[MDEV-29093] Assertion `0' failed in Item_type_holder::val_str on UPDATE and SIGSEGV in String::copy, UBSAN: reference binding to null pointer of type 'const struct String' Created: 2022-07-13  Updated: 2024-01-15  Resolved: 2024-01-09

Status: Closed
Project: MariaDB Server
Component/s: Data Manipulation - Update, Optimizer
Affects Version/s: 10.4, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11, 11.1, 11.2, 11.3, 11.4
Fix Version/s: 10.4.33

Type: Bug Priority: Major
Reporter: Roel Van de Paar Assignee: Oleg Smirnov
Resolution: Duplicate Votes: 0
Labels: UBSAN, not-10.3, regression

Issue Links:
Duplicate
is duplicated by MDEV-32430 Segmentation fault at /mariadb-11.3.0... Closed
Relates
relates to MDEV-29070 SIGSEGV in my_decimal::operator= and ... Closed
relates to MDEV-22391 Assertion `0' failed in Item_type_hol... Closed

 Description    

CREATE TABLE c(c CHAR) ENGINE=InnoDB;
 
INSERT INTO c(c)VALUES (1);
 
UPDATE c SET c=-0 WHERE(SELECT 0 -0 +0/ 0 + 0 - 0,c WHERE c<0 INTERSECT SELECT c,c FROM c WHERE c>0  -0)IN (SELECT c,c);

Leads to:

10.10.0 88b22356e623fd63aa87273a895521a6e6667bc7 (Debug)

 
mysqld: /test/10.10_dbg/sql/item.cc:10711: virtual String* Item_type_holder::val_str(String*): Assertion `0' failed.

10.10.0 88b22356e623fd63aa87273a895521a6e6667bc7 (Debug)

 
Core was generated by `/test/MD120722-mariadb-10.10.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
[Current thread is 1 (Thread 0x150d875fa700 (LWP 1804142))]
 
(gdb) bt
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#1  0x0000150db7b77859 in __GI_abort () at abort.c:79
 
#2  0x0000150db7b77729 in __assert_fail_base (fmt=0x150db7d0d588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55fdca46939e "0", file=0x55fdca44e980 "/test/10.10_dbg/sql/item.cc", line=10711, function=<optimized out>) at assert.c:92
 
#3  0x0000150db7b88fd6 in __GI___assert_fail (assertion=assertion@entry=0x55fdca46939e "0", file=file@entry=0x55fdca44e980 "/test/10.10_dbg/sql/item.cc", line=line@entry=10711, function=function@entry=0x55fdca44f090 "virtual String* Item_type_holder::val_str(String*)") at assert.c:101
 
#4  0x000055fdc99d1b0f in Item_type_holder::val_str (this=<optimized out>) at /test/10.10_dbg/sql/item.cc:10711
 
#5  0x000055fdc95a4ed9 in Item::str_result (this=<optimized out>, tmp=<optimized out>) at /test/10.10_dbg/sql/item.h:1780
 
#6  0x000055fdc99d59e5 in Item_cache_str::cache_value (this=0x150d5c06ff90) at /test/10.10_dbg/sql/item.cc:10476
 
#7  0x000055fdc99d3444 in Item_cache::has_value (this=0x150d5c06ff90) at /test/10.10_dbg/sql/item.h:7099
 
#8  Item_cache_str::save_in_field (this=0x150d5c06ff90, field=0x150d5c07efe8, no_conversions=<optimized out>) at /test/10.10_dbg/sql/item.cc:10531
 
#9  0x000055fdc95a4c83 in Item::save_org_in_field (this=<optimized out>, field=<optimized out>, data=<optimized out>) at /test/10.10_dbg/sql/item.h:1220
 
#10 0x000055fdc95a4e50 in Item::save_val (this=<optimized out>, to=<optimized out>) at /test/10.10_dbg/sql/item.h:1705
 
#11 0x000055fdc975f788 in store_key_item::copy_inner (this=0x150d5c07efb0) at /test/10.10_dbg/sql/sql_select.h:1979
 
#12 0x000055fdc97410fa in store_key::copy (thd=0x150d5c000db8, this=<optimized out>) at /test/10.10_dbg/sql/sql_select.h:1873
 
#13 cp_buffer_from_ref (thd=thd@entry=0x150d5c000db8, table=table@entry=0x150d5c07f690, ref=ref@entry=0x150d5c07e5e8) at /test/10.10_dbg/sql/sql_select.cc:25008
 
#14 0x000055fdc9741be6 in cmp_buffer_with_ref (tab_ref=0x150d5c07e5e8, table=0x150d5c07f690, thd=0x150d5c000db8) at /test/10.10_dbg/sql/sql_select.cc:24990
 
#15 join_read_key2 (thd=0x150d5c000db8, tab=tab@entry=0x0, table=0x150d5c07f690, table_ref=table_ref@entry=0x150d5c07e5e8) at /test/10.10_dbg/sql/sql_select.cc:21942
 
#16 0x000055fdc9896de8 in Expression_cache_tmptable::check_value (this=0x150d5c07e528, value=0x150d875f88a8) at /test/10.10_dbg/sql/sql_expression_cache.cc:223
 
#17 0x000055fdc99ee15a in Item_cache_wrapper::check_cache (this=this@entry=0x150d5c07e3e8) at /test/10.10_dbg/sql/item.cc:8866
 
#18 0x000055fdc99ee244 in Item_cache_wrapper::val_int (this=0x150d5c07e3e8) at /test/10.10_dbg/sql/item.cc:8929
 
#19 0x000055fdc9715521 in evaluate_join_record (join=join@entry=0x150d5c06d9d0, join_tab=join_tab@entry=0x150d5c077370, error=error@entry=0) at /test/10.10_dbg/sql/sql_select.cc:21376
 
#20 0x000055fdc972b437 in sub_select (join=0x150d5c06d9d0, join_tab=0x150d5c077370, end_of_records=false) at /test/10.10_dbg/sql/sql_select.cc:21278
 
#21 0x000055fdc975ed35 in do_select (procedure=<optimized out>, join=0x150d5c06d9d0) at /test/10.10_dbg/sql/sql_select.cc:20823
 
#22 JOIN::exec_inner (this=this@entry=0x150d5c06d9d0) at /test/10.10_dbg/sql/sql_select.cc:4787
 
#23 0x000055fdc975f2ce in JOIN::exec (this=this@entry=0x150d5c06d9d0) at /test/10.10_dbg/sql/sql_select.cc:4565
 
#24 0x000055fdc975d052 in mysql_select (thd=thd@entry=0x150d5c000db8, tables=tables@entry=0x150d5c013db0, fields=@0x150d875f8e60: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x55fdcaba97c0 <end_of_list>, last = 0x150d875f8e60, elements = 0}, <No data fields>}, conds=conds@entry=0x150d5c06d5d8, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2200096997504, result=0x150d5c06d8d0, unit=0x150d5c004fd8, select_lex=0x150d5c0057d8) at /test/10.10_dbg/sql/sql_select.cc:5045
 
#25 0x000055fdc97d6995 in mysql_multi_update (thd=thd@entry=0x150d5c000db8, table_list=0x150d5c013db0, fields=fields@entry=0x150d5c005a78, values=values@entry=0x150d5c005ea8, conds=0x150d5c06d5d8, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x150d5c004fd8, select_lex=0x150d5c0057d8, result=0x150d875f9040) at /test/10.10_dbg/sql/sql_update.cc:1979
 
#26 0x000055fdc96d6b11 in mysql_execute_command (thd=thd@entry=0x150d5c000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:4486
 
#27 0x000055fdc96c3464 in mysql_parse (thd=thd@entry=0x150d5c000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x150d875f9470) at /test/10.10_dbg/sql/sql_parse.cc:8036
 
#28 0x000055fdc96d0a4c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x150d5c000db8, packet=packet@entry=0x150d5c00b6c9 "UPDATE c SET c=-0 WHERE(SELECT 0 -0 +0/ 0 + 0 - 0,c WHERE c<0 INTERSECT SELECT c,c FROM c WHERE c>0  -0)IN (SELECT c,c)", packet_length=packet_length@entry=119, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1364
 
#29 0x000055fdc96d3156 in do_command (thd=0x150d5c000db8, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
 
