[MDEV-29011] Server crash in spider_db_open_item_cond with XOR operator Created: 2022-07-02  Updated: 2023-07-20  Resolved: 2022-07-05

Status: Closed
Project: MariaDB Server
Component/s: Storage Engine - Spider
Affects Version/s: 10.3, 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10
Fix Version/s: 10.3.36, 10.4.26, 10.5.17, 10.6.9, 10.7.5, 10.8.4, 10.9.2

Type: Bug Priority: Critical
Reporter: Elena Stepanova Assignee: Nayuta Yanagisawa (Inactive)
Resolution: Fixed Votes: 0
Labels: spider-gbh

Issue Links:
Blocks
blocks MDEV-29012 Unexpected syntax error upon select f... Closed
Duplicate
is duplicated by MDEV-29012 Unexpected syntax error upon select f... Closed

 Description    

--source plugin/spider/spider/include/init_spider.inc
 
 
 
SET spider_same_server_link= on;
 
eval create server s foreign data wrapper mysql options (host "127.0.0.1", database "test", user "root", port $MASTER_MYPORT);
 
 
 
CREATE TABLE t (a INT, b INT);
 
INSERT INTO t VALUES (1,2),(3,4);
 
CREATE TABLE t_spider (a INT, b INT) ENGINE=SPIDER COMMENT = "wrapper 'mysql', srv 's', table 't'";
 
SELECT a XOR b AS f FROM t_spider;
 
 
 
# Cleanup
 
DROP TABLE t_spider, t;
 
 
 
--source plugin/spider/spider/include/deinit_spider.inc

10.3 990cde80 debug

 
#2  0x000056293217d242 in handle_fatal_signal (sig=11) at /data/src/10.3/sql/signal_handler.cc:365
 
        curr_time = 1656864773
 
        tm = {tm_sec = 53, tm_min = 12, tm_hour = 19, tm_mday = 3, tm_mon = 6, tm_year = 122, tm_wday = 0, tm_yday = 183, tm_isdst = 1, tm_gmtoff = 10800, tm_zone = 0x562935ad2fe0 "EEST"}
 
        thd = 0x7f425c000d90
 
        print_invalid_query_pointer = false
 
#3  <signal handler called>
 
No locals.
 
#4  0x00007f426c1f7e43 in base_list_iterator::next_fast (this=0x7f426c389be0) at /data/src/10.3/sql/sql_list.h:442
 
        tmp = 0x8f8f8f8f8f8f0066
 
#5  0x00007f426c1fa7fd in List_iterator_fast<Item>::operator++ (this=0x7f426c389be0) at /data/src/10.3/sql/sql_list.h:562
 
No locals.
 
#6  0x00007f426c1ea142 in spider_db_open_item_cond (item_cond=0x7f425c012db8, spider=0x7f425c0c2168, str=0x0, alias=0x0, alias_length=0, dbton_id=0, use_fields=true, fields=0x7f425c106300) at /data/src/10.3/storage/spider/spd_db_conn.cc:8987
 
        error_num = 0
 
        lif = {<base_list_iterator> = {list = 0x7f425c012e78, el = 0x8f8f8f8f8f8f0066, prev = 0x0, current = 0x0}, <No data fields>}
 
        item = 0x5629329f183b <my_thread_var_dbug+31>
 
        func_name = 0x0
 
        func_name_length = 0
 
        restart_pos = 0
 
        _db_stack_frame_ = {func = 0x7f426c3088d0 "spider_db_mbase_util::open_item_func", file = 0x7f426c3062d8 "/data/src/10.3/storage/spider/spd_db_mysql.cc", level = 2147483662, line = -1, prev = 0x7f426c389e00}
 
#7  0x00007f426c2af5ee in spider_db_mbase_util::open_item_func (this=0x7f426c3414d0 <spider_db_mysql_utility>, item_func=0x7f425c012db8, spider=0x7f425c0c2168, str=0x0, alias=0x0, alias_length=0, use_fields=true, fields=0x7f425c106300) at /data/src/10.3/storage/spider/spd_db_mysql.cc:5012
 
        thd = 0x7f426c38a010
 
        share = 0x562932a172b1 <_db_return_+209>
 
        error_num = 32578
 
        item = 0x7f426c389d30
 
        item_list = 0x7f425c012e48
 
        field = 0x7f4200000009
 
        roop_count = 32578
 
        item_count = 2
 
        start_item = 0
 
        func_name = 0x7f426c306130 ""
 
        separator_str = 0x7f426c306130 ""
 
        last_str = 0x7f426c306130 ""
 
        func_name_length = 0
 
        separator_str_length = 0
 
        last_str_length = 0
 
        use_pushdown_udf = 22057
 
        merge_func = false
 
        _db_stack_frame_ = {func = 0x7f426c2f7424 "spider_db_open_item_func", file = 0x7f426c2f53e8 "/data/src/10.3/storage/spider/spd_db_conn.cc", level = 2147483661, line = 5012, prev = 0x7f426c38a1f0}
 
#8  0x00007f426c1ea5cf in spider_db_open_item_func (item_func=0x7f425c012db8, spider=0x7f425c0c2168, str=0x0, alias=0x0, alias_length=0, dbton_id=0, use_fields=true, fields=0x7f425c106300) at /data/src/10.3/storage/spider/spd_db_conn.cc:9059
 
        _db_stack_frame_ = {func = 0x7f426c2f7332 "spider_db_print_item_type", file = 0x7f426c2f53e8 "/data/src/10.3/storage/spider/spd_db_conn.cc", level = 2147483660, line = 9059, prev = 0x7f426c38a270}
 
#9  0x00007f426c1e9c4e in spider_db_print_item_type (item=0x7f425c012db8, field=0x0, spider=0x7f425c0c2168, str=0x0, alias=0x0, alias_length=0, dbton_id=0, use_fields=true, fields=0x7f425c106300) at /data/src/10.3/storage/spider/spd_db_conn.cc:8869
 
        _db_stack_frame_ = {func = 0x7f426c30efe0 "spider_create_group_by_handler", file = 0x7f426c30e198 "/data/src/10.3/storage/spider/spd_group_by_handler.cc", level = 2147483659, line = 8869, prev = 0x7f426c38a400}
 
#10 0x00007f426c2e8dfa in spider_create_group_by_handler (thd=0x7f425c000d90, query=0x7f426c38a4f0) at /data/src/10.3/storage/spider/spd_group_by_handler.cc:1802
 
        group_by_handler = 0x10000329f183b
 
        item = 0x7f425c012db8
 
        from = 0x0
 
        conn = 0x7f426c38a3c0
 
        spider = 0x7f425c0c2168
 
        share = 0x7f425c0c3e60
 
        roop_count = 0
 
        lock_mode = 32578
 
        it = {<base_list_iterator> = {list = 0x7f425c013a18, el = 0x7f425c012e80, prev = 0x0, current = 0x0}, <No data fields>}
 
        dbton_bitmap = "\001"
 
        dbton_bitmap_tmp = "\000"
 
        order = 0x7f425c000cd0
 
        keep_going = true
 
        find_dbton = false
 
        fields = 0x0
 
        fields_arg = 0x7f425c106300
 
        table_idx = 1
 
        dbton_id = 0
 
        tgt_link_status = 94734931183355
 
        _db_stack_frame_ = {func = 0x562932aa0dbb "JOIN::make_aggr_tables_info", file = 0x562932aa05c0 "/data/src/10.3/sql/sql_select.cc", level = 2147483658, line = -1, prev = 0x7f426c38a4d0}
 
