MariaDB

Crash on the second execution of the PS for a query with degenerated conjunctive condition

Bug #1001500 reported by Igor Babaev
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MariaDB
Fix Released
Critical
Oleksandr "Sanja" Byelkin
MariaDB 5.2

Bug Description

The following test case causes a crash of the server in MariDB 5.2/5.3/5.5 on the second execution of the prepared statement:

CREATE TABLE t1 (
  pk INTEGER AUTO_INCREMENT,
  col_int_nokey INTEGER,
  col_int_key INTEGER,

  col_varchar_key VARCHAR(1),
  col_varchar_nokey VARCHAR(1),

  PRIMARY KEY (pk),
  KEY (col_int_key),
  KEY (col_varchar_key, col_int_key)
);

INSERT INTO t1 (
  col_int_key, col_int_nokey,
  col_varchar_key, col_varchar_nokey
) VALUES
(4, 2, 'v', 'v'),
(62, 150, 'v', 'v');

CREATE TABLE t2 (
  pk INTEGER AUTO_INCREMENT,
  col_int_nokey INTEGER,
  col_int_key INTEGER,

  col_varchar_key VARCHAR(1),
  col_varchar_nokey VARCHAR(1),

  PRIMARY KEY (pk),
  KEY (col_int_key),
  KEY (col_varchar_key, col_int_key)
);

INSERT INTO t2 (
  col_int_key, col_int_nokey,
  col_varchar_key, col_varchar_nokey
) VALUES
(8, NULL, 'x', 'x'),
(7, 8, 'd', 'd');

PREPARE stmt FROM '
SELECT
  ( SELECT MAX( SQ1_alias2 .col_int_nokey ) AS SQ1_field1
    FROM ( t2 AS SQ1_alias1 RIGHT JOIN t1 AS SQ1_alias2
           ON ( SQ1_alias2.col_varchar_key = SQ1_alias1.col_varchar_nokey )
         )
    WHERE SQ1_alias2.pk < alias1.col_int_nokey OR alias1.pk
  ) AS field1
FROM ( t1 AS alias1 JOIN t2 AS alias2 ON alias2.pk )
GROUP BY field1
';

EXECUTE stmt;
EXECUTE stmt;

DEALLOCATE PREPARE stmt;

DROP TABLE t1, t2;

If to replace the conjunctive degenerated condition alias1.pk for the equivalent predicate alias.pk<>0
then there is no problem with the second execution of the PS for the query:

MariaDB [test]> PREPARE stmt FROM '
    '> SELECT
    '> ( SELECT MAX( SQ1_alias2 .col_int_nokey ) AS SQ1_field1
    '> FROM ( t2 AS SQ1_alias1 RIGHT JOIN t1 AS SQ1_alias2
    '> ON ( SQ1_alias2.col_varchar_key = SQ1_alias1.col_varchar_nokey )
    '> )
    '> WHERE SQ1_alias2.pk < alias1.col_int_nokey OR alias1.pk<>0
    '> ) AS field1
    '> FROM ( t1 AS alias1 JOIN t2 AS alias2 ON alias2.pk )
    '> GROUP BY field1
    '> ';
Query OK, 0 rows affected (0.01 sec)
Statement prepared

MariaDB [test]> EXECUTE stmt;
+--------+
| field1 |
+--------+
| 150 |
+--------+
1 row in set (0.00 sec)

MariaDB [test]> EXECUTE stmt;
+--------+
| field1 |
+--------+
| 150 |
+--------+
1 row in set (0.01 sec)

(See also bug #12582849 from the mysql code line)

Tags: crash ps
Igor Babaev (igorb-seattle)
Changed in maria:
status: New → Confirmed
importance: Undecided → Critical
assignee: nobody → Oleksandr "Sanja" Byelkin (sanja-byelkin)
milestone: none → 5.2
Elena Stepanova (elenst)
tags: added: crash ps
Oleksandr "Sanja" Byelkin (sanja-byelkin)
Changed in maria:
status: Confirmed → In Progress
Oleksandr "Sanja" Byelkin (sanja-byelkin)
Changed in maria:
status: In Progress → Fix Committed
Oleksandr "Sanja" Byelkin (sanja-byelkin)
Changed in maria:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.