Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-9897

Window functions: crash when ORDER BY clause uses an expression

    XMLWordPrintable

Details

    Description

      A testcase provided by Peter crashes:

      create table t1 (s1 int, s2 char(5));
      		 
      insert into t1 values (1,'a');
      		 
      insert into t1 values (null,null);
      		 
      insert into t1 values (1,null);
      		 
      insert into t1 values (null,'a');
      		 
      insert into t1 values (2,'b');
      		 
      insert into t1 values (-1,'');
      		 
       
      		 
      select 
        *,
      		 
        ROW_NUMBER() OVER (order by s1),
      		 
        CUME_DIST() OVER (order by -s1) 
      from t1;

      It crashes here: 

        #1  0x0000555555c2a0ce in compare_order_elements (ord1=0x7fff580130e8, ord2=0x7fff580135e8) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_window.cc:243
      		 
        #2  0x0000555555c2a1c4 in compare_order_lists (part_list1=0x7fff58013158, part_list2=0x7fff58013658) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_window.cc:267
      		 
        #3  0x0000555555c2a5fc in compare_window_funcs_by_window_specs (win_func1=0x7fff580131b8, win_func2=0x7fff580136b8, arg=0x0) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_window.cc:393
      		 
        #4  0x0000555555c2dda0 in bubble_sort<Item_window_func> (list_to_sort=0x7fff58004fc8, sort_func=0x555555c2a511 <compare_window_funcs_by_window_specs(Item_window_func*, Item_window_func*, void*)>, arg=0x0) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_list.h:620
      		 
        #5  0x0000555555c2a796 in order_window_funcs_by_window_specs (win_func_list=0x7fff58004fc8) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_window.cc:465
      		 
        #6  0x0000555555c2b951 in Window_funcs_computation::setup (this=0x7fff58016860, thd=0x7fff58000b00, window_funcs=0x7fff58004fc8, tab=0x7fff58015700) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_window.cc:1878
      		 
        #7  0x0000555555ac5263 in JOIN::make_aggr_tables_info (this=0x7fff58013f10) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_select.cc:2670
      		 
        #8  0x0000555555ac2da6 in JOIN::optimize_inner (this=0x7fff58013f10) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_select.cc:2068

      The code makes this call:

          int cmp= strcmp(item1->name, item2->name);

      both items are Item_temptable_field object, however, item2->name is NULL.

      I am sure what the code tries to accomplish by comparing item names. Shouldn't it use item->eq(..) call instead?

      Attachments

        Issue Links

          is part of

          Task - A task that needs to be done. MDEV-6115 window functions as in the SQL standard

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MDEV-15837 Assertion `item1->type() == Item::FIELD_ITEM && item2->type() == Item::FIELD_ITEM' failed in compare_order_elements function

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Activity

            People

              igor Igor Babaev
              psergei Sergei Petrunia
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.