MariaDB

Crash when updating multiple equality const-ness during constant table optimization in make_join_statistics

Bug #776285 reported by Timour Katchaounov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MariaDB
Fix Released
Undecided
Igor Babaev
MariaDB 5.3

Bug Description

The following test case extracted from the test for LP BUG#715759
results in a crash (NULL pointer):

CREATE TABLE t1 (a1 int, a2 int) ;
INSERT INTO t1 VALUES (1, 2);
INSERT INTO t1 VALUES (3, 4);

CREATE TABLE t2 (b1 int, b2 int) ;
INSERT INTO t2 VALUES (1, 2);

SELECT b1 FROM t2 WHERE b1 = b2;

Revision history for this message
Timour Katchaounov (timour) wrote :

The stack trace is:

#0 0x000000000060b4e5 in Item_func::Item_func (this=0x44b5870, a=0x44b4ac0, b=0x0) at item_func.h:82
#1 0x000000000060b5db in Item_int_func::Item_int_func (this=0x44b5870, a=0x44b4ac0, b=0x0) at item_func.h:402
#2 0x000000000060be35 in Item_bool_func2::Item_bool_func2 (this=0x44b5870, a=0x44b4ac0, b=0x0) at item_cmpfunc.h:356
#3 0x000000000060c0d9 in Item_bool_rowready_func2::Item_bool_rowready_func2 (this=0x44b5870, a=0x44b4ac0, b=0x0) at item_cmpfunc.h:389
#4 0x000000000060c3a7 in Item_func_eq::Item_func_eq (this=0x44b5870, a=0x44b4ac0, b=0x0) at item_cmpfunc.h:494
#5 0x000000000060a434 in Item_equal::add_const (this=0x44b4ee0, c=0x44b4ac0, f=0x0) at item_cmpfunc.cc:5621
#6 0x000000000060a6c1 in Item_equal::update_const (this=0x44b4ee0) at item_cmpfunc.cc:5750
#7 0x000000000073f9dc in update_const_equal_items (cond=0x44b4ee0, tab=0x44b5108) at sql_select.cc:10349
#8 0x0000000000749a9f in join_read_const_table (tab=0x44b5108, pos=0x44ca028) at sql_select.cc:14374
#9 0x000000000072dd4f in make_join_statistics (join=0x44c7100, tables_arg=0x44b4620, conds=0x44b4ee0, keyuse_array=0x44cd098) at sql_select.cc:3023
#10 0x0000000000726c23 in JOIN::optimize (this=0x44c7100) at sql_select.cc:992

Changed in maria:
milestone: none → 5.3
assignee: nobody → Igor Babaev (igorb-seattle)
Revision history for this message
Timour Katchaounov (timour) wrote :

The bug is reproducible in 5.3 with the following tip:

revno: 2977
committer: Vladislav Vaintroub <email address hidden>
branch nick: 5.3
timestamp: Mon 2011-05-02 13:02:36 +0200
message:
  Shoot in the dark - try to fight build environment based on cygwin, where
  presumably neither TMP nor TEMP environment variable are set.

Revision history for this message
Philip Stoev (pstoev-askmonty) wrote :

see bug https://bugs.launchpad.net/maria/+bug/776274

Revision history for this message
Igor Babaev (igorb-seattle) wrote :

This is an exact duplicate of LP bug #776274

Igor Babaev (igorb-seattle)
Changed in maria:
status: New → Confirmed
status: Confirmed → Fix Committed
Daniel Bartholomew (dbart)
Changed in maria:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.