[MDEV-31292] Procedure call with boolean expression parameter using more than one exists function crash the server Created: 2023-05-16  Updated: 2023-11-28

Status: Confirmed
Project: MariaDB Server
Component/s: None
Affects Version/s: 10.4, 10.4.28, 10.5, 10.6, 10.7, 10.8, 10.9, 10.10, 10.11, 11.0
Fix Version/s: 10.4, 10.5, 10.6, 10.11, 11.0

Type: Bug Priority: Major
Reporter: Marc Assignee: Dmitry Shulga
Resolution: Unresolved Votes: 0
Labels: crash, regression-10.4
Environment:

Red Hat Enterprise Linux release 8.7 (Ootpa)


 Description   

After upgrading from 10.4.25 to 10.4.28 the call of a procedure using booelan parameter with multiple existsf does not work and make the server crash.

The error log shows that server restarts but there is no stack trace or other information.

Steps to reproduce:

create or replace schema bug_boolean_parameter;

use bug_boolean_parameter;

create table table_1
(
id bigint not null,
primary key (id)
);

delimiter #

create procedure proc_1(param_1 boolean)
begin
select param_1;
end#

delimiter ;

call proc_1(exists(select * from table_1)); – works fine
call proc_1(exists(select * from table_1) or exists(select * from table_1)); – crashes

drop schema bug_boolean_parameter;

 Comments   
Comment by Alice Sherepa [ 2023-05-16 ]

Thank you for the report!
I repeated on 10.4-10.11, 11,0 as described.
Regression appeared in 10.4.26 after

Revision #f439cfdf93 2022-07-12 17:18:48 +0700
 
MDEV-22001: Server crashes in st_select_lex_unit::exclude_level upon execution of SP


CREATE TABLE t1 (id int);
 
create procedure proc_1(param_1 boolean) select param_1;
 
 
 
call proc_1(exists(select * from t1) or exists(select * from t1)); 


230516 18:28:17 [ERROR] mysqld got signal 11 ;
 
 
 
Server version: 10.4.30-MariaDB-debug-log source revision: b7b8a9ee439f8d3c9457a6eb480001cae37307b8
 
 
 
sql/signal_handler.cc:238(handle_fatal_signal)[0x55fca9388ec9]
 
sigaction.c:0(__restore_rt)[0x7f2c65143420]
 
sql/item_subselect.cc:122(Item_subselect::init(st_select_lex*, select_result_interceptor*))[0x55fca95b6dff]
 
sql/item_subselect.cc:1514(Item_exists_subselect::Item_exists_subselect(THD*, st_select_lex*))[0x55fca95c4943]
 
sql/sql_yacc.yy:10610(MYSQLparse(THD*))[0x55fca921d05d]
 
sql/sql_parse.cc:10400(parse_sql(THD*, Parser_state*, Object_creation_ctx*, bool))[0x55fca8bfb749]
 
sql/sql_parse.cc:7960(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x55fca8bec027]
 
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x55fca8bc2973]
 
sql/sql_parse.cc:1378(do_command(THD*))[0x55fca8bbf4a8]
 
sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x55fca8fcc581]
 
sql/sql_connect.cc:1325(handle_one_connection)[0x55fca8fcbe25]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55fca9c71364]
 
nptl/pthread_create.c:478(start_thread)[0x7f2c65137609]
 
 
 
Query (0x62b0000b6290): call proc_1(exists(select * from t1) or exists(select * from t1))

Generated at Thu Feb 08 10:22:45 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.