[MDEV-19091] Assertion `args[0] == args[2] || thd->stmt_arena->is_stmt_execute()' failed in Item_func_nullif::fix_length_and_dec Created: 2019-03-31  Updated: 2023-11-28

Status: Confirmed
Project: MariaDB Server
Component/s: Optimizer, Server, Views
Affects Version/s: 10.2, 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
Fix Version/s: 10.4, 10.5, 10.6

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Alexander Barkov
Resolution: Unresolved Votes: 0
Labels: None

Issue Links:
Duplicate
is duplicated by MDEV-29400 Assertion `args[0] == args[2] || thd-... Closed

 Description    

CREATE TABLE t (f VARCHAR(8));
 
CREATE ALGORITHM=TEMPTABLE VIEW v AS SELECT * FROM t;
 
 
 
# Optional
 
INSERT INTO t VALUES ('foo'),('bar');
 
 
 
SELECT * FROM v WHERE f != NULLIF('a', COLLATION('b'));
 
 
 
# Cleanup
 
DROP VIEW v;
 
DROP TABLE t;

10.2 fe1dfe39

 
mysqld: /data/src/10.2/sql/item_cmpfunc.cc:2627: virtual bool Item_func_nullif::fix_length_and_dec(): Assertion `args[0] == args[2] || thd->stmt_arena->is_stmt_execute()' failed.
 
190331 18:52:16 [ERROR] mysqld got signal 6 ;
 
 
 
#7  0x00007fd222c9eee2 in __assert_fail () from /lib/x86_64-linux-gnu/libc.so.6
 
#8  0x00005638a6d0cf8f in Item_func_nullif::fix_length_and_dec (this=0x7fd20c016b88) at /data/src/10.2/sql/item_cmpfunc.cc:2627
 
#9  0x00005638a6d3f963 in Item_func::fix_fields (this=0x7fd20c016b88, thd=0x7fd20c000b00, ref=0x7fd20c0169c0) at /data/src/10.2/sql/item_func.cc:228
 
#10 0x00005638a6d3f6c7 in Item_func::fix_fields (this=0x7fd20c016928, thd=0x7fd20c000b00, ref=0x7fd20c0162c8) at /data/src/10.2/sql/item_func.cc:200
 
#11 0x00005638a6a8d5bf in JOIN::optimize_inner (this=0x7fd20c015ec0) at /data/src/10.2/sql/sql_select.cc:1353
 
#12 0x00005638a6a8c81f in JOIN::optimize (this=0x7fd20c015ec0) at /data/src/10.2/sql/sql_select.cc:1115
 
#13 0x00005638a6a1c1aa in mysql_derived_optimize (thd=0x7fd20c000b00, lex=0x7fd20c004630, derived=0x7fd20c012680) at /data/src/10.2/sql/sql_derived.cc:897
 
#14 0x00005638a6a1a8bf in mysql_handle_single_derived (lex=0x7fd20c004630, derived=0x7fd20c012680, phases=4) at /data/src/10.2/sql/sql_derived.cc:198
 
#15 0x00005638a6a8d8d2 in JOIN::optimize_inner (this=0x7fd20c015898) at /data/src/10.2/sql/sql_select.cc:1401
 
#16 0x00005638a6a8c81f in JOIN::optimize (this=0x7fd20c015898) at /data/src/10.2/sql/sql_select.cc:1115
 
#17 0x00005638a6a95d30 in mysql_select (thd=0x7fd20c000b00, tables=0x7fd20c012680, wild_num=1, fields=..., conds=0x7fd20c0131b8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fd20c015878, unit=0x7fd20c0046f8, select_lex=0x7fd20c004e30) at /data/src/10.2/sql/sql_select.cc:3804
 
#18 0x00005638a6a89fcd in handle_select (thd=0x7fd20c000b00, lex=0x7fd20c004630, result=0x7fd20c015878, setup_tables_done_option=0) at /data/src/10.2/sql/sql_select.cc:376
 
#19 0x00005638a6a55496 in execute_sqlcom_select (thd=0x7fd20c000b00, all_tables=0x7fd20c012680) at /data/src/10.2/sql/sql_parse.cc:6479
 
#20 0x00005638a6a4b70b in mysql_execute_command (thd=0x7fd20c000b00) at /data/src/10.2/sql/sql_parse.cc:3537
 