        __PRETTY_FUNCTION__ = "group_by_handler* spider_create_group_by_handler(THD*, Query*)"
 
#11 0x0000562931ea85a6 in JOIN::make_aggr_tables_info (this=0x7f425c0136f8) at /data/src/10.3/sql/sql_select.cc:2927
 
        query = {select = 0x7f425c013a18, distinct = false, from = 0x7f425c012ee0, where = 0x0, group_by = 0x0, order_by = 0x0, having = 0x0}
 
        gbh = 0x7f425c0136f8
 
        tbl = 0x0
 
        ht = 0x7f425c0adaf0
 
        curr_all_fields = 0x7f425c013a18
 
        curr_fields_list = 0x7f425c005500
 
        curr_tab = 0x7f425c0148c8
 
        exec_tmp_table = 0x0
 
        distinct = false
 
        keep_row_order = false
 
        is_having_added_as_table_cond = false
 
        _db_stack_frame_ = {func = 0x562932aa0b9d "JOIN::optimize_stage2", file = 0x562932aa05c0 "/data/src/10.3/sql/sql_select.cc", level = 2147483657, line = -1, prev = 0x7f426c38a5f0}
 
        has_group_by = false
 
        implicit_grouping_with_window_funcs = false
 
        implicit_grouping_without_tables = false
 
        __PRETTY_FUNCTION__ = "bool JOIN::make_aggr_tables_info()"
 
#12 0x0000562931ea7844 in JOIN::optimize_stage2 (this=0x7f425c0136f8) at /data/src/10.3/sql/sql_select.cc:2697
 
        select_opts_for_readinfo = 0
 
        no_jbuf_after = 1
 
        tab = 0x0
 
        _db_stack_frame_ = {func = 0x562932aa0a63 "JOIN::optimize_inner", file = 0x562932aa05c0 "/data/src/10.3/sql/sql_select.cc", level = 2147483656, line = -1, prev = 0x7f426c38a6a0}
 
        __PRETTY_FUNCTION__ = "int JOIN::optimize_stage2()"
 
        res = -1
 
#13 0x0000562931ea5298 in JOIN::optimize_inner (this=0x7f425c0136f8) at /data/src/10.3/sql/sql_select.cc:2003
 
        _db_stack_frame_ = {func = 0x562932aa1396 "mysql_select", file = 0x562932aa05c0 "/data/src/10.3/sql/sql_select.cc", level = 2147483655, line = -1, prev = 0x7f426c38a7a0}
 
        sel = 0x7f425c0053d8
 
        ignore_on_expr = false
 
        __PRETTY_FUNCTION__ = "int JOIN::optimize_inner()"
 
#14 0x0000562931ea3670 in JOIN::optimize (this=0x7f425c0136f8) at /data/src/10.3/sql/sql_select.cc:1519
 
        res = 0
 
        init_state = JOIN::NOT_OPTIMIZED
 
#15 0x0000562931ead79e in mysql_select (thd=0x7f425c000d90, tables=0x7f425c012ee0, wild_num=0, fields=@0x7f425c005500: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x7f425c012e80, last = 0x7f425c012e80, elements = 1}, <No data fields>}, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7f425c0136d0, unit=0x7f425c004c40, select_lex=0x7f425c0053d8) at /data/src/10.3/sql/sql_select.cc:4340
 
        err = 0
 
        free_join = true
 
        _db_stack_frame_ = {func = 0x562932aa05fd "handle_select", file = 0x562932aa05c0 "/data/src/10.3/sql/sql_select.cc", level = 2147483654, line = -1, prev = 0x7f426c38a860}
 
        join = 0x7f425c0136f8
 
#16 0x0000562931e9edad in handle_select (thd=0x7f425c000d90, lex=0x7f425c004b80, result=0x7f425c0136d0, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:372
 
        unit = 0x7f425c004c40
 
        res = false
 
        select_lex = 0x7f425c0053d8
 
        _db_stack_frame_ = {func = 0x562932a952c8 "mysql_execute_command", file = 0x562932a946a8 "/data/src/10.3/sql/sql_parse.cc", level = 2147483653, line = -1, prev = 0x7f426c38aed0}
 
