Crash in Field::eq with extended_keys+semijoin+materialization, IN subquery, aggregate function

Bug #914560 reported by Elena Stepanova on 2012-01-11
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
MariaDB
Fix Released
Critical
Igor Babaev

Bug Description

#4 <signal handler called>
#5 0x083b4652 in Field::eq (this=0x9e11a28, field=0x0) at field.h:244
#6 0x08535f7a in add_key_part (keyuse_array=0x9e08758, key_field=0x9e108b8)
    at sql_select.cc:4419
#7 0x08537891 in update_ref_and_keys (thd=0x9d80ad8, keyuse=0x9e08758,
    join_tab=0x9e103a8, tables=2, cond=0x9e10278,
    normal_tables=18446744073709551615, select_lex=0x9d82510, sargables=0xae97ef1c)
    at sql_select.cc:4719
#8 0x0852f741 in make_join_statistics (join=0x9e022b8, tables_list=...,
    conds=0x9e10278, keyuse_array=0x9e08758) at sql_select.cc:3214
#9 0x08521c45 in JOIN::optimize (this=0x9e022b8) at sql_select.cc:1145
#10 0x0852dbef in mysql_select (thd=0x9d80ad8, rref_pointer_array=0x9d8264c,
    tables=0x9defed8, wild_num=1, fields=..., conds=0x9df0d00, og_num=0, order=0x0,
    group=0x0, having=0x0, proc_param=0x0, select_options=2147764736,
    result=0x9df0ea8, unit=0x9d82230, select_lex=0x9d82510) at sql_select.cc:2911
#11 0x0851cf75 in handle_select (thd=0x9d80ad8, lex=0x9d821d4, result=0x9df0ea8,
    setup_tables_done_option=0) at sql_select.cc:283
#12 0x0843bdba in execute_sqlcom_select (thd=0x9d80ad8, all_tables=0x9defed8)
    at sql_parse.cc:5148
#13 0x0842943f in mysql_execute_command (thd=0x9d80ad8) at sql_parse.cc:2281
#14 0x08440e20 in mysql_parse (thd=0x9d80ad8,
    rawbuf=0x9defd10 "SELECT * FROM t1 \nWHERE 1 IN ( \nSELECT MAX(alias1.a) \nFROM t1 AS alias1, t1 AS alias2 )", length=87, found_semicolon=0xae980234)
    at sql_parse.cc:6149
#15 0x08424839 in dispatch_command (command=COM_QUERY, thd=0x9d80ad8,
    packet=0x9dda631 "SELECT * FROM t1 \nWHERE 1 IN ( \nSELECT MAX(alias1.a) \nFROM t1 AS alias1, t1 AS alias2 )", packet_length=87) at sql_parse.cc:1227
#16 0x08422edf in do_command (thd=0x9d80ad8) at sql_parse.cc:922
#17 0x0841c3d2 in handle_one_connection (arg=0x9d80ad8) at sql_connect.cc:1193
#18 0xb7795b25 in start_thread () from /lib/libpthread.so.0
#19 0xb75b634e in clone () from /lib/libc.so.6

bzr version-info
revision-id: <email address hidden>
date: 2012-01-01 22:42:11 -0800
build-date: 2012-01-11 06:34:02 +0400
revno: 3379
branch-nick: lp-5.3-extended_keys

EXPLAIN also crashes.

Does not crash with extended_keys=OFF.
Sporadically reproducible on all of MyISAM, InnoDB, Aria.

Minimal optimizer_switch: materialization=on,semijoin=on,extended_keys=on
Full optimizer_switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on

# Test case
# If it does not crash at once,
# try several times, different engines and functions (MIN,MAX,SUM)

SET optimizer_switch = 'materialization=on,semijoin=on,extended_keys=on';

CREATE TABLE t1 (a INT, b INT);

INSERT INTO t1 VALUES (1,1),(2,2);

SELECT * FROM t1
 WHERE 1 IN (
  SELECT MAX(alias1.a)
   FROM t1 AS alias1, t1 AS alias2 );

# end of test case

Changed in maria:
importance: Undecided → Critical
status: New → Confirmed
status: Confirmed → In Progress
Changed in maria:
status: In Progress → Fix Committed
Elena Stepanova (elenst) wrote :

Fix released in 5.5.21.

Changed in maria:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers