[MDEV-11594] Crash with aggregate window functions in window definition Created: 2016-12-18  Updated: 2017-02-03  Resolved: 2017-02-03

Status: Closed
Project: MariaDB Server
Component/s: Optimizer - Window functions
Affects Version/s: 10.2
Fix Version/s: 10.2.4

Type: Bug Priority: Major
Reporter: markus makela Assignee: Igor Babaev
Resolution: Fixed Votes: 0
Labels: 10.2-rc

Attachments: File error.log    
Issue Links:
Relates
relates to MDEV-11138 Server crashes in JOIN::make_aggr_tab... Closed

 Description   

When the following SQL is executed, the server crashes.

select avg(1) over (order by avg(1));

This also crashes with an actual table in the query.

create table test.t1 (id int);
 
insert into test.t1 values (1), (2), (3);
 
select avg(id) over (order by avg(id)) from test.t1);

The commit ID the server was built from is c35b8c46b404d035e54a23d667da5dff6502fc2e. I've attached the error log from the crash.

#3  <signal handler called>
 
#4  JOIN::make_aggr_tables_info (this=this@entry=0x7fac02cf28f8) at /data/src/10.2/sql/sql_select.cc:2713
 
#5  0x00007fac4af421f3 in JOIN::optimize_inner (this=this@entry=0x7fac02cf28f8) at /data/src/10.2/sql/sql_select.cc:1442
 
#6  0x00007fac4af4522f in JOIN::optimize (this=this@entry=0x7fac02cf28f8) at /data/src/10.2/sql/sql_select.cc:1076
 
#7  0x00007fac4af45bd5 in mysql_select (thd=thd@entry=0x7fac02d14070, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fac02cf28d8, unit=0x7fac02d17b48, select_lex=0x7fac02d18278) at /data/src/10.2/sql/sql_select.cc:3570
 
#8  0x00007fac4af45e8d in handle_select (thd=thd@entry=0x7fac02d14070, lex=lex@entry=0x7fac02d17a80, result=result@entry=0x7fac02cf28d8, setup_tables_done_option=setup_tables_done_option@entry=0) at /data/src/10.2/sql/sql_select.cc:373
 
#9  0x00007fac4aed6849 in execute_sqlcom_select (thd=thd@entry=0x7fac02d14070, all_tables=0x0) at /data/src/10.2/sql/sql_parse.cc:6347
 
#10 0x00007fac4aedf6d2 in mysql_execute_command (thd=thd@entry=0x7fac02d14070) at /data/src/10.2/sql/sql_parse.cc:3370
 
#11 0x00007fac4aee92d2 in mysql_parse (thd=thd@entry=0x7fac02d14070, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x7fac4bec6910, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:7790
 
#12 0x00007fac4aeeb55b in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x7fac02d14070, packet=packet@entry=0x7fac02e18071 "select avg(1) over (order by avg(1))", packet_length=packet_length@entry=36, is_com_multi=is_com_multi@entry=false, is_next_command=is_next_command@entry=false) at /data/src/10.2/sql/sql_parse.cc:1799
 
#13 0x00007fac4aeee08d in do_command (thd=0x7fac02d14070) at /data/src/10.2/sql/sql_parse.cc:1359
 
#14 0x00007fac4afdbf4a in do_handle_one_connection (connect=connect@entry=0x7fac48060130) at /data/src/10.2/sql/sql_connect.cc:1354
 
#15 0x00007fac4afdc133 in handle_one_connection (arg=0x7fac48060130) at /data/src/10.2/sql/sql_connect.cc:1260
 
#16 0x00007fac4a5dd0a4 in start_thread (arg=0x7fac4bec8300) at pthread_create.c:309
 
#17 0x00007fac48dfd87d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111



 Comments   
Comment by Elena Stepanova [ 2016-12-18 ]

Might be related to MDEV-11138

Comment by Igor Babaev [ 2017-02-03 ]

Strictly speaking 

select avg(id) over (order by avg(id)) from test.t1

is not a valid SQL query according to the Standard, but the following one

select sum(avg(id)) over (order by avg(id)) from test.t1;

definitely is and yet it craches.

Both should not cause a crash though.

Comment by Igor Babaev [ 2017-02-03 ]

The fix for this bug was pushed into the 10.2 tree.

Generated at Thu Feb 08 07:51:09 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.