Server crashes in my_strnncollsp_simple on LEFT JOIN with CSV table, TEXT field
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MariaDB |
Fix Released
|
High
|
Michael Widenius |
Bug Description
#4 <signal handler called>
#5 0x08767901 in my_strnncollsp_
a=0xfefefefe <Address 0xfefefefe out of bounds>, a_length=65278,
b=0x938f529 "r\245\
diff_
#6 0x0828f2af in sortcmp (s=0x9391ba8, t=0x9391c48, cs=0x8a5d2a0) at sql_string.cc:756
#7 0x08214e69 in Arg_comparator:
#8 0x081fa66a in Arg_comparator:
#9 0x08216864 in Item_func_
#10 0x08321d7d in join_read_
#11 0x0830cf05 in make_join_
keyuse_
#12 0x08306e5c in JOIN::optimize (this=0x9392070) at sql_select.cc:1034
#13 0x0830bfb3 in mysql_select (thd=0x9319d78, rref_pointer_
wild_num=1, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0,
select_
at sql_select.cc:2551
#14 0x08304eee in handle_select (thd=0x9319d78, lex=0x931b01c, result=0x9392058,
setup_
#15 0x082ae52b in execute_
#16 0x082a599e in mysql_execute_
#17 0x082b093f in mysql_parse (thd=0x9319d78,
rawbuf=
found_
#18 0x082a35f0 in dispatch_command (command=COM_QUERY, thd=0x9319d78,
packet=
at sql_parse.cc:1294
#19 0x082a285b in do_command (thd=0x9319d78) at sql_parse.cc:906
#20 0x0829f8e5 in handle_
#21 0xb76ecb25 in start_thread () from /lib/libpthread
Stack trace is from the recent maria/5.1:
bzr version-info
revision-id: <email address hidden>
date: 2012-03-30 13:42:52 +0300
build-date: 2012-04-01 06:17:20 +0400
revno: 3142
Notes:
Also reproducible on current MariaDB 5.2 revno 3128, 5.3 revno 3482, 5.5 revno 3353.
Not reproducible with the provided scenario on MySQL 5.5 revno 3737, MySQL trunk 3706.
No specific optimizer_switch required.
EXPLAIN also crashes.
The test case contains 2 selects. The first goes all right, but I could not get rid of it, without it the second one does not crash.
# Test case:
CREATE TABLE t1 ( b TEXT NOT NULL );
INSERT INTO t1 VALUES ('x'),('y');
CREATE TABLE t2 ( a VARCHAR(1) NOT NULL ) ENGINE=CSV;
INSERT INTO t2 VALUES ('r'),('t');
SELECT * FROM t2 ORDER BY a;
SELECT * FROM t1 LEFT JOIN t2 ON ( b = a );
# End of test case
Changed in maria: | |
assignee: | nobody → Sergey Petrunia (sergefp) |
Changed in maria: | |
status: | New → Confirmed |
Changed in maria: | |
assignee: | Sergey Petrunia (sergefp) → Michael Widenius (monty) |
Not setting it to 'Critical' because of the CSV table and the fact that the bug has been there for a long time, no apparent complaints.
But setting to 'High' rather than 'Medium', because the scenario becomes quite realistic if log-output=TABLE.
Please adjust if needed.