MariaDB

Crash in quick_range_seq_next() in maria-5.3-dsmrr-cpk with join_cache_level = {8,1}

Bug #623285 reported by Philip Stoev on 2010-08-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	MariaDB	Fix Released	High	Sergey Petrunia	MariaDB 5.3

Bug Description

The following query:

SELECT table2 .`col_datetime_key`
FROM C JOIN ( CC table2 JOIN C table3 ON table3 .`col_varchar_key` < table2 .`col_varchar_key` ) ON table3 .`col_varchar_nokey` ;

causes the following crash:

#3 0x0828048a in handle_segfault (sig=11) at mysqld.cc:2706
#4 <signal handler called>
#5 0x0839ca86 in quick_range_seq_next (rseq=0x0, range=0xb5d9a704) at opt_range_mrr.cc:322
#6 0x084983d4 in handler::multi_range_read_next (this=0xb5d9a660, range_info=0xb60d1af8) at multi_range_read.cc:266
#7 0x08499f91 in DsMrr_impl::dsmrr_next (this=0xb5d9a9e0, range_info=0xb60d1af8) at multi_range_read.cc:1094
#8 0x0855ae7e in ha_maria::multi_range_read_next (this=0xb5d9a660, range_info=0xb60d1af8) at ha_maria.cc:3514
#9 0x083adcab in QUICK_RANGE_SELECT::get_next (this=0xb5e73790) at opt_range.cc:8403
#10 0x083c1f46 in rr_quick (info=0xb5e4e0f4) at records.cc:322
#11 0x083211e3 in join_init_read_record (tab=0xb5e4e0b0) at sql_select.cc:13870
#12 0x08321006 in join_init_quick_read_record (tab=0xb5e4e0b0) at sql_select.cc:13835
#13 0x0831f6c6 in sub_select (join=0xb5d9fcb8, join_tab=0xb5e4e0b0, end_of_records=false) at sql_select.cc:13083
#14 0x082d9aa4 in JOIN_CACHE::generate_full_extensions (this=0xb5e4e868, rec_ptr=0xb5e4e8f0 "") at sql_join_cache.cc:1944
#15 0x082d9883 in JOIN_CACHE_BNL::join_matching_records (this=0xb5e4e868, skip_last=false) at sql_join_cache.cc:1836
#16 0x082d9352 in JOIN_CACHE::join_records (this=0xb5e4e868, skip_last=false) at sql_join_cache.cc:1639
#17 0x0831f382 in sub_select_cache (join=0xb5d9fcb8, join_tab=0xb5e4def0, end_of_records=true) at sql_select.cc:12878
#18 0x0831f59b in sub_select (join=0xb5d9fcb8, join_tab=0xb5e4dd30, end_of_records=true) at sql_select.cc:13040
#19 0x0831eb55 in do_select (join=0xb5d9fcb8, fields=0xad29a04, table=0x0, procedure=0x0) at sql_select.cc:12636
#20 0x08304ed7 in JOIN::exec (this=0xb5d9fcb8) at sql_select.cc:2355
#21 0x0830560d in mysql_select (thd=0xad27ff0, rref_pointer_array=0xad29a88, tables=0xb5d98df0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0,
group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0xb5d9fc88, unit=0xad296cc, select_lex=0xad2996c) at sql_select.cc:2556
#22 0x082fdbff in handle_select (thd=0xad27ff0, lex=0xad29670, result=0xb5d9fc88, setup_tables_done_option=0) at sql_select.cc:276
#23 0x0829c1a4 in execute_sqlcom_select (thd=0xad27ff0, all_tables=0xb5d98df0) at sql_parse.cc:5081
#24 0x08292b7c in mysql_execute_command (thd=0xad27ff0) at sql_parse.cc:2265
#25 0x0829e365 in mysql_parse (thd=0xad27ff0,
inBuf=0xb5e3b320 "SELECT table2 .`col_datetime_key`\nFROM C JOIN ( CC table2 JOIN C table3 ON table3 .`col_varchar_key` < table2 .`col_varchar_key` ) ON table3 .`col_varchar_nokey`", length=167, found_semicolon=0xb60d3230) at sql_parse.cc:6027
#26 0x08290632 in dispatch_command (command=COM_QUERY, thd=0xad27ff0, packet=0xad2a011 "", packet_length=170) at sql_parse.cc:1184
#27 0x0828fb20 in do_command (thd=0xad27ff0) at sql_parse.cc:890
#28 0x0828cb58 in handle_one_connection (arg=0xad27ff0) at sql_connect.cc:1153
#29 0x00a08919 in start_thread () from /lib/libpthread.so.0
#30 0x00951e5e in clone () from /lib/libc.so.6

bzr version-info:

revision-id: <email address hidden>
date: 2010-08-19 19:52:58 +0200
build-date: 2010-08-24 13:17:50 +0300
revno: 2821
branch-nick: maria-5.3-dsmrr-cpk

maria-5.3 is not affected.

Tags:

Revision history for this message

Philip Stoev (pstoev-askmonty) wrote on 2010-08-24:

Test case:

SET SESSION join_cache_level = 8;
CREATE TABLE `CC` (
  `col_int_key` int(11) DEFAULT NULL,
  `col_datetime_key` datetime DEFAULT NULL,
  `col_varchar_key` varchar(1) DEFAULT NULL,
  `col_varchar_nokey` varchar(1) DEFAULT NULL,
  KEY `col_varchar_key` (`col_varchar_key`,`col_int_key`)
) ENGINE=MARIA DEFAULT CHARSET=latin1 PAGE_CHECKSUM=1;
INSERT INTO `CC` VALUES (6,'2005-10-07 00:00:00','e','e');
INSERT INTO `CC` VALUES (51,'2000-07-15 05:00:34','f','f');
CREATE TABLE `C` (
  `col_int_key` int(11) DEFAULT NULL,
  `col_datetime_key` datetime DEFAULT NULL,
  `col_varchar_key` varchar(1) DEFAULT NULL,
  `col_varchar_nokey` varchar(1) DEFAULT NULL,
  KEY `col_varchar_key` (`col_varchar_key`,`col_int_key`)
) ENGINE=MARIA DEFAULT CHARSET=latin1 PAGE_CHECKSUM=1;
INSERT INTO `C` VALUES (2,'2004-10-11 18:13:16','w','w');
INSERT INTO `C` VALUES (2,'1900-01-01 00:00:00','d','d');
SELECT table2 .`col_datetime_key`
FROM C JOIN ( CC table2 JOIN C table3 ON table3 .`col_varchar_key` < table2 .`col_varchar_key` ) ON table3 .`col_varchar_nokey` ;

Changed in maria:
milestone:	none → 5.3
importance:	Undecided → High
assignee:	nobody → Sergey Petrunia (sergefp)

Revision history for this message

Philip Stoev (pstoev-askmonty) wrote on 2010-09-06:

