[MDEV-5969] Crash in prepared statement with NO_ZERO_IN_DATE and ROLLUP Created: 2014-03-28  Updated: 2014-03-29  Resolved: 2014-03-29

Status: Closed
Project: MariaDB Server
Component/s: None
Affects Version/s: 10.0.9
Fix Version/s: 10.0.10

Type: Bug Priority: Major
Reporter: Alexander Barkov Assignee: Alexander Barkov
Resolution: Fixed Votes: 0
Labels: None


 Description   

This SQL script makes 10.0 crash:

DROP TABLE IF EXISTS t1;
 
CREATE TABLE t1
 
(
 
  year    INT NOT NULL,
 
  product VARCHAR(32) NOT NULL,
 
  profit  INT
 
);
 
INSERT INTO t1 VALUES ('2001','car',101);
 
INSERT INTO t1 VALUES ('2001','gas',102);
 
INSERT INTO t1 VALUES ('2001','toy',103);
 
INSERT INTO t1 VALUES ('2002','car',201);
 
INSERT INTO t1 VALUES ('2002','gas',202);
 
INSERT INTO t1 VALUES ('2002','toy',203);
 
SET sql_mode=DEFAULT;
 
PREPARE stmt FROM "SELECT DATE'2001-00-00' AS c,year, SUM(profit) FROM t1 GROUP BY c,year WITH ROLLUP";
 
EXECUTE stmt;
 
SET sql_mode='no_zero_in_date';
 
EXECUTE stmt;

GDB trace:

(gdb) where
 
#0  0x00000000005a6642 in String::length (this=0x0)
 
    at /home/bar/maria-bzr/maria-10.0/sql/sql_string.h:130
 
#1  0x00000000006ed824 in sortcmp (s=0x7fff70c23e60, t=0x0, 
    cs=0x173de60 <my_charset_latin1>)
 
    at /home/bar/maria-bzr/maria-10.0/sql/sql_string.cc:726
 
#2  0x000000000086acac in Cached_item_str::cmp (this=0x7fff70c23e40)
 
    at /home/bar/maria-bzr/maria-10.0/sql/item_buff.cc:94
 
#3  0x00000000006b7c62 in test_if_group_changed (list=...)
 
    at /home/bar/maria-bzr/maria-10.0/sql/sql_select.cc:21647
 
#4  0x00000000006b0c20 in end_send_group (join=0x7fff70c221b8, 
    join_tab=0x7fff70c235c8, end_of_records=false)
 
    at /home/bar/maria-bzr/maria-10.0/sql/sql_select.cc:18757
 
#5  0x00000000006ae11e in evaluate_join_record (join=0x7fff70c221b8, 
    join_tab=0x7fff70c232a0, error=0)
 
    at /home/bar/maria-bzr/maria-10.0/sql/sql_select.cc:17689
 
...
 
(gdb) p this
 
$1 = (const String * const) 0x0

Note, 5.5 does not crash, but produces a wrong result in the second EXECUTE:

+------------+------+-------------+
 
| c          | year | SUM(profit) |
 
+------------+------+-------------+
 
| 2001-00-00 | 2001 |         306 |
 
| 2001-00-00 | 2002 |         606 |
 
| 2001-00-00 | NULL |         912 |
 
| NULL       | NULL |         912 |
 
+------------+------+-------------+

'2001-00-00' should not be possible in a result set when running with NO_ZERO_IN_DATE.

The problem most likely happens because DATE literal is uncertain about its NULL-ability:

SET sql_mode=DEFAULT;
 
PREPARE stmt FROM "select isnull(DATE'2001-00-00'), DATE'2001-00-00'";
 
SET sql_mode='no_zero_in_date';
 
EXECUTE stmt;
 
 
 
+--------------------------+------------------+
 
| isnull(DATE'2001-00-00') | DATE'2001-00-00' |
 
+--------------------------+------------------+
 
|                        0 | NULL             |
 
+--------------------------+------------------+
 
1 row in set, 1 warning (0.00 sec)


Generated at Thu Feb 08 07:08:23 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.