MariaDB

Crash in Gcalc_operation_reducer::get_result with ST_DIFFERENCE

Bug #805858 reported by Philip Stoev on 2011-07-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	MariaDB	Fix Released	Undecided	Alexey Botchkov	MariaDB 5.3

Bug Description

Backtrace:

#3 <signal handler called>
#4 0x0000000000776df1 in Gcalc_operation_reducer::get_result (this=0x1509bdc8, storage=0x1509bd60) at gcalc_tools.cc:1116
#5 0x0000000000645f1e in Item_func_spatial_operation::val_str (this=0x1509bb38, str_value=0x40ad1400) at item_geofunc.cc:1030
#6 0x000000000059dcbf in Item::send (this=0x1509bb38, protocol=0x150546f8, buffer=0x40ad1400) at item.cc:5905
#7 0x0000000000680b89 in select_send::send_data (this=0x1509c010, items=...) at sql_class.cc:1919
#8 0x000000000075d540 in JOIN::exec (this=0x150c0bb0) at sql_select.cc:2069
#9 0x0000000000759a10 in mysql_select (thd=0x150542f8, rref_pointer_array=0x15056e48, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0,
group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0x1509c010, unit=0x15056740, select_lex=0x15056c28) at sql_select.cc:2885
#10 0x000000000075fdea in handle_select (thd=0x150542f8, lex=0x150566a0, result=0x1509c010, setup_tables_done_option=0) at sql_select.cc:283
#11 0x00000000006ad2bc in execute_sqlcom_select (thd=0x150542f8, all_tables=0x0) at sql_parse.cc:5082
#12 0x00000000006aef6f in mysql_execute_command (thd=0x150542f8) at sql_parse.cc:2227
#13 0x00000000006b7d07 in mysql_parse (thd=0x150542f8,
rawbuf=0x1509aea0 "SELECT ST_DIFFERENCE(\nMULTIPOLYGONFROMTEXT('\n\t\tMULTIPOLYGON( ( (3 5, 2 4, 2 5, 3 5) ) , ( ( 2 2 , 2 8 , 8 8 , 8 2 , 2 2 ) , ( 4 4 , 4 6 , 6 6 , 6 4 , 4 4 ) ) )\n\t') , MULTILINESTRINGFROMTEXT('\n\t\tMULTIL"..., length=272, found_semicolon=0x40ad2f08) at sql_parse.cc:6083
#14 0x00000000006b8b9f in dispatch_command (command=COM_QUERY, thd=0x150542f8, packet=0x15091b29 "", packet_length=272) at sql_parse.cc:1206
#15 0x00000000006ba1b1 in do_command (thd=0x150542f8) at sql_parse.cc:904
#16 0x00000000006a4c63 in handle_one_connection (arg=0x150542f8) at sql_connect.cc:1177
#17 0x00000033b600673d in start_thread () from /lib64/libpthread.so.0
#18 0x00000033b58d40cd in clone () from /lib64/libc.so.6

test case:

SELECT ST_DIFFERENCE(
        MULTIPOLYGONFROMTEXT('
                MULTIPOLYGON( ( (3 5, 2 4, 2 5, 3 5) ) , ( ( 2 2 , 2 8 , 8 8 , 8 2 , 2 2 ) , ( 4 4 , 4 6 , 6 6 , 6 4 , 4 4 ) ) )
        ') , MULTILINESTRINGFROMTEXT('
                MULTILINESTRING( ( 8 6 , 3 8 , 7 5 , 2 1 ) , ( 4 3 , 0 9 , 2 1 , 2 2 ) )
        ')
);

bzr version-info
revision-id: <email address hidden>
date: 2011-07-04 16:17:34 +0500
build-date: 2011-07-05 12:18:54 +0300
revno: 2986
branch-nick: maria-5.3-gis

Related branches

lp:~maria-captains/maria/5.3-gis

Philip Stoev (pstoev-askmonty) on 2011-07-05

Changed in maria:
assignee:	nobody → Alexey Botchkov (holyfoot)
milestone:	none → 5.3

Revision history for this message

Philip Stoev (pstoev-askmonty) wrote on 2011-07-05:

