MariaDB

Crash in eliminate_item_equal with materialization=on in maria-5.3

Bug #779885 reported by Philip Stoev
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MariaDB
Fix Released
High
Sergey Petrunia
MariaDB 5.3

Bug Description

Repeatable with maria-5.3, maria-5.3-mwl89. Not repeatable with maria-5.2. Seems to require materialization=on. Explain also crashes.

backtrace:

#4 <signal handler called>
#5 0x08321404 in eliminate_item_equal (cond=0x0, upper_levels=0x0, item_equal=0xae614be8) at sql_select.cc:10165
#6 0x0832193f in substitute_for_best_equal_field (cond=0xae614be8, cond_equal=0x0, table_join_idx=0xae614d98) at sql_select.cc:10300
#7 0x0830adf4 in JOIN::optimize (this=0xae62db38) at sql_select.cc:1066
#8 0x083100a1 in mysql_select (thd=0x9382e48, rref_pointer_array=0x93848e8, tables=0xae613080, wild_num=1, fields=..., conds=0xae614168, og_num=0,
    order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0xae614300, unit=0x9384548, select_lex=0x93847e4)
    at sql_select.cc:2687
#9 0x08308983 in handle_select (thd=0x9382e48, lex=0x93844ec, result=0xae614300, setup_tables_done_option=0) at sql_select.cc:282
#10 0x082a5cc8 in execute_sqlcom_select (thd=0x9382e48, all_tables=0xae613080) at sql_parse.cc:5094
#11 0x0829cb12 in mysql_execute_command (thd=0x9382e48) at sql_parse.cc:2239
#12 0x082a826b in mysql_parse (thd=0x9382e48,
    rawbuf=0xae612eb0 "SELECT *\nFROM t1\nWHERE\n( 't' ) IN (\nSELECT t3.f10\nFROM t3 \nJOIN t4\nON t4.f10 = t3.f10 \n)", length=88,
    found_semicolon=0xae983228) at sql_parse.cc:6094
#13 0x0829a79b in dispatch_command (command=COM_QUERY, thd=0x9382e48,
    packet=0x93dd9a1 "SELECT *\nFROM t1\nWHERE\n( 't' ) IN (\nSELECT t3.f10\nFROM t3 \nJOIN t4\nON t4.f10 = t3.f10 \n)", packet_length=88)
    at sql_parse.cc:1215
#14 0x08299bf9 in do_command (thd=0x9382e48) at sql_parse.cc:904
#15 0x08296cac in handle_one_connection (arg=0x9382e48) at sql_connect.cc:1154
#16 0x00821919 in start_thread () from /lib/libpthread.so.0
#17 0x0076acce in clone () from /lib/libc.so.6

test case:

SET SESSION optimizer_switch = 'materialization=on';
CREATE TABLE t1 ( f1 int );
INSERT INTO t1 VALUES (19), (20);

CREATE TABLE t3 ( f10 varchar(32) );
INSERT INTO t3 VALUES ('a'),('b');

CREATE TABLE t4 ( f10 varchar(32) );
INSERT INTO t4 VALUES ('c'),('d');

SELECT *
FROM t1
WHERE
( 't' ) IN (
        SELECT t3.f10
        FROM t3
        JOIN t4
        ON t4.f10 = t3.f10
);

Philip Stoev (pstoev-askmonty)
Changed in maria:
milestone: none → 5.3
assignee: nobody → Timour Katchaounov (timour)
summary: - Crash in eliminate_item_equal with materialization=on
+ Crash in eliminate_item_equal with materialization=on in maria-5.3
Revision history for this message
Timour Katchaounov (timour) wrote :

There is no crash neither with non-flattened materialization, nor with IN-TO-EXISTS.
The crash is in semijoin materialization, thus reassigning to SergeyP.

Changed in maria:
assignee: Timour Katchaounov (timour) → Sergey Petrunia (sergefp)
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Philip Stoev (pstoev-askmonty) wrote :

Also reproducible with comma-style join:

CREATE TABLE t1 ( f1 int );
INSERT INTO t1 VALUES (19), (20);

CREATE TABLE t3 ( f10 varchar(32) );
INSERT INTO t3 VALUES ('a'),('b');

CREATE TABLE t4 ( f10 varchar(32) );
INSERT INTO t4 VALUES ('c'),('d');

SELECT *
FROM t1
WHERE
( 't' ) IN (
        SELECT t3.f10
        FROM t3,t4
        WHERE t4.f10 = t3.f10
);

Sergey Petrunia (sergefp)
Changed in maria:
status: Confirmed → Fix Committed
Daniel Bartholomew (dbart)
Changed in maria:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.