Also happens with the default value of join_cache_level=1 . Test case

CREATE TABLE `CC` (
  `pk` int(11) NOT NULL AUTO_INCREMENT,
  `col_int_key` int(11) DEFAULT NULL,
  `col_varchar_key` varchar(1) DEFAULT NULL,
  `col_varchar_nokey` varchar(1) DEFAULT NULL,
  PRIMARY KEY (`pk`),
  KEY `col_int_key` (`col_int_key`),
  KEY `col_varchar_key` (`col_varchar_key`,`col_int_key`)
) ENGINE=MARIA AUTO_INCREMENT=30 DEFAULT CHARSET=latin1 CHECKSUM=1 PAGE_CHECKSUM=1;
INSERT INTO `CC` VALUES (10,8,'v','v');
INSERT INTO `CC` VALUES (11,9,'r','r');
INSERT INTO `CC` VALUES (12,9,'a','a');
INSERT INTO `CC` VALUES (13,186,'m','m');
INSERT INTO `CC` VALUES (14,NULL,'y','y');
INSERT INTO `CC` VALUES (15,2,'j','j');
INSERT INTO `CC` VALUES (16,3,'d','d');
INSERT INTO `CC` VALUES (17,0,'z','z');
INSERT INTO `CC` VALUES (18,133,'e','e');
INSERT INTO `CC` VALUES (19,1,'h','h');
INSERT INTO `CC` VALUES (20,8,'b','b');
INSERT INTO `CC` VALUES (21,5,'s','s');
INSERT INTO `CC` VALUES (22,5,'e','e');
INSERT INTO `CC` VALUES (23,8,'j','j');
INSERT INTO `CC` VALUES (24,6,'e','e');
INSERT INTO `CC` VALUES (25,51,'f','f');
INSERT INTO `CC` VALUES (26,4,'v','v');
INSERT INTO `CC` VALUES (27,7,'x','x');
INSERT INTO `CC` VALUES (28,6,'m','m');
INSERT INTO `CC` VALUES (29,4,'c','c');
CREATE TABLE `C` (
  `pk` int(11) NOT NULL AUTO_INCREMENT,
  `col_int_key` int(11) DEFAULT NULL,
  `col_varchar_key` varchar(1) DEFAULT NULL,
  `col_varchar_nokey` varchar(1) DEFAULT NULL,
  PRIMARY KEY (`pk`),
  KEY `col_int_key` (`col_int_key`),
  KEY `col_varchar_key` (`col_varchar_key`,`col_int_key`)
) ENGINE=MARIA AUTO_INCREMENT=21 DEFAULT CHARSET=latin1 CHECKSUM=1 PAGE_CHECKSUM=1;
INSERT INTO `C` VALUES (1,2,'w','w');
INSERT INTO `C` VALUES (2,9,'m','m');
INSERT INTO `C` VALUES (3,3,'m','m');
INSERT INTO `C` VALUES (4,9,'k','k');
INSERT INTO `C` VALUES (5,NULL,'r','r');
INSERT INTO `C` VALUES (6,9,'t','t');
INSERT INTO `C` VALUES (7,3,'j','j');
INSERT INTO `C` VALUES (8,8,'u','u');
INSERT INTO `C` VALUES (9,8,'h','h');
INSERT INTO `C` VALUES (10,53,'o','o');
INSERT INTO `C` VALUES (11,0,NULL,NULL);
INSERT INTO `C` VALUES (12,5,'k','k');
INSERT INTO `C` VALUES (13,166,'e','e');
INSERT INTO `C` VALUES (14,3,'n','n');
INSERT INTO `C` VALUES (15,0,'t','t');
INSERT INTO `C` VALUES (16,1,'c','c');
INSERT INTO `C` VALUES (17,9,'m','m');
INSERT INTO `C` VALUES (18,5,'y','y');
INSERT INTO `C` VALUES (19,6,'f','f');
INSERT INTO `C` VALUES (20,2,'d','d');

SELECT `col_varchar_nokey`
FROM CC table1
WHERE EXISTS (
SELECT `pk`
FROM C
WHERE `col_varchar_nokey` > table1 .`col_varchar_key` AND `pk` >= 1 ) ;

Also happens with the default value of join_cache_level=1 . Test case

SELECT `col_varchar_nokey`
FROM CC table1
WHERE  EXISTS (
SELECT `pk`
FROM C
WHERE `col_varchar_nokey`  > table1 .`col_varchar_key`  AND `pk`  >=  1  )   ;

Philip Stoev (pstoev-askmonty) on 2010-09-06

summary:

Crash in quick_range_seq_next() in maria-5.3-dsmrr-cpk with
- join_cache_level = 8
+ join_cache_level = {8,1}

Revision history for this message

Philip Stoev (pstoev-askmonty) wrote on 2010-09-08:

Download full text (8.7 KiB)