Another crash, slightly different backtrace

SELECT
        ST_DIFFERENCE (
                MULTIPOLYGONFROMTEXT( ' MULTIPOLYGON( ( (3 5, 2 5, 2 4, 3 4, 3 5) ) , ( ( 2 2 , 5 2 , 4 9 , 2 7 , 2 2 ) ) ) ' ) ,
                MULTILINESTRINGFROMTEXT( ' MULTILINESTRING( ( 2 9 , 9 0 , 5 2 , 3 8 ) , ( 0 1 , 2 5 , 4 5 , 3 3 ) , ( 2 2 , 2 1 , 9 5 , 7 5 , 8 8 ) , ( 2 2 , 2 8 , 8 8 , 8 2 , 2 2 ) , ( 4 4 , 4 6 , 6 6 , 6 4 , 4 4 ) ) ' )
        );

#3 <signal handler called>
#4 0x0000000000776a8a in Gcalc_operation_reducer::get_result_thread (this=0x10bfeed0, cur=0xa5a5a5a5a5a5a5a5, storage=0x10bfee68, move_upward=1)
    at gcalc_tools.cc:1027
#5 0x0000000000776c43 in Gcalc_operation_reducer::get_line_result (this=0x10bfeed0, cur=0x10c2e640, storage=0x10bfee68) at gcalc_tools.cc:1095
#6 0x0000000000776f0d in Gcalc_operation_reducer::get_result (this=0x10bfeed0, storage=0x10bfee68) at gcalc_tools.cc:1137
#7 0x0000000000645f1e in Item_func_spatial_operation::val_str (this=0x10bfec40, str_value=0x40d1a400) at item_geofunc.cc:1030
#8 0x000000000059dcbf in Item::send (this=0x10bfec40, protocol=0x10bb76f8, buffer=0x40d1a400) at item.cc:5905
#9 0x0000000000680b89 in select_send::send_data (this=0x10bff118, items=...) at sql_class.cc:1919
#10 0x000000000075d540 in JOIN::exec (this=0x10c23bb0) at sql_select.cc:2069
#11 0x0000000000759a10 in mysql_select (thd=0x10bb72f8, rref_pointer_array=0x10bb9e48, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0,
    group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0x10bff118, unit=0x10bb9740, select_lex=0x10bb9c28) at sql_select.cc:2885
#12 0x000000000075fdea in handle_select (thd=0x10bb72f8, lex=0x10bb96a0, result=0x10bff118, setup_tables_done_option=0) at sql_select.cc:283
#13 0x00000000006ad2bc in execute_sqlcom_select (thd=0x10bb72f8, all_tables=0x0) at sql_parse.cc:5082
#14 0x00000000006aef6f in mysql_execute_command (thd=0x10bb72f8) at sql_parse.cc:2227
#15 0x00000000006b7d07 in mysql_parse (thd=0x10bb72f8,
    rawbuf=0x10bfdea0 "SELECT\nST_DIFFERENCE (\nMULTIPOLYGONFROMTEXT( ' MULTIPOLYGON( ( (3 5, 2 5, 2 4, 3 4, 3 5) ) , ( ( 2 2 , 5 2 , 4 9 , 2 7 , 2 2 ) ) ) ' ) ,\nMULTILINESTRINGFROMTEXT( ' MULTILINESTRING( ( 2 9 , 9 0 , 5 "..., length=347, found_semicolon=0x40d1bf08) at sql_parse.cc:6083
#16 0x00000000006b8b9f in dispatch_command (command=COM_QUERY, thd=0x10bb72f8, packet=0x10bf4b29 "", packet_length=347) at sql_parse.cc:1206
#17 0x00000000006ba1b1 in do_command (thd=0x10bb72f8) at sql_parse.cc:904
#18 0x00000000006a4c63 in handle_one_connection (arg=0x10bb72f8) at sql_connect.cc:1177
#19 0x00000033b600673d in start_thread () from /lib64/libpthread.so.0
#20 0x00000033b58d40cd in clone () from /lib64/libc.so.6

