[MDEV-29070] SIGSEGV in my_decimal::operator= and Assertion `0' failed in Item_type_holder::val_decimal on SELECT Created: 2022-07-09  Updated: 2024-01-09  Resolved: 2023-11-24

Status: Closed
Project: MariaDB Server
Component/s: Data Manipulation - Update
Affects Version/s: 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11, 11.0, 11.1, 11.2
Fix Version/s: 10.4.33, 10.5.24, 10.6.17, 10.11.7, 11.0.5, 11.1.4, 11.2.3

Type: Bug Priority: Major
Reporter: Roel Van de Paar Assignee: Oleg Smirnov
Resolution: Fixed Votes: 0
Labels: not-10.3, regression-10.4

Issue Links:
Duplicate
is duplicated by MDEV-32432 Segmentation fault at /mariadb-11.3.0... Closed
is duplicated by MDEV-32595 MariaDB Server Crash Closed
Relates
relates to MDEV-29093 Assertion `0' failed in Item_type_hol... Closed
relates to MDEV-32866 Debug assertion failure in Item_subse... Open

 Description    

CREATE TABLE c(c INT UNIQUE) ENGINE=InnoDB;
 
INSERT INTO c(c)VALUES (1);
 
UPDATE c SET c=0 WHERE(SELECT c,c WHERE c<0 INTERSECT SELECT + 1 / + 1,c FROM c WHERE c>-0  + 1)IN (SELECT c,c);

Leads to:

10.9.2 6ec17142dcfb1e9d9f41211ed1b6d82e062d1541 (Optimized)

 
Core was generated by `/test/MD310522-mariadb-10.9.2-linux-x86_64-opt/bin/mysqld --no-defaults --core-'.
 
Program terminated with signal SIGSEGV, Segmentation fault.
 
#0  my_decimal::operator= (rhs=..., this=0x155110048a38)
 
    at /test/10.9_opt/sql/my_decimal.h:353
 
[Current thread is 1 (Thread 0x15513c0c3700 (LWP 2572129))]
 
(gdb) bt
 
#0  my_decimal::operator= (rhs=<error reading variable>, this=0x155110048a38) at /test/10.9_opt/sql/my_decimal.h:353
 
#1  my_decimal2decimal (to=0x155110048a38, from=0x0) at /test/10.9_opt/sql/my_decimal.h:353
 
#2  Item_cache_decimal::cache_value (this=0x1551100489a0) at /test/10.9_opt/sql/item.cc:10404
 
#3  Item_cache::has_value (this=0x1551100489a0) at /test/10.9_opt/sql/item.h:7080
 
#4  Item_cache_decimal::val_decimal (this=0x1551100489a0, val=<optimized out>) at /test/10.9_opt/sql/item.cc:10426
 
#5  0x000056051692281f in VDec::VDec (this=0x15513c0c1750, item=<optimized out>) at /test/10.9_opt/sql/sql_type.cc:301
 
#6  0x00005605169f1dd3 in Item::save_decimal_in_field (this=<optimized out>, field=0x155110057158, no_conversions=<optimized out>) at /test/10.9_opt/sql/item.cc:6816
 
#7  0x00005605169e1c57 in Item::save_in_field (this=0x1551100489a0, field=0x155110057158, no_conversions=<optimized out>) at /test/10.9_opt/sql/item.cc:6836
 
#8  0x0000560516802f16 in store_key_item::copy_inner (this=0x155110057120) at /test/10.9_opt/sql/sql_select.h:1969
 
#9  0x00005605167e9ac4 in store_key::copy (thd=0x155110000c58, this=<optimized out>) at /test/10.9_opt/sql/sql_select.h:1863
 
#10 cp_buffer_from_ref (thd=thd@entry=0x155110000c58, table=table@entry=0x155110058460, ref=ref@entry=0x155110056760) at /test/10.9_opt/sql/sql_select.cc:24921
 
