MariaDB

Crash in create_tmp_table called from JOIN::init_execution in maria-5.3-mwl89

Bug #682683 reported by Philip Stoev
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
MariaDB
Fix Released
High
Timour Katchaounov
MariaDB 5.3

Bug Description

not reproducible in maria-5.3

backtrace:

#4 <signal handler called>
#5 0x0831e892 in create_tmp_table (thd=0x9d050e8, param=0x9d83954, fields=..., group=0x9d57298, distinct=false, save_sum_fields=false,
    select_options=2147764736, rows_limit=18446744073709551615, table_alias=0x88a25f6 "") at sql_select.cc:11722
#6 0x08303ae8 in JOIN::init_execution (this=0x9d7ecc0) at sql_select.cc:1438
#7 0x083053fa in JOIN::exec (this=0x9d7ecc0) at sql_select.cc:1880
#8 0x08307961 in mysql_select (thd=0x9d050e8, rref_pointer_array=0x9d06b64, tables=0x9d56fe8, wild_num=0, fields=..., conds=0x0, og_num=1, order=0x0,
    group=0x9d57298, having=0x0, proc_param=0x0, select_options=2147764736, result=0x9d57330, unit=0x9d067c4, select_lex=0x9d06a60) at sql_select.cc:2550
#9 0x0830004d in handle_select (thd=0x9d050e8, lex=0x9d06768, result=0x9d57330, setup_tables_done_option=0) at sql_select.cc:281
#10 0x0829d91b in execute_sqlcom_select (thd=0x9d050e8, all_tables=0x9d56fe8) at sql_parse.cc:5102
#11 0x08294423 in mysql_execute_command (thd=0x9d050e8) at sql_parse.cc:2281
#12 0x0829feac in mysql_parse (thd=0x9d050e8, rawbuf=0x9d566d0 "SELECT ( SELECT f1 FROM t1 ) AS field1 FROM t2 GROUP BY field1", length=62,
    found_semicolon=0xae8a0228) at sql_parse.cc:6109
#13 0x08291f0c in dispatch_command (command=COM_QUERY, thd=0x9d050e8, packet=0x9d1d789 "SELECT ( SELECT f1 FROM t1 ) AS field1 FROM t2 GROUP BY field1",
    packet_length=62) at sql_parse.cc:1209
#14 0x08291376 in do_command (thd=0x9d050e8) at sql_parse.cc:902
#15 0x0828e454 in handle_one_connection (arg=0x9d050e8) at sql_connect.cc:1154
#16 0x00bea919 in start_thread () from /lib/libpthread.so.0
#17 0x00b2ccbe in clone () from /lib/libc.so.6

explain in maria-5.3-mwl89:

EXPLAIN SELECT ( SELECT f1 FROM t1 ) AS field1 FROM t2 GROUP BY field1;
id select_type table type possible_keys key key_len ref rows Extra
1 PRIMARY t2 ALL NULL NULL NULL NULL 2 Using temporary; Using filesort
2 SUBQUERY t1 system NULL NULL NULL NULL 0 const row not found

test case. optimizer switches are not strictly required:

SET SESSION optimizer_switch='subquery_cache=off,semijoin=off,materialization=off';
CREATE TABLE t2 (f1 int) ;
INSERT IGNORE INTO t2 VALUES (1),(2);

DROP TABLE IF EXISTS t1;
CREATE TABLE t1 (f1 int) ;

SELECT ( SELECT f1 FROM t1 ) AS field1 FROM t2 GROUP BY field1;

Related branches

lp:~maria-captains/maria/5.3-mwl89 (Merged)
Philip Stoev (philip-stoev)
Changed in maria:
assignee: nobody → Timour Katchaounov (timour)
milestone: none → 5.3
Revision history for this message
Timour Katchaounov (timour) wrote :

This is a regression after the fix for LP BUG#680846.

Changed in maria:
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Timour Katchaounov (timour) wrote :

The crash is in create_tmp_table:

    for (; cur_group ; cur_group= cur_group->next, key_part_info++)
    {
      Field *field=(*cur_group->item)->get_tmp_table_field();
      DBUG_ASSERT(field->table == table);

where field == NULL.

Timour Katchaounov (timour)
Changed in maria:
status: Confirmed → In Progress
Timour Katchaounov (timour)
Changed in maria:
status: In Progress → Fix Committed
Timour Katchaounov (timour)
Changed in maria:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.