[MDEV-9897] Window functions: crash when ORDER BY clause uses an expression Created: 2016-04-10  Updated: 2018-04-25  Resolved: 2016-04-15

Status: Closed
Project: MariaDB Server
Component/s: Optimizer - Window functions
Fix Version/s: N/A

Type: Task Priority: Major
Reporter: Sergei Petrunia Assignee: Igor Babaev
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
PartOf
is part of MDEV-6115 window functions as in the SQL standard Closed
Relates
relates to MDEV-15837 Assertion `item1->type() == Item::FIE... Closed

 Description   

A testcase provided by Peter crashes:

create table t1 (s1 int, s2 char(5));
 
insert into t1 values (1,'a');
 
insert into t1 values (null,null);
 
insert into t1 values (1,null);
 
insert into t1 values (null,'a');
 
insert into t1 values (2,'b');
 
insert into t1 values (-1,'');
 
 
 
select 
  *,
 
  ROW_NUMBER() OVER (order by s1),
 
  CUME_DIST() OVER (order by -s1) 
from t1;

It crashes here: 

  #1  0x0000555555c2a0ce in compare_order_elements (ord1=0x7fff580130e8, ord2=0x7fff580135e8) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_window.cc:243
 
  #2  0x0000555555c2a1c4 in compare_order_lists (part_list1=0x7fff58013158, part_list2=0x7fff58013658) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_window.cc:267
 
  #3  0x0000555555c2a5fc in compare_window_funcs_by_window_specs (win_func1=0x7fff580131b8, win_func2=0x7fff580136b8, arg=0x0) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_window.cc:393
 
  #4  0x0000555555c2dda0 in bubble_sort<Item_window_func> (list_to_sort=0x7fff58004fc8, sort_func=0x555555c2a511 <compare_window_funcs_by_window_specs(Item_window_func*, Item_window_func*, void*)>, arg=0x0) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_list.h:620
 
  #5  0x0000555555c2a796 in order_window_funcs_by_window_specs (win_func_list=0x7fff58004fc8) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_window.cc:465
 
  #6  0x0000555555c2b951 in Window_funcs_computation::setup (this=0x7fff58016860, thd=0x7fff58000b00, window_funcs=0x7fff58004fc8, tab=0x7fff58015700) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_window.cc:1878
 
  #7  0x0000555555ac5263 in JOIN::make_aggr_tables_info (this=0x7fff58013f10) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_select.cc:2670
 
  #8  0x0000555555ac2da6 in JOIN::optimize_inner (this=0x7fff58013f10) at /home/psergey/dev-git/10.2-window-funcs-r12/sql/sql_select.cc:2068

The code makes this call:

    int cmp= strcmp(item1->name, item2->name);

both items are Item_temptable_field object, however, item2->name is NULL.

I am sure what the code tries to accomplish by comparing item names. Shouldn't it use item->eq(..) call instead?

 Comments   
Comment by Sergei Petrunia [ 2016-04-15 ]

Fixed by Igor in the feature tree,
5ff4b21e02dee1879436ebb4a484f0d2e756acaf

Generated at Thu Feb 08 07:38:08 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.