10.1-serg commit 2aecd1abfe5993241268219d098b6e27a3e3707a
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055b6e59c8410 in Item::basic_const_item (this=0x0) at /src/bb-10.1-serg/sql/item.h:1073
1073 virtual bool basic_const_item() const { return 0; }
#0 0x000055b6e59c8410 in Item::basic_const_item (this=0x0) at /src/bb-10.1-serg/sql/item.h:1073
#1 0x000055b6e5ce8365 in Item_cache::basic_const_item (this=0x7f5a08228998) at /src/bb-10.1-serg/sql/item.h:5051
...
#8778 0x000055b6e5ce8365 in Item_cache::basic_const_item (this=0x7f5a083284e8) at /src/bb-10.1-serg/sql/item.h:5051
#8779 0x000055b6e5cdb006 in Item::cache_const_expr_analyzer (this=0x7f5a083284e8, arg=0x7f5a13fb8a00) at /src/bb-10.1-serg/sql/item.cc:6503
#8780 0x000055b6e59c89c7 in Item::compile (this=0x7f5a083284e8, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb8a00, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item.h:1396
#8781 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a08223e28, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb8a80, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8782 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a08224088, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb8b00, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8783 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a08224340, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb8b80, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8784 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a08224620, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb8c00, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8785 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a08224928, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb8c80, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8786 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a08224c58, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb8d00, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8787 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a08224fa8, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb8d80, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8788 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a08225310, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb8e00, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8789 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a08225678, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb8e80, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8790 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a082259e0, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb8f00, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8791 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a08225d48, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb8f80, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8792 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a082260b0, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb9000, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8793 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a08226418, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb9080, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8794 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a08226780, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb9100, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8795 0x000055b6e5d1b56c in Item_func::compile (this=0x7f5a08226ae8, thd=0x7f5a0dbc9ab0, analyzer=(bool (Item::)(Item const, uchar )) 0x55b6e5cdaf82 <Item::cache_const_expr_analyzer(unsigned char)>, arg_p=0x7f5a13fb9190, transformer=(Item (Item::)(Item * const, THD , uchar )) 0x55b6e5cdb0ce <Item::cache_const_expr_transformer(THD, unsigned char)>, arg_t=0x7f5a13fb918f "") at /src/bb-10.1-serg/sql/item_func.cc:410
#8796 0x000055b6e5af7244 in JOIN::cache_const_exprs (this=0x7f5a08226d60) at /src/bb-10.1-serg/sql/sql_select.cc:25339
#8797 0x000055b6e5ab99b9 in JOIN::optimize_inner (this=0x7f5a08226d60) at /src/bb-10.1-serg/sql/sql_select.cc:1567
#8798 0x000055b6e5ab7ba2 in JOIN::optimize (this=0x7f5a08226d60) at /src/bb-10.1-serg/sql/sql_select.cc:1036
#8799 0x000055b6e5ac0237 in mysql_select (thd=0x7f5a0dbc9ab0, rref_pointer_array=0x7f5a0dbcde40, tables=0x7f5a08223498, wild_num=1, fields=..., conds=0x7f5a08226ae8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f5a08226d40, unit=0x7f5a0dbcd4c8, select_lex=0x7f5a0dbcdbc8) at /src/bb-10.1-serg/sql/sql_select.cc:3437
#8800 0x000055b6e5ab5d6f in handle_select (thd=0x7f5a0dbc9ab0, lex=0x7f5a0dbcd400, result=0x7f5a08226d40, setup_tables_done_option=0) at /src/bb-10.1-serg/sql/sql_select.cc:384
#8801 0x000055b6e5a8609a in execute_sqlcom_select (thd=0x7f5a0dbc9ab0, all_tables=0x7f5a08223498) at /src/bb-10.1-serg/sql/sql_parse.cc:5936
#8802 0x000055b6e5a7be76 in mysql_execute_command (thd=0x7f5a0dbc9ab0) at /src/bb-10.1-serg/sql/sql_parse.cc:2962
#8803 0x000055b6e5a896e2 in mysql_parse (thd=0x7f5a0dbc9ab0, rawbuf=0x7f5a08223148 "SELECT * FROM t1 WHERE \nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\ni = ROUND(0),\n14),\n13),\n12),\n11),\n10),\n9),\n8),\n7),\n6),\n5),\n4),\n3"..., length=209, parser_state=0x7f5a13fba5e0) at /src/bb-10.1-serg/sql/sql_parse.cc:7336
#8804 0x000055b6e5a780dd in dispatch_command (command=COM_QUERY, thd=0x7f5a0dbc9ab0, packet=0x7f5a0cdc91f1 "SELECT * FROM t1 WHERE \nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\nNULLIF(\ni = ROUND(0),\n14),\n13),\n12),\n11),\n10),\n9),\n8),\n7),\n6),\n5),\n4),\n3"..., packet_length=210) at /src/bb-10.1-serg/sql/sql_parse.cc:1488
#8805 0x000055b6e5a76e0f in do_command (thd=0x7f5a0dbc9ab0) at /src/bb-10.1-serg/sql/sql_parse.cc:1109
#8806 0x000055b6e5bacbc4 in do_handle_one_connection (thd_arg=0x7f5a0dbc9ab0) at /src/bb-10.1-serg/sql/sql_connect.cc:1349
#8807 0x000055b6e5bac928 in handle_one_connection (arg=0x7f5a0dbc9ab0) at /src/bb-10.1-serg/sql/sql_connect.cc:1261
#8808 0x000055b6e62b4a92 in pfs_spawn_thread (arg=0x7f5a0c7b0bf0) at /src/bb-10.1-serg/storage/perfschema/pfs.cc:1860
#8809 0x00007f5a13c350a4 in start_thread () from /lib64/libpthread.so.0
#8810 0x00007f5a11da304d in clone () from /lib64/libc.so.6

Main 10.1 tree is also affected. 10.0 works fine.

Attachments

Activity

People

Assignee:: Sergei Golubchik

Reporter:: Elena Stepanova

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2016-03-03 23:18

Updated:: 2016-03-07 16:04

Resolved:: 2016-03-07 16:04

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.