Another crash, slightly different backtrace

SELECT
        ST_DIFFERENCE (
                MULTIPOLYGONFROMTEXT( '  MULTIPOLYGON( ( (3 5, 2 5, 2 4, 3 4, 3 5) ) , ( ( 2 2 , 5 2 , 4 9 , 2 7 , 2 2 ) ) ) ' )  ,
                MULTILINESTRINGFROMTEXT( '  MULTILINESTRING( ( 2 9 , 9 0 , 5 2 , 3 8 ) , ( 0 1 , 2 5 , 4 5 , 3 3 ) , ( 2 2 , 2 1 , 9 5 , 7 5 , 8 8 ) , ( 2 2 , 2 8 , 8 8 , 8 2 , 2 2 ) , ( 4 4 , 4 6 , 6 6 , 6 4 , 4 4 ) ) ' )
        );

#3  <signal handler called>
#4  0x0000000000776a8a in Gcalc_operation_reducer::get_result_thread (this=0x10bfeed0, cur=0xa5a5a5a5a5a5a5a5, storage=0x10bfee68, move_upward=1)
    at gcalc_tools.cc:1027
#5  0x0000000000776c43 in Gcalc_operation_reducer::get_line_result (this=0x10bfeed0, cur=0x10c2e640, storage=0x10bfee68) at gcalc_tools.cc:1095
#6  0x0000000000776f0d in Gcalc_operation_reducer::get_result (this=0x10bfeed0, storage=0x10bfee68) at gcalc_tools.cc:1137
#7  0x0000000000645f1e in Item_func_spatial_operation::val_str (this=0x10bfec40, str_value=0x40d1a400) at item_geofunc.cc:1030
#8  0x000000000059dcbf in Item::send (this=0x10bfec40, protocol=0x10bb76f8, buffer=0x40d1a400) at item.cc:5905
#9  0x0000000000680b89 in select_send::send_data (this=0x10bff118, items=...) at sql_class.cc:1919
#10 0x000000000075d540 in JOIN::exec (this=0x10c23bb0) at sql_select.cc:2069
#11 0x0000000000759a10 in mysql_select (thd=0x10bb72f8, rref_pointer_array=0x10bb9e48, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0,
    group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0x10bff118, unit=0x10bb9740, select_lex=0x10bb9c28) at sql_select.cc:2885
#12 0x000000000075fdea in handle_select (thd=0x10bb72f8, lex=0x10bb96a0, result=0x10bff118, setup_tables_done_option=0) at sql_select.cc:283
#13 0x00000000006ad2bc in execute_sqlcom_select (thd=0x10bb72f8, all_tables=0x0) at sql_parse.cc:5082
#14 0x00000000006aef6f in mysql_execute_command (thd=0x10bb72f8) at sql_parse.cc:2227
#15 0x00000000006b7d07 in mysql_parse (thd=0x10bb72f8,
    rawbuf=0x10bfdea0 "SELECT\nST_DIFFERENCE (\nMULTIPOLYGONFROMTEXT( '  MULTIPOLYGON( ( (3 5, 2 5, 2 4, 3 4, 3 5) ) , ( ( 2 2 , 5 2 , 4 9 , 2 7 , 2 2 ) ) ) ' )  ,\nMULTILINESTRINGFROMTEXT( '  MULTILINESTRING( ( 2 9 , 9 0 , 5 "..., length=347, found_semicolon=0x40d1bf08) at sql_parse.cc:6083
#16 0x00000000006b8b9f in dispatch_command (command=COM_QUERY, thd=0x10bb72f8, packet=0x10bf4b29 "", packet_length=347) at sql_parse.cc:1206
#17 0x00000000006ba1b1 in do_command (thd=0x10bb72f8) at sql_parse.cc:904
#18 0x00000000006a4c63 in handle_one_connection (arg=0x10bb72f8) at sql_connect.cc:1177
#19 0x00000033b600673d in start_thread () from /lib64/libpthread.so.0
#20 0x00000033b58d40cd in clone () from /lib64/libc.so.6

Revision history for this message

Alexey Botchkov (holyfoot) wrote on 2011-07-13:

That was probably the manifestation of the bug #801217, and was fixed in 5.3-gis with the patch to it.

Changed in maria:
status:	New → Fix Committed

Revision history for this message

Philip Stoev (pstoev-askmonty) wrote on 2011-07-13:

Please do push the 2 test cases from this bug into the test suite anyway.

Daniel Bartholomew (dbart) on 2011-12-13

Changed in maria:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.