[MDEV-32305] Server crashes at Item_func_distance::val_real Created: 2023-09-30  Updated: 2023-10-04  Resolved: 2023-10-04

Status: Closed
Project: MariaDB Server
Component/s: GIS
Affects Version/s: 10.4, 10.5, 10.6, 10.9, 10.10, 10.11, 11.0, 11.1.2, 11.2.1
Fix Version/s: N/A

Type: Bug Priority: Major
Reporter: Jingzhou Fu Assignee: Alexey Botchkov
Resolution: Duplicate Votes: 0
Labels: None
Environment:

Ubuntu 20.04 x86-64, docker image mariadb:11.1.2

Issue Links:
Duplicate
duplicates MDEV-17657 cte + geometry crash Confirmed

 Description   

PoC:

SELECT ( WITH x ( x ) AS ( WITH x ( x ) AS ( SELECT ST_DISTANCE ( ST_GEOMFROMTEXT ( 'MULTILINESTRING((1 5))' ) , ST_GEOMFROMTEXT ( 'MULTIPOINT(151 -68)' ) ) ) SELECT CASE WHEN x THEN 'x' END FROM x ) SELECT 1 FROM x WHERE x ) ;

docker log:

mariadbd(my_print_stacktrace+0x32)[0x55d354fea7c2]
 
mariadbd(handle_fatal_signal+0x488)[0x55d354ac3cf8]
 
/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7ff5a6841520]
 
mariadbd(_ZN18Item_func_distance8val_realEv+0x3ae)[0x55d354b5807e]
 
mariadbd(_ZNK28Type_handler_temporal_result13Item_val_boolEP4Item+0x14)[0x55d354a06374]
 
mariadbd(_ZN23Item_func_case_searched9find_itemEv+0x4a)[0x55d354b0055a]
 
mariadbd(_ZN14Item_func_case6str_opEP6String+0x1a)[0x55d354afdafa]
 
mariadbd(_ZN27Item_func_hybrid_field_type23val_decimal_from_str_opEP10my_decimal+0x25)[0x55d354b3d115]
 
mariadbd(_ZN18Item_cache_decimal11val_decimalEP10my_decimal+0x5c)[0x55d354adfadc]
 
mariadbd(_ZN4VDecC2EP4Item+0x2f)[0x55d354a129bf]
 
mariadbd(_ZN14Arg_comparator15compare_decimalEv+0x27)[0x55d354b026d7]
 
mariadbd(_ZN12Item_func_ne7val_intEv+0x34)[0x55d354b0a884]
 
mariadbd(_ZNK23Type_handler_int_result13Item_val_boolEP4Item+0x14)[0x55d354a063a4]
 
mariadbd(_ZN15Item_bool_func215remove_eq_condsEP3THDPN4Item11cond_resultEb+0x79)[0x55d354887f39]
 
mariadbd(+0x870e91)[0x55d35488ee91]
 
mariadbd(_ZN4JOIN14optimize_innerEv+0x8bb)[0x55d3548cfd7b]
 
mariadbd(_ZN4JOIN8optimizeEv+0xda)[0x55d3548d0e2a]
 
mariadbd(+0x7ec60c)[0x55d35480a60c]
 
mariadbd(_Z27mysql_handle_single_derivedP3LEXP10TABLE_LISTj+0x95)[0x55d354809e35]
 
mariadbd(_ZN4JOIN14optimize_innerEv+0xb27)[0x55d3548cffe7]
 
mariadbd(_ZN4JOIN8optimizeEv+0xda)[0x55d3548d0e2a]
 
mariadbd(+0x7ec60c)[0x55d35480a60c]
 
mariadbd(_Z27mysql_handle_single_derivedP3LEXP10TABLE_LISTj+0x95)[0x55d354809e35]
 
mariadbd(_ZN4JOIN14optimize_innerEv+0xb27)[0x55d3548cffe7]
 
mariadbd(_ZN4JOIN8optimizeEv+0xda)[0x55d3548d0e2a]
 
mariadbd(_ZN13st_select_lex31optimize_unflattened_subqueriesEb+0x115)[0x55d35482aa55]
 
mariadbd(_ZN4JOIN28optimize_constant_subqueriesEv+0x35)[0x55d3549c9d55]
 
mariadbd(_ZN4JOIN14optimize_innerEv+0x503)[0x55d3548cf9c3]
 
mariadbd(_ZN4JOIN8optimizeEv+0xda)[0x55d3548d0e2a]
 
mariadbd(_Z12mysql_selectP3THDP10TABLE_LISTR4ListI4ItemEPS4_jP8st_orderS9_S7_S9_yP13select_resultP18st_select_lex_unitP13st_select_lex+0xd1)[0x55d3548d0f21]
 
mariadbd(_Z13handle_selectP3THDP3LEXP13select_resulty+0x154)[0x55d3548d1774]
 
mariadbd(+0x826f55)[0x55d354844f55]
 
mariadbd(_Z21mysql_execute_commandP3THDb+0x419e)[0x55d354853f0e]
 
mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0x1e7)[0x55d354855237]
 
mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x14bd)[0x55d354857a1d]
 
mariadbd(_Z10do_commandP3THDb+0x138)[0x55d354859818]
 
mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x3bf)[0x55d3549813af]
 
mariadbd(handle_one_connection+0x5d)[0x55d3549816fd]
 
mariadbd(+0xcd1906)[0x55d354cef906]
 
/lib/x86_64-linux-gnu/libc.so.6(+0x94b43)[0x7ff5a6893b43]
 
/lib/x86_64-linux-gnu/libc.so.6(clone+0x44)[0x7ff5a6924bb4]
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x7ff54c0130d8): SELECT ( WITH x ( x ) AS ( WITH x ( x ) AS ( SELECT ST_DISTANCE ( ST_GEOMFROMTEXT ( 'MULTILINESTRING((1 5))' ) , ST_GEOMFROMTEXT ( 'MULTIPOINT(151 -68)' ) ) ) SELECT CASE WHEN x THEN 'x' END FROM x ) SELECT 1 FROM x WHERE x )
 
 
 
Connection ID (thread ID): 4
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on



 Comments   
Comment by Alice Sherepa [ 2023-10-03 ]

Thanks! I repeated as described on 10.4-11.2. This is the same bug as MDEV-17657

231003 10:37:31 [ERROR] mysqld got signal 11 ;
 
 
 
Server version: 10.4.32-MariaDB-debug-log source revision: 50a2e8b1892b6b8a276d4bd75a1a02148f9e6ff2
 
 
 
sigaction.c:0(__restore_rt)[0x7f031baab420]
 
sql/gcalc_slicescan.h:425(Gcalc_scan_iterator::event_point::simple_event() const)[0x55750518b531]
 
sql/item_geofunc.cc:2437(Item_func_distance::val_real())[0x5575051870d2]
 
sql/sql_type.cc:4602(Type_handler_real_result::Item_val_bool(Item*) const)[0x557504d7282a]
 
sql/item.h:1474(Item::val_bool())[0x557504532d52]
 
sql/item_cmpfunc.cc:3014(Item_func_case_searched::find_item())[0x55750509ab3b]
 
sql/item_cmpfunc.cc:3047(Item_func_case::str_op(String*))[0x55750509b1d1]
 
sql/item_func.h:736(Item_func_hybrid_field_type::str_op_with_null_check(String*))[0x557504da0b99]
 
sql/item_func.cc:962(Item_func_hybrid_field_type::val_decimal_from_str_op(my_decimal*))[0x557505113e2f]
 
sql/sql_type.cc:5153(Type_handler_string_result::Item_func_hybrid_field_type_val_decimal(Item_func_hybrid_field_type*, my_decimal*) const)[0x557504d762c7]
 
sql/item_func.h:812(Item_func_hybrid_field_type::val_decimal(my_decimal*))[0x5575047b7a42]
 
sql/item.h:1560(Item::val_decimal_result(my_decimal*))[0x5575045331ad]
 
sql/item.cc:10310(Item_cache_decimal::cache_value())[0x55750505b5f7]
 
sql/item.h:6951(Item_cache::has_value())[0x557504da7e26]
 
sql/item.cc:10335(Item_cache_decimal::val_decimal(my_decimal*))[0x55750505b8b4]
 
sql/sql_type.cc:195(VDec::VDec(Item*))[0x557504d5846e]
 