#21 0x00005638a6a59371 in mysql_parse (thd=0x7fd20c000b00, rawbuf=0x7fd20c012458 "SELECT * FROM v WHERE f != NULLIF('a', COLLATION('b'))", length=54, parser_state=0x7fd21cf7a200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:8013
 
#22 0x00005638a6a46e6e in dispatch_command (command=COM_QUERY, thd=0x7fd20c000b00, packet=0x7fd20c08dea1 "SELECT * FROM v WHERE f != NULLIF('a', COLLATION('b'))", packet_length=54, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1832
 
#23 0x00005638a6a4578b in do_command (thd=0x7fd20c000b00) at /data/src/10.2/sql/sql_parse.cc:1386
 
#24 0x00005638a6b98ef9 in do_handle_one_connection (connect=0x5638a95f4d80) at /data/src/10.2/sql/sql_connect.cc:1335
 
#25 0x00005638a6b98c86 in handle_one_connection (arg=0x5638a95f4d80) at /data/src/10.2/sql/sql_connect.cc:1241
 
#26 0x00005638a6fc0fbe in pfs_spawn_thread (arg=0x5638a965db20) at /data/src/10.2/storage/perfschema/pfs.cc:1862
 
#27 0x00007fd224b8d494 in start_thread (arg=0x7fd21cf7b700) at pthread_create.c:333
 
#28 0x00007fd222d5b93f in clone () from /lib/x86_64-linux-gnu/libc.so.6

Reproducible with at least MyISAM and InnoDB.
Not reproducible on 10.1.
No obvious problem on a non-debug build.

 Comments   
Comment by Elena Stepanova [ 2020-08-07 ]

The test case below as well as similar ones causes an ASAN failure. SIGSEGV on non-ASAN bulids has also been seen, but it's the matter of luck, while ASAN failures seem deterministic (with this test case – on 10.2, but with different ones observed on 10.3+ as well).

CREATE TABLE t1 (a CHAR(3));
 
INSERT INTO t1 VALUES ('foo'),('bar');
 
CREATE VIEW v1 AS SELECT * FROM t1;
 
SET collation_connection= utf32_vietnamese_ci;
 
CREATE PROCEDURE sp() SELECT NULLIF(a, OCT(1)) FROM v1;
 
 
 
--error ER_CANT_AGGREGATE_2COLLATIONS
 
CALL sp;
 
--error ER_CANT_AGGREGATE_2COLLATIONS
 
CALL sp;
 
--error ER_CANT_AGGREGATE_2COLLATIONS
 
CALL sp;
 
 
 
# Cleanup
 
DROP PROCEDURE sp;
 
DROP VIEW v1;
 
DROP TABLE t1;

10.2 non-debug ASAN caa474f8

 
==15156==ERROR: AddressSanitizer: heap-use-after-free on address 0x6250000e1f88 at pc 0x55c1f53702b0 bp 0x7f02ed6c6120 sp 0x7f02ed6c6118
 
READ of size 8 at 0x6250000e1f88 thread T5
 
    #0 0x55c1f53702af in Item_func_nullif::fix_length_and_dec() /data/src/10.2/sql/item_cmpfunc.cc:2773
 
    #1 0x55c1f53d041b in Item_func::fix_fields(THD*, Item**) /data/src/10.2/sql/item_func.cc:230
 
    #2 0x55c1f4be7da6 in setup_fields(THD*, Bounds_checked_array<Item*>, List<Item>&, enum_mark_columns, List<Item>*, List<Item>*, bool) /data/src/10.2/sql/sql_base.cc:7247
 
    #3 0x55c1f4d6d511 in JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*) /data/src/10.2/sql/sql_select.cc:811
 
    #4 0x55c1f4d8a6cd in mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /data/src/10.2/sql/sql_select.cc:3811
 
    #5 0x55c1f4d69ba5 in handle_select(THD*, LEX*, select_result*, unsigned long) /data/src/10.2/sql/sql_select.cc:361
 
    #6 0x55c1f4cf0370 in execute_sqlcom_select /data/src/10.2/sql/sql_parse.cc:6218
 
    #7 0x55c1f4cde5f4 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:3524
 
    #8 0x55c1f4b50135 in sp_instr_stmt::exec_core(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3332
 
