Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-2626

LP:1001117 - Crash on a simple select that uses a temptable view

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      The following test case causes a crash of the server in MariaDB 5.5:

      CREATE TABLE t1(a INT PRIMARY KEY) PARTITION BY LINEAR KEY (a);
      CREATE ALGORITHM=TEMPTABLE VIEW vtmp AS
      SELECT 1 FROM t1 AS t1_0 JOIN t1 ON t1_0.a LIKE (SELECT 1 FROM t1);
      SELECT * FROM vtmp;

      (see also bug #12330344 from mysql code line)

        Gliffy Diagrams

          Attachments

            Activity

            Hide
            igor Igor Babaev added a comment -

            Re: Crash on a simple select that uses a temptable view
            I failed to reproduce the crash on MariaDB 5.2/5.3.

            Show
            igor Igor Babaev added a comment - Re: Crash on a simple select that uses a temptable view I failed to reproduce the crash on MariaDB 5.2/5.3.
            Hide
            psergey Sergei Petrunia added a comment -

            Re: Crash on a simple select that uses a temptable view
            The bug shows two problems:

            1. [As mentioned in the original bug] Subquery is evaluated while thd->mem_root is pointing to range optimizer's temporary MEM_ROOT

            2. Subquery is evaluated by the optimizer. We've had a goal of this not happening, apparently there are still cases where it does happen.

            Show
            psergey Sergei Petrunia added a comment - Re: Crash on a simple select that uses a temptable view The bug shows two problems: 1. [As mentioned in the original bug] Subquery is evaluated while thd->mem_root is pointing to range optimizer's temporary MEM_ROOT 2. Subquery is evaluated by the optimizer. We've had a goal of this not happening, apparently there are still cases where it does happen.
            Hide
            psergey Sergei Petrunia added a comment -

            Re: Crash on a simple select that uses a temptable view
            Results of discussion with Timour:

            1. Backport the original fix.
            2. Also, make this: let Item_func_like::select_optimize() evaluate its right argument only if it's constant AND not expensive.

            Show
            psergey Sergei Petrunia added a comment - Re: Crash on a simple select that uses a temptable view Results of discussion with Timour: 1. Backport the original fix. 2. Also, make this: let Item_func_like::select_optimize() evaluate its right argument only if it's constant AND not expensive.
            Hide
            psergey Sergei Petrunia added a comment -

            Re: Crash on a simple select that uses a temptable view
            The fix has interesting interplay with fix for BUG#944706, will need to discuss with Timour again.

            Show
            psergey Sergei Petrunia added a comment - Re: Crash on a simple select that uses a temptable view The fix has interesting interplay with fix for BUG#944706, will need to discuss with Timour again.
            Hide
            psergey Sergei Petrunia added a comment -

            Re: Crash on a simple select that uses a temptable view
            As discussed, re-assigning to Timour, because testscase also shows problem with his fix for constant subqueries.

            Show
            psergey Sergei Petrunia added a comment - Re: Crash on a simple select that uses a temptable view As discussed, re-assigning to Timour, because testscase also shows problem with his fix for constant subqueries.
            Hide
            timour Timour Katchaounov added a comment -

            Re: Crash on a simple select that uses a temptable view
            The fix for bug lp:944706 (MDEV-193) makes the fix by MySQL unnecessary.
            The reason is that the patch for lp:944706 pre-optimizes all constant
            subqueries. Therefore, the subquery in test case is optimized in the
            thread MEM_ROOT, and all its related data structures are there. Thus
            deleting works fine. Item_func_like::select_optimize only executes the
            subquery, which is fine too.

            Unlike MariaDB, MySQL still has lazy optimization. As a result, when
            Item_func_like::select_optimize executes the subquery, it also optimizes
            the subquery just before execution. Naturally, this happens in the wrong
            MEM_ROOT which is deleted after we exit the range optimizer. When the
            recursive JOIN cleanup tries to delete optimizer-related class members
            of the subquery, this memory is already gone, hence we get a crash.

            So with respect to this specific bug, there is nothing to fix.
            I will add an is_expensive() guard + the test case to the tree with the lp:944706 fix.
            I will not add MySQL's patch, as it is not needed.

            Show
            timour Timour Katchaounov added a comment - Re: Crash on a simple select that uses a temptable view The fix for bug lp:944706 ( MDEV-193 ) makes the fix by MySQL unnecessary. The reason is that the patch for lp:944706 pre-optimizes all constant subqueries. Therefore, the subquery in test case is optimized in the thread MEM_ROOT, and all its related data structures are there. Thus deleting works fine. Item_func_like::select_optimize only executes the subquery, which is fine too. Unlike MariaDB, MySQL still has lazy optimization. As a result, when Item_func_like::select_optimize executes the subquery, it also optimizes the subquery just before execution. Naturally, this happens in the wrong MEM_ROOT which is deleted after we exit the range optimizer. When the recursive JOIN cleanup tries to delete optimizer-related class members of the subquery, this memory is already gone, hence we get a crash. So with respect to this specific bug, there is nothing to fix. I will add an is_expensive() guard + the test case to the tree with the lp:944706 fix. I will not add MySQL's patch, as it is not needed.
            Hide
            ratzpo Rasmus Johansson added a comment -

            Launchpad bug id: 1001117

            Show
            ratzpo Rasmus Johansson added a comment - Launchpad bug id: 1001117

              People

              • Assignee:
                timour Timour Katchaounov
                Reporter:
                igor Igor Babaev
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: