[MDEV-5717] Server crash with insert statement containing DEFAULT into view Created: 2014-02-23  Updated: 2014-03-12  Resolved: 2014-03-12

Status: Closed
Project: MariaDB Server
Component/s: None
Affects Version/s: 5.3.12, 5.5.36, 10.0.8
Fix Version/s: 5.5.37, 10.0.10, 5.1.73, 5.2.15, 5.3.13

Type: Bug Priority: Blocker
Reporter: Joshua Gardynik Assignee: Oleksandr Byelkin
Resolution: Fixed Votes: 0
Labels: None


 Description   

When trying to insert a row into a view using the DEFAULT keyword, the server exits with signal 11:

stack_bottom = 0x7ff658047e30 thread_stack 0x48000
 
/usr/sbin/mysqld(my_print_stacktrace+0x2b)[0x7ff658a8608b]
 
/usr/sbin/mysqld(handle_fatal_signal+0x422)[0x7ff658639902]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0xf880)[0x7ff657caa880]
 
/usr/sbin/mysqld(_ZN18Item_default_value4walkEM4ItemFbPhEbS1_+0x36)[0x7ff65865ca56]
 
/usr/sbin/mysqld(_Z24check_view_single_updateR4ListI4ItemEPS1_P10TABLE_LISTPyb+0x94)[0x7ff6584c6614]
 
/usr/sbin/mysqld(+0x3ecc6c)[0x7ff6584c6c6c]
 
/usr/sbin/mysqld(_Z20mysql_prepare_insertP3THDP10TABLE_LISTP5TABLER4ListI4ItemEPS7_S8_S8_15enum_duplicatesPPS6_bbb+0x2cb)[0x7ff6584c865b]
 
/usr/sbin/mysqld(_Z12mysql_insertP3THDP10TABLE_LISTR4ListI4ItemERS3_IS5_ES6_S6_15enum_duplicatesb+0x1c8)[0x7ff6584c9158]
 
/usr/sbin/mysqld(_Z21mysql_execute_commandP3THD+0x3281)[0x7ff6584e0961]
 
/usr/sbin/mysqld(+0x409cba)[0x7ff6584e3cba]
 
/usr/sbin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x14f8)[0x7ff6584e5298]
 
/usr/sbin/mysqld(_Z24do_handle_one_connectionP3THD+0x47b)[0x7ff6585a76fb]
 
/usr/sbin/mysqld(handle_one_connection+0x47)[0x7ff6585a77d7]
 
/usr/sbin/mysqld(+0x6d2ab0)[0x7ff6587acab0]
 
/lib/x86_64-linux-gnu/libpthread.so.0(+0x8062)[0x7ff657ca3062]
 
/lib/x86_64-linux-gnu/libc.so.6(clone+0x6d)[0x7ff656322a3d]
 

# Table:
 
CREATE TABLE `temp` (
 
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
 
  `test` tinyint(3) unsigned NOT NULL DEFAULT '0',
 
  PRIMARY KEY (`id`)
 
);
 
 
 
# View:
 
CREATE VIEW `temp_view` AS (
 
select  `temp`.`id` AS `id`,  `temp`.`test` AS `test` from `temp`);
 
 
 
# Insert stmt:
 
INSERT INTO `temp_view` SET `test` = DEFAULT;



 Comments   
Comment by Elena Stepanova [ 2014-02-23 ]

Thank you for the report and test case.

Debug stack trace from 5.3 (to make it more searchable):

#3  <signal handler called>
 
#4  0x00000000005bfd68 in Item_default_value::walk (this=0x3525f38, processor=&virtual Item::view_used_tables_processor(unsigned char*), walk_subquery=false, args=0x35259f8 "") at item.h:3554
 
#5  0x0000000000770e2d in Item::view_used_tables (this=0x3525f38, view=0x35259f8) at item.h:1335
 
#6  0x0000000000765d96 in check_view_single_update (fields=..., values=0x3525df8, view=0x35259f8, map=0x7ff19b5ada28, insert=true) at sql_insert.cc:122
 
#7  0x00000000007662e0 in check_insert_fields (thd=0x34a1b88, table_list=0x35259f8, fields=..., values=..., check_unique=false, fields_and_values_from_different_maps=false, map=0x7ff19b5ada28) at sql_insert.cc:269
 
#8  0x0000000000768923 in mysql_prepare_insert (thd=0x34a1b88, table_list=0x35259f8, table=0x0, fields=..., values=0x3525df8, update_fields=..., update_values=..., duplic=DUP_ERROR, where=0x7ff19b5adc90, select_insert=false, check_fields=true, abort_on_warning=false) at sql_insert.cc:1340
 
#9  0x0000000000766e42 in mysql_insert (thd=0x34a1b88, table_list=0x35259f8, fields=..., values_list=..., update_fields=..., update_values=..., duplic=DUP_ERROR, ignore=false) at sql_insert.cc:681
 
#10 0x00000000006ae0a7 in mysql_execute_command (thd=0x34a1b88) at sql_parse.cc:3253
 
#11 0x00000000006b6e93 in mysql_parse (thd=0x34a1b88, rawbuf=0x35258c0 "INSERT INTO `temp_view` SET `test` = DEFAULT", length=44, found_semicolon=0x7ff19b5aecb8) at sql_parse.cc:6173
 
#12 0x00000000006a8ea8 in dispatch_command (command=COM_QUERY, thd=0x34a1b88, packet=0x351c459 "INSERT INTO `temp_view` SET `test` = DEFAULT", packet_length=44) at sql_parse.cc:1243
 
#13 0x00000000006a8194 in do_command (thd=0x34a1b88) at sql_parse.cc:923
 
#14 0x00000000006a5025 in handle_one_connection (arg=0x34a1b88) at sql_connect.cc:1231
 
#15 0x00007ff1a4d9db50 in start_thread (arg=<optimized out>) at pthread_create.c:304
 
#16 0x00007ff1a4140a7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112

Comment by Joshua Gardynik [ 2014-03-10 ]

If this is already fixed, will it be available in 10.0.9, since 10.0.8 is the most recent release, or am I going to have to wait months for it to make it into the 10.0 releases?

Comment by Oleksandr Byelkin [ 2014-03-11 ]

It was closed by accident

Comment by Sergei Golubchik [ 2014-03-11 ]

falcon, so it seems that it was closed by mistake, a different bug was fixed instead. And then it avoided our radars because it was marked as fixed. Sorry for this. It'll be fixed in 10.0.10

Comment by Oleksandr Byelkin [ 2014-03-12 ]

Item_default_value has argument equal to NULL which cause the crash whan view tries to detect used tables.

Comment by Oleksandr Byelkin [ 2014-03-12 ]

It is legal to gave empty arg, so the walk method should be fixed.

Generated at Thu Feb 08 07:06:30 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.