[MDEV-28624] Server crash in /sql/item.cc:6192: virtual bool Item_field::fix_fields(THD*, Item**) Created: 2022-05-19  Updated: 2023-01-16  Resolved: 2022-05-25

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: 10.2.43, 10.3.35
Fix Version/s: N/A

Type: Bug Priority: Critical
Reporter: Shihao Wen Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Environment:

ubuntu 18.04

Attachments: HTML File 381_stack    
Issue Links:
Duplicate
duplicates MDEV-16549 Server crashes in Item_field::fix_fie... Closed

 Description   

poc:

CREATE TEMPORARY TABLE v1426 ( v1427 TEXT ( 1 ) NOT NULL ) ;
 
 INSERT INTO v1426 ( v1427 ) VALUES ( 67 ) ;
 
 UPDATE v1426 SET v1427 = 61 WHERE v1427 = 25 ;
 
 INSERT INTO v1426 ( v1427 ) VALUES ( ( WITH v1431 AS ( SELECT v1427 FROM ( SELECT v1427 FROM ( SELECT v1427 FROM v1426 WHERE v1427 = CASE v1427 * 19 = -128 WHEN 255 THEN 'x' WHEN ( v1427 IN ( 'x' , -1 , -128 , 62 , 'x' / v1427 = v1427 + CASE FALSE / v1427 = v1427 + CASE v1427 WHEN TRUE THEN -128 ELSE 0 END OR v1427 = v1427 WHEN TRUE THEN 12 ELSE 0 END OR v1427 = v1427 OR v1427 = v1427 ) ) THEN 255 ELSE -1 END / -2147483648 ) AS v1428 NATURAL JOIN v1426 AS v1429 NATURAL JOIN v1426 ) AS v1430 ) SELECT v1427 FROM v1431 WHERE ( ( v1427 , v1427 , v1427 ) < ( 87 , 89998042.000000 NOT LIKE -128 , -2147483648 ) OR v1427 = 53 ) NOT LIKE 'x' AND CASE v1427 * 37 = 0 WHEN 31 THEN FALSE WHEN -1 THEN 'x' ELSE -1 END != 93 WINDOW v1432 AS ( ORDER BY v1427 ) ) ) , ( 54 ) ;
 
 WITH v1433 AS ( SELECT v1427 FROM v1426 ORDER BY 74927827.000000 ) SELECT ( ( v1427 OR NOT v1427 ) BETWEEN ( ( ( NOT ( ( ( v1427 , NOT ( v1427 = ( SELECT v1427 FROM v1426 WHERE ( ( ( -1 ^ 16 * NULL , v1427 , v1427 ) < ( 3944709.000000 , 0 NOT LIKE 56 , -2147483648 ) ) + -128 , v1427 ) NOT IN ( SELECT ( 'x' = ( v1427 IN ( SELECT v1427 FROM v1426 WHERE v1427 = CASE WHEN v1427 < 'x' THEN 'x' ELSE v1427 END / -1 ) ) ) , 'x' FROM v1426 ) ) * 61 + 2147483647 ^ 66 ) IN ( -32768 , 14 ) , v1427 ) < ( 2147483647 , 92 NOT LIKE 19 , FALSE ) ) * NULL ) ) ) ) AND 47045683.000000 ) , 'x' FROM v1433 WINDOW v1434 AS ( PARTITION BY v1427 ORDER BY v1427 DESC ) ORDER BY v1427 , v1427 DESC ;

output:
mysqld: /sql/item.cc:6192: virtual bool Item_field::fix_fields(THD*, Item**): Assertion `context' failed.

The full error log is in the attachment.

 Comments   
Comment by Daniel Black [ 2022-05-19 ]

Confirmed on 10.3.35+c9b5a05341d7342db5f369493ea200b5fb9db243 for second INSERT statement.

Comment by Alice Sherepa [ 2022-05-25 ]

Thank you!
I repeated on 10.3-10.9. This is the same as MDEV-16549

10.3 7d3d3838c1b8af98a9704

 
mysqld: /10.3/src/sql/item.cc:6192: virtual bool Item_field::fix_fields(THD*, Item**): Assertion `context' failed.
 
