Server crashes in subselect_union_engine::no_rows on SELECT with impossible WHERE and UNION in HAVING
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MariaDB |
Fix Released
|
High
|
Timour Katchaounov |
Bug Description
#2 0x000000000086701c in handle_fatal_signal (sig=11) at signal_
#3 <signal handler called>
#4 0x000000000065cd2c in subselect_
#5 0x0000000000613d19 in Item_in_
#6 0x00000000005c33e8 in Item::val_bool (this=0x3aa19d8) at item.cc:199
#7 0x000000000060fd99 in Item_func_
#8 0x00000000005c33e8 in Item::val_bool (this=0x3a75de0) at item.cc:199
#9 0x00000000005df283 in Item::val_
#10 0x00000000005d4f89 in Item_ref::val_bool (this=0x3aa23e8) at item.cc:6761
#11 0x000000000061d5d1 in Item_cond_
#12 0x0000000000766fe4 in return_zero_rows (join=0x3aa0a68, result=0x3aa0a48, tables=..., fields=..., send_row=true, select_
#13 0x0000000000750de4 in JOIN::exec (this=0x3aa0a68) at sql_select.cc:2192
#14 0x0000000000753b09 in mysql_select (thd=0x39ef958, rref_pointer_
#15 0x000000000074a595 in handle_select (thd=0x39ef958, lex=0x39f1da0, result=0x3aa0a48, setup_tables_
#16 0x00000000006d72c6 in execute_
#17 0x00000000006ce08e in mysql_execute_
#18 0x00000000006d9d2e in mysql_parse (thd=0x39ef958, rawbuf=0x3a74140 "SELECT MIN(a) AS min_a, a FROM t1 \nWHERE 0 HAVING a NOT IN ( SELECT 2 UNION SELECT 5 ) OR min_a != 1", length=100, found_semicolon
#19 0x00000000006cb7ed in dispatch_command (command=COM_QUERY, thd=0x39ef958, packet=0x3a6acd9 "SELECT MIN(a) AS min_a, a FROM t1 \nWHERE 0 HAVING a NOT IN ( SELECT 2 UNION SELECT 5 ) OR min_a != 1", packet_length=100) at sql_parse.cc:1228
#20 0x00000000006caad4 in do_command (thd=0x39ef958) at sql_parse.cc:923
#21 0x00000000006c796c in handle_
#22 0x00007ff67ac06efc in start_thread (arg=0x7ff6713f
maria-5.3
bzr version-info
revision-id: <email address hidden>
date: 2012-06-02 16:13:05 +0400
build-date: 2012-06-04 23:27:25 +0400
revno: 3537
Also reproducible on current maria-5.5.
Could not reproduce on maria-5.2, mysql-5.5, mysql-trunk.
Reproducible with MyISAM, Aria, InnoDB.
Reproducible with the default optimizer_switch as well as with all OFF values (except for in_to_exists required to execute the query).
EXPLAIN (with in_to_exists=on, everything else OFF):
id select_type table type possible_keys key key_len ref rows filtered Extra
1 PRIMARY NULL NULL NULL NULL NULL NULL NULL NULL Impossible WHERE
2 DEPENDENT SUBQUERY NULL NULL NULL NULL NULL NULL NULL NULL No tables used
3 DEPENDENT UNION NULL NULL NULL NULL NULL NULL NULL NULL No tables used
NULL UNION RESULT <union2,3> ALL NULL NULL NULL NULL NULL NULL
Warnings:
Note 1003 select min(`test`
# Test case:
SET optimizer_switch = 'in_to_exists=on';
CREATE TABLE t1 (a INT);
INSERT INTO t1 VALUES (1),(7);
SELECT MIN(a) AS min_a, a FROM t1
WHERE 0 HAVING a NOT IN ( SELECT 2 UNION SELECT 5 ) OR min_a != 1;
# End of test case
Related branches
Changed in maria: | |
status: | New → In Progress |
Changed in maria: | |
status: | In Progress → Fix Committed |
Changed in maria: | |
status: | Fix Committed → Fix Released |
The query in the test case is not a very smart one (a mix of aggregate and non-aggregate without GROUP BY), so I've decreased the importance level comparing to what it normally would have been.