#30 0x000055fdc98330d0 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55fdcbcee618, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1418
 
#31 0x000055fdc98335d9 in handle_one_connection (arg=0x55fdcbcee618) at /test/10.10_dbg/sql/sql_connect.cc:1312
 
#32 0x0000150db8088609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#33 0x0000150db7c74133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.4.26 (dbg), 10.4.26 (opt), 10.5.17 (dbg), 10.5.17 (opt), 10.6.9 (dbg), 10.6.9 (opt), 10.7.5 (dbg), 10.7.5 (opt), 10.8.4 (dbg), 10.8.4 (opt), 10.9.2 (dbg), 10.9.2 (opt), 10.10.0 (dbg), 10.10.0 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.36 (dbg), 10.3.36 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

 Comments   
Comment by Roel Van de Paar [ 2022-07-13 ] 

CREATE TABLE c(c INT) ENGINE=InnoDB;
 
INSERT INTO c VALUES (1);
 
UPDATE c SET c=-0 WHERE(SELECT 0,c WHERE c<0 INTERSECT SELECT c,c FROM c WHERE c>0)IN (SELECT c,c);

Leads to:

10.10.0 88b22356e623fd63aa87273a895521a6e6667bc7 (Debug)

 
mysqld: /test/10.10_dbg/sql/item.cc:10699: virtual longlong Item_type_holder::val_int(): Assertion `0' failed.

10.10.0 88b22356e623fd63aa87273a895521a6e6667bc7 (Debug)

 
Core was generated by `/test/MD120722-mariadb-10.10.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
[Current thread is 1 (Thread 0x14977d1c3700 (LWP 1745245))]
 
(gdb) bt
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#1  0x0000149795d46859 in __GI_abort () at abort.c:79
 
#2  0x0000149795d46729 in __assert_fail_base (fmt=0x149795edc588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5574ba26639e "0", file=0x5574ba24b980 "/test/10.10_dbg/sql/item.cc", line=10699, function=<optimized out>) at assert.c:92
 
#3  0x0000149795d57fd6 in __GI___assert_fail (assertion=assertion@entry=0x5574ba26639e "0", file=file@entry=0x5574ba24b980 "/test/10.10_dbg/sql/item.cc", line=line@entry=10699, function=function@entry=0x5574ba24c020 "virtual longlong Item_type_holder::val_int()") at assert.c:101
 
#4  0x00005574b97cea7b in Item_type_holder::val_int (this=<optimized out>) at /test/10.10_dbg/sql/item.cc:10699
 
#5  0x00005574b93a1ec5 in Item::val_int_result (this=<optimized out>) at /test/10.10_dbg/sql/item.h:1779
 
#6  0x00005574b97cdcd3 in Item_cache_int::cache_value (this=0x14974406f210) at /test/10.10_dbg/sql/item.cc:10125
 
#7  0x00005574b97d04e2 in Item_cache::has_value (this=0x14974406f210) at /test/10.10_dbg/sql/item.h:7099
 
#8  Item_cache_int::save_in_field (this=0x14974406f210, field=0x14974407da00, no_conversions=<optimized out>) at /test/10.10_dbg/sql/item.cc:10166
 
#9  0x00005574b93a1c83 in Item::save_org_in_field (this=<optimized out>, field=<optimized out>, data=<optimized out>) at /test/10.10_dbg/sql/item.h:1220
 
#10 0x00005574b93a1e50 in Item::save_val (this=<optimized out>, to=<optimized out>) at /test/10.10_dbg/sql/item.h:1705
 
#11 0x00005574b955c788 in store_key_item::copy_inner (this=0x14974407d9c8) at /test/10.10_dbg/sql/sql_select.h:1979
 
#12 0x00005574b953e0fa in store_key::copy (thd=0x149744000db8, this=<optimized out>) at /test/10.10_dbg/sql/sql_select.h:1873
 
#13 cp_buffer_from_ref (thd=thd@entry=0x149744000db8, table=table@entry=0x14974407f270, ref=ref@entry=0x14974407d010) at /test/10.10_dbg/sql/sql_select.cc:25008
 
#14 0x00005574b953ebe6 in cmp_buffer_with_ref (tab_ref=0x14974407d010, table=0x14974407f270, thd=0x149744000db8) at /test/10.10_dbg/sql/sql_select.cc:24990
 
#15 join_read_key2 (thd=0x149744000db8, tab=tab@entry=0x0, table=0x14974407f270, table_ref=table_ref@entry=0x14974407d010) at /test/10.10_dbg/sql/sql_select.cc:21942
 
#16 0x00005574b9693de8 in Expression_cache_tmptable::check_value (this=0x14974407cf50, value=0x14977d1c18a8) at /test/10.10_dbg/sql/sql_expression_cache.cc:223
 
#17 0x00005574b97eb15a in Item_cache_wrapper::check_cache (this=this@entry=0x14974407ce10) at /test/10.10_dbg/sql/item.cc:8866
 
#18 0x00005574b97eb244 in Item_cache_wrapper::val_int (this=0x14974407ce10) at /test/10.10_dbg/sql/item.cc:8929
 
#19 0x00005574b9512521 in evaluate_join_record (join=join@entry=0x14974406d260, join_tab=join_tab@entry=0x149744076288, error=error@entry=0) at /test/10.10_dbg/sql/sql_select.cc:21376
 
#20 0x00005574b9528437 in sub_select (join=0x14974406d260, join_tab=0x149744076288, end_of_records=false) at /test/10.10_dbg/sql/sql_select.cc:21278
 
#21 0x00005574b955bd35 in do_select (procedure=<optimized out>, join=0x14974406d260) at /test/10.10_dbg/sql/sql_select.cc:20823
 
#22 JOIN::exec_inner (this=this@entry=0x14974406d260) at /test/10.10_dbg/sql/sql_select.cc:4787
 
#23 0x00005574b955c2ce in JOIN::exec (this=this@entry=0x14974406d260) at /test/10.10_dbg/sql/sql_select.cc:4565
 
#24 0x00005574b955a052 in mysql_select (thd=thd@entry=0x149744000db8, tables=tables@entry=0x149744013d90, fields=@0x14977d1c1e60: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5574ba9a67c0 <end_of_list>, last = 0x14977d1c1e60, elements = 0}, <No data fields>}, conds=conds@entry=0x149744017748, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2200096997504, result=0x14974406d170, unit=0x149744004fd8, select_lex=0x1497440057d8) at /test/10.10_dbg/sql/sql_select.cc:5045
 
#25 0x00005574b95d3995 in mysql_multi_update (thd=thd@entry=0x149744000db8, table_list=0x149744013d90, fields=fields@entry=0x149744005a78, values=values@entry=0x149744005ea8, conds=0x149744017748, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x149744004fd8, select_lex=0x1497440057d8, result=0x14977d1c2040) at /test/10.10_dbg/sql/sql_update.cc:1979
 
#26 0x00005574b94d3b11 in mysql_execute_command (thd=thd@entry=0x149744000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:4486
 
#27 0x00005574b94c0464 in mysql_parse (thd=thd@entry=0x149744000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14977d1c2470) at /test/10.10_dbg/sql/sql_parse.cc:8036
 
#28 0x00005574b94cda4c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x149744000db8, packet=packet@entry=0x14974400b6c9 "UPDATE c SET c=-0 WHERE(SELECT 0,c WHERE c<0 INTERSECT SELECT c,c FROM c WHERE c>0)IN (SELECT c,c)", packet_length=packet_length@entry=98, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1364
 
#29 0x00005574b94d0156 in do_command (thd=0x149744000db8, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
 
#30 0x00005574b96300d0 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5574bbdb84e8, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1418
 
#31 0x00005574b96305d9 in handle_one_connection (arg=0x5574bbdb84e8) at /test/10.10_dbg/sql/sql_connect.cc:1312
 
#32 0x0000149796257609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#33 0x0000149795e43133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.4.26 (dbg), 10.5.17 (dbg), 10.6.9 (dbg), 10.7.5 (dbg), 10.8.4 (dbg), 10.9.2 (dbg), 10.10.0 (dbg)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.36 (dbg), 10.3.36 (opt), 10.4.26 (opt), 10.5.17 (opt), 10.6.9 (opt), 10.7.5 (opt), 10.8.4 (opt), 10.9.2 (opt), 10.10.0 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

Comment by Roel Van de Paar [ 2022-07-13 ]

It could be that this is a partly a string related issue, partly a optimizer issue and/or that there are 2-3 bugs here (note the different stacks/uniqueID). bar FYI

UniqueID's: 

0|SIGABRT|Item_type_holder::val_int|Item::val_int_result|Item_cache_int::cache_value|Item_cache::has_value
 
0|SIGABRT|Item_type_holder::val_real|Item::val_result|Item_cache_real::cache_value|Item_cache::has_value
 
0|SIGABRT|Item_type_holder::val_str|Item::str_result|Item_cache_str::cache_value|Item_cache::has_value
 
SIGSEGV|String::copy|Item_cache_str::cache_value|Item_cache::has_value|Item_cache_str::save_in_field
 
SIGSEGV|String::copy|Item_cache_str::cache_value|Item_cache::has_value|Item_cache_str::val_str

Comment by Roel Van de Paar [ 2022-11-21 ]

Different stack with

CREATE TABLE c(c BIGINT) ENGINE=InnoDB;
 
UPDATE c SET c=1 WHERE (SELECT '',c WHERE c=2 INTERSECT SELECT 1,1 FROM c WHERE c=3) IN (SELECT c,c);

Leads to:

10.11.2 8283948846740a22f96bbe7bccf250708406d5d9 (Debug)

 
mysqld: /test/10.11_dbg/sql/item.cc:10708: virtual String* Item_type_holder::val_str(String*): Assertion `0' failed.

10.11.2 8283948846740a22f96bbe7bccf250708406d5d9 (Debug)

 
Core was generated by `/test/MD171122-mariadb-10.11.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
[Current thread is 1 (Thread 0x14a72c8c0700 (LWP 1900042))]
 
(gdb) bt
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#1  0x000014a745e28859 in __GI_abort () at abort.c:79
 
#2  0x000014a745e28729 in __assert_fail_base (fmt=0x14a745fbe588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5619e0b91073 "0", file=0x5619e0b76964 "/test/10.11_dbg/sql/item.cc", line=10708, function=<optimized out>) at assert.c:92
 
#3  0x000014a745e39fd6 in __GI___assert_fail (assertion=assertion@entry=0x5619e0b91073 "0", file=file@entry=0x5619e0b76964 "/test/10.11_dbg/sql/item.cc", line=line@entry=10708, function=function@entry=0x5619e0b77048 "virtual String* Item_type_holder::val_str(String*)") at assert.c:101
 
#4  0x00005619e011c555 in Item_type_holder::val_str (this=<optimized out>) at /test/10.11_dbg/sql/item.cc:10708
 
#5  0x00005619dfd036dd in Item::str_result (this=<optimized out>, tmp=<optimized out>) at /test/10.11_dbg/sql/item.h:1788
 
#6  0x00005619e012079d in Item_cache_str::cache_value (this=0x14a6d0029830) at /test/10.11_dbg/sql/item.cc:10473
 
#7  0x00005619e011b980 in Item_cache::has_value (this=0x14a6d0029830) at /test/10.11_dbg/sql/item.h:7113
 
#8  Item_cache_str::val_str (this=0x14a6d0029830, str=<optimized out>) at /test/10.11_dbg/sql/item.cc:10512
 
#9  0x00005619dfd036dd in Item::str_result (this=<optimized out>, tmp=<optimized out>) at /test/10.11_dbg/sql/item.h:1788
 
#10 0x00005619e012079d in Item_cache_str::cache_value (this=0x14a6d002a620) at /test/10.11_dbg/sql/item.cc:10473
 
#11 0x00005619e011de8a in Item_cache::has_value (this=0x14a6d002a620) at /test/10.11_dbg/sql/item.h:7113
 
#12 Item_cache_str::save_in_field (this=0x14a6d002a620, field=0x14a6d001ccc8, no_conversions=<optimized out>) at /test/10.11_dbg/sql/item.cc:10528
 
#13 0x00005619e011f25a in Item_ref::save_in_field (this=0x14a6d0070c48, to=<optimized out>, no_conversions=<optimized out>) at /test/10.11_dbg/sql/item.cc:8569
 
#14 0x00005619e012ad8d in Item::save_in_field_no_warnings (this=<optimized out>, field=field@entry=0x14a6d001ccc8, no_conversions=no_conversions@entry=true) at /test/10.11_dbg/sql/item.cc:1519
 
#15 0x00005619e014b849 in convert_const_to_int (thd=thd@entry=0x14a6d0000d48, field_item=field_item@entry=0x14a6d0016938, item=0x14a6d0070ec0) at /test/10.11_dbg/sql/item_cmpfunc.cc:354
 
#16 0x00005619e0156387 in Item_func::convert_const_compared_to_int_field (this=this@entry=0x14a6d0070e48, thd=thd@entry=0x14a6d0000d48) at /test/10.11_dbg/sql/item_cmpfunc.cc:408
 
#17 0x00005619e015652a in Item_func::setup_args_and_comparator (this=this@entry=0x14a6d0070e48, thd=0x14a6d0000d48, cmp=cmp@entry=0x14a6d0070ef8) at /test/10.11_dbg/sql/item_cmpfunc.cc:437
 
#18 0x00005619e0156770 in Item_bool_rowready_func2::fix_length_and_dec (this=0x14a6d0070e48, thd=<optimized out>) at /test/10.11_dbg/sql/item_cmpfunc.cc:470
 
#19 0x00005619e018b88d in Item_func::fix_fields (this=0x14a6d0070e48, thd=0x14a6d0000d48, ref=<optimized out>) at /test/10.11_dbg/sql/item_func.cc:362
 
#20 0x00005619e0152364 in Item::fix_fields_if_needed (ref=0x14a6d00712f8, thd=0x14a6d0000d48, this=0x14a6d0070e48) at /test/10.11_dbg/sql/item.h:1160
 
#21 Item::fix_fields_if_needed_for_scalar (ref=0x14a6d00712f8, thd=0x14a6d0000d48, this=0x14a6d0070e48) at /test/10.11_dbg/sql/item.h:1156
 
#22 Item::fix_fields_if_needed_for_bool (ref=0x14a6d00712f8, thd=0x14a6d0000d48, this=0x14a6d0070e48) at /test/10.11_dbg/sql/item.h:1160
 
#23 Item_cond::fix_fields (this=0x14a6d0071220, thd=0x14a6d0000d48, ref=<optimized out>) at /test/10.11_dbg/sql/item_cmpfunc.cc:4966
 
#24 0x00005619e0152364 in Item::fix_fields_if_needed (ref=0x14a6d0072078, thd=0x14a6d0000d48, this=0x14a6d0071220) at /test/10.11_dbg/sql/item.h:1160
 
#25 Item::fix_fields_if_needed_for_scalar (ref=0x14a6d0072078, thd=0x14a6d0000d48, this=0x14a6d0071220) at /test/10.11_dbg/sql/item.h:1156
 
#26 Item::fix_fields_if_needed_for_bool (ref=0x14a6d0072078, thd=0x14a6d0000d48, this=0x14a6d0071220) at /test/10.11_dbg/sql/item.h:1160
 
#27 Item_cond::fix_fields (this=0x14a6d0071f78, thd=0x14a6d0000d48, ref=<optimized out>) at /test/10.11_dbg/sql/item_cmpfunc.cc:4966
 
#28 0x00005619e0213528 in Item_in_subselect::fix_having (this=this@entry=0x14a6d0016ba0, having=0x14a6d0071f78, select_lex=0x14a6d00164b8) at /test/10.11_dbg/sql/item_subselect.cc:2233
 
#29 0x00005619e0220c41 in Item_in_subselect::create_row_in_to_exists_cond (this=this@entry=0x14a6d0016ba0, join=join@entry=0x14a6d00299e8, where_item=where_item@entry=0x14a6d0029f60, having_item=having_item@entry=0x14a6d0029f68) at /test/10.11_dbg/sql/item_subselect.cc:2717
 
#30 0x00005619e0221eb5 in Item_in_subselect::create_in_to_exists_cond (this=this@entry=0x14a6d0016ba0, join_arg=join_arg@entry=0x14a6d00299e8) at /test/10.11_dbg/sql/item_subselect.cc:2768
 
