[MDEV-22591] Debug build crashes on EXECUTE IMMEDIATE '... WHERE ?' USING IGNORE Created: 2020-05-16  Updated: 2020-05-19  Resolved: 2020-05-19

Status: Closed
Project: MariaDB Server
Component/s: Prepared Statements
Affects Version/s: 10.2, 10.3
Fix Version/s: 10.2.33, 10.3.24

Type: Bug Priority: Major
Reporter: Alexander Barkov Assignee: Alexander Barkov
Resolution: Fixed Votes: 0
Labels: not-10.4, not-10.5

Issue Links:
Relates
relates to MDEV-21995 Server crashes in Item_field::real_ty... Closed
relates to MDEV-22560 Crash on a table value constructor wi... Closed
relates to MDEV-22579 No error when inserting DEFAULT(non_v... Closed
relates to MDEV-22610 Crash in INSERT INTO t1 (VALUES (DEFA... Closed

 Description   

Debug build crashes on these query in 10.2 and 10.3:

EXECUTE IMMEDIATE 'SELECT * FROM t1 WHERE ?' USING IGNORE;
 
EXECUTE IMMEDIATE 'SELECT * FROM t1 HAVING ?' USING IGNORE;
 
EXECUTE IMMEDIATE 'SHOW DATABASES WHERE ?' USING DEFAULT;

Not repeatable with 10.4 and 10.5.

 Comments   
Comment by Alexander Barkov [ 2020-05-16 ]

Stack trace:

#0  0x00007ffff76ce625 in raise () from /lib64/libc.so.6
 
#1  0x00007ffff76b78d9 in abort () from /lib64/libc.so.6
 
#2  0x00007ffff76b77a9 in __assert_fail_base.cold () from /lib64/libc.so.6
 
#3  0x00007ffff76c6a66 in __assert_fail () from /lib64/libc.so.6
 
#4  0x0000000000ab4878 in Item_param::type (this=0x7fff6802a270)
 
    at /home/bar/maria-git/server.10.3/sql/item.h:3533
 
#5  0x00000000007baea1 in JOIN::prepare (this=0x7fff68014080, 
    tables_init=0x7fff68029c00, wild_num=0, conds_init=0x0, og_num=0, 
    order_init=0x0, skip_order_by=false, group_init=0x0, 
    having_init=0x7fff6802a270, proc_param_init=0x0, 
    select_lex_arg=0x7fff68028b00, unit_arg=0x7fff68028378)
 
    at /home/bar/maria-git/server.10.3/sql/sql_select.cc:1181
 
#6  0x00000000007c604e in mysql_select (thd=0x7fff68000d90, 
    tables=0x7fff68029c00, wild_num=0, fields=..., conds=0x0, og_num=0, 
    order=0x0, group=0x0, having=0x7fff6802a270, proc_param=0x0, 
    select_options=2416184064, result=0x7fff6802a430, unit=0x7fff68028378, 
    select_lex=0x7fff68028b00)
 
    at /home/bar/maria-git/server.10.3/sql/sql_select.cc:4279
 
#7  0x00000000007b7cac in handle_select (thd=0x7fff68000d90, 
    lex=0x7fff680282b8, result=0x7fff6802a430, setup_tables_done_option=0)
 
    at /home/bar/maria-git/server.10.3/sql/sql_select.cc:370
 
#8  0x0000000000781807 in execute_sqlcom_select (thd=0x7fff68000d90, 
    all_tables=0x7fff68029c00)
 
    at /home/bar/maria-git/server.10.3/sql/sql_parse.cc:6293
 
#9  0x0000000000778320 in mysql_execute_command (thd=0x7fff68000d90)
 
    at /home/bar/maria-git/server.10.3/sql/sql_parse.cc:3820
 
#10 0x00000000007a3e44 in Prepared_statement::execute (this=0x7fff6801a940, 
    expanded_query=0x7ffff412f2f0, open_cursor=false)
 
    at /home/bar/maria-git/server.10.3/sql/sql_prepare.cc:4807
 
#11 0x00000000007a20f9 in Prepared_statement::execute_loop (
 
    this=0x7fff6801a940, expanded_query=0x7ffff412f2f0, open_cursor=false, 
    packet=0x0, packet_end=0x0)
 
    at /home/bar/maria-git/server.10.3/sql/sql_prepare.cc:4235
 
#12 0x00000000007a43f9 in Prepared_statement::execute_immediate (
 
    this=0x7fff6801a940, query=0x7fff680138a8 "SELECT * FROM t1 HAVING ?", 
    query_len=25) at /home/bar/maria-git/server.10.3/sql/sql_prepare.cc:4931

Comment by Alexander Barkov [ 2020-05-19 ]

It's also repeatable with these queries:

EXECUTE IMMEDIATE 'SELECT * FROM t1 WHERE ?' USING 0;
 
EXECUTE IMMEDIATE 'SELECT * FROM t1 HAVING ?' USING 0;
 
EXECUTE IMMEDIATE 'SHOW DATABASES WHERE ?' USING 0;

Generated at Thu Feb 08 09:15:56 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.