#11 0x00005605167ea482 in cmp_buffer_with_ref (tab_ref=0x155110056760, table=0x155110058460, thd=0x155110000c58) at /test/10.9_opt/sql/sql_select.cc:24903
 
#12 join_read_key2 (thd=0x155110000c58, tab=0x0, table=0x155110058460, table_ref=0x155110056760) at /test/10.9_opt/sql/sql_select.cc:21855
 
#13 0x00005605168eca76 in Expression_cache_tmptable::check_value (this=0x1551100566a0, value=0x15513c0c18c8) at /test/10.9_opt/sql/sql_expression_cache.cc:223
 
#14 0x00005605169f617c in Item_cache_wrapper::check_cache (this=this@entry=0x155110056560) at /test/10.9_opt/sql/item.cc:8850
 
#15 0x00005605169f62fe in Item_cache_wrapper::val_int (this=0x155110056560) at /test/10.9_opt/sql/item.cc:8913
 
#16 0x00005605167c2dc1 in evaluate_join_record (join=join@entry=0x1551100468c0, join_tab=join_tab@entry=0x15511004f910, error=<optimized out>) at /test/10.9_opt/sql/sql_select.cc:21289
 
#17 0x00005605167d5cdb in sub_select (end_of_records=false, join_tab=0x15511004f910, join=0x1551100468c0) at /test/10.9_opt/sql/sql_select.cc:21191
 
#18 sub_select (join=0x1551100468c0, join_tab=0x15511004f910, end_of_records=false) at /test/10.9_opt/sql/sql_select.cc:21120
 
#19 0x00005605168024a1 in do_select (procedure=<optimized out>, join=0x1551100468c0) at /test/10.9_opt/sql/sql_select.cc:20736
 
#20 JOIN::exec_inner (this=0x1551100468c0) at /test/10.9_opt/sql/sql_select.cc:4786
 
#21 0x0000560516802868 in JOIN::exec (this=this@entry=0x1551100468c0) at /test/10.9_opt/sql/sql_select.cc:4564
 
#22 0x0000560516800a71 in mysql_select (thd=thd@entry=0x155110000c58, tables=tables@entry=0x155110010880, fields=@0x15513c0c1e80: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x56051780e5d0 <end_of_list>, last = 0x15513c0c1e80, elements = 0}, <No data fields>}, conds=conds@entry=0x1551100144c0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=<optimized out>, result=0x1551100467b0, unit=0x155110004cb8, select_lex=0x1551100054b8) at /test/10.9_opt/sql/sql_select.cc:5044
 
#23 0x0000560516861265 in mysql_multi_update (thd=thd@entry=0x155110000c58, table_list=0x155110010880, fields=fields@entry=0x155110005758, values=values@entry=0x155110005b88, conds=0x1551100144c0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x155110004cb8, select_lex=0x1551100054b8, result=0x15513c0c2070) at /test/10.9_opt/sql/sql_update.cc:1976
 
#24 0x0000560516790d1b in mysql_execute_command (thd=0x155110000c58, is_called_from_prepared_stmt=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:4486
 
#25 0x000056051677f9e5 in mysql_parse (rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>, thd=0x155110000c58) at /test/10.9_opt/sql/sql_parse.cc:8036
 
#26 mysql_parse (thd=0x155110000c58, rawbuf=<optimized out>, length=<optimized out>, parser_state=<optimized out>) at /test/10.9_opt/sql/sql_parse.cc:7958
 
#27 0x000056051678b4fa in dispatch_command (command=COM_QUERY, thd=0x155110000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.9_opt/sql/sql_class.h:1364
 
#28 0x000056051678d422 in do_command (thd=0x155110000c58, blocking=blocking@entry=true) at /test/10.9_opt/sql/sql_parse.cc:1407
 
#29 0x00005605168a369f in do_handle_one_connection (connect=<optimized out>, connect@entry=0x560519ccbcb8, put_in_cache=put_in_cache@entry=true) at /test/10.9_opt/sql/sql_connect.cc:1418
 
#30 0x00005605168a397d in handle_one_connection (arg=0x560519ccbcb8) at /test/10.9_opt/sql/sql_connect.cc:1312
 
#31 0x0000155168b79609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#32 0x0000155168765133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

10.10.0 081a284712bb661349e2e3802077b12211cede3e (Debug)

 
mysqld: /test/10.10_dbg/sql/item.cc:10687: virtual my_decimal* Item_type_holder::val_decimal(my_decimal*): Assertion `0' failed.

