[MDEV-18216] Server crashes in Query_arena::set_query_arena upon CREATE VIEW Created: 2019-01-11  Updated: 2023-04-27

Status: Confirmed
Project: MariaDB Server
Component/s: Server, Views
Affects Version/s: 10.2, 10.3, 10.4, 10.5, 10.6
Fix Version/s: 10.4, 10.5, 10.6

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Oleksandr Byelkin
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Relates
relates to MDEV-17361 Server crashes in Query_arena::set_qu... Closed
relates to MDEV-26061 MariaDB server crash at Field::set_de... Closed
relates to MDEV-21028 Server crashes in Query_arena::set_qu... Closed

 Description    

CREATE TABLE t1 (a INT, b BLOB DEFAULT '');
 
CREATE VIEW v1 AS SELECT * FROM t1;
 
CREATE VIEW v2 AS SELECT DEFAULT(b) && a FROM v1;
 
 
 
# Cleanup
 
DROP VIEW v2, v1;
 
DROP TABLE t1;

10.2 7331c661d

 
#3  <signal handler called>
 
#4  0x000055f56c562b32 in Query_arena::set_query_arena (this=0x7f4ec0000b18, set=0x0) at /data/src/10.2/sql/sql_class.cc:3485
 
#5  0x000055f56c562f77 in THD::set_n_backup_active_arena (this=0x7f4ec0000b00, set=0x0, backup=0x7f4ed1586ed0) at /data/src/10.2/sql/sql_class.cc:3574
 
#6  0x000055f56c7f17dd in Field::set_default (this=0x7f4ec0016e40) at /data/src/10.2/sql/field.cc:2356
 
#7  0x000055f56c84d4b8 in Item_default_value::calculate (this=0x7f4ec0012c70) at /data/src/10.2/sql/item.cc:8916
 
#8  0x000055f56c84d578 in Item_default_value::val_int (this=0x7f4ec0012c70) at /data/src/10.2/sql/item.cc:8934
 
#9  0x000055f56c86b91c in Item_cond::fix_fields (this=0x7f4ec0012e70, thd=0x7f4ec0000b00, ref=0x7f4ec0012fa8) at /data/src/10.2/sql/item_cmpfunc.cc:4619
 
#10 0x000055f56c53f4ef in setup_fields (thd=0x7f4ec0000b00, ref_pointer_array=..., fields=..., mark_used_columns=MARK_COLUMNS_READ, sum_func_list=0x7f4ec0016218, pre_fix=0x7f4ec0004f58, allow_sum_func=true) at /data/src/10.2/sql/sql_base.cc:7160
 
#11 0x000055f56c5e6f4d in JOIN::prepare (this=0x7f4ec0015ef8, tables_init=0x7f4ec0013018, wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, skip_order_by=false, group_init=0x0, having_init=0x0, proc_param_init=0x0, select_lex_arg=0x7f4ec0004e18, unit_arg=0x7f4ec00046e0) at /data/src/10.2/sql/sql_select.cc:814
 
#12 0x000055f56c68f7d0 in st_select_lex_unit::prepare (this=0x7f4ec00046e0, thd_arg=0x7f4ec0000b00, sel_result=0x0, additional_options=0) at /data/src/10.2/sql/sql_union.cc:598
 
#13 0x000055f56c69ce9a in mysql_create_view (thd=0x7f4ec0000b00, views=0x7f4ec0012558, mode=VIEW_CREATE_NEW) at /data/src/10.2/sql/sql_view.cc:534
 
#14 0x000055f56c5af6a8 in mysql_execute_command (thd=0x7f4ec0000b00) at /data/src/10.2/sql/sql_parse.cc:6052
 
#15 0x000055f56c5b4f51 in mysql_parse (thd=0x7f4ec0000b00, rawbuf=0x7f4ec0012448 "CREATE VIEW v2 AS SELECT DEFAULT(b) && a FROM v1", length=48, parser_state=0x7f4ed1588200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:8015
 
#16 0x000055f56c5a288b in dispatch_command (command=COM_QUERY, thd=0x7f4ec0000b00, packet=0x7f4ec008c471 "CREATE VIEW v2 AS SELECT DEFAULT(b) && a FROM v1", packet_length=48, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1826
 
#17 0x000055f56c5a11e2 in do_command (thd=0x7f4ec0000b00) at /data/src/10.2/sql/sql_parse.cc:1379
 
#18 0x000055f56c6f3ccd in do_handle_one_connection (connect=0x55f56ef059e0) at /data/src/10.2/sql/sql_connect.cc:1335
 
#19 0x000055f56c6f3a5a in handle_one_connection (arg=0x55f56ef059e0) at /data/src/10.2/sql/sql_connect.cc:1241
 
#20 0x000055f56cb1997c in pfs_spawn_thread (arg=0x55f56ee69050) at /data/src/10.2/storage/perfschema/pfs.cc:1862
 
#21 0x00007f4ed8f83494 in start_thread (arg=0x7f4ed1589700) at pthread_create.c:333
 
#22 0x00007f4ed736993f in clone () from /lib/x86_64-linux-gnu/libc.so.6

All of debug, non-debug and ASAN builds fail with SIGSEGV.
Reproducible with at least MyISAM, Aria, InnoDB.
Not reproducible on 10.1.
Generated at Thu Feb 08 08:42:22 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.