    #9 0x55c1f4b4edc0 in sp_lex_keeper::reset_lex_and_exec_core(THD*, unsigned int*, bool, sp_instr*) /data/src/10.2/sql/sp_head.cc:3095
 
    #10 0x55c1f4b4fa1c in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3248
 
    #11 0x55c1f4b45035 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1326
 
    #12 0x55c1f4b491de in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2202
 
    #13 0x55c1f4cdaaf4 in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2946
 
    #14 0x55c1f4ceb4e7 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5564
 
    #15 0x55c1f4cf8ccb in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7733
 
    #16 0x55c1f4cd4dc5 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
 
    #17 0x55c1f4cd1e6a in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1377
 
    #18 0x55c1f500f529 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
 
    #19 0x55c1f500eef9 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
 
    #20 0x55c1f6218a2c in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
 
    #21 0x7f02f93c14a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
 
    #22 0x7f02f74f5d0e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0xe8d0e)
 
 
 
0x6250000e1f88 is located 3720 bytes inside of 8268-byte region [0x6250000e1100,0x6250000e314c)
 
freed by thread T5 here:
 
    #0 0x7f02f9698a10 in free (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1a10)
 
    #1 0x55c1f631f046 in free_memory /data/src/10.2/mysys/safemalloc.c:279
 
    #2 0x55c1f631e6c0 in sf_free /data/src/10.2/mysys/safemalloc.c:197
 
    #3 0x55c1f62ef1cc in my_free /data/src/10.2/mysys/my_malloc.c:218
 
    #4 0x55c1f62d0fe0 in free_root /data/src/10.2/mysys/my_alloc.c:400
 
    #5 0x55c1f4b4549e in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1431
 
    #6 0x55c1f4b491de in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2202
 
    #7 0x55c1f4cdaaf4 in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2946
 
    #8 0x55c1f4ceb4e7 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5564
 
    #9 0x55c1f4cf8ccb in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7733
 
    #10 0x55c1f4cd4dc5 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
 
    #11 0x55c1f4cd1e6a in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1377
 
    #12 0x55c1f500f529 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
 
    #13 0x55c1f500eef9 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
 
    #14 0x55c1f6218a2c in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
 
    #15 0x7f02f93c14a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
 
 
 
previously allocated by thread T5 here:
 
    #0 0x7f02f9698d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
 
    #1 0x55c1f631e097 in sf_malloc /data/src/10.2/mysys/safemalloc.c:118
 
    #2 0x55c1f62ee92f in my_malloc /data/src/10.2/mysys/my_malloc.c:101
 
    #3 0x55c1f62d0106 in alloc_root /data/src/10.2/mysys/my_alloc.c:242
 
    #4 0x55c1f4d0800b in Query_arena::memdup_w_gap(void const*, unsigned long, unsigned int) /data/src/10.2/sql/sql_class.h:998
 
    #5 0x55c1f4cd9407 in alloc_query(THD*, char const*, unsigned int) /data/src/10.2/sql/sql_parse.cc:2682
 
    #6 0x55c1f4b4f908 in sp_instr_stmt::execute(THD*, unsigned int*) /data/src/10.2/sql/sp_head.cc:3236
 
    #7 0x55c1f4b45035 in sp_head::execute(THD*, bool) /data/src/10.2/sql/sp_head.cc:1326
 
    #8 0x55c1f4b491de in sp_head::execute_procedure(THD*, List<Item>*) /data/src/10.2/sql/sp_head.cc:2202
 
    #9 0x55c1f4cdaaf4 in do_execute_sp /data/src/10.2/sql/sql_parse.cc:2946
 
    #10 0x55c1f4ceb4e7 in mysql_execute_command(THD*) /data/src/10.2/sql/sql_parse.cc:5564
 
    #11 0x55c1f4cf8ccb in mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool) /data/src/10.2/sql/sql_parse.cc:7733
 
    #12 0x55c1f4cd4dc5 in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool) /data/src/10.2/sql/sql_parse.cc:1824
 
    #13 0x55c1f4cd1e6a in do_command(THD*) /data/src/10.2/sql/sql_parse.cc:1377
 
    #14 0x55c1f500f529 in do_handle_one_connection(CONNECT*) /data/src/10.2/sql/sql_connect.cc:1336
 
    #15 0x55c1f500eef9 in handle_one_connection /data/src/10.2/sql/sql_connect.cc:1241
 