220525 17:03:10 [ERROR] mysqld got signal 6 ;
 
 
 
Server version: 10.3.36-MariaDB-debug-log
 
 
 
sql/item.cc:6200(Item_field::fix_fields(THD*, Item**))[0x5586bf3e5b0e]
 
sql/item.h:829(Item::fix_fields_if_needed(THD*, Item**))[0x5586be97c75b]
 
sql/item.cc:9151(Item_direct_view_ref::fix_fields(THD*, Item**))[0x5586bf40153e]
 
sql/item.h:829(Item::fix_fields_if_needed(THD*, Item**))[0x5586be97c75b]
 
sql/item_row.cc:45(Item_row::fix_fields(THD*, Item**))[0x5586bf535580]
 
sql/item.h:829(Item::fix_fields_if_needed(THD*, Item**))[0x5586be97c75b]
 
sql/item_func.cc:352(Item_func::fix_fields(THD*, Item**))[0x5586bf4b1f34]
 
sql/item.h:829(Item::fix_fields_if_needed(THD*, Item**))[0x5586be97c75b]
 
sql/item.h:833(Item::fix_fields_if_needed_for_scalar(THD*, Item**))[0x5586be97c795]
 
sql/item.h:838(Item::fix_fields_if_needed_for_bool(THD*, Item**))[0x5586beaa2599]
 
sql/item_cmpfunc.cc:4628(Item_cond::fix_fields(THD*, Item**))[0x5586bf454a89]
 
sql/item.h:829(Item::fix_fields_if_needed(THD*, Item**))[0x5586be97c75b]
 
sql/item_func.cc:352(Item_func::fix_fields(THD*, Item**))[0x5586bf4b1f34]
 
sql/item_cmpfunc.cc:5421(Item_func_like::fix_fields(THD*, Item**))[0x5586bf45c848]
 
sql/item.h:829(Item::fix_fields_if_needed(THD*, Item**))[0x5586be97c75b]
 
sql/item.h:833(Item::fix_fields_if_needed_for_scalar(THD*, Item**))[0x5586be97c795]
 
sql/item.h:838(Item::fix_fields_if_needed_for_bool(THD*, Item**))[0x5586beaa2599]
 
sql/item_cmpfunc.cc:4628(Item_cond::fix_fields(THD*, Item**))[0x5586bf454a89]
 
sql/sql_select.cc:1734(JOIN::optimize_inner())[0x5586beca0bf1]
 
sql/sql_select.cc:1519(JOIN::optimize())[0x5586bec9e8b9]
 
sql/sql_derived.cc:962(mysql_derived_optimize(THD*, LEX*, TABLE_LIST*))[0x5586beb2ffe8]
 
sql/sql_derived.cc:193(mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int))[0x5586beb2b28d]
 
sql/sql_select.cc:1800(JOIN::optimize_inner())[0x5586beca1848]
 
sql/sql_select.cc:1519(JOIN::optimize())[0x5586bec9e8b9]
 
sql/sql_lex.cc:4124(st_select_lex::optimize_unflattened_subqueries(bool))[0x5586beb913ca]
 
sql/sql_insert.cc:819(mysql_insert(THD*, TABLE_LIST*, List<Item>&, List<List<Item> >&, List<Item>&, List<Item>&, enum_duplicates, bool))[0x5586beb4a74b]
 
sql/sql_parse.cc:4504(mysql_execute_command(THD*))[0x5586bebf4d59]
 
sql/sql_parse.cc:7870(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x5586bec0ceee]
 
sql/sql_parse.cc:1855(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5586bebe3dcb]
 
sql/sql_parse.cc:1398(do_command(THD*))[0x5586bebe090e]
 
sql/sql_connect.cc:1403(do_handle_one_connection(CONNECT*))[0x5586befb3ef1]
 
sql/sql_connect.cc:1309(handle_one_connection)[0x5586befb37ab]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x5586c05e3209]
 
nptl/pthread_create.c:478(start_thread)[0x7f572b240609]
 
 
 
Query (0x62b000000290): INSERT INTO v1426 ( v1427 ) VALUES ( ( WITH v1431 AS ( SELECT v1427 FROM ( SELECT v1427 FROM ( SELECT v1427 FROM v1426 WHERE v1427 = CASE v1427 * 19 = -128 WHEN 255 THEN 'x' WHEN ( v1427 IN ( 'x' , -1 , -128 , 62 , 'x' / v1427 = v1427 + CASE FALSE / v1427 = v1427 + CASE v1427 WHEN TRUE THEN -128 ELSE 0 END OR v1427 = v1427 WHEN TRUE THEN 12 ELSE 0 END OR v1427 = v1427 OR v1427 = v1427 ) ) THEN 255 ELSE -1 END / -2147483648 ) AS v1428 NATURAL JOIN v1426 AS v1429 NATURAL JOIN v1426 ) AS v1430 ) SELECT v1427 FROM v1431 WHERE ( ( v1427 , v1427 , v1427 ) < ( 87 , 89998042.000000 NOT LIKE -128 , -2147483648 ) OR v1427 = 53 ) NOT LIKE 'x' AND CASE v1427 * 37 = 0 WHEN 31 THEN FALSE WHEN -1 THEN 'x' ELSE -1 END != 93 WINDOW v1432 AS ( ORDER BY v1427 ) ) ) , ( 54 )

Generated at Thu Feb 08 10:02:13 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.