Here is another backtrace that is produced by this test case

#4 <signal handler called>
#5 0x0864d61a in handler::read_range_next (this=0x99fc9a80) at handler.cc:4309
#6 0x087f6b60 in handler::multi_range_read_next (this=0x99fc9a80, range_info=0x9a0dc818) at multi_range_read.cc:248
#7 0x087fa947 in DsMrr_impl::dsmrr_next (this=0x99fc9dfc, range_info=0x9a0dc818) at multi_range_read.cc:1094
#8 0x08957438 in ha_maria::multi_range_read_next (this=0x99fc9a80, range_info=0x9a0dc818) at ha_maria.cc:3514
#9 0x0860aa63 in QUICK_RANGE_SELECT::get_next (this=0x99d92e50) at opt_range.cc:8403
#10 0x08632575 in rr_quick (info=0x99fde89c) at records.cc:322
#11 0x084e23fe in sub_select (join=0x99d26ec8, join_tab=0x99fde858, end_of_records=false) at sql_select.cc:13107
#12 0x084e089e in do_select (join=0x99d26ec8, fields=0x99feeb1c, table=0x0, procedure=0x0) at sql_select.cc:12634
#13 0x084af04e in JOIN::exec (this=0x99d26ec8) at sql_select.cc:2355
#14 0x082f231f in subselect_single_select_engine::exec (this=0x99fef6e8) at item_subselect.cc:2716
#15 0x082e5b67 in Item_subselect::exec (this=0x99fef628) at item_subselect.cc:481
#16 0x082e9474 in Item_exists_subselect::val_int (this=0x99fef628) at item_subselect.cc:1106
#17 0x08205dc7 in Item::val_int_result (this=0x99fef628) at item.h:779
#18 0x081fce5b in Item_cache_int::cache_value (this=0x99fc1fe8) at item.cc:7720
#19 0x0820f8c2 in Item_cache_wrapper::cache (this=0x99fc1f88) at item.cc:6725
#20 0x081f709f in Item_cache_wrapper::val_int (this=0x99fc1f88) at item.cc:6779
#21 0x084e2b42 in evaluate_join_record (join=0x99d22058, join_tab=0x99fc0be0, error=0) at sql_select.cc:13182
#22 0x084e2590 in sub_select (join=0x99d22058, join_tab=0x99fc0be0, end_of_records=false) at sql_select.cc:13127
#23 0x084e089e in do_select (join=0x99d22058, fields=0x0, table=0x99fe7170, procedure=0x0) at sql_select.cc:12634
#24 0x084abced in JOIN::exec (this=0x99d22058) at sql_select.cc:1933
#25 0x084aff87 in mysql_select (thd=0xc053758, rref_pointer_array=0xc0551cc, tables=0xb6b676b8, wild_num=0, fields=..., conds=0x99fef9c8, og_num=2,
    order=0x99fefd08, group=0x0, having=0x0, proc_param=0x0, select_options=2147797506, result=0x99fefe78, unit=0xc054e30, select_lex=0xc0550c8)
    at sql_select.cc:2556
#26 0x084a1141 in handle_select (thd=0xc053758, lex=0xc054dd4, result=0x99fefe78, setup_tables_done_option=0) at sql_select.cc:276
#27 0x083ccf82 in execute_sqlcom_select (thd=0xc053758, all_tables=0xb6b676b8) at sql_parse.cc:5081
#28 0x083ba20b in mysql_execute_command (thd=0xc053758) at sql_parse.cc:2265
#29 0x083d167c in mysql_parse (thd=0xc053758,
    inBuf=0xb6b66c08 "/* GenTest::Transform::StraightJoin */ SELECT STRAIGHT_JOIN table1 . `col_varchar_key` AS field1 , table1 . `col_varchar_nokey` AS field2 FROM ( CC AS table1 INNER JOIN ( ( C AS table2 STRAIGHT_J"..., length=748, found_semicolon=0x9a0de230) at sql_parse.cc:6027
#30 0x083b53f7 in dispatch_command (command=COM_QUERY, thd=0xc053758,
    packet=0xc07a3c9 "/* GenTest::Transform::StraightJoin */ SELECT STRAIGHT_JOIN table1 . `col_varchar_key` AS field1 , table1 . `col_varchar_nokey` AS field2 FROM ( CC AS table1 INNER JOIN ( ( C AS table2 STRAIGHT_J"......

