[MDEV-30358] 【BUG】【core dump】group by + having subquery = core dump Created: 2023-01-07  Updated: 2023-01-07  Resolved: 2023-01-07

Status: Closed
Project: MariaDB Server
Component/s: Optimizer
Affects Version/s: None
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: niezhibiao Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Environment:

ubuntu 16.04.4 LTS
MariaDB 10.4.6


 Description   

【重现步骤】
1、创建表 t1,插入记录
create table t1(pk int, col_int int)engine=innodb;
insert into t1 values(6,6),(8,8),(5,5);
SELECT pk AS field1 FROM t1 WHERE pk = 6 GROUP BY field1 HAVING (field1 = 8 OR field1 = ( SELECT pk FROM t1 WHERE col_int = 5 limit 1));

2、执行以下查询
语句一
SELECT pk AS field1 FROM t1 WHERE pk = 6 GROUP BY field1 HAVING (field1 = 8 OR field1 = ( SELECT pk FROM t1 WHERE col_int = 5 limit 1));

语句二
SELECT pk AS field1 FROM t1 GROUP BY field1 HAVING (field1 = 8 OR field1 = ( SELECT pk FROM t1 WHERE col_int = 5 limit 1));

【预期结果】
正确返回结果

【实际结果】
MariaDB server core dump

【备注】
语句一导致 MariaDB server core dump 后,堆栈如下:
linux/raise.c:54(__GI_raise)[0x7f4ed369203a]
stdlib/abort.c:91(__GI_abort)[0x7f4ed3688be7]
assert/assert.c:92(__assert_fail_base)[0x7f4ed3688c92]
/opt/mariadb_debug/bin/mysqld(_ZN12Item_func_eq7val_intEv+0x93)[0x5599072eec27]
/opt/mariadb_debug/bin/mysqld(_ZNK23Type_handler_int_result13Item_val_boolEP4Item+0x3b)[0x55990701c9fd]
sql/item_cmpfunc.cc:1754(Item_func_eq::val_int())[0x559906a15c0c]
sql/sql_type.cc:4418(Type_handler_int_result::Item_val_bool(Item*) const)[0x559907304162]
/opt/mariadb_debug/bin/mysqld(_Z14end_send_groupP4JOINP13st_join_tableb+0x6e7)[0x559906d2ebd0]
/opt/mariadb_debug/bin/mysqld(_Z10sub_selectP4JOINP13st_join_tableb+0x103)[0x559906d281da]
sql/item.h:1461(Item::val_bool())[0x559906d2704c]
sql/item_cmpfunc.cc:5300(Item_cond_or::val_int())[0x559906cdc98b]
sql/sql_select.cc:21616(end_send_group(JOIN*, st_join_table*, bool))[0x559906cdaeae]
sql/sql_select.cc:20238(sub_select(JOIN*, st_join_table*, bool))[0x559906cddbad]
sql/sql_select.cc:19829(do_select(JOIN*, Procedure*))[0x559906cbfbd7]
sql/sql_select.cc:4636(JOIN::exec_inner())[0x559906c54c61]
sql/sql_select.cc:4418(JOIN::exec())[0x559906c3ee12]
sql/sql_select.cc:4850(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x559906c5c040]
sql/sql_select.cc:425(handle_select(THD*, LEX*, select_result*, unsigned long))[0x559906c3230b]
sql/sql_parse.cc:6613(execute_sqlcom_select(THD*, TABLE_LIST*))[0x559906c2e6f2]
sql/sql_parse.cc:4148(mysql_execute_command(THD*))[0x559906eff70b]
sql/sql_parse.cc:8165(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x559906eff0b6]

