[MDEV-21995] Server crashes in Item_field::real_type_handler with table value constructor Created: 2020-03-22  Updated: 2020-06-13  Resolved: 2020-05-19

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 10.3, 10.4, 10.5
Fix Version/s: 10.5.4, 10.3.24, 10.4.14

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Alexander Barkov
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Duplicate
is duplicated by MDEV-22610 Crash in INSERT INTO t1 (VALUES (DEFA... Closed
Relates
relates to MDEV-22786 Crashes with nested table value const... Closed
relates to MDEV-22886 ASAN use-after-poison in my_convert w... Confirmed
relates to MDEV-22560 Crash on a table value constructor wi... Closed
relates to MDEV-22579 No error when inserting DEFAULT(non_v... Closed
relates to MDEV-22591 Debug build crashes on EXECUTE IMMEDI... Closed

 Description    

VALUES ( IGNORE );

10.3 fd5c36be

 
#3  <signal handler called>
 
#4  0x0000558f618d9f53 in Item_field::real_type_handler (this=0x7f41e0012a10) at /data/src/10.3/sql/item.h:3050
 
#5  0x0000558f61bc2bcf in join_type_handlers_for_tvc (thd=0x7f41e0000af0, li=..., holders=0x7f41e0013288, first_list_el_count=1) at /data/src/10.3/sql/sql_tvc.cc:112
 
#6  0x0000558f61bc319a in table_value_constr::prepare (this=0x7f41e0012c48, thd=0x7f41e0000af0, sl=0x7f41e0005140, tmp_result=0x7f41e0013160, unit_arg=0x7f41e00049b8) at /data/src/10.3/sql/sql_tvc.cc:234
 
#7  0x0000558f61aa2c0c in st_select_lex_unit::prepare (this=0x7f41e00049b8, derived_arg=0x0, sel_result=0x7f41e0013138, additional_options=268435456) at /data/src/10.3/sql/sql_union.cc:1018
 
#8  0x0000558f61a9f5db in mysql_union (thd=0x7f41e0000af0, lex=0x7f41e00048f8, result=0x7f41e0013138, unit=0x7f41e00049b8, setup_tables_done_option=0) at /data/src/10.3/sql/sql_union.cc:39
 
#9  0x0000558f619e72b6 in handle_select (thd=0x7f41e0000af0, lex=0x7f41e00048f8, result=0x7f41e0013138, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:360
 
#10 0x0000558f619aed83 in execute_sqlcom_select (thd=0x7f41e0000af0, all_tables=0x0) at /data/src/10.3/sql/sql_parse.cc:6293
 
#11 0x0000558f619a57a7 in mysql_execute_command (thd=0x7f41e0000af0) at /data/src/10.3/sql/sql_parse.cc:3820
 
#12 0x0000558f619b307b in mysql_parse (thd=0x7f41e0000af0, rawbuf=0x7f41e0012960 "VALUES ( IGNORE )", length=17, parser_state=0x7f41f13a65e0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7817
 
#13 0x0000558f6199fc07 in dispatch_command (command=COM_QUERY, thd=0x7f41e0000af0, packet=0x7f41e01232d1 "VALUES ( IGNORE )", packet_length=17, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1856
 
#14 0x0000558f6199e54f in do_command (thd=0x7f41e0000af0) at /data/src/10.3/sql/sql_parse.cc:1401
 
#15 0x0000558f61b160c8 in do_handle_one_connection (connect=0x558f64602f00) at /data/src/10.3/sql/sql_connect.cc:1403
 
#16 0x0000558f61b15e2a in handle_one_connection (arg=0x558f64602f00) at /data/src/10.3/sql/sql_connect.cc:1308
 
#17 0x0000558f624c6368 in pfs_spawn_thread (arg=0x558f6455c0f0) at /data/src/10.3/storage/perfschema/pfs.cc:1869
 
#18 0x00007f41f91304a4 in start_thread (arg=0x7f41f13a7700) at pthread_create.c:456
 
#19 0x00007f41f7264d0f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97

Reproducible on 10.3-10.5.
Debug and non-debug builds crash the same way.

Also happens with

VALUES ( DEFAULT );

Note, on the contrary, these two statements return an error without crashing:

EXECUTE IMMEDIATE 'VALUES (?)' USING IGNORE;
 
EXECUTE IMMEDIATE 'VALUES (?)' USING DEFAULT;


ERROR 4032 (HY000): Default/ignore value is not supported for such parameter usage



 Comments   
Comment by Alexander Barkov [ 2020-05-15 ]

A possible solution would be to disallow IGNORE and DEFAULT outside of a INSERT..VALUES context.

If we go this way, this should eventually disallow using IGNORE/DEFAULT in this context:

EXECUTE IMMEDIATE 'SELECT ?' USING IGNORE;
 
EXECUTE IMMEDIATE 'SELECT ?' USING DEFAULT;

Now they return NULL.

The above queries should probably return the same error that is returned in this context:

EXECUTE IMMEDIATE 'SELECT ?+1' USING IGNORE;


ERROR 4032 (HY000): Default/ignore value is not supported for such parameter usage

Generated at Thu Feb 08 09:11:24 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.