Crash in replace_where_subcondition with nested subquery and semijoin=on
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MariaDB |
Fix Released
|
High
|
Sergey Petrunia |
Bug Description
The following query crashes maria 5.3 when executed as a prepared statement or a stored procedure:
SELECT `col_varchar_key`
FROM (
SELECT SUBQUERY1_t1 .*
FROM BB SUBQUERY1_t1 STRAIGHT_JOIN ( CC SUBQUERY1_t2 JOIN C ON SUBQUERY1_t2 .`col_varchar_key` ) ON SUBQUERY1_t2 .`col_varchar_key` AND ( 's' , 'r' ) IN (
SELECT CHILD_SUBQUERY1_t1 .`col_varchar_
FROM C CHILD_SUBQUERY1_t1 JOIN C CHILD_SUBQUERY1_t2 ON CHILD_SUBQUERY1_t1 .`col_int_nokey` ) ) table3 ;
backtrace:
#3 0x0827e9e0 in handle_segfault (sig=11) at mysqld.cc:2703
#4 <signal handler called>
#5 0x083b541b in replace_
at opt_subselect.
#6 0x083b5303 in convert_
#7 0x082fd3de in JOIN::optimize (this=0xb5d93ee0) at sql_select.cc:740
#8 0x08303865 in mysql_select (thd=0xa8b0fd0, rref_pointer_
group=0x0, having=0x0, proc_param=0x0, select_
#9 0x08447f45 in mysql_derived_
#10 0x08447837 in mysql_handle_
#11 0x082e4918 in open_and_
#12 0x082a0d0f in open_and_
#13 0x0829a4b1 in execute_
#14 0x082910b8 in mysql_execute_
#15 0x084623f1 in sp_instr_
#16 0x08461d5d in sp_lex_
at sp_head.cc:2748
#17 0x084621ca in sp_instr_
#18 0x0845e4ce in sp_head::execute (this=0xb5d707f0, thd=0xa8b0fd0) at sp_head.cc:1249
#19 0x08460117 in sp_head:
#20 0x0829818d in mysql_execute_
#21 0x0829c8b9 in mysql_parse (thd=0xa8b0fd0, inBuf=0xb5d31900 "CALL stored_
#22 0x0828eaea in dispatch_command (command=COM_QUERY, thd=0xa8b0fd0, packet=0xa8c9329 "CALL stored_
#23 0x0828df90 in do_command (thd=0xa8b0fd0) at sql_parse.cc:890
#24 0x0828b0f0 in handle_
#25 0x00a08919 in start_thread () from /lib/libpthread
#26 0x00951e5e in clone () from /lib/libc.so.6
EXPLAIN:
1 PRIMARY <derived2> system NULL NULL NULL NULL 0 const row not found
2 DERIVED NULL NULL NULL NULL NULL NULL NULL no matching row in const table
3 DEPENDENT SUBQUERY NULL NULL NULL NULL NULL NULL NULL Impossible WHERE noticed after reading const tables
Changed in maria: | |
status: | New → Confirmed |
Changed in maria: | |
status: | Confirmed → Fix Committed |
Changed in maria: | |
status: | Fix Committed → Fix Released |
Test case:
CREATE TABLE `CC` ( key`,`col_ int_key` ) varchar_ nokey` varchar(1) DEFAULT NULL, key`,`col_ int_key` ) varchar_ nokey` varchar(1) DEFAULT NULL, key`,`col_ int_key` )
`col_int_key` int(11) DEFAULT NULL,
`col_varchar_key` varchar(1) DEFAULT NULL,
KEY `col_varchar_key` (`col_varchar_
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
CREATE TABLE `C` (
`col_int_nokey` int(11) DEFAULT NULL,
`col_int_key` int(11) DEFAULT NULL,
`col_varchar_key` varchar(1) DEFAULT NULL,
`col_
KEY `col_varchar_key` (`col_varchar_
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
CREATE TABLE `BB` (
`col_int_nokey` int(11) DEFAULT NULL,
`col_int_key` int(11) DEFAULT NULL,
`col_varchar_key` varchar(1) DEFAULT NULL,
`col_
KEY `col_int_key` (`col_int_key`),
KEY `col_varchar_key` (`col_varchar_
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
INSERT INTO `BB` VALUES (8,8,NULL,NULL);
CREATE PROCEDURE stored_proc_23161 ( ) nokey` , CHILD_SUBQUERY1_t2 .`col_varchar_ nokey` proc_23161( );
SELECT `col_varchar_key`
FROM (
SELECT SUBQUERY1_t1 .*
FROM BB SUBQUERY1_t1 STRAIGHT_JOIN ( CC SUBQUERY1_t2 JOIN C ON SUBQUERY1_t2 .`col_varchar_key` ) ON SUBQUERY1_t2 .`col_varchar_key` AND ( 's' , 'r' ) IN (
SELECT CHILD_SUBQUERY1_t1 .`col_varchar_
FROM C CHILD_SUBQUERY1_t1 JOIN C CHILD_SUBQUERY1_t2 ON CHILD_SUBQUERY1_t1 .`col_int_nokey` ) ) table3 ;
CALL stored_
DROP TABLE CC;
DROP TABLE C;
DROP TABLE BB;