#31 0x00005619dffe01f4 in JOIN::choose_tableless_subquery_plan (this=this@entry=0x14a6d00299e8) at /test/10.11_dbg/sql/opt_subselect.cc:6812
 
#32 0x00005619dfeaaeab in JOIN::optimize_stage2 (this=this@entry=0x14a6d00299e8) at /test/10.11_dbg/sql/sql_select.cc:3321
 
#33 0x00005619dfeaea75 in JOIN::optimize_inner (this=this@entry=0x14a6d00299e8) at /test/10.11_dbg/sql/sql_select.cc:2561
 
#34 0x00005619dfeaee45 in JOIN::optimize (this=this@entry=0x14a6d00299e8) at /test/10.11_dbg/sql/sql_select.cc:1871
 
#35 0x00005619dfdf6cc0 in st_select_lex::optimize_unflattened_subqueries (this=0x14a6d00057b8, const_only=const_only@entry=false) at /test/10.11_dbg/sql/sql_lex.cc:4905
 
#36 0x00005619dffddc27 in JOIN::optimize_unflattened_subqueries (this=this@entry=0x14a6d00278f0) at /test/10.11_dbg/sql/opt_subselect.cc:5655
 
#37 0x00005619dfeac6b6 in JOIN::optimize_stage2 (this=this@entry=0x14a6d00278f0) at /test/10.11_dbg/sql/sql_select.cc:3136
 
#38 0x00005619dfeaea75 in JOIN::optimize_inner (this=this@entry=0x14a6d00278f0) at /test/10.11_dbg/sql/sql_select.cc:2561
 
#39 0x00005619dfeaee45 in JOIN::optimize (this=this@entry=0x14a6d00278f0) at /test/10.11_dbg/sql/sql_select.cc:1871
 
#40 0x00005619dfeaef35 in mysql_select (thd=thd@entry=0x14a6d0000d48, tables=tables@entry=0x14a6d0013290, fields=@0x14a72c8becf0: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x5619e13b2f00 <end_of_list>, last = 0x14a72c8becf0, elements = 0}, <No data fields>}, conds=conds@entry=0x14a6d0016ba0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=37383395344512, result=0x14a6d0027800, unit=0x14a6d0004f88, select_lex=0x14a6d00057b8) at /test/10.11_dbg/sql/sql_select.cc:5067
 
#41 0x00005619dff2816b in mysql_multi_update (thd=thd@entry=0x14a6d0000d48, table_list=0x14a6d0013290, fields=fields@entry=0x14a6d0005a58, values=values@entry=0x14a6d0005e88, conds=0x14a6d0016ba0, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14a6d0004f88, select_lex=0x14a6d00057b8, result=0x14a72c8beed0) at /test/10.11_dbg/sql/sql_update.cc:1980
 
#42 0x00005619dfe2a8c8 in mysql_execute_command (thd=thd@entry=0x14a6d0000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:4489
 
#43 0x00005619dfe17606 in mysql_parse (thd=thd@entry=0x14a6d0000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14a72c8bf300) at /test/10.11_dbg/sql/sql_parse.cc:7998
 
#44 0x00005619dfe24b41 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14a6d0000d48, packet=packet@entry=0x14a6d000adf9 "UPDATE c SET c=1 WHERE (SELECT '',c WHERE c=2 INTERSECT SELECT 1,1 FROM c WHERE c=3) IN (SELECT c,c)", packet_length=packet_length@entry=100, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:1346
 
#45 0x00005619dfe26f7f in do_command (thd=0x14a6d0000d48, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
 
#46 0x00005619dff81763 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x5619e3cbd2f8, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1416
 
#47 0x00005619dff81c32 in handle_one_connection (arg=0x5619e3cbd2f8) at /test/10.11_dbg/sql/sql_connect.cc:1318
 
#48 0x000014a746339609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#49 0x000014a745f25133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.4.27 (dbg), 10.4.27 (opt), 10.5.18 (dbg), 10.5.18 (opt), 10.6.10 (dbg), 10.6.10 (opt), 10.7.6 (dbg), 10.7.6 (opt), 10.8.5 (dbg), 10.9.3 (dbg), 10.9.3 (opt), 10.10.2 (dbg), 10.10.2 (opt), 10.11.2 (dbg), 10.11.2 (opt)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.37 (dbg), 10.3.37 (opt), 10.8.5 (opt)
MySQL: 5.5.62 (dbg), 5.5.62 (opt), 5.6.51 (dbg), 5.6.51 (opt), 5.7.38 (dbg), 5.7.38 (opt), 8.0.29 (dbg), 8.0.29 (opt)

Comment by Roel Van de Paar [ 2022-11-21 ]

Additional stack with:

CREATE TABLE c(c BIGINT UNIQUE) ENGINE=InnoDB;
 
UPDATE c SET c=0 WHERE(SELECT -0 ^ 0 +''/ 0,c WHERE c<0 INTERSECT SELECT c,''FROM c WHERE c>0  * 0)IN (SELECT c,c);

Leads to:

10.10.0 e1caa4bd5e8b4645944b85d4b603bf9fc9ef6ca4 (Debug)

 
mysqld: /test/10.10_dbg/sql/item.cc:10692: virtual double Item_type_holder::val_real(): Assertion `0' failed.

10.10.0 e1caa4bd5e8b4645944b85d4b603bf9fc9ef6ca4 (Debug)

 
Core was generated by `/test/MD290722-mariadb-10.10.0-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
 
Program terminated with signal SIGABRT, Aborted.
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
[Current thread is 1 (Thread 0x14d7bed45700 (LWP 1057319))]
 
(gdb) bt
 
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
 
#1  0x000014d7dc0f2859 in __GI_abort () at abort.c:79
 
#2  0x000014d7dc0f2729 in __assert_fail_base (fmt=0x14d7dc288588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x562e8a3019d9 "0", file=0x562e8a2e6fa0 "/test/10.10_dbg/sql/item.cc", line=10692, function=<optimized out>) at assert.c:92
 
#3  0x000014d7dc103fd6 in __GI___assert_fail (assertion=assertion@entry=0x562e8a3019d9 "0", file=file@entry=0x562e8a2e6fa0 "/test/10.10_dbg/sql/item.cc", line=line@entry=10692, function=function@entry=0x562e8a2e7610 "virtual double Item_type_holder::val_real()") at assert.c:101
 
#4  0x0000562e89867125 in Item_type_holder::val_real (this=<optimized out>) at /test/10.10_dbg/sql/item.cc:10692
 
#5  0x0000562e89437ec1 in Item::val_result (this=<optimized out>) at /test/10.10_dbg/sql/item.h:1778
 
#6  0x0000562e898664b1 in Item_cache_real::cache_value (this=0x14d7700291a0) at /test/10.10_dbg/sql/item.cc:10352
 
#7  0x0000562e89866500 in Item_cache::has_value (this=0x14d7700291a0) at /test/10.10_dbg/sql/item.h:7099
 
#8  Item_cache_real::val_real (this=0x14d7700291a0) at /test/10.10_dbg/sql/item.cc:10360
 
#9  0x0000562e89437ec1 in Item::val_result (this=<optimized out>) at /test/10.10_dbg/sql/item.h:1778
 
#10 0x0000562e898664b1 in Item_cache_real::cache_value (this=0x14d770029f88) at /test/10.10_dbg/sql/item.cc:10352
 
#11 0x0000562e89866500 in Item_cache::has_value (this=0x14d770029f88) at /test/10.10_dbg/sql/item.h:7099
 
#12 Item_cache_real::val_real (this=0x14d770029f88) at /test/10.10_dbg/sql/item.cc:10360
 
#13 0x0000562e8987ec59 in Item::save_real_in_field (this=0x14d770029f88, field=0x14d77002a770, no_conversions=<optimized out>) at /test/10.10_dbg/sql/item.cc:6822
 
#14 0x0000562e8975dd34 in Type_handler_real_result::Item_save_in_field (this=<optimized out>, item=<optimized out>, field=<optimized out>, no_conversions=<optimized out>) at /test/10.10_dbg/sql/sql_type.cc:4348
 
#15 0x0000562e898654f1 in Item::save_in_field (this=0x14d770029f88, field=0x14d77002a770, no_conversions=<optimized out>) at /test/10.10_dbg/sql/item.cc:6852
 