语句二导致 MariaDB server core dump 后,堆栈如下:
linux/raise.c:54(__GI_raise)[0x7fc53df8f03a]
stdlib/abort.c:91(__GI_abort)[0x7fc53df85be7]
assert/assert.c:92(__assert_fail_base)[0x7fc53df85c92]
/opt/mariadb_debug/bin/mysqld(_ZN9Item_func10fix_fieldsEP3THDPP4Item+0x156)[0x55613404f71a]
/opt/mariadb_debug/bin/mysqld(ZN4Item20fix_fields_if_neededEP3THDPPS+0x79)[0x55613371c6af]
sql/item_func.cc:329(Item_func::fix_fields(THD*, Item**))[0x55613371c717]
/opt/mariadb_debug/bin/mysqld(ZN4Item29fix_fields_if_needed_for_boolEP3THDPPS+0x3d)[0x55613381900f]
sql/item.h:957(Item::fix_fields_if_needed(THD*, Item**))[0x556133ff167c]
sql/item.h:961(Item::fix_fields_if_needed_for_scalar(THD*, Item**))[0x556133a224fb]
sql/item.h:965(Item::fix_fields_if_needed_for_bool(THD*, Item**))[0x556133a21be7]
sql/item_cmpfunc.cc:4830(Item_cond::fix_fields(THD*, Item**))[0x5561339c255d]
sql/sql_select.cc:22235(make_cond_for_table_from_pred(THD*, Item*, Item*, unsigned long long, unsigned long long, int, bool, bool, bool))[0x5561339c63fe]
sql/sql_select.cc:22130(make_cond_for_table(THD*, Item*, unsigned long long, unsigned long long, int, bool, bool))[0x5561339c1e0b]
sql/sql_select.cc:3118(JOIN::add_having_as_table_cond(st_join_table*))[0x5561339bcb8f]
sql/sql_select.cc:3665(JOIN::make_aggr_tables_info())[0x5561339b8726]
sql/sql_select.cc:3041(JOIN::optimize_stage2())[0x5561339cda86]
sql/sql_select.cc:2225(JOIN::optimize_inner())[0x5561339afbd7]
sql/sql_select.cc:1563(JOIN::optimize())[0x556133944c61]
sql/sql_select.cc:4836(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x55613392ee12]
sql/sql_select.cc:425(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55613394c040]
sql/sql_parse.cc:6613(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55613392230b]
sql/sql_parse.cc:4148(mysql_execute_command(THD*))[0x55613391e6f2]
sql/sql_parse.cc:8165(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x556133bef70b]

 Comments   
Comment by niezhibiao [ 2023-01-07 ]

请尽快处理

Comment by Daniel Black [ 2023-01-07 ]

This has already been fixed:

MariaDB [test]> create table t1(pk int, col_int int)engine=innodb;
 
Query OK, 0 rows affected (0.001 sec)
 
 
 
MariaDB [test]> insert into t1 values(6,6),(8,8),(5,5);
 
Query OK, 3 rows affected (0.001 sec)
 
Records: 3  Duplicates: 0  Warnings: 0
 
 
 
MariaDB [test]> SELECT pk AS field1 FROM t1 WHERE pk = 6 GROUP BY field1 HAVING (field1 = 8 OR field1 = ( SELECT pk FROM t1 WHERE col_int = 5 limit 1));
 
Empty set (0.000 sec)
 
 
 
MariaDB [test]> SELECT pk AS field1 FROM t1 WHERE pk = 6 GROUP BY field1 HAVING (field1 = 8 OR field1 = ( SELECT pk FROM t1 WHERE col_int = 5 limit 1));
 
Empty set (0.001 sec)
 
 
 
MariaDB [test]> SELECT pk AS field1 FROM t1 GROUP BY field1 HAVING (field1 = 8 OR field1 = ( SELECT pk FROM t1 WHERE col_int = 5 limit 1));
 
+--------+
 
| field1 |
 
+--------+
 
|      5 |
 
|      8 |
 
+--------+
 
2 rows in set (0.001 sec)
 
 
 
MariaDB [test]> select version();
 
+-----------------+
 
| version()       |
 
+-----------------+
 
| 10.4.28-MariaDB |
 
+-----------------+
 
1 row in set (0.000 sec)

Please upgrade at no cost to achieve many bug fixes.

Comment by Daniel Black [ 2023-01-07 ]

There will be a duplicate somewhere in JIRA already.

Note no packages are provided for Ubuntu 16.04 as its beyond its basic support cycle.

Generated at Thu Feb 08 10:15:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.