10.10.0 081a284712bb661349e2e3802077b12211cede3e (Debug)

 
Core was generated by `/test/MD310522-mariadb-10.10.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
[Current thread is 1 (Thread 0x14f82c0c4700 (LWP 857303))]
 
(gdb) bt
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#1  0x000014f844a38859 in __GI_abort () at abort.c:79
 
#2  0x000014f844a38729 in __assert_fail_base (fmt=0x14f844bce588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5590e6862b3e "0", file=0x5590e6848120 "/test/10.10_dbg/sql/item.cc", line=10687, function=<optimized out>) at assert.c:92
 
#3  0x000014f844a49fd6 in __GI___assert_fail (assertion=assertion@entry=0x5590e6862b3e "0", file=file@entry=0x5590e6848120 "/test/10.10_dbg/sql/item.cc", line=line@entry=10687, function=function@entry=0x5590e68487f0 "virtual my_decimal* Item_type_holder::val_decimal(my_decimal*)") at assert.c:101
 
#4  0x00005590e5dc359b in Item_type_holder::val_decimal (this=<optimized out>) at /test/10.10_dbg/sql/item.cc:10687
 
#5  0x00005590e5997eed in Item::val_decimal_result (this=<optimized out>, val=<optimized out>) at /test/10.10_dbg/sql/item.h:1782
 
#6  0x00005590e5dc2939 in Item_cache_decimal::cache_value (this=0x14f7f8070008) at /test/10.10_dbg/sql/item.cc:10401
 
#7  0x00005590e5dc29d0 in Item_cache::has_value (this=0x14f7f8070008) at /test/10.10_dbg/sql/item.h:7080
 
#8  Item_cache_decimal::val_decimal (this=0x14f7f8070008, val=<optimized out>) at /test/10.10_dbg/sql/item.cc:10426
 
#9  0x00005590e5cc8cce in VDec::VDec (this=0x14f82c0c26d0, item=0x14f7f8070008) at /test/10.10_dbg/sql/sql_type.cc:301
 
#10 0x00005590e5ddb066 in Item::save_decimal_in_field (this=<optimized out>, field=0x14f7f807e768, no_conversions=<optimized out>) at /test/10.10_dbg/sql/item.cc:6816
 
#11 0x00005590e5cba628 in Type_handler_decimal_result::Item_save_in_field (this=<optimized out>, item=<optimized out>, field=<optimized out>, no_conversions=<optimized out>) at /test/10.10_dbg/sql/sql_type.cc:4352
 
#12 0x00005590e5dc18d3 in Item::save_in_field (this=0x14f7f8070008, field=0x14f7f807e768, no_conversions=<optimized out>) at /test/10.10_dbg/sql/item.cc:6836
 
#13 0x00005590e5997c83 in Item::save_org_in_field (this=<optimized out>, field=<optimized out>, data=<optimized out>) at /test/10.10_dbg/sql/item.h:1220
 
#14 0x00005590e5997e50 in Item::save_val (this=<optimized out>, to=<optimized out>) at /test/10.10_dbg/sql/item.h:1705
 
#15 0x00005590e5b51cce in store_key_item::copy_inner (this=0x14f7f807e730) at /test/10.10_dbg/sql/sql_select.h:1969
 
#16 0x00005590e5b33640 in store_key::copy (thd=0x14f7f8000db8, this=<optimized out>) at /test/10.10_dbg/sql/sql_select.h:1863
 
#17 cp_buffer_from_ref (thd=thd@entry=0x14f7f8000db8, table=table@entry=0x14f7f807f830, ref=ref@entry=0x14f7f807dd68) at /test/10.10_dbg/sql/sql_select.cc:24921
 
