MariaDB

Crash in Item_equal::print in EXPLAIN EXTENDED in maria-5.3

Bug #776295 reported by Philip Stoev on 2011-05-03

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	MariaDB	Fix Released	Low	Igor Babaev	MariaDB 5.3

Bug Description

Repeatable in maria-5.3 , maria-5.3-ml89 . Not repeatable in maria-5.2 . May be related to the Item_func crashes reported separately. Not repeatable with more rows in each table.

backtrace:

#3 0x08289e2c in handle_segfault (sig=11) at mysqld.cc:2774
#4 <signal handler called>
#5 0x0821011e in Item_equal::print (this=0xae513f58, str=0xae89f788, query_type=QT_ORDINARY) at item_cmpfunc.cc:5930
#6 0x08339573 in st_select_lex::print (this=0xae5129e0, thd=0x9c44da8, str=0xae89f788, query_type=QT_ORDINARY) at sql_select.cc:20210
#7 0x081af078 in st_select_lex_unit::print (this=0xae512b80, str=0xae89f788, query_type=QT_ORDINARY) at sql_lex.cc:2090
#8 0x08338ed1 in TABLE_LIST::print (this=0xae513ac0, thd=0x9c44da8, eliminated_tables=0, str=0xae89f788, query_type=QT_ORDINARY) at sql_select.cc:20064
#9 0x083387e2 in print_table_array (thd=0x9c44da8, eliminated_tables=0, str=0xae89f788, table=0xae530690, end=0xae530694, query_type=QT_ORDINARY)
    at sql_select.cc:19895
#10 0x08338bf4 in print_join (thd=0x9c44da8, eliminated_tables=0, str=0xae89f788, tables=0x9c46808, query_type=QT_ORDINARY) at sql_select.cc:19989
#11 0x083394d1 in st_select_lex::print (this=0x9c46744, thd=0x9c44da8, str=0xae89f788, query_type=QT_ORDINARY) at sql_select.cc:20191
#12 0x081af078 in st_select_lex_unit::print (this=0x9c464a8, str=0xae89f788, query_type=QT_ORDINARY) at sql_lex.cc:2090
#13 0x082a5832 in execute_sqlcom_select (thd=0x9c44da8, all_tables=0xae513ac0) at sql_parse.cc:5079
#14 0x0829c786 in mysql_execute_command (thd=0x9c44da8) at sql_parse.cc:2239
#15 0x082a7edf in mysql_parse (thd=0x9c44da8,
    rawbuf=0xae5125e0 "EXPLAIN EXTENDED \nSELECT * FROM ( \nSELECT t1.*\nFROM t1\nJOIN t2\nON t2.f3 = t1.f3 )\nAS alias1", length=91,
    found_semicolon=0xae8a0228) at sql_parse.cc:6094
#16 0x0829a40f in dispatch_command (command=COM_QUERY, thd=0x9c44da8, packet=0x9c9f901 "", packet_length=93) at sql_parse.cc:1215
#17 0x0829986d in do_command (thd=0x9c44da8) at sql_parse.cc:904
#18 0x08296920 in handle_one_connection (arg=0x9c44da8) at sql_connect.cc:1154
#19 0x00116919 in start_thread () from /lib/libpthread.so.0
#20 0x0076acce in clone () from /lib/libc.so.6

test case:

CREATE TABLE t2 ( f3 int) ;
INSERT IGNORE INTO t2 VALUES (8);

CREATE TABLE t1 ( f3 int) ;

EXPLAIN EXTENDED
SELECT * FROM (
        SELECT t1.*
        FROM t1
        JOIN t2
        ON t2.f3 = t1.f3
) AS alias1;

explain from maria-5.2:

id select_type table type possible_keys key key_len ref rows filtered Extra
1 PRIMARY <derived2> system NULL NULL NULL NULL 0 0.00 const row not found
2 DERIVED NULL NULL NULL NULL NULL NULL NULL NULL no matching row in const table
Warnings:
Note 1003 select NULL AS `f3` from (select NULL AS `f3` from `test`.`t1` join `test`.`t2` where multiple equal('8')) `alias1`

Philip Stoev (pstoev-askmonty) on 2011-05-03

Changed in maria:
milestone:	none → 5.3

Igor Babaev (igorb-seattle) on 2011-05-04

Changed in maria:
status:	New → Confirmed
importance:	Undecided → High
assignee:	nobody → Igor Babaev (igorb-seattle)

Revision history for this message

Igor Babaev (igorb-seattle) wrote on 2011-05-04:

After the fix for bug #776274 the crash disappeared, but the output of the EXPLAIN EXTENDED still contained some terms that was hard to understand (like multiple equal('8')):

MariaDB [test]> EXPLAIN EXTENDED SELECT * FROM ( SELECT t1.* FROM t1 JOIN t2 ON t2.f3 = t1.f3 ) AS alias1\G
*************************** 1. row ***************************
           id: 1
  select_type: PRIMARY
        table: <derived2>
         type: system
possible_keys: NULL
          key: NULL
      key_len: NULL
          ref: NULL
         rows: 0
     filtered: 0.00
        Extra: const row not found
*************************** 2. row ***************************
           id: 2
  select_type: DERIVED
        table: NULL
         type: NULL
possible_keys: NULL
          key: NULL
      key_len: NULL
          ref: NULL
         rows: NULL
     filtered: NULL
        Extra: no matching row in const table
2 rows in set, 1 warning (0.00 sec)

MariaDB [test]> show warnings\G
*************************** 1. row ***************************
Level: Note
Code: 1003
Message: select NULL AS `f3` from (select NULL AS `f3` from `test`.`t1` join `test`.`t2` where multiple equal('8')) `alias1`
1 row in set (0.00 sec)

Revision history for this message

Igor Babaev (igorb-seattle) wrote on 2011-05-04:

Execution of EXPLAIN EXTENDED for the subquery of the derived table returns
an expected result:

MariaDB [test]> EXPLAIN EXTENDED SELECT t1.* FROM t1 JOIN t2 ON t2.f3 = t1.f3\G
*************************** 1. row ***************************
           id: 1
  select_type: SIMPLE
        table: NULL
         type: NULL
possible_keys: NULL
          key: NULL
      key_len: NULL
          ref: NULL
         rows: NULL
     filtered: NULL
        Extra: Impossible WHERE noticed after reading const tables
1 row in set, 1 warning (0.00 sec)

MariaDB [test]> show warnings\G
*************************** 1. row ***************************
Level: Note
Code: 1003
Message: select NULL AS `f3` from `test`.`t1` join `test`.`t2` where 0
1 row in set (0.00 sec)

Igor Babaev (igorb-seattle) on 2011-05-05

Changed in maria:
importance:	High → Low
status:	Confirmed → Fix Committed

Daniel Bartholomew (dbart) on 2011-12-13

Changed in maria:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.