sql/item_cmpfunc.cc:872(Arg_comparator::compare_decimal())[0x557505081739]
 
sql/item_cmpfunc.h:104(Arg_comparator::compare())[0x5575050c4e9a]
 
sql/item_cmpfunc.cc:1813(Item_func_ne::val_int())[0x55750508cf41]
 
sql/sql_type.cc:4607(Type_handler_int_result::Item_val_bool(Item*) const)[0x557504d728b6]
 
sql/item.h:1474(Item::val_bool())[0x557504532d52]
 
sql/item.h:1482(Item::eval_const_cond())[0x55750498716c]
 
sql/sql_select.cc:17867(Item_bool_func2::remove_eq_conds(THD*, Item::cond_result*, bool))[0x557504924b3e]
 
sql/sql_select.cc:17403(optimize_cond(JOIN*, Item*, List<TABLE_LIST>*, bool, Item::cond_result*, COND_EQUAL**, int))[0x557504921e32]
 
sql/sql_select.cc:2113(JOIN::optimize_inner())[0x5575048ae293]
 
sql/sql_select.cc:1711(JOIN::optimize())[0x5575048a9c2b]
 
sql/sql_derived.cc:1029(mysql_derived_optimize(THD*, LEX*, TABLE_LIST*))[0x55750471df3f]
 
sql/sql_derived.cc:200(mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int))[0x5575047186ea]
 
sql/sql_select.cc:2201(JOIN::optimize_inner())[0x5575048af190]
 
sql/sql_select.cc:1711(JOIN::optimize())[0x5575048a9c2b]
 
sql/sql_derived.cc:1029(mysql_derived_optimize(THD*, LEX*, TABLE_LIST*))[0x55750471df3f]
 
sql/sql_derived.cc:200(mysql_handle_single_derived(LEX*, TABLE_LIST*, unsigned int))[0x5575047186ea]
 
sql/sql_select.cc:2201(JOIN::optimize_inner())[0x5575048af190]
 
sql/sql_select.cc:1711(JOIN::optimize())[0x5575048a9c2b]
 
sql/sql_lex.cc:4236(st_select_lex::optimize_unflattened_subqueries(bool))[0x5575047825f2]
 
sql/opt_subselect.cc:5636(JOIN::optimize_constant_subqueries())[0x557504cf408e]
 
sql/sql_select.cc:2048(JOIN::optimize_inner())[0x5575048acfa1]
 
sql/sql_select.cc:1711(JOIN::optimize())[0x5575048a9c2b]
 
sql/sql_select.cc:4812(mysql_select(THD*, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*))[0x5575048cac1d]
 
sql/sql_select.cc:442(handle_select(THD*, LEX*, select_result*, unsigned long))[0x55750489b922]
 
sql/sql_parse.cc:6475(execute_sqlcom_select(THD*, TABLE_LIST*))[0x55750480772c]
 
sql/sql_parse.cc:3978(mysql_execute_command(THD*))[0x5575047f4ea3]
 
sql/sql_parse.cc:8012(mysql_parse(THD*, char*, unsigned int, Parser_state*, bool, bool))[0x557504810c07]
 
sql/sql_parse.cc:1860(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool, bool))[0x5575047e702d]
 
sql/sql_parse.cc:1378(do_command(THD*))[0x5575047e3b58]
 
sql/sql_connect.cc:1420(do_handle_one_connection(CONNECT*))[0x557504bf17fd]
 
sql/sql_connect.cc:1325(handle_one_connection)[0x557504bf10a1]
 
perfschema/pfs.cc:1871(pfs_spawn_thread)[0x55750589b99a]
 
nptl/pthread_create.c:478(start_thread)[0x7f031ba9f609]
 
 
 
Query (0x62b0000a1420): SELECT ( WITH x ( x ) AS ( WITH x ( x ) AS ( SELECT ST_DISTANCE ( ST_GEOMFROMTEXT ( 'MULTILINESTRING((1 5))' ) , ST_GEOMFROMTEXT ( 'MULTIPOINT(151 -68)' ) ) ) SELECT CASE WHEN x THEN 'x' END FROM x ) SELECT 1 FROM x WHERE x )

Generated at Thu Feb 08 10:30:21 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.