#18 0x00005590e5b3412c in cmp_buffer_with_ref (tab_ref=0x14f7f807dd68, table=0x14f7f807f830, thd=0x14f7f8000db8) at /test/10.10_dbg/sql/sql_select.cc:24903
 
#19 join_read_key2 (thd=0x14f7f8000db8, tab=tab@entry=0x0, table=0x14f7f807f830, table_ref=table_ref@entry=0x14f7f807dd68) at /test/10.10_dbg/sql/sql_select.cc:21855
 
#20 0x00005590e5c88e2a in Expression_cache_tmptable::check_value (this=0x14f7f807dca8, value=0x14f82c0c2898) at /test/10.10_dbg/sql/sql_expression_cache.cc:223
 
#21 0x00005590e5ddfbf4 in Item_cache_wrapper::check_cache (this=this@entry=0x14f7f807db68) at /test/10.10_dbg/sql/item.cc:8850
 
#22 0x00005590e5ddfcde in Item_cache_wrapper::val_int (this=0x14f7f807db68) at /test/10.10_dbg/sql/item.cc:8913
 
#23 0x00005590e5b07d76 in evaluate_join_record (join=join@entry=0x14f7f806df28, join_tab=join_tab@entry=0x14f7f8076af0, error=error@entry=0) at /test/10.10_dbg/sql/sql_select.cc:21289
 
#24 0x00005590e5b1d999 in sub_select (join=0x14f7f806df28, join_tab=0x14f7f8076af0, end_of_records=false) at /test/10.10_dbg/sql/sql_select.cc:21191
 
#25 0x00005590e5b5127b in do_select (procedure=<optimized out>, join=0x14f7f806df28) at /test/10.10_dbg/sql/sql_select.cc:20736
 
#26 JOIN::exec_inner (this=this@entry=0x14f7f806df28) at /test/10.10_dbg/sql/sql_select.cc:4786
 
#27 0x00005590e5b51814 in JOIN::exec (this=this@entry=0x14f7f806df28) at /test/10.10_dbg/sql/sql_select.cc:4564
 
#28 0x00005590e5b4f598 in mysql_select (thd=thd@entry=0x14f7f8000db8, tables=tables@entry=0x14f7f8013db0, fields=@0x14f82c0c2e50: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5590e6f9ea00 <end_of_list>, last = 0x14f82c0c2e50, elements = 0}, <No data fields>}, conds=conds@entry=0x14f7f80179f0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2200096997504, result=0x14f7f806de18, unit=0x14f7f8004fd8, select_lex=0x14f7f80057d8) at /test/10.10_dbg/sql/sql_select.cc:5044
 
#29 0x00005590e5bc8e7f in mysql_multi_update (thd=thd@entry=0x14f7f8000db8, table_list=0x14f7f8013db0, fields=fields@entry=0x14f7f8005a78, values=values@entry=0x14f7f8005ea8, conds=0x14f7f80179f0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14f7f8004fd8, select_lex=0x14f7f80057d8, result=0x14f82c0c3030) at /test/10.10_dbg/sql/sql_update.cc:1976
 
#30 0x00005590e5ac94f5 in mysql_execute_command (thd=thd@entry=0x14f7f8000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:4486
 
#31 0x00005590e5ab5e3a in mysql_parse (thd=thd@entry=0x14f7f8000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14f82c0c3470) at /test/10.10_dbg/sql/sql_parse.cc:8036
 
#32 0x00005590e5ac3422 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14f7f8000db8, packet=packet@entry=0x14f7f800b6d9 "UPDATE c SET c=0 WHERE(SELECT c,c WHERE c<0 INTERSECT SELECT + 1 / + 1,c FROM c WHERE c>-0  + 1)IN (SELECT c,c)", packet_length=packet_length@entry=111, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1364
 
#33 0x00005590e5ac5b2c in do_command (thd=0x14f7f8000db8, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
 
#34 0x00005590e5c253c0 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5590e85f4b28, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1418
 
#35 0x00005590e5c258c9 in handle_one_connection (arg=0x5590e85f4b28) at /test/10.10_dbg/sql/sql_connect.cc:1312
 
#36 0x000014f844f49609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#37 0x000014f844b35133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.4.26 (dbg), 10.4.26 (opt), 10.5.17 (dbg), 10.5.17 (opt), 10.6.9 (dbg), 10.6.9 (opt), 10.7.5 (dbg), 10.7.5 (opt), 10.8.4 (dbg), 10.8.4 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.0 (dbg), 10.10.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.36 (dbg), 10.3.36 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

 Comments   
Comment by Alice Sherepa [ 2023-10-25 ]

test from MDEV-32432

CREATE TABLE x ( x INT ) ;
 
INSERT INTO x ( x ) VALUES ( 1 ) ;
 
UPDATE x SET x = 1 WHERE x = 1 ;
 
INSERT INTO x ( x ) VALUES ( 1 ) , ( 1 ) ;
 
WITH RECURSIVE x ( x ) AS ( SELECT 1 INTERSECT SELECT - ( SELECT 1.000000 AS x UNION SELECT 1.000000 ORDER BY NOT x < 'x' , - ( SELECT 1 + x / 1.000000 IN ( 1 , 1 ) FROM x WHERE x ORDER BY 1 - x ) DESC LIMIT 1 OFFSET 1 ) + 1 FROM x ) SELECT DISTINCT x , 1 , NULL , 1.000000 FROM x WHERE ( SELECT ( SELECT x WHERE x IN ( SELECT x FROM x ) ) ) > ( SELECT ( SELECT x ORDER BY x = x OR ( x = 1 AND x = 1 ) DESC ) ) ORDER BY x ASC , x DESC , x ;


mysqld: /10.4/src/sql/item.cc:10601: virtual my_decimal* Item_type_holder::val_decimal(my_decimal*): Assertion `0' failed.
 
231025 10:41:32 [ERROR] mysqld got signal 6 ;
 
 
 
 
 
Server version: 10.4.32-MariaDB-debug-log source revision: babd833685e1fd1da4411a0874ba1c98bb0b631d
 
 
 
/lib/x86_64-linux-gnu/libc.so.6(+0x33fd6)[0x7f08bc784fd6]
 
sql/item.cc:10602(Item_type_holder::val_decimal(my_decimal*))[0x564bd0dd5ca3]
 
sql/item.h:1560(Item::val_decimal_result(my_decimal*))[0x564bd02a91ad]
 
sql/item.cc:10313(Item_cache_decimal::cache_value())[0x564bd0dd2acb]
 
sql/item.h:6951(Item_cache::has_value())[0x564bd0b1ef4c]
 
sql/item.cc:10338(Item_cache_decimal::val_decimal(my_decimal*))[0x564bd0dd2d88]
 
sql/item_subselect.cc:1459(Item_singlerow_subselect::val_decimal(my_decimal*))[0x564bd0f64826]
 
sql/sql_type.cc:195(VDec::VDec(Item*))[0x564bd0acf510]
 
sql/item_func.cc:1786(Item_func_neg::decimal_op(my_decimal*))[0x564bd0e9621a]
 
sql/sql_type.cc:202(VDec_op::VDec_op(Item_func_hybrid_field_type*))[0x564bd0acf71c]
 
sql/sql_type.cc:4903(Type_handler_decimal_result::Item_func_hybrid_field_type_val_decimal(Item_func_hybrid_field_type*, my_decimal*) const)[0x564bd0aec07f]
 
sql/item_func.h:812(Item_func_hybrid_field_type::val_decimal(my_decimal*))[0x564bd052dd58]
 
sql/sql_type.cc:195(VDec::VDec(Item*))[0x564bd0acf510]
 
sql/sql_type.h:361(VDec2_lazy::VDec2_lazy(Item*, Item*))[0x564bd0ed18e4]
 
sql/item_func.cc:1198(Item_func_plus::decimal_op(my_decimal*))[0x564bd0e8d65e]
 
sql/sql_type.cc:202(VDec_op::VDec_op(Item_func_hybrid_field_type*))[0x564bd0acf71c]
 
sql/sql_type.cc:4903(Type_handler_decimal_result::Item_func_hybrid_field_type_val_decimal(Item_func_hybrid_field_type*, my_decimal*) const)[0x564bd0aec07f]
 
sql/item_func.h:812(Item_func_hybrid_field_type::val_decimal(my_decimal*))[0x564bd052dd58]
 
sql/sql_type.cc:195(VDec::VDec(Item*))[0x564bd0acf510]
 
sql/item.cc:6707(Item::save_decimal_in_field(Field*, bool))[0x564bd0db050e]
 
sql/sql_type.cc:3840(Type_handler_decimal_result::Item_save_in_field(Item*, Field*, bool) const)[0x564bd0ae6d66]
 
sql/item.cc:6726(Item::save_in_field(Field*, bool))[0x564bd0db08e7]
 
sql/sql_base.cc:8939(fill_record(THD*, TABLE*, Field**, List<Item>&, bool, bool))[0x564bd03f9b11]
 
sql/sql_union.cc:130(select_unit::send_data(List<Item>&))[0x564bd08268a1]
 
sql/sql_union.cc:317(select_union_recursive::send_data(List<Item>&))[0x564bd082888e]
 
sql/sql_select.cc:22098(end_send(JOIN*, st_join_table*, bool))[0x564bd06bd6a7]
 
sql/sql_select.cc:21129(evaluate_join_record(JOIN*, st_join_table*, int))[0x564bd06b5a55]
 
sql/sql_select.cc:20902(sub_select(JOIN*, st_join_table*, bool))[0x564bd06b438a]
 
sql/sql_select.cc:20423(do_select(JOIN*, Procedure*))[0x564bd06b2130]
 
sql/sql_select.cc:4605(JOIN::exec_inner())[0x564bd063fc78]
 
sql/sql_select.cc:4388(JOIN::exec())[0x564bd063d2a8]
 
sql/sql_union.cc:1872(st_select_lex_unit::exec_recursive())[0x564bd083904d]
 
sql/sql_derived.cc:1154(TABLE_LIST::fill_recursive(THD*))[0x564bd04951e2]
 
sql/sql_derived.cc:1249(mysql_derived_fill(THD*, LEX*, TABLE_LIST*))[0x564bd0495cec]
 
sql/sql_derived.cc:200(mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int))[0x564bd048eb38]
 
sql/sql_select.cc:13865(st_join_table::preread_init())[0x564bd0682e63]
 
sql/sql_select.cc:20864(sub_select(JOIN*, st_join_table*, bool))[0x564bd06b3cff]
 
sql/sql_select.cc:20423(do_select(JOIN*, Procedure*))[0x564bd06b2130]
 
sql/sql_select.cc:4605(JOIN::exec_inner())[0x564bd063fc78]
 
sql/sql_select.cc:4388(JOIN::exec())[0x564bd063d2a8]
 
sql/item_subselect.cc:4035(subselect_single_select_engine::exec())[0x564bd0f82a10]
 
sql/item_subselect.cc:758(Item_subselect::exec())[0x564bd0f5da78]
 
sql/item_subselect.cc:1400(Item_singlerow_subselect::val_int())[0x564bd0f639e1]
 
sql/item_func.cc:1809(Item_func_neg::fix_length_and_dec_int())[0x564bd0e96695]
 
sql/sql_type.cc:6175(Type_handler_int_result::Item_func_neg_fix_length_and_dec(Item_func_neg*) const)[0x564bd0af318a]
 
sql/item_func.cc:1851(Item_func_neg::fix_length_and_dec())[0x564bd0e96e95]
 
sql/item_func.cc:379(Item_func::fix_fields(THD*, Item**))[0x564bd0e85626]
 