#16 0x0000562e89869b16 in Item_ref::save_in_field (this=0x14d7700782f0, to=<optimized out>, no_conversions=<optimized out>) at /test/10.10_dbg/sql/item.cc:8574
 
#17 0x0000562e89875c65 in Item::save_in_field_no_warnings (this=<optimized out>, field=field@entry=0x14d77002a770, no_conversions=no_conversions@entry=true) at /test/10.10_dbg/sql/item.cc:1519
 
#18 0x0000562e89896a50 in convert_const_to_int (thd=thd@entry=0x14d770000db8, field_item=field_item@entry=0x14d770017960, item=0x14d770078568) at /test/10.10_dbg/sql/item_cmpfunc.cc:342
 
#19 0x0000562e898a14d9 in Item_func::convert_const_compared_to_int_field (this=this@entry=0x14d7700784f0, thd=thd@entry=0x14d770000db8) at /test/10.10_dbg/sql/item_cmpfunc.cc:396
 
#20 0x0000562e898a167c in Item_func::setup_args_and_comparator (this=this@entry=0x14d7700784f0, thd=0x14d770000db8, cmp=cmp@entry=0x14d7700785a0) at /test/10.10_dbg/sql/item_cmpfunc.cc:416
 
#21 0x0000562e898a1838 in Item_bool_rowready_func2::fix_length_and_dec (this=0x14d7700784f0, thd=<optimized out>) at /test/10.10_dbg/sql/item_cmpfunc.cc:449
 
#22 0x0000562e898d6379 in Item_func::fix_fields (this=0x14d7700784f0, thd=0x14d770000db8, ref=<optimized out>) at /test/10.10_dbg/sql/item_func.cc:359
 
#23 0x0000562e8989d4b6 in Item::fix_fields_if_needed (ref=0x14d7700789a0, thd=0x14d770000db8, this=0x14d7700784f0) at /test/10.10_dbg/sql/item.h:1152
 
#24 Item::fix_fields_if_needed_for_scalar (ref=0x14d7700789a0, thd=0x14d770000db8, this=0x14d7700784f0) at /test/10.10_dbg/sql/item.h:1148
 
#25 Item::fix_fields_if_needed_for_bool (ref=0x14d7700789a0, thd=0x14d770000db8, this=0x14d7700784f0) at /test/10.10_dbg/sql/item.h:1152
 
#26 Item_cond::fix_fields (this=0x14d7700788c8, thd=0x14d770000db8, ref=<optimized out>) at /test/10.10_dbg/sql/item_cmpfunc.cc:4893
 
#27 0x0000562e8989d4b6 in Item::fix_fields_if_needed (ref=0x14d770079720, thd=0x14d770000db8, this=0x14d7700788c8) at /test/10.10_dbg/sql/item.h:1152
 
#28 Item::fix_fields_if_needed_for_scalar (ref=0x14d770079720, thd=0x14d770000db8, this=0x14d7700788c8) at /test/10.10_dbg/sql/item.h:1148
 
#29 Item::fix_fields_if_needed_for_bool (ref=0x14d770079720, thd=0x14d770000db8, this=0x14d7700788c8) at /test/10.10_dbg/sql/item.h:1152
 
#30 Item_cond::fix_fields (this=0x14d770079620, thd=0x14d770000db8, ref=<optimized out>) at /test/10.10_dbg/sql/item_cmpfunc.cc:4893
 
#31 0x0000562e8995e3a6 in Item_in_subselect::fix_having (this=this@entry=0x14d770026950, having=0x14d770079620, select_lex=0x14d7700174e0) at /test/10.10_dbg/sql/item_subselect.cc:2276
 
#32 0x0000562e8996c00d in Item_in_subselect::create_row_in_to_exists_cond (this=this@entry=0x14d770026950, join=join@entry=0x14d770029358, where_item=where_item@entry=0x14d7700298c8, having_item=having_item@entry=0x14d7700298d0) at /test/10.10_dbg/sql/item_subselect.cc:2760
 
#33 0x0000562e8996d281 in Item_in_subselect::create_in_to_exists_cond (this=this@entry=0x14d770026950, join_arg=join_arg@entry=0x14d770029358) at /test/10.10_dbg/sql/item_subselect.cc:2811
 
#34 0x0000562e897275b9 in JOIN::choose_tableless_subquery_plan (this=this@entry=0x14d770029358) at /test/10.10_dbg/sql/opt_subselect.cc:6812
 
#35 0x0000562e895ed267 in JOIN::optimize_stage2 (this=this@entry=0x14d770029358) at /test/10.10_dbg/sql/sql_select.cc:3307
 
#36 0x0000562e895f11a9 in JOIN::optimize_inner (this=this@entry=0x14d770029358) at /test/10.10_dbg/sql/sql_select.cc:2547
 
#37 0x0000562e895f156e in JOIN::optimize (this=this@entry=0x14d770029358) at /test/10.10_dbg/sql/sql_select.cc:1863
 
#38 0x0000562e895340a4 in st_select_lex::optimize_unflattened_subqueries (this=0x14d7700057f0, const_only=const_only@entry=false) at /test/10.10_dbg/sql/sql_lex.cc:4914
 
#39 0x0000562e89724da3 in JOIN::optimize_unflattened_subqueries (this=this@entry=0x14d770026f00) at /test/10.10_dbg/sql/opt_subselect.cc:5655
 
#40 0x0000562e895eec04 in JOIN::optimize_stage2 (this=this@entry=0x14d770026f00) at /test/10.10_dbg/sql/sql_select.cc:3122
 
#41 0x0000562e895f11a9 in JOIN::optimize_inner (this=this@entry=0x14d770026f00) at /test/10.10_dbg/sql/sql_select.cc:2547
 
#42 0x0000562e895f156e in JOIN::optimize (this=this@entry=0x14d770026f00) at /test/10.10_dbg/sql/sql_select.cc:1863
 
#43 0x0000562e895f1661 in mysql_select (thd=thd@entry=0x14d770000db8, tables=tables@entry=0x14d770013dd0, fields=@0x14d7bed43d20: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x562e8aa43860 <end_of_list>, last = 0x14d7bed43d20, elements = 0}, <No data fields>}, conds=conds@entry=0x14d770026950, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2200096997504, result=0x14d770026df0, unit=0x14d770004ff0, select_lex=0x14d7700057f0) at /test/10.10_dbg/sql/sql_select.cc:5048
 
#44 0x0000562e8966afeb in mysql_multi_update (thd=thd@entry=0x14d770000db8, table_list=0x14d770013dd0, fields=fields@entry=0x14d770005a90, values=values@entry=0x14d770005ec0, conds=0x14d770026950, options=0, handle_duplicates=DUP_ERROR, ignore=false, unit=0x14d770004ff0, select_lex=0x14d7700057f0, result=0x14d7bed43f00) at /test/10.10_dbg/sql/sql_update.cc:1979
 
#45 0x0000562e89569be1 in mysql_execute_command (thd=thd@entry=0x14d770000db8, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.10_dbg/sql/sql_parse.cc:4487
 
#46 0x0000562e89556534 in mysql_parse (thd=thd@entry=0x14d770000db8, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x14d7bed44330) at /test/10.10_dbg/sql/sql_parse.cc:8037
 
#47 0x0000562e89563b1c in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x14d770000db8, packet=packet@entry=0x14d77000b6e9 "UPDATE c SET c=0 WHERE(SELECT -0 ^ 0 +''/ 0,c WHERE c<0 INTERSECT SELECT c,''FROM c WHERE c>0  * 0)IN (SELECT c,c)", packet_length=packet_length@entry=114, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_class.h:1366
 
#48 0x0000562e89566226 in do_command (thd=0x14d770000db8, blocking=blocking@entry=true) at /test/10.10_dbg/sql/sql_parse.cc:1407
 
#49 0x0000562e896c7744 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x562e8c5b2218, put_in_cache=put_in_cache@entry=true) at /test/10.10_dbg/sql/sql_connect.cc:1418
 
#50 0x0000562e896c7c4d in handle_one_connection (arg=0x562e8c5b2218) at /test/10.10_dbg/sql/sql_connect.cc:1312
 
#51 0x000014d7dc603609 in start_thread (arg=<optimized out>) at pthread_create.c:477
 
#52 0x000014d7dc1ef133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Same versions.

