[MDEV-19188] Server Crash When Using a Trigger With A Number of Virtual Columns on INSERT/UPDATE Created: 2019-04-05  Updated: 2019-05-01  Resolved: 2019-05-01

Status: Closed
Project: MariaDB Server
Component/s: Triggers, Virtual Columns
Affects Version/s: 10.3.14, 10.3.15, 10.2, 10.3, 10.4
Fix Version/s: 10.2.24, 10.3.15, 10.4.5

Type: Bug Priority: Critical
Reporter: Robert Humphries Assignee: Nikita Malyavin
Resolution: Fixed Votes: 0
Labels: triggers, virtual_columns
Environment:

Production: Ubuntu 16.04 LTS
Development: Centos 7, using 10.3.15-MariaDB-debug

Attachments: File setup.sql     Text File setup.txt     Text File test1.txt     Text File test2.txt     Text File test3.txt     Text File test4.txt     File tests.sql    

 Description   

When you have a table that has 9 (or more) virtual columns, with any type (tested VARCHAR and INT) or expression (initially found the bug where JSON_VALID was used, then tested with referring to another column or just a constant expression) and a BEFORE INSERT or BEFORE UPDATE trigger (with any content or where the trigger is empty); then any INSERT or UPDATE will crash the server; even if the trigger is a BEFORE INSERT trigger and an UPDATE is run, or the other way round, or an INSERT is run with the trigger being a BEFORE INSERT trigger, etc.

In the event that the INSERT is done via an INSERT INTO ... SELECT statement, no crash occurs.

 Comments   
Comment by Elena Stepanova [ 2019-04-06 ]

Thanks for the report and test case. Reproducible as described.

Test case - same as in attachments, only wrapped up for MTR.

--source include/have_innodb.inc
 
 
 
CREATE TABLE `testBeforeInsert` (
 
  `str` VARCHAR(16) NOT NULL,
 
  `virt1` INT(11) GENERATED ALWAYS AS (0) VIRTUAL,
 
  `virt2` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,
 
  `virt3` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,
 
  `virt4` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,
 
  `virt5` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,
 
  `virt6` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,
 
  `virt7` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,
 
  `virt8` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,
 
  `virt9` VARCHAR(128) GENERATED ALWAYS AS ('a') VIRTUAL,
 
  PRIMARY KEY (`str`)
 
) ENGINE=INNODB DEFAULT CHARSET=utf8;
 
 
 
INSERT INTO `testBeforeInsert` (`str`) VALUES ('test');
 
 
 
CREATE
 
    TRIGGER `testBeforeInsertTrigger` BEFORE INSERT ON `testBeforeInsert` 
    FOR EACH ROW BEGIN
 
    END;
 
 
 
INSERT INTO `testBeforeInsert` (`str`) VALUES ("testcrash");

10.2 b4a7bde7

 
#3  <signal handler called>
 
#4  0x00007f4fcd30504d in __memset_avx2_erms () from /lib/x86_64-linux-gnu/libc.so.6
 
#5  0x000055ce4b2dde47 in Table_triggers_list::reset_extra_null_bitmap (this=0x7f4f70092d98) at /data/src/10.2/sql/sql_trigger.h:279
 
#6  0x000055ce4b2db3b6 in switch_to_nullable_trigger_fields (items=..., table=0x7f4f70009960) at /data/src/10.2/sql/sql_base.cc:8092
 
#7  0x000055ce4b31ab1e in mysql_insert (thd=0x7f4f70000b00, table_list=0x7f4f700125d8, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false) at /data/src/10.2/sql/sql_insert.cc:798
 
#8  0x000055ce4b342fba in mysql_execute_command (thd=0x7f4f70000b00) at /data/src/10.2/sql/sql_parse.cc:4438
 
#9  0x000055ce4b34e475 in mysql_parse (thd=0x7f4f70000b00, rawbuf=0x7f4f70012458 "INSERT INTO `testBeforeInsert` (`str`) VALUES (\"testcrash\")", length=59, parser_state=0x7f4fb85f2200, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:8013
 
#10 0x000055ce4b33bf72 in dispatch_command (command=COM_QUERY, thd=0x7f4f70000b00, packet=0x7f4f700968b1 "", packet_length=59, is_com_multi=false, is_next_command=false) at /data/src/10.2/sql/sql_parse.cc:1832
 
#11 0x000055ce4b33a88f in do_command (thd=0x7f4f70000b00) at /data/src/10.2/sql/sql_parse.cc:1386
 
#12 0x000055ce4b48df79 in do_handle_one_connection (connect=0x55ce4daa9df0) at /data/src/10.2/sql/sql_connect.cc:1335
 
#13 0x000055ce4b48dd06 in handle_one_connection (arg=0x55ce4daa9df0) at /data/src/10.2/sql/sql_connect.cc:1241
 
#14 0x000055ce4b8b600a in pfs_spawn_thread (arg=0x55ce4daafc00) at /data/src/10.2/storage/perfschema/pfs.cc:1862
 
#15 0x00007f4fcf0f6494 in start_thread (arg=0x7f4fb85f3700) at pthread_create.c:333
 
#16 0x00007f4fcd2c493f in clone () from /lib/x86_64-linux-gnu/libc.so.6

Generated at Thu Feb 08 08:49:43 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.