    #16 0x55c1f6218a2c in pfs_spawn_thread /data/src/10.2/storage/perfschema/pfs.cc:1869
 
    #17 0x7f02f93c14a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)
 
 
 
Thread T5 created by T0 here:
 
    #0 0x7f02f9607f59 in __interceptor_pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.3+0x30f59)
 
    #1 0x55c1f6218e68 in spawn_thread_v1 /data/src/10.2/storage/perfschema/pfs.cc:1919
 
    #2 0x55c1f4aaf1a2 in inline_mysql_thread_create /data/src/10.2/include/mysql/psi/mysql_thread.h:1246
 
    #3 0x55c1f4ac39f6 in create_thread_to_handle_connection(CONNECT*) /data/src/10.2/sql/mysqld.cc:6518
 
    #4 0x55c1f4ac40d9 in create_new_thread /data/src/10.2/sql/mysqld.cc:6588
 
    #5 0x55c1f4ac50f1 in handle_connections_sockets() /data/src/10.2/sql/mysqld.cc:6863
 
    #6 0x55c1f4ac2f35 in mysqld_main(int, char**) /data/src/10.2/sql/mysqld.cc:6137
 
    #7 0x55c1f4aadb2f in main /data/src/10.2/sql/main.cc:25
 
    #8 0x7f02f742d2e0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x202e0)
 
 
 
SUMMARY: AddressSanitizer: heap-use-after-free /data/src/10.2/sql/item_cmpfunc.cc:2773 in Item_func_nullif::fix_length_and_dec()
 
Shadow bytes around the buggy address:
 
  0x0c4a800143a0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c4a800143b0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c4a800143c0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c4a800143d0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c4a800143e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
=>0x0c4a800143f0: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c4a80014400: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c4a80014410: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c4a80014420: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c4a80014430: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
  0x0c4a80014440: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
 
Shadow byte legend (one shadow byte represents 8 application bytes):
 
  Addressable:           00
 
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
 
  Heap right redzone:      fb
 
  Freed heap region:       fd
 
  Stack left redzone:      f1
 
  Stack mid redzone:       f2
 
  Stack right redzone:     f3
 
  Stack partial redzone:   f4
 
  Stack after return:      f5
 
  Stack use after scope:   f8
 
  Global redzone:          f9
 
  Global init order:       f6
 
  Poisoned by user:        f7
 
  Container overflow:      fc
 
  Array cookie:            ac
 
  Intra object redzone:    bb
 
  ASan internal:           fe
 
  Left alloca redzone:     ca
 
  Right alloca redzone:    cb
 
==15156==ABORTING

Comment by Alice Sherepa [ 2021-10-28 ]

a similar test case:

CREATE TABLE t (f VARCHAR(8));
 
CREATE  VIEW v AS SELECT * FROM t;
 
SELECT 1 FROM v WHERE nullif(current_user(), `f`);

10.6 1193a793c40b806c6f1

 
mariadbd: /10.6/src/sql/item_cmpfunc.cc:2585: virtual bool Item_func_nullif::fix_length_and_dec(): Assertion `args[0] == args[2] || thd->stmt_arena->is_stmt_execute()' failed.
 
211028 13:28:18 [ERROR] mysqld got signal 6 ;
 
 
 
Server version: 10.6.5-MariaDB-debug-log
 
 
 
:0(__GI___assert_fail)[0x7f1934993f36]
 
sql/item_cmpfunc.cc:2586(Item_func_nullif::fix_length_and_dec())[0x55c3165a6683]
 
sql/item_func.cc:359(Item_func::fix_fields(THD*, Item**))[0x55c316614799]
 
sql/sql_select.cc:2164(JOIN::optimize_inner())[0x55c315d21272]
 
sql/sql_select.cc:1809(JOIN::optimize())[0x55c315d1d700]
 
sql/sql_derived.cc:1064(mysql_derived_optimize(THD*, LEX*, TABLE_LIST*))[0x55c315b7f026]
 
sql/sql_derived.cc:200(mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int))[0x55c315b792c4]
 
sql/sql_select.cc:2285(JOIN::optimize_inner())[0x55c315d22bdd]
 
sql/sql_select.cc:1809(JOIN::optimize())[0x55c315d1d700]
 
