[MDEV-16755] Server crashes in in multi_delete::~multi_delete upon execution of PS Created: 2018-07-13  Updated: 2023-04-27

Status: Open
Project: MariaDB Server
Component/s: Data Manipulation - Delete, Prepared Statements
Affects Version/s: 5.5, 10.0, 10.1, 10.2, 10.3
Fix Version/s: 10.4

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Dmitry Shulga
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Duplicate
is duplicated by MDEV-17019 Server crashes in multi_delete::~mult... Closed

 Description    

CREATE TABLE t1 (a INT);
 
CREATE VIEW v1 AS SELECT * FROM t1 WHERE a BETWEEN 6 AND 9;
 
PREPARE st FROM "DELETE t1, v1 FROM t1 NATURAL JOIN v1 WHERE a = 0";
 
EXECUTE st;

10.0 a2c0376e08d80d7b7dad8713d1df334b2b81eff9

 
#3  <signal handler called>
 
#4  0x000000000099802a in multi_delete::~multi_delete (this=0x7f54c90fa518, __in_chrg=<optimized out>) at /data/src/10.0/sql/sql_delete.cc:981
 
#5  0x00000000009980f8 in multi_delete::~multi_delete (this=0x7f54c90fa518, __in_chrg=<optimized out>) at /data/src/10.0/sql/sql_delete.cc:989
 
#6  0x00000000006501d7 in mysql_execute_command (thd=0x7f54caaa2070) at /data/src/10.0/sql/sql_parse.cc:3661
 
#7  0x00000000006702b4 in Prepared_statement::execute (this=0x7f54c9116470, expanded_query=0x7f54d2cf1bd0, open_cursor=false) at /data/src/10.0/sql/sql_prepare.cc:3975
 
#8  0x000000000066f382 in Prepared_statement::execute_loop (this=0x7f54c9116470, expanded_query=0x7f54d2cf1bd0, open_cursor=false, packet=0x0, packet_end=0x0) at /data/src/10.0/sql/sql_prepare.cc:3629
 
#9  0x000000000066d670 in mysql_sql_stmt_execute (thd=0x7f54caaa2070) at /data/src/10.0/sql/sql_prepare.cc:2779
 
#10 0x000000000064d4fd in mysql_execute_command (thd=0x7f54caaa2070) at /data/src/10.0/sql/sql_parse.cc:2564
 
#11 0x0000000000657dd6 in mysql_parse (thd=0x7f54caaa2070, rawbuf=0x7f54c90fa088 "EXECUTE st", length=10, parser_state=0x7f54d2cf2640) at /data/src/10.0/sql/sql_parse.cc:6634
 
#12 0x000000000064a6f6 in dispatch_command (command=COM_QUERY, thd=0x7f54caaa2070, packet=0x7f54cbfe5071 "EXECUTE st", packet_length=10) at /data/src/10.0/sql/sql_parse.cc:1297
 
#13 0x00000000006499f6 in do_command (thd=0x7f54caaa2070) at /data/src/10.0/sql/sql_parse.cc:1000
 
#14 0x000000000076a872 in do_handle_one_connection (thd_arg=0x7f54caaa2070) at /data/src/10.0/sql/sql_connect.cc:1377
 
#15 0x000000000076a5e4 in handle_one_connection (arg=0x7f54caaa2070) at /data/src/10.0/sql/sql_connect.cc:1292
 
#16 0x0000000000acc722 in pfs_spawn_thread (arg=0x7f54ca9a2370) at /data/src/10.0/storage/perfschema/pfs.cc:1861
 
#17 0x00007f54d2926494 in start_thread (arg=0x7f54d2cf3700) at pthread_create.c:333
 
#18 0x00007f54d0cdf93f in clone () from /lib/x86_64-linux-gnu/libc.so.6

The problem appeared in 5.5 tree with this patch:

commit ba8d0fa700a73893979793785ed53f7bbd950df8
 
Author: Oleksandr Byelkin <sanja@mariadb.com>
 
Date:   Mon Jan 15 14:50:35 2018 +0100
 
 
 
    MDEV-14786: Server crashes in Item_cond::transform on 2nd execution of SP querying from a view
 
    
    MDEV-14957: JOIN::prepare gets unusable "conds" as argument
 
    
    Do not touch merged derived (it is irreversible)
 
    
    Fix first argument of in_optimizer for calls possible before fix_fields()



 Comments   
Comment by Alice Sherepa [ 2019-11-21 ]

test case from MDEV-17019

CREATE TABLE t1 (a INT);
 
 
CREATE ALGORITHM = MERGE VIEW v1 AS SELECT * FROM t1;
 
PREPARE stmt FROM 'DELETE A FROM v1 AS A WHERE 0';
 
EXECUTE stmt;
 
 
# Cleanup
 
DROP VIEW v1;
 
DROP TABLE t1;

Generated at Thu Feb 08 08:31:19 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.