[MDEV-30245] Server crashes with exception 0xc0000005 Created: 2022-12-16  Updated: 2022-12-19

Status: Open
Project: MariaDB Server
Component/s: Server
Affects Version/s: 10.10.2
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Daniel Kosinski Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Environment:

Windows 10 x64
Intel i7-7700
16GB Ram
HDD Storage

Attachments: Text File error_log.txt     File my.ini     File variables.csv     Text File windbg_trace.txt    

 Description   

Running following query:

select `hasTagsPerRun`.`runID`, count(distinct hasTagsPerRun.tagID, hasTagsPerRun.value) AS matchCount 
FROM 
(
 
 select `hasTag`.`runID`, `hasTag`.`tagID`, `hasTag`.`value` 
 from `hasTag` 
 group by `hasTag`.`runID`, `hasTag`.`tagID`, `hasTag`.`value`
 
) as `hasTagsPerRun`
 
inner join `tag` on `hasTagsPerRun`.`tagID` = `tag`.`id` 
where (`tag`.`key`, `hasTagsPerRun`.`value`) in (('status', 'io'))
 
group by `hasTagsPerRun`.`runID`

crashes MariaDB server reproducibly.
Attached my.ini , error_log.txt , windbg_trace.txt, variables.csv. Uploaded SQL dump MDEV-30245_sql_dump.7z into private section.

 Comments   
Comment by Marko Mäkelä [ 2022-12-17 ]

The crash seems to occur in the following line of the function heap_rrnd():

  if (!info->current_ptr[share->visible])

It would seem that either share->visible is out of bounds of the array, or share is an invalid pointer.

Generated at Thu Feb 08 10:14:47 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.