sql/sql_select.cc:4980(mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55c315d3ebf6]
 
sql/sql_select.cc:545(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55c315d0f333]
 
sql/sql_parse.cc:6256(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55c315c743e7]
 
sql/sql_parse.cc:3946(mysql_execute_command(THD*, bool))[0x55c315c62eb5]
 
sql/sql_parse.cc:8030(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55c315c7f6aa]
 
sql/sql_parse.cc:1898(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55c315c5576b]
 
sql/sql_parse.cc:1404(do_command(THD*, bool))[0x55c315c5248f]
 
sql/sql_connect.cc:1418(do_handle_one_connection(CONNECT*, bool))[0x55c3160b8b1b]
 
sql/sql_connect.cc:1314(handle_one_connection)[0x55c3160b83a7]
 
perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55c316dd7be1]
 
nptl/pthread_create.c:478(start_thread)[0x7f1934eaa609]
 
x86_64/clone.S:97(__GI___clone)[0x7f1934a7f293]
 
 
 
Query (0x62b0000c42a8): SELECT 1 FROM v WHERE nullif(current_user(), `f`)

Comment by Oleksandr Byelkin [ 2022-01-20 ]

The problem is that Item_func_nullif::fix_length_and_dec() called twice during the conventional execution (which shoud never happened)

Comment by Oleksandr Byelkin [ 2022-01-20 ]

It is because incorrect copy of the Item_func_nullif in pushdown. (it is not second call of the method, it is call on the copy).

Comment by Oleksandr Byelkin [ 2022-01-21 ] 

diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc
 
index 3a76982d80e..6634e064f62 100644
 
--- a/sql/item_cmpfunc.cc
 
+++ b/sql/item_cmpfunc.cc
 
@@ -2619,6 +2619,27 @@ void Item_func_nullif::update_used_tables()
 
   }
 
 }
 
 
+Item *Item_func_nullif::get_copy(THD *thd, MEM_ROOT *mem_root)
 
+{
 
+  Item_func_nullif *copy= (Item_func_nullif*)
 
+    get_item_copy<Item_func_nullif>(thd, mem_root, this);
 
+  if (copy->fixed)
 
+  {
 
+     DBUG_ASSERT(arg_count == 3);
 
+     if ((copy->args= (Item**) thd_alloc(thd, sizeof(Item*) * 3)))
 
+     {
 
+       if (copy->m_arg0)
 
+         copy->args[0]= copy->m_arg0;
 
+       else
 
+         copy->args[0]= args[0];
 
+       copy->args[1]= args[1];
 
+       copy->args[2]= NULL;
 
+       copy->cleanup();
 
+       copy->fixed= false;
 
+     }
 
+  }
 
+  return (Item*) copy;
 
+}
 
 
 
 bool
 
@@ -2648,7 +2669,7 @@ Item_func_nullif::fix_length_and_dec()
 
     Otherwise (during PREPARE or convensional execution),
 
     args[0] and args[2] should still point to the same original l_expr.
 
   */
 
-  DBUG_ASSERT(args[0] == args[2] || thd->stmt_arena->is_stmt_execute());
 
+  //DBUG_ASSERT(args[0] == args[2] || thd->stmt_arena->is_stmt_execute());
 
   if (args[0]->type() == SUM_FUNC_ITEM &&
 
       !thd->lex->is_ps_or_view_context_analysis())
 
   {
 
diff --git a/sql/item_cmpfunc.h b/sql/item_cmpfunc.h
 
index 26469d88929..1c123f32786 100644
 
--- a/sql/item_cmpfunc.h
 
+++ b/sql/item_cmpfunc.h
 
@@ -1154,8 +1154,7 @@ class Item_func_nullif :public Item_func_hybrid_field_type
 
                                                            cond, &args[2]);
 
     return this;
 
   }
 
-  Item *get_copy(THD *thd, MEM_ROOT *mem_root)
 
-  { return get_item_copy<Item_func_nullif>(thd, mem_root, this); }
 
+  Item *get_copy(THD *thd, MEM_ROOT *mem_root);
 
   Item *derived_field_transformer_for_having(THD *thd, uchar *arg)
 
   { reset_first_arg_if_needed(); return this; }
 
   Item *derived_field_transformer_for_where(THD *thd, uchar *arg)

Generated at Thu Feb 08 08:48:59 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.