Comment by Roel Van de Paar [ 2022-11-21 ]

UBSAN Sees various issues:

CREATE TABLE c(c BIGINT) ENGINE=InnoDB;
 
UPDATE c SET c=1 WHERE (SELECT '',c WHERE c=2 INTERSECT SELECT 1,1 FROM c WHERE c=3) IN (SELECT c,c);

Leads to:

10.11.0 fe1f8f2c6b6f3b8e3383168225f9ae7853028947 (Optimized, UBASAN)

 
/test/10.11_opt_san/sql/item.cc:10489:20: runtime error: reference binding to null pointer of type 'const struct String'
 
    #0 0x55f285d72bf8 in Item_cache_str::cache_value() /test/10.11_opt_san/sql/item.cc:10489
 
    #1 0x55f285eb03ac in Item_cache::has_value() /test/10.11_opt_san/sql/item.h:7099
 
    #2 0x55f285d7f080 in Item_cache_str::val_str(String*) /test/10.11_opt_san/sql/item.cc:10515
 
    #3 0x55f285d7222e in Item_cache_str::cache_value() /test/10.11_opt_san/sql/item.cc:10476
 
    #4 0x55f285eb03ac in Item_cache::has_value() /test/10.11_opt_san/sql/item.h:7099
 
    #5 0x55f285d7f86e in Item_cache_str::save_in_field(Field*, bool) /test/10.11_opt_san/sql/item.cc:10531
 
    #6 0x55f285d5e5c7 in Item_ref::save_in_field(Field*, bool) /test/10.11_opt_san/sql/item.cc:8574
 
    #7 0x55f285db366f in Item::save_in_field_no_warnings(Field*, bool) /test/10.11_opt_san/sql/item.cc:1519
 
    #8 0x55f285f58aa9 in convert_const_to_int /test/10.11_opt_san/sql/item_cmpfunc.cc:353
 
    #9 0x55f285f61b58 in Item_func::setup_args_and_comparator(THD*, Arg_comparator*) /test/10.11_opt_san/sql/item_cmpfunc.cc:427
 
    #10 0x55f2861987e8 in Item_func::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_func.cc:359
 
    #11 0x55f285f54817 in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
 
    #12 0x55f285f54817 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/10.11_opt_san/sql/item.h:1148
 
    #13 0x55f285f54817 in Item::fix_fields_if_needed_for_bool(THD*, Item**) /test/10.11_opt_san/sql/item.h:1152
 
    #14 0x55f285f54817 in Item_cond::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_cmpfunc.cc:4906
 
    #15 0x55f285f54817 in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
 
    #16 0x55f285f54817 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/10.11_opt_san/sql/item.h:1148
 
    #17 0x55f285f54817 in Item::fix_fields_if_needed_for_bool(THD*, Item**) /test/10.11_opt_san/sql/item.h:1152
 
    #18 0x55f285f54817 in Item_cond::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_cmpfunc.cc:4906
 
    #19 0x55f28668ab7a in Item_in_subselect::fix_having(Item*, st_select_lex*) /test/10.11_opt_san/sql/item_subselect.cc:2277
 
    #20 0x55f286697e39 in Item_in_subselect::create_row_in_to_exists_cond(JOIN*, Item**, Item**) /test/10.11_opt_san/sql/item_subselect.cc:2761
 
    #21 0x55f2866ae277 in Item_in_subselect::create_in_to_exists_cond(JOIN*) /test/10.11_opt_san/sql/item_subselect.cc:2812
 
    #22 0x55f28535eb26 in JOIN::choose_tableless_subquery_plan() /test/10.11_opt_san/sql/opt_subselect.cc:6812
 
    #23 0x55f284b75a97 in JOIN::optimize_stage2() /test/10.11_opt_san/sql/sql_select.cc:3310
 
    #24 0x55f284b94d91 in JOIN::optimize_inner() /test/10.11_opt_san/sql/sql_select.cc:2550
 
    #25 0x55f284bbaf6f in JOIN::optimize() /test/10.11_opt_san/sql/sql_select.cc:1863
 
    #26 0x55f28469c632 in st_select_lex::optimize_unflattened_subqueries(bool) /test/10.11_opt_san/sql/sql_lex.cc:4915
 
    #27 0x55f284b7f765 in JOIN::optimize_stage2() /test/10.11_opt_san/sql/sql_select.cc:3125
 
    #28 0x55f284b94d91 in JOIN::optimize_inner() /test/10.11_opt_san/sql/sql_select.cc:2550
 
    #29 0x55f284bbaf6f in JOIN::optimize() /test/10.11_opt_san/sql/sql_select.cc:1863
 
    #30 0x55f284bcc1fa in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.11_opt_san/sql/sql_select.cc:5056
 
    #31 0x55f284ef4947 in mysql_multi_update(THD*, TABLE_LIST*, List<Item>*, List<Item>*, Item*, unsigned long long, enum_duplicates, bool, st_select_lex_unit*, st_select_lex*, multi_update**) /test/10.11_opt_san/sql/sql_update.cc:1980
 
    #32 0x55f284829aa5 in mysql_execute_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:4487
 
    #33 0x55f2847ae500 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.11_opt_san/sql/sql_parse.cc:8035
 
    #34 0x55f2848030ff in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.11_opt_san/sql/sql_parse.cc:1894
 
    #35 0x55f28480e3fd in do_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:1407
 
    #36 0x55f2850f74cd in do_handle_one_connection(CONNECT*, bool) /test/10.11_opt_san/sql/sql_connect.cc:1418
 
    #37 0x55f2850f9b3c in handle_one_connection /test/10.11_opt_san/sql/sql_connect.cc:1312
 
    #38 0x14781a1c6608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
 
    #39 0x14781943b132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
 
 
 
/test/10.11_opt_san/sql/sql_string.h:884:16: runtime error: member access within null pointer of type 'const struct String'
 
    #0 0x55f285d72c06 in String::copy(String const&) /test/10.11_opt_san/sql/sql_string.h:884
 
    #1 0x55f285d72c06 in Item_cache_str::cache_value() /test/10.11_opt_san/sql/item.cc:10489
 
    #2 0x55f285eb03ac in Item_cache::has_value() /test/10.11_opt_san/sql/item.h:7099
 
    #3 0x55f285d7f080 in Item_cache_str::val_str(String*) /test/10.11_opt_san/sql/item.cc:10515
 
    #4 0x55f285d7222e in Item_cache_str::cache_value() /test/10.11_opt_san/sql/item.cc:10476
 
    #5 0x55f285eb03ac in Item_cache::has_value() /test/10.11_opt_san/sql/item.h:7099
 
    #6 0x55f285d7f86e in Item_cache_str::save_in_field(Field*, bool) /test/10.11_opt_san/sql/item.cc:10531
 
    #7 0x55f285d5e5c7 in Item_ref::save_in_field(Field*, bool) /test/10.11_opt_san/sql/item.cc:8574
 
    #8 0x55f285db366f in Item::save_in_field_no_warnings(Field*, bool) /test/10.11_opt_san/sql/item.cc:1519
 
    #9 0x55f285f58aa9 in convert_const_to_int /test/10.11_opt_san/sql/item_cmpfunc.cc:353
 
    #10 0x55f285f61b58 in Item_func::setup_args_and_comparator(THD*, Arg_comparator*) /test/10.11_opt_san/sql/item_cmpfunc.cc:427
 
    #11 0x55f2861987e8 in Item_func::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_func.cc:359
 
    #12 0x55f285f54817 in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
 
    #13 0x55f285f54817 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/10.11_opt_san/sql/item.h:1148
 
    #14 0x55f285f54817 in Item::fix_fields_if_needed_for_bool(THD*, Item**) /test/10.11_opt_san/sql/item.h:1152
 
    #15 0x55f285f54817 in Item_cond::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_cmpfunc.cc:4906
 
    #16 0x55f285f54817 in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
 
    #17 0x55f285f54817 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/10.11_opt_san/sql/item.h:1148
 
    #18 0x55f285f54817 in Item::fix_fields_if_needed_for_bool(THD*, Item**) /test/10.11_opt_san/sql/item.h:1152
 
    #19 0x55f285f54817 in Item_cond::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_cmpfunc.cc:4906
 
