[MDEV-3369] LP:780359 - Crash with get_fanout_with_deps in maria-5.3-mwl90 - JIRA

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
- Launchpad

Description

If the WHERE clause of the subquery contains 2 mutually-exclusive conditions over the same column, mysqld crashes as follows:

#4 <signal handler called>
#5 0x0824311b in get_fanout_with_deps (join=0xae62ed30, tset=1) at item_subselect.cc:4109
#6 0x0824333a in get_post_group_estimate (join=0xae62ed30, join_op_rows=1) at item_subselect.cc:4238
#7 0x082434ff in subselect_hash_sj_engine::optimize (this=0xae6145e8, out_rows=0xae99ed08, cost=0xae99ed00) at item_subselect.cc:4299
#8 0x0823afa2 in Item_subselect::optimize (this=0xae614040, out_rows=0xae99ed08, cost=0xae99ed00) at item_subselect.cc:481
#9 0x083c7e5e in get_delayed_table_estimates (table=0xae626b50, out_rows=0xae636488, scan_time=0xae636498, startup_cost=0xae6364a8) at opt_subselect.cc:858
#10 0x08312e23 in make_join_statistics (join=0xae629ac0, tables_arg=0xae613098, conds=0xae636060, keyuse_array=0xae62ebf0) at sql_select.cc:3233
#11 0x0830b6a7 in JOIN::optimize (this=0xae629ac0) at sql_select.cc:990
#12 0x0831116f in mysql_select (thd=0xa2f4de0, rref_pointer_array=0xa2f6884, tables=0xae613098, wild_num=1, fields=..., conds=0xae614040, og_num=0,
order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0xae6141d0, unit=0xa2f64e0, select_lex=0xa2f6780)
at sql_select.cc:2693
#13 0x08309843 in handle_select (thd=0xa2f4de0, lex=0xa2f6484, result=0xae6141d0, setup_tables_done_option=0) at sql_select.cc:280
#14 0x082a6a63 in execute_sqlcom_select (thd=0xa2f4de0, all_tables=0xae613098) at sql_parse.cc:5094
#15 0x0829d8ad in mysql_execute_command (thd=0xa2f4de0) at sql_parse.cc:2239
#16 0x082a9009 in mysql_parse (thd=0xa2f4de0,
rawbuf=0xae612eb0 "SELECT *\nFROM t1\nWHERE ( f1 ) IN (\nSELECT t2.f3\nFROM t2\nWHERE t2.f3 = 97\nAND t2.f3 = 50\nGROUP BY 1\n)", length=100,
found_semicolon=0xae9a0228) at sql_parse.cc:6094
#17 0x0829b533 in dispatch_command (command=COM_QUERY, thd=0xa2f4de0,
packet=0xa34f9f1 "SELECT *\nFROM t1\nWHERE ( f1 ) IN (\nSELECT t2.f3\nFROM t2\nWHERE t2.f3 = 97\nAND t2.f3 = 50\nGROUP BY 1\n)", packet_length=100)
at sql_parse.cc:1215
#18 0x0829a991 in do_command (thd=0xa2f4de0) at sql_parse.cc:904
#19 0x08297a44 in handle_one_connection (arg=0xa2f4de0) at sql_connect.cc:1154
#20 0x00821919 in start_thread () from /lib/libpthread.so.0
#21 0x0076acce in clone () from /lib/libc.so.6

test case:

DROP TABLE IF EXISTS t1;
CREATE TABLE t1 ( f1 int ) ;
INSERT INTO t1 VALUES (2),(2);

DROP TABLE IF EXISTS t2;
CREATE TABLE t2 (f3 int) ;
INSERT INTO t2 VALUES (2),(2);

SELECT *
FROM t1
WHERE ( f1 ) IN (
SELECT t2.f3
FROM t2
WHERE t2.f3 = 97
AND t2.f3 = 50
GROUP BY 1
);

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

LPexportBug780359.xml
6 kB
2012-10-03 11:32

Activity

Hide

Permalink

Rasmus Johansson added a comment - 2011-12-13 15:41

Launchpad bug id: 780359

Show

Rasmus Johansson added a comment - 2011-12-13 15:41 Launchpad bug id: 780359

People

Assignee:

Sergei Petrunia

Reporter:

Philip Stoev

Votes:

0 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

2011-05-10 07:44

Updated:

2015-02-02 21:54

Resolved:

2012-10-04 12:53

Agile

View on Board