MariaDB

Crash in SQL_SELECT::test_quick_select in maria-5.3

Bug #707848 reported by Philip Stoev
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MariaDB
Fix Released
Critical
Igor Babaev
MariaDB 5.3

Bug Description

The following query:

SELECT *
FROM t1 AS alias1 JOIN t1 AS alias2 USING (f1)
WHERE alias2.f1 IN ( 2 , 9 )
OR alias2.f1 > 0
AND alias2.f1
ORDER BY 1;

crashes as follows:

#3 0x082852c3 in handle_segfault (sig=11) at mysqld.cc:2775
#4 <signal handler called>
#5 0x083a106f in SQL_SELECT::test_quick_select (this=0x0, thd=0xabef928, keys_to_use=..., prev_tables=0, limit=18446744073709551615,
    force_quick_range=true, ordered_output=false) at opt_range.cc:2904
#6 0x08329160 in test_if_skip_sort_order (tab=0xa2960508, order=0xa293a818, select_limit=1, no_changes=false, map=0xa294aa7c) at sql_select.cc:16063
#7 0x08329855 in create_sort_index (thd=0xabef928, join=0xa295b1c8, order=0xa293a818, filesort_limit=18446744073709551615,
    select_limit=18446744073709551615, is_order_by=false) at sql_select.cc:16257
#8 0x083096f9 in JOIN::exec (this=0xa295b1c8) at sql_select.cc:2373
#9 0x0830a163 in mysql_select (thd=0xabef928, rref_pointer_array=0xabf13c4, tables=0xa2939a08, wild_num=1, fields=..., conds=0xa293a700, og_num=1,
    order=0xa293a818, group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0xa293a8b8, unit=0xabf1024, select_lex=0xabf12c0)
    at sql_select.cc:2647
#10 0x08302c39 in handle_select (thd=0xabef928, lex=0xabf0fc8, result=0xa293a8b8, setup_tables_done_option=0) at sql_select.cc:282
#11 0x082a0990 in execute_sqlcom_select (thd=0xabef928, all_tables=0xa2939a08) at sql_parse.cc:5070
#12 0x0829799f in mysql_execute_command (thd=0xabef928) at sql_parse.cc:2234
#13 0x082a2f28 in mysql_parse (thd=0xabef928,
    rawbuf=0xa29397e8 "SELECT *\nFROM t1 AS alias1 JOIN t1 AS alias2 USING (f1)\nWHERE alias2.f1 IN ( 2 , 9 )\nOR alias2.f1 > 0\nAND alias2.f1\nORDER BY 1",
    length=126, found_semicolon=0xa14cf228) at sql_parse.cc:6077
#14 0x08295637 in dispatch_command (command=COM_QUERY, thd=0xabef928,
    packet=0xac079b9 "SELECT *\nFROM t1 AS alias1 JOIN t1 AS alias2 USING (f1)\nWHERE alias2.f1 IN ( 2 , 9 )\nOR alias2.f1 > 0\nAND alias2.f1\nORDER BY 1",
    packet_length=126) at sql_parse.cc:1210
#15 0x08294ae4 in do_command (thd=0xabef928) at sql_parse.cc:903
#16 0x08291bc2 in handle_one_connection (arg=0xabef928) at sql_connect.cc:1154
#17 0x00821919 in start_thread () from /lib/libpthread.so.0
#18 0x0076acce in clone () from /lib/libc.so.6

test case:
CREATE TABLE t1 ( f1 int(11), PRIMARY KEY (f1) ) ENGINE=InnoDB;

SELECT *
FROM t1 AS alias1 JOIN t1 AS alias2 USING (f1)
WHERE alias2.f1 IN ( 2 , 9 )
OR alias2.f1 > 0
AND alias2.f1
ORDER BY 1;

My gut feeling is that this is related to the range optimizer. Unfortunately EXPLAIN crashes as well.

Philip Stoev (philip-stoev)
Changed in maria:
milestone: none → 5.3
assignee: nobody → Igor Babaev (igorb-seattle)
Igor Babaev (igorb-seattle)
Changed in maria:
status: New → Confirmed
importance: Undecided → Critical
Igor Babaev (igorb-seattle)
Changed in maria:
status: Confirmed → In Progress
Igor Babaev (igorb-seattle)
Changed in maria:
status: In Progress → Fix Committed
Daniel Bartholomew (dbart)
Changed in maria:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.