#17 0x0000562931e65d90 in execute_sqlcom_select (thd=0x7f425c000d90, all_tables=0x7f425c012ee0) at /data/src/10.3/sql/sql_parse.cc:6339
 
        save_protocol = 0x0
 
        lex = 0x7f425c004b80
 
        result = 0x7f425c0136d0
 
        res = false
 
        __PRETTY_FUNCTION__ = "bool execute_sqlcom_select(THD*, TABLE_LIST*)"
 
#18 0x0000562931e5c798 in mysql_execute_command (thd=0x7f425c000d90) at /data/src/10.3/sql/sql_parse.cc:3870
 
        privileges_requested = 1
 
        res = 0
 
        up_result = 0
 
        lex = 0x7f425c004b80
 
        select_lex = 0x7f425c0053d8
 
        first_table = 0x7f425c012ee0
 
        all_tables = 0x7f425c012ee0
 
        unit = 0x7f425c004c40
 
        have_table_map_for_update = false
 
        rpl_filter = 0x38832a17084
 
        _db_stack_frame_ = {func = 0x562932a965a0 "mysql_parse", file = 0x562932a946a8 "/data/src/10.3/sql/sql_parse.cc", level = 2147483652, line = -1, prev = 0x7f426c38b400}
 
        __PRETTY_FUNCTION__ = "int mysql_execute_command(THD*)"
 
        orig_binlog_format = BINLOG_FORMAT_MIXED
 
        orig_current_stmt_binlog_format = BINLOG_FORMAT_STMT
 
#19 0x0000562931e6a090 in mysql_parse (thd=0x7f425c000d90, rawbuf=0x7f425c012ad8 "SELECT a XOR b AS f FROM t_spider", length=33, parser_state=0x7f426c38b5b0, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:7870
 
        found_semicolon = 0x0
 
        error = 32578
 
        lex = 0x7f425c004b80
 
        err = false
 
        _db_stack_frame_ = {func = 0x562932a94b32 "dispatch_command", file = 0x562932a946a8 "/data/src/10.3/sql/sql_parse.cc", level = 2147483651, line = -1, prev = 0x7f426c38b590}
 
        __PRETTY_FUNCTION__ = "void mysql_parse(THD*, char*, uint, Parser_state*, bool, bool)"
 
#20 0x0000562931e568c5 in dispatch_command (command=COM_QUERY, thd=0x7f425c000d90, packet=0x7f425c008f31 "SELECT a XOR b AS f FROM t_spider", packet_length=33, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1852
 
        packet_end = 0x7f425c012af9 ""
 
        parser_state = {m_lip = {lookahead_token = -1, lookahead_yylval = 0x0, m_thd = 0x7f425c000d90, m_ptr = 0x7f425c012afa "\004", m_tok_start = 0x7f425c012afa "\004", m_tok_end = 0x7f425c012afa "\004", m_end_of_query = 0x7f425c012af9 "", m_tok_start_prev = 0x7f425c012af9 "", m_buf = 0x7f425c012ad8 "SELECT a XOR b AS f FROM t_spider", m_buf_length = 33, m_echo = true, m_echo_saved = 12, m_cpp_buf = 0x7f425c012b50 "SELECT a XOR b AS f FROM t_spider", m_cpp_ptr = 0x7f425c012b71 "", m_cpp_tok_start = 0x7f425c012b71 "", m_cpp_tok_start_prev = 0x7f425c012b71 "", m_cpp_tok_end = 0x7f425c012b71 "", m_body_utf8 = 0x0, m_body_utf8_ptr = 0x10000329f183b <error: Cannot access memory at address 0x10000329f183b>, m_cpp_utf8_processed_ptr = 0x0, next_state = MY_LEX_END, found_semicolon = 0x0, ignore_space = false, stmt_prepare_mode = false, multi_statements = true, yylineno = 1, m_digest = 0x0, in_comment = NO_COMMENT, in_comment_saved = PRESERVE_COMMENT, m_cpp_text_start = 0x7f425c012b69 "t_spider", m_cpp_text_end = 0x7f425c012b71 "", m_underscore_cs = 0x0}, m_yacc = {yacc_yyss = 0x0, yacc_yyvs = 0x0, m_set_signal_info = {m_item = {0x0 <repeats 12 times>}}, m_lock_type = TL_READ_DEFAULT, m_mdl_type = MDL_SHARED_READ}, m_digest_psi = 0x7f425c004658}
 