    #20 0x55f28668ab7a in Item_in_subselect::fix_having(Item*, st_select_lex*) /test/10.11_opt_san/sql/item_subselect.cc:2277
 
    #21 0x55f286697e39 in Item_in_subselect::create_row_in_to_exists_cond(JOIN*, Item**, Item**) /test/10.11_opt_san/sql/item_subselect.cc:2761
 
    #22 0x55f2866ae277 in Item_in_subselect::create_in_to_exists_cond(JOIN*) /test/10.11_opt_san/sql/item_subselect.cc:2812
 
    #23 0x55f28535eb26 in JOIN::choose_tableless_subquery_plan() /test/10.11_opt_san/sql/opt_subselect.cc:6812
 
    #24 0x55f284b75a97 in JOIN::optimize_stage2() /test/10.11_opt_san/sql/sql_select.cc:3310
 
    #25 0x55f284b94d91 in JOIN::optimize_inner() /test/10.11_opt_san/sql/sql_select.cc:2550
 
    #26 0x55f284bbaf6f in JOIN::optimize() /test/10.11_opt_san/sql/sql_select.cc:1863
 
    #27 0x55f28469c632 in st_select_lex::optimize_unflattened_subqueries(bool) /test/10.11_opt_san/sql/sql_lex.cc:4915
 
    #28 0x55f284b7f765 in JOIN::optimize_stage2() /test/10.11_opt_san/sql/sql_select.cc:3125
 
    #29 0x55f284b94d91 in JOIN::optimize_inner() /test/10.11_opt_san/sql/sql_select.cc:2550
 
    #30 0x55f284bbaf6f in JOIN::optimize() /test/10.11_opt_san/sql/sql_select.cc:1863
 
    #31 0x55f284bcc1fa in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.11_opt_san/sql/sql_select.cc:5056
 
    #32 0x55f284ef4947 in mysql_multi_update(THD*, TABLE_LIST*, List<Item>*, List<Item>*, Item*, unsigned long long, enum_duplicates, bool, st_select_lex_unit*, st_select_lex*, multi_update**) /test/10.11_opt_san/sql/sql_update.cc:1980
 
    #33 0x55f284829aa5 in mysql_execute_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:4487
 
    #34 0x55f2847ae500 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.11_opt_san/sql/sql_parse.cc:8035
 
    #35 0x55f2848030ff in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.11_opt_san/sql/sql_parse.cc:1894
 
    #36 0x55f28480e3fd in do_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:1407
 
    #37 0x55f2850f74cd in do_handle_one_connection(CONNECT*, bool) /test/10.11_opt_san/sql/sql_connect.cc:1418
 
    #38 0x55f2850f9b3c in handle_one_connection /test/10.11_opt_san/sql/sql_connect.cc:1312
 
    #39 0x14781a1c6608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
 
    #40 0x14781943b132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
 
 
 
/test/10.11_opt_san/sql/sql_string.h:884:16: runtime error: reference binding to null pointer of type 'const struct Charset'
 
    #0 0x55f285d72c14 in String::copy(String const&) /test/10.11_opt_san/sql/sql_string.h:884
 
    #1 0x55f285d72c14 in Item_cache_str::cache_value() /test/10.11_opt_san/sql/item.cc:10489
 
    #2 0x55f285eb03ac in Item_cache::has_value() /test/10.11_opt_san/sql/item.h:7099
 
    #3 0x55f285d7f080 in Item_cache_str::val_str(String*) /test/10.11_opt_san/sql/item.cc:10515
 
    #4 0x55f285d7222e in Item_cache_str::cache_value() /test/10.11_opt_san/sql/item.cc:10476
 
    #5 0x55f285eb03ac in Item_cache::has_value() /test/10.11_opt_san/sql/item.h:7099
 
    #6 0x55f285d7f86e in Item_cache_str::save_in_field(Field*, bool) /test/10.11_opt_san/sql/item.cc:10531
 
    #7 0x55f285d5e5c7 in Item_ref::save_in_field(Field*, bool) /test/10.11_opt_san/sql/item.cc:8574
 
    #8 0x55f285db366f in Item::save_in_field_no_warnings(Field*, bool) /test/10.11_opt_san/sql/item.cc:1519
 
    #9 0x55f285f58aa9 in convert_const_to_int /test/10.11_opt_san/sql/item_cmpfunc.cc:353
 
    #10 0x55f285f61b58 in Item_func::setup_args_and_comparator(THD*, Arg_comparator*) /test/10.11_opt_san/sql/item_cmpfunc.cc:427
 
    #11 0x55f2861987e8 in Item_func::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_func.cc:359
 
    #12 0x55f285f54817 in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
 
    #13 0x55f285f54817 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/10.11_opt_san/sql/item.h:1148
 
    #14 0x55f285f54817 in Item::fix_fields_if_needed_for_bool(THD*, Item**) /test/10.11_opt_san/sql/item.h:1152
 
    #15 0x55f285f54817 in Item_cond::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_cmpfunc.cc:4906
 
    #16 0x55f285f54817 in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
 
    #17 0x55f285f54817 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/10.11_opt_san/sql/item.h:1148
 
    #18 0x55f285f54817 in Item::fix_fields_if_needed_for_bool(THD*, Item**) /test/10.11_opt_san/sql/item.h:1152
 
    #19 0x55f285f54817 in Item_cond::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_cmpfunc.cc:4906
 
    #20 0x55f28668ab7a in Item_in_subselect::fix_having(Item*, st_select_lex*) /test/10.11_opt_san/sql/item_subselect.cc:2277
 
    #21 0x55f286697e39 in Item_in_subselect::create_row_in_to_exists_cond(JOIN*, Item**, Item**) /test/10.11_opt_san/sql/item_subselect.cc:2761
 
    #22 0x55f2866ae277 in Item_in_subselect::create_in_to_exists_cond(JOIN*) /test/10.11_opt_san/sql/item_subselect.cc:2812
 
    #23 0x55f28535eb26 in JOIN::choose_tableless_subquery_plan() /test/10.11_opt_san/sql/opt_subselect.cc:6812
 
    #24 0x55f284b75a97 in JOIN::optimize_stage2() /test/10.11_opt_san/sql/sql_select.cc:3310
 
    #25 0x55f284b94d91 in JOIN::optimize_inner() /test/10.11_opt_san/sql/sql_select.cc:2550
 
    #26 0x55f284bbaf6f in JOIN::optimize() /test/10.11_opt_san/sql/sql_select.cc:1863
 
    #27 0x55f28469c632 in st_select_lex::optimize_unflattened_subqueries(bool) /test/10.11_opt_san/sql/sql_lex.cc:4915
 
    #28 0x55f284b7f765 in JOIN::optimize_stage2() /test/10.11_opt_san/sql/sql_select.cc:3125
 
    #29 0x55f284b94d91 in JOIN::optimize_inner() /test/10.11_opt_san/sql/sql_select.cc:2550
 
    #30 0x55f284bbaf6f in JOIN::optimize() /test/10.11_opt_san/sql/sql_select.cc:1863
 
    #31 0x55f284bcc1fa in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.11_opt_san/sql/sql_select.cc:5056
 
    #32 0x55f284ef4947 in mysql_multi_update(THD*, TABLE_LIST*, List<Item>*, List<Item>*, Item*, unsigned long long, enum_duplicates, bool, st_select_lex_unit*, st_select_lex*, multi_update**) /test/10.11_opt_san/sql/sql_update.cc:1980
 
    #33 0x55f284829aa5 in mysql_execute_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:4487
 
    #34 0x55f2847ae500 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.11_opt_san/sql/sql_parse.cc:8035
 
    #35 0x55f2848030ff in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.11_opt_san/sql/sql_parse.cc:1894
 
    #36 0x55f28480e3fd in do_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:1407
 
    #37 0x55f2850f74cd in do_handle_one_connection(CONNECT*, bool) /test/10.11_opt_san/sql/sql_connect.cc:1418
 
    #38 0x55f2850f9b3c in handle_one_connection /test/10.11_opt_san/sql/sql_connect.cc:1312
 
    #39 0x14781a1c6608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
 
    #40 0x14781943b132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
 
 
 