sql/item.h:966(Item::fix_fields_if_needed(THD*, Item**))[0x564bd02c75cd]
 
sql/item.h:970(Item::fix_fields_if_needed_for_scalar(THD*, Item**))[0x564bd02c7607]
 
sql/item.h:979(Item::fix_fields_if_needed_for_order_by(THD*, Item**))[0x564bd06fd48d]
 
sql/sql_select.cc:24897(find_order_in_list(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, st_order*, List<Item>&, List<Item>&, bool, bool, bool))[0x564bd06d1ca9]
 
sql/sql_select.cc:24944(setup_order(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, List<Item>&, List<Item>&, st_order*, bool))[0x564bd06d226f]
 
sql/sql_select.cc:753(setup_without_group(THD*, Bounds_checked_array<Item*>, TABLE_LIST*, List<TABLE_LIST>&, List<Item>&, List<Item>&, Item**, st_order*, st_order*, List<Window_spec>&, List<Item_window_func>&, bool*))[0x564bd06141bb]
 
sql/sql_select.cc:1335(JOIN::prepare(TABLE_LIST*, unsigned int, Item*, unsigned int, st_order*, bool, st_order*, Item*, st_order*, st_select_lex*, st_select_lex_unit*))[0x564bd061b737]
 
sql/sql_select.cc:4762(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x564bd0640d61]
 
sql/sql_union.cc:1729(st_select_lex_unit::exec())[0x564bd0837a6a]
 
sql/item_subselect.cc:4060(subselect_union_engine::exec())[0x564bd0f83373]
 
sql/item_subselect.cc:758(Item_subselect::exec())[0x564bd0f5da78]
 
sql/item_subselect.cc:1463(Item_singlerow_subselect::val_decimal(my_decimal*))[0x564bd0f64939]
 
sql/sql_type.cc:195(VDec::VDec(Item*))[0x564bd0acf510]
 
sql/item_func.cc:1786(Item_func_neg::decimal_op(my_decimal*))[0x564bd0e9621a]
 
sql/sql_type.cc:202(VDec_op::VDec_op(Item_func_hybrid_field_type*))[0x564bd0acf71c]
 
sql/sql_type.cc:4903(Type_handler_decimal_result::Item_func_hybrid_field_type_val_decimal(Item_func_hybrid_field_type*, my_decimal*) const)[0x564bd0aec07f]
 
sql/item_func.h:812(Item_func_hybrid_field_type::val_decimal(my_decimal*))[0x564bd052dd58]
 
sql/sql_type.cc:195(VDec::VDec(Item*))[0x564bd0acf510]
 
sql/sql_type.h:361(VDec2_lazy::VDec2_lazy(Item*, Item*))[0x564bd0ed18e4]
 
sql/item_func.cc:1198(Item_func_plus::decimal_op(my_decimal*))[0x564bd0e8d65e]
 
sql/sql_type.cc:202(VDec_op::VDec_op(Item_func_hybrid_field_type*))[0x564bd0acf71c]
 
sql/sql_type.cc:4903(Type_handler_decimal_result::Item_func_hybrid_field_type_val_decimal(Item_func_hybrid_field_type*, my_decimal*) const)[0x564bd0aec07f]
 
sql/item_func.h:812(Item_func_hybrid_field_type::val_decimal(my_decimal*))[0x564bd052dd58]
 
sql/sql_type.cc:195(VDec::VDec(Item*))[0x564bd0acf510]
 
sql/item.cc:6707(Item::save_decimal_in_field(Field*, bool))[0x564bd0db050e]
 
sql/sql_type.cc:3840(Type_handler_decimal_result::Item_save_in_field(Item*, Field*, bool) const)[0x564bd0ae6d66]
 
sql/item.cc:6726(Item::save_in_field(Field*, bool))[0x564bd0db08e7]
 
sql/sql_base.cc:8939(fill_record(THD*, TABLE*, Field**, List<Item>&, bool, bool))[0x564bd03f9b11]
 
sql/sql_union.cc:130(select_unit::send_data(List<Item>&))[0x564bd08268a1]
 