Here is another backtrace that is produced by this test case

#4  <signal handler called>
#5  0x0864d61a in handler::read_range_next (this=0x99fc9a80) at handler.cc:4309
#6  0x087f6b60 in handler::multi_range_read_next (this=0x99fc9a80, range_info=0x9a0dc818) at multi_range_read.cc:248
#7  0x087fa947 in DsMrr_impl::dsmrr_next (this=0x99fc9dfc, range_info=0x9a0dc818) at multi_range_read.cc:1094
#8  0x08957438 in ha_maria::multi_range_read_next (this=0x99fc9a80, range_info=0x9a0dc818) at ha_maria.cc:3514
#9  0x0860aa63 in QUICK_RANGE_SELECT::get_next (this=0x99d92e50) at opt_range.cc:8403
#10 0x08632575 in rr_quick (info=0x99fde89c) at records.cc:322
#11 0x084e23fe in sub_select (join=0x99d26ec8, join_tab=0x99fde858, end_of_records=false) at sql_select.cc:13107
#12 0x084e089e in do_select (join=0x99d26ec8, fields=0x99feeb1c, table=0x0, procedure=0x0) at sql_select.cc:12634
#13 0x084af04e in JOIN::exec (this=0x99d26ec8) at sql_select.cc:2355
#14 0x082f231f in subselect_single_select_engine::exec (this=0x99fef6e8) at item_subselect.cc:2716
#15 0x082e5b67 in Item_subselect::exec (this=0x99fef628) at item_subselect.cc:481
#16 0x082e9474 in Item_exists_subselect::val_int (this=0x99fef628) at item_subselect.cc:1106
#17 0x08205dc7 in Item::val_int_result (this=0x99fef628) at item.h:779
#18 0x081fce5b in Item_cache_int::cache_value (this=0x99fc1fe8) at item.cc:7720
#19 0x0820f8c2 in Item_cache_wrapper::cache (this=0x99fc1f88) at item.cc:6725
#20 0x081f709f in Item_cache_wrapper::val_int (this=0x99fc1f88) at item.cc:6779
#21 0x084e2b42 in evaluate_join_record (join=0x99d22058, join_tab=0x99fc0be0, error=0) at sql_select.cc:13182
#22 0x084e2590 in sub_select (join=0x99d22058, join_tab=0x99fc0be0, end_of_records=false) at sql_select.cc:13127
#23 0x084e089e in do_select (join=0x99d22058, fields=0x0, table=0x99fe7170, procedure=0x0) at sql_select.cc:12634
#24 0x084abced in JOIN::exec (this=0x99d22058) at sql_select.cc:1933
#25 0x084aff87 in mysql_select (thd=0xc053758, rref_pointer_array=0xc0551cc, tables=0xb6b676b8, wild_num=0, fields=..., conds=0x99fef9c8, og_num=2,
    order=0x99fefd08, group=0x0, having=0x0, proc_param=0x0, select_options=2147797506, result=0x99fefe78, unit=0xc054e30, select_lex=0xc0550c8)
    at sql_select.cc:2556
#26 0x084a1141 in handle_select (thd=0xc053758, lex=0xc054dd4, result=0x99fefe78, setup_tables_done_option=0) at sql_select.cc:276
#27 0x083ccf82 in execute_sqlcom_select (thd=0xc053758, all_tables=0xb6b676b8) at sql_parse.cc:5081
#28 0x083ba20b in mysql_execute_command (thd=0xc053758) at sql_parse.cc:2265
#29 0x083d167c in mysql_parse (thd=0xc053758,
    inBuf=0xb6b66c08 "/* GenTest::Transform::StraightJoin */   SELECT STRAIGHT_JOIN    table1 . `col_varchar_key` AS field1 , table1 . `col_varchar_nokey` AS field2 FROM ( CC AS table1 INNER JOIN ( ( C AS table2 STRAIGHT_J"..., length=748, found_semicolon=0x9a0de230) at sql_parse.cc:6027
#30 0x083b53f7 in dispatch_command (command=COM_QUERY, thd=0xc053758,
    packet=0xc07a3c9 "/* GenTest::Transform::StraightJoin */   SELECT STRAIGHT_JOIN    table1 . `col_varchar_key` AS field1 , table1 . `col_varchar_nokey` AS field2 FROM ( CC AS table1 INNER JOIN ( ( C AS table2 STRAIGHT_J"..., packet_length=748) at sql_parse.cc:1184
#31 0x083b3bbc in do_command (thd=0xc053758) at sql_parse.cc:890
#32 0x083ad49c in handle_one_connection (arg=0xc053758) at sql_connect.cc:1153
#33 0x00bea919 in start_thread () from /lib/libpthread.so.0
#34 0x00b2ccbe in clone () from /lib/libc.so.6

