[MDEV-11129] CREATE OR REPLACE TABLE t1 AS SELECT spfunc() crashes if spfunc() references t1 Created: 2016-10-25  Updated: 2018-05-19  Resolved: 2018-05-16

Status: Closed
Project: MariaDB Server
Component/s: Data Definition - Create Table
Affects Version/s: 10.0, 10.1
Fix Version/s: 10.0.36, 10.1.34, 10.2.15, 10.3.7

Type: Bug Priority: Major
Reporter: Sergey Vojtovich Assignee: Michael Widenius
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-10824 Crash in CREATE OR REPLACE TABLE t1 A... Closed
relates to MDEV-14894 [Draft] Assorted crashes and assertio... Closed

 Description   

mtr test:

CREATE TABLE t1(a INT);
 
DELIMITER $$;
 
CREATE FUNCTION f1() RETURNS VARCHAR(16383)
 
BEGIN
 
  INSERT INTO t1 VALUES(1);
 
  RETURN 'test';
 
END;
 
$$
 
DELIMITER ;$$
 
 
 
CREATE OR REPLACE TABLE t1 AS SELECT f1();
 
LOCK TABLE t1 WRITE;
 
CREATE OR REPLACE TABLE t1 AS SELECT f1();
 
UNLOCK TABLES;
 
 
 
DROP FUNCTION f1;
 
DROP TABLE t1;

There's a guard in mysql_execute_command() that prevents referencing the same table multiple times:

      if ((create_info.options & HA_LEX_CREATE_REPLACE) &&
 
          !create_info.tmp_table())
 
      {
 
        TABLE_LIST *duplicate;
 
        if ((duplicate= unique_table(thd, lex->query_tables,
 
                                     lex->query_tables->next_global,
 
                                     0)))
 
        {
 
          update_non_unique_table_error(lex->query_tables, "CREATE",
 
                                        duplicate);
 
          res= TRUE;
 
          goto end_with_restore_list;
 
        }
 
      }

But it doesn't work because find_dup_table() has this condition:

    /*
 
      Skip if marked to be excluded (could be a derived table) or if
 
      entry is a prelocking placeholder.
 
    */
 
    if (res->select_lex &&
 
        !res->select_lex->exclude_from_table_unique_test &&
 
        !res->prelocking_placeholder)
 
      break;

10.3 d71a8855ee

 
mysqld: /data/src/10.3/sql/table_cache.cc:1147: bool tdc_remove_table(THD*, enum_tdc_remove_table_type, const char*, const char*, bool): Assertion `element->all_tables.is_empty() || remove_type != TDC_RT_REMOVE_ALL' failed.
 
180420 17:59:32 [ERROR] mysqld got signal 6 ;
 
 
 
#7  0x00007fe3ce535ee2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
 
#8  0x000055b9b0a18e85 in tdc_remove_table (thd=0x7fe360000b00, remove_type=TDC_RT_REMOVE_ALL, db=0x7fe360013fd8 "test", table_name=0x7fe360013950 "t1", kill_delayed_threads=false) at /data/src/10.3/sql/table_cache.cc:1147
 
#9  0x000055b9b08c1e4d in mysql_rm_table_no_locks (thd=0x7fe360000b00, tables=0x7fe3cc2335d0, if_exists=false, drop_temporary=false, drop_view=false, drop_sequence=false, dont_log_query=true, dont_free_locks=true) at /data/src/10.3/sql/sql_table.cc:2502
 
#10 0x000055b9b08c8d60 in create_table_impl (thd=0x7fe360000b00, orig_db=0x7fe3600139a0, orig_table_name=0x7fe3600139b0, db=0x7fe3600139a0, table_name=0x7fe3600139b0, path=0x7fe3cc233d00 "./test/t1", options=..., create_info=0x7fe3cc2357e0, alter_info=0x7fe3cc235720, create_table_mode=1, is_trans=0x0, key_info=0x7fe3cc233ce0, key_count=0x7fe3cc233cd4, frm=0x7fe3cc233cf0) at /data/src/10.3/sql/sql_table.cc:4878
 
#11 0x000055b9b08c9802 in mysql_create_table_no_lock (thd=0x7fe360000b00, db=0x7fe3600139a0, table_name=0x7fe3600139b0, create_info=0x7fe3cc2357e0, alter_info=0x7fe3cc235720, is_trans=0x0, create_table_mode=1, table_list=0x7fe360013988) at /data/src/10.3/sql/sql_table.cc:5082
 
#12 0x000055b9b07c72c8 in select_create::create_table_from_items (this=0x7fe360015f88, thd=0x7fe360000b00, items=0x7fe3cc235160, lock=0x7fe3cc235150, hooks=0x7fe3cc2351a0) at /data/src/10.3/sql/sql_insert.cc:4228
 
#13 0x000055b9b07c7a25 in select_create::prepare (this=0x7fe360015f88, _values=..., u=0x7fe360004948) at /data/src/10.3/sql/sql_insert.cc:4403
 
#14 0x000055b9b083bbf7 in JOIN::prepare (this=0x7fe360016078, tables_init=0x0, wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7fe3600050c0, unit_arg=0x7fe360004948) at /data/src/10.3/sql/sql_select.cc:1331
 
#15 0x000055b9b08457db in mysql_select (thd=0x7fe360000b00, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2416184064, result=0x7fe360015f88, unit=0x7fe360004948, select_lex=0x7fe3600050c0) at /data/src/10.3/sql/sql_select.cc:4130
 
#16 0x000055b9b0837deb in handle_select (thd=0x7fe360000b00, lex=0x7fe360004880, result=0x7fe360015f88, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:382
 
#17 0x000055b9b07fad44 in mysql_execute_command (thd=0x7fe360000b00) at /data/src/10.3/sql/sql_parse.cc:4238
 
#18 0x000055b9b0806cf4 in mysql_parse (thd=0x7fe360000b00, rawbuf=0x7fe360013888 "CREATE OR REPLACE TABLE t1 AS SELECT f1()", length=41, parser_state=0x7fe3cc236620, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8001
 
#19 0x000055b9b07f44d7 in dispatch_command (command=COM_QUERY, thd=0x7fe360000b00, packet=0x7fe36001bab1 "CREATE OR REPLACE TABLE t1 AS SELECT f1()", packet_length=41, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1846
 
#20 0x000055b9b07f2f16 in do_command (thd=0x7fe360000b00) at /data/src/10.3/sql/sql_parse.cc:1391
 
#21 0x000055b9b0955a13 in do_handle_one_connection (connect=0x55b9b4016920) at /data/src/10.3/sql/sql_connect.cc:1402
 
#22 0x000055b9b09557a0 in handle_one_connection (arg=0x55b9b4016920) at /data/src/10.3/sql/sql_connect.cc:1308
 
#23 0x00007fe3d020c494 in start_thread (arg=0x7fe3cc237700) at pthread_create.c:333
 
#24 0x00007fe3ce5f293f in clone () from /lib/x86_64-linux-gnu/libc.so.6


Generated at Thu Feb 08 07:47:32 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.