/test/10.11_opt_san/sql/sql_string.h:184:22: runtime error: member access within null pointer of type 'const struct Charset'
 
    #0 0x55f285d72c22 in Charset::set_charset(Charset const&) /test/10.11_opt_san/sql/sql_string.h:184
 
    #1 0x55f285d72c22 in String::copy(String const&) /test/10.11_opt_san/sql/sql_string.h:884
 
    #2 0x55f285d72c22 in Item_cache_str::cache_value() /test/10.11_opt_san/sql/item.cc:10489
 
    #3 0x55f285eb03ac in Item_cache::has_value() /test/10.11_opt_san/sql/item.h:7099
 
    #4 0x55f285d7f080 in Item_cache_str::val_str(String*) /test/10.11_opt_san/sql/item.cc:10515
 
    #5 0x55f285d7222e in Item_cache_str::cache_value() /test/10.11_opt_san/sql/item.cc:10476
 
    #6 0x55f285eb03ac in Item_cache::has_value() /test/10.11_opt_san/sql/item.h:7099
 
    #7 0x55f285d7f86e in Item_cache_str::save_in_field(Field*, bool) /test/10.11_opt_san/sql/item.cc:10531
 
    #8 0x55f285d5e5c7 in Item_ref::save_in_field(Field*, bool) /test/10.11_opt_san/sql/item.cc:8574
 
    #9 0x55f285db366f in Item::save_in_field_no_warnings(Field*, bool) /test/10.11_opt_san/sql/item.cc:1519
 
    #10 0x55f285f58aa9 in convert_const_to_int /test/10.11_opt_san/sql/item_cmpfunc.cc:353
 
    #11 0x55f285f61b58 in Item_func::setup_args_and_comparator(THD*, Arg_comparator*) /test/10.11_opt_san/sql/item_cmpfunc.cc:427
 
    #12 0x55f2861987e8 in Item_func::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_func.cc:359
 
    #13 0x55f285f54817 in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
 
    #14 0x55f285f54817 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/10.11_opt_san/sql/item.h:1148
 
    #15 0x55f285f54817 in Item::fix_fields_if_needed_for_bool(THD*, Item**) /test/10.11_opt_san/sql/item.h:1152
 
    #16 0x55f285f54817 in Item_cond::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_cmpfunc.cc:4906
 
    #17 0x55f285f54817 in Item::fix_fields_if_needed(THD*, Item**) /test/10.11_opt_san/sql/item.h:1144
 
    #18 0x55f285f54817 in Item::fix_fields_if_needed_for_scalar(THD*, Item**) /test/10.11_opt_san/sql/item.h:1148
 
    #19 0x55f285f54817 in Item::fix_fields_if_needed_for_bool(THD*, Item**) /test/10.11_opt_san/sql/item.h:1152
 
    #20 0x55f285f54817 in Item_cond::fix_fields(THD*, Item**) /test/10.11_opt_san/sql/item_cmpfunc.cc:4906
 
    #21 0x55f28668ab7a in Item_in_subselect::fix_having(Item*, st_select_lex*) /test/10.11_opt_san/sql/item_subselect.cc:2277
 
    #22 0x55f286697e39 in Item_in_subselect::create_row_in_to_exists_cond(JOIN*, Item**, Item**) /test/10.11_opt_san/sql/item_subselect.cc:2761
 
    #23 0x55f2866ae277 in Item_in_subselect::create_in_to_exists_cond(JOIN*) /test/10.11_opt_san/sql/item_subselect.cc:2812
 
    #24 0x55f28535eb26 in JOIN::choose_tableless_subquery_plan() /test/10.11_opt_san/sql/opt_subselect.cc:6812
 
    #25 0x55f284b75a97 in JOIN::optimize_stage2() /test/10.11_opt_san/sql/sql_select.cc:3310
 
    #26 0x55f284b94d91 in JOIN::optimize_inner() /test/10.11_opt_san/sql/sql_select.cc:2550
 
    #27 0x55f284bbaf6f in JOIN::optimize() /test/10.11_opt_san/sql/sql_select.cc:1863
 
    #28 0x55f28469c632 in st_select_lex::optimize_unflattened_subqueries(bool) /test/10.11_opt_san/sql/sql_lex.cc:4915
 
    #29 0x55f284b7f765 in JOIN::optimize_stage2() /test/10.11_opt_san/sql/sql_select.cc:3125
 
    #30 0x55f284b94d91 in JOIN::optimize_inner() /test/10.11_opt_san/sql/sql_select.cc:2550
 
    #31 0x55f284bbaf6f in JOIN::optimize() /test/10.11_opt_san/sql/sql_select.cc:1863
 
    #32 0x55f284bcc1fa in mysql_select(THD*, TABLE_LIST*, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) /test/10.11_opt_san/sql/sql_select.cc:5056
 
    #33 0x55f284ef4947 in mysql_multi_update(THD*, TABLE_LIST*, List<Item>*, List<Item>*, Item*, unsigned long long, enum_duplicates, bool, st_select_lex_unit*, st_select_lex*, multi_update**) /test/10.11_opt_san/sql/sql_update.cc:1980
 
    #34 0x55f284829aa5 in mysql_execute_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:4487
 
    #35 0x55f2847ae500 in mysql_parse(THD*, char*, unsigned int, Parser_state*) /test/10.11_opt_san/sql/sql_parse.cc:8035
 
    #36 0x55f2848030ff in dispatch_command(enum_server_command, THD*, char*, unsigned int, bool) /test/10.11_opt_san/sql/sql_parse.cc:1894
 
    #37 0x55f28480e3fd in do_command(THD*, bool) /test/10.11_opt_san/sql/sql_parse.cc:1407
 
    #38 0x55f2850f74cd in do_handle_one_connection(CONNECT*, bool) /test/10.11_opt_san/sql/sql_connect.cc:1418
 
    #39 0x55f2850f9b3c in handle_one_connection /test/10.11_opt_san/sql/sql_connect.cc:1312
 
    #40 0x14781a1c6608 in start_thread /build/glibc-SzIz7B/glibc-2.31/nptl/pthread_create.c:477
 
    #41 0x14781943b132 in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x11f132)
 
 
 
221121 20:08:52 [ERROR] mysqld got signal 11 ;

Comment by Alice Sherepa [ 2023-10-10 ]

test from MDEV-32430

CREATE TABLE x ( x FIXED ) ;
 
INSERT INTO x ( x ) VALUES ( 1 ) ;
 
UPDATE x SET x = 1 WHERE ( WITH x AS ( SELECT 1 - 1 AS x ORDER BY x = 1 AND ( x < ( 1 IN ( 1 , 1 ) ) AND x = 1 AND x = 1 AND x = 1 ) DESC , x , x LIMIT 1 ) SELECT CASE CASE ( x NOT BETWEEN 'x' AND 'x' AND x < 1 ) WHEN 'x' THEN 'x' WHEN x ( NULL ) THEN 'x' WHEN 'x' THEN 'x' END WHEN x = 'x' THEN 'x' END , x FROM x UNION SELECT x , x FROM x ) NOT IN ( SELECT x , x FROM x WHERE x < 1 OR ( 1 OR ( 1 IN ( 1 , 1 ) ) OR ( x BETWEEN 1 AND 1 ) AND x < 1 ) ) ;

Comment by Alice Sherepa [ 2023-12-12 ]

fixed by 69d294e7557eca760251d418c8fc9db94cf0521f commit (MDEV-29070)

Comment by Roel Van de Paar [ 2024-01-02 ]

Also 

CREATE TABLE t AS SELECT''as a;
 
SELECT a FROM t WHERE (SELECT a,a UNION SELECT 1,a FROM t) IN (SELECT 1,1);

Leads to

SIGSEGV|Charset::set_charset|String::copy|Item_cache_str::cache_value|Item_cache::has_value   # optimized, new
 
0|SIGABRT|Item_type_holder::val_str|Item::str_result|Item_cache_str::cache_value|Item_cache::has_value   # debug, seen before

Comment by Roel Van de Paar [ 2024-01-02 ]

Reassigning to oleg.smirnov to check re: alice last comment (fixed).

Comment by Oleg Smirnov [ 2024-01-09 ]

I confirm: all test cases listed here are fixed with MDEV-29070. Closing this task as a duplicate.

Generated at Thu Feb 08 10:05:50 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.