valgrind warnings:

==2844== Thread 4:
==2844== Conditional jump or move depends on uninitialised value(s)
==2844==    at 0x8498418: handler::multi_range_read_next(char**) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x849A33A: DsMrr_impl::dsmrr_next(char**) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x855B281: ha_maria::multi_range_read_next(char**) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x83ADE0A: QUICK_RANGE_SELECT::get_next() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x83C20A5: ??? (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x8321342: join_init_read_record(st_join_table*) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831F825: sub_select(JOIN*, st_join_table*, bool) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831EC7E: ??? (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x8305036: JOIN::exec() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x82365D7: subselect_single_select_engine::exec() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x8230CFC: Item_subselect::exec() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x823249A: Item_exists_subselect::val_int() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831FC07: ??? (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831F9C6: sub_select(JOIN*, st_join_table*, bool) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831EC7E: ??? (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x8305036: JOIN::exec() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==
==2844== Use of uninitialised value of size 4
==2844==    at 0x839CBE6: quick_range_seq_next(void*, st_key_multi_range*) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x8498533: handler::multi_range_read_next(char**) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x849A33A: DsMrr_impl::dsmrr_next(char**) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x855B281: ha_maria::multi_range_read_next(char**) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x83ADE0A: QUICK_RANGE_SELECT::get_next() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x83C20A5: ??? (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x8321342: join_init_read_record(st_join_table*) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831F825: sub_select(JOIN*, st_join_table*, bool) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831EC7E: ??? (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x8305036: JOIN::exec() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x82365D7: subselect_single_select_engine::exec() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x8230CFC: Item_subselect::exec() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x823249A: Item_exists_subselect::val_int() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831FC07: ??? (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831F9C6: sub_select(JOIN*, st_join_table*, bool) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831EC7E: ??? (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==
==2844== Invalid read of size 4
==2844==    at 0x839CBE6: quick_range_seq_next(void*, st_key_multi_range*) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x8498533: handler::multi_range_read_next(char**) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x849A33A: DsMrr_impl::dsmrr_next(char**) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x855B281: ha_maria::multi_range_read_next(char**) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x83ADE0A: QUICK_RANGE_SELECT::get_next() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x83C20A5: ??? (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x8321342: join_init_read_record(st_join_table*) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831F825: sub_select(JOIN*, st_join_table*, bool) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831EC7E: ??? (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x8305036: JOIN::exec() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x82365D7: subselect_single_select_engine::exec() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x8230CFC: Item_subselect::exec() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x823249A: Item_exists_subselect::val_int() (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831FC07: ??? (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831F9C6: sub_select(JOIN*, st_join_table*, bool) (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==    by 0x831EC7E: ??? (in /home/philips/bzr/maria-5.3-dsmrr-cpk/sql/mysqld)
==2844==  Address 0x4 is not stack'd, malloc'd or (recently) free'd
==2844==

Revision history for this message

Sergey Petrunia (sergefp) wrote on 2010-09-13:

Fixed in 5.3-dsmrr-cpk tree

Changed in maria:
status:	New → Fix Committed

Daniel Bartholomew (dbart) on 2011-12-13

Changed in maria:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.