sql/sql_union.cc:317(select_union_recursive::send_data(List<Item>&))[0x564bd082888e]
 
sql/sql_select.cc:22098(end_send(JOIN*, st_join_table*, bool))[0x564bd06bd6a7]
 
sql/sql_select.cc:21129(evaluate_join_record(JOIN*, st_join_table*, int))[0x564bd06b5a55]
 
sql/sql_select.cc:20902(sub_select(JOIN*, st_join_table*, bool))[0x564bd06b438a]
 
sql/sql_select.cc:20423(do_select(JOIN*, Procedure*))[0x564bd06b2130]
 
sql/sql_select.cc:4605(JOIN::exec_inner())[0x564bd063fc78]
 
sql/sql_select.cc:4388(JOIN::exec())[0x564bd063d2a8]
 
sql/sql_union.cc:1872(st_select_lex_unit::exec_recursive())[0x564bd083904d]
 
sql/sql_derived.cc:1154(TABLE_LIST::fill_recursive(THD*))[0x564bd04951e2]
 
sql/sql_derived.cc:1249(mysql_derived_fill(THD*, LEX*, TABLE_LIST*))[0x564bd0495cec]
 
sql/sql_derived.cc:200(mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int))[0x564bd048eb38]
 
sql/sql_select.cc:13865(st_join_table::preread_init())[0x564bd0682e63]
 
sql/sql_select.cc:20864(sub_select(JOIN*, st_join_table*, bool))[0x564bd06b3cff]
 
sql/sql_select.cc:20423(do_select(JOIN*, Procedure*))[0x564bd06b2130]
 
sql/sql_select.cc:4605(JOIN::exec_inner())[0x564bd063fc78]
 
sql/sql_select.cc:4388(JOIN::exec())[0x564bd063d2a8]
 
sql/sql_select.cc:4828(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x564bd0641484]
 
sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x564bd0611f7c]
 
sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x564bd057dd80]
 
sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x564bd056b4f7]
 
sql/sql_parse.cc:8012(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x564bd058725b]
 
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x564bd055d681]
 
sql/sql_parse.cc:1378(do_command(THD*))[0x564bd055a1ac]
 
sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x564bd096856d]
 
sql/sql_connect.cc:1325(handle_one_connection)[0x564bd0967e11]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x564bd1612d8a]
 
nptl/pthread_create.c:478(start_thread)[0x7f08bcc9f609]
 
 
 
Query (0x62b0000a1290): WITH RECURSIVE x ( x ) AS ( SELECT 1 INTERSECT SELECT - ( SELECT 1.000000 AS x UNION SELECT 1.000000 ORDER BY NOT x < 'x' , - ( SELECT 1 + x / 1.000000 IN ( 1 , 1 ) FROM x WHERE x ORDER BY 1 - x ) DESC LIMIT 1 OFFSET 1 ) + 1 FROM x ) SELECT DISTINCT x , 1 , NULL , 1.000000 FROM x WHERE ( SELECT ( SELECT x WHERE x IN ( SELECT x FROM x ) ) ) > ( SELECT ( SELECT x ORDER BY x = x OR ( x = 1 AND x = 1 ) DESC ) ) ORDER BY x ASC , x DESC , x
 
 
 
 
 
----------SERVER LOG END-------------

Comment by Oleg Smirnov [ 2023-11-23 ]

sanja, can you please review bb-10.4-MDEV-29070?

Comment by Oleksandr Byelkin [ 2023-11-24 ]

OK to push

Comment by Oleg Smirnov [ 2023-11-24 ]

Pushed to 10.4

Comment by Sergei Petrunia [ 2024-01-08 ]

Notes for the changelog:

Query that uses a specific SQL construct could cause server crash. The construct is an equality comparison of table-less row subquery: and a subquery that has a UNION operation at the top level: (SELECT 'foo', 'bar') = (SELECT col1, col2 FROM t1 ... UNION ...).

Generated at Thu Feb 08 10:05:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.