        net = 0x7f425c001098
 
        error = false
 
        do_end_of_statement = true
 
        _db_stack_frame_ = {func = 0x562932a948bd "do_command", file = 0x562932a946a8 "/data/src/10.3/sql/sql_parse.cc", level = 2147483650, line = -1, prev = 0x7f426c38bdf0}
 
        drop_more_results = false
 
        __PRETTY_FUNCTION__ = "bool dispatch_command(enum_server_command, THD*, char*, uint, bool, bool)"
 
        res = <optimized out>
 
#21 0x0000562931e55283 in do_command (thd=0x7f425c000d90) at /data/src/10.3/sql/sql_parse.cc:1398
 
        return_value = false
 
        packet = 0x7f425c008f30 "\003SELECT a XOR b AS f FROM t_spider"
 
        packet_length = 34
 
        net = 0x7f425c001098
 
        command = COM_QUERY
 
        _db_stack_frame_ = {func = 0x562932e167d0 "?func", file = 0x562932e167d6 "?file", level = 2147483649, line = -1, prev = 0x0}
 
        __PRETTY_FUNCTION__ = "bool do_command(THD*)"
 
#22 0x0000562931fd2878 in do_handle_one_connection (connect=0x562935ca5170) at /data/src/10.3/sql/sql_connect.cc:1403
 
        create_user = true
 
        thr_create_utime = 3286885099211
 
        thd = 0x7f425c000d90
 
#23 0x0000562931fd25e3 in handle_one_connection (arg=0x562935ca5170) at /data/src/10.3/sql/sql_connect.cc:1308
 
        connect = 0x562935ca5170
 
#24 0x0000562932981b3a in pfs_spawn_thread (arg=0x562935da5a40) at /data/src/10.3/storage/perfschema/pfs.cc:1869
 
        typed_arg = 0x562935da5a40
 
        user_arg = 0x562935ca5170
 
        user_start_routine = 0x562931fd25b3 <handle_one_connection(void*)>
 
        pfs = 0x7f427065b6c0
 
        klass = 0x562935a98280
 
#25 0x00007f42724fdea7 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
        ret = <optimized out>
 
        pd = <optimized out>
 
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139923260229376, 6465113372914597161, 140729675587934, 140729675587935, 139923260227520, 311296, -6396120639615025879, -6396141969522180823}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
 
        not_first_call = 0
 
#26 0x00007f427242ddef in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Same with OR instead of XOR works all right.

 Comments   
Comment by Nayuta Yanagisawa (Inactive) [ 2022-07-04 ]

Spider does the wrong conversion from Item_func_xor to Item_cond. 

#ifdef MARIADB_BASE_VERSION
 
    case Item_func::XOR_FUNC:
 
#else
 
    case Item_func::COND_XOR_FUNC:
 
#endif
 
      if (str)
 
        str->length(str->length() - SPIDER_SQL_OPEN_PAREN_LEN);
 
      DBUG_RETURN(
 
        spider_db_open_item_cond((Item_cond *) item_func, spider, str,
 
          alias, alias_length, dbton_id, use_fields, fields));

Comment by Nayuta Yanagisawa (Inactive) [ 2022-07-04 ]

holyfoot Please review: https://github.com/MariaDB/server/commit/e12799a33a26489beb2a3e2a83117c76e46b7b88

Comment by Alexey Botchkov [ 2022-07-05 ]

ok to push.

Generated at Thu Feb 08 10:05:12 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.