Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-3418

LP:630318 - Crash in JOIN_CACHE::read_flag_fields with aria-5.3-dsmrr-cpk

        Details

        • Type: Bug
        • Status: Closed
        • Priority: Major
        • Resolution: Not a Bug
        • Affects Version/s: None
        • Fix Version/s: None
        • Component/s: None
        • Labels:

          Description

          The following query:

          SELECT table2 . `col_date_key` AS field1 , table2 . `col_int_key` AS field2 , table2 . `col_varchar_key` AS field3 FROM ( E AS table1 INNER JOIN ( ( E AS table2 INNER JOIN CC AS table3 ON (table3 . `pk` = table2 . `pk` ) ) ) ON (table3 . `col_varchar_key` >= table2 . `col_varchar_key` ) ) GROUP BY field1, field2, field3

          produced the following backtrace:

          #5 0x00b79692 in __memcpy_ssse3 () from /lib/libc.so.6
          #6 0x08452ab5 in JOIN_CACHE::read_flag_fields (this=0xc7b55b8) at sql_join_cache.cc:1388
          #7 0x08452931 in JOIN_CACHE::read_all_record_fields (this=0xc7b55b8) at sql_join_cache.cc:1351
          #8 0x084526bb in JOIN_CACHE::get_record_by_pos (this=0xc7b55b8, rec_ptr=0x482f460 <Address 0x482f460 out of bounds>) at sql_join_cache.cc:1282
          #9 0x0845275f in JOIN_CACHE::get_record_by_pos (this=0xc7b5690, rec_ptr=0xc7c322b "\304{\f\n") at sql_join_cache.cc:1287
          #10 0x08455774 in JOIN_CACHE_BKA::join_matching_records (this=0xc7b5690, skip_last=false) at sql_join_cache.cc:2326
          #11 0x084535a0 in JOIN_CACHE::join_records (this=0xc7b5690, skip_last=false) at sql_join_cache.cc:1639
          #12 0x084e1d48 in sub_select_cache (join=0xc8b0570, join_tab=0xc7b4da8, end_of_records=false) at sql_select.cc:12898
          #13 0x0845466c in JOIN_CACHE::generate_full_extensions (this=0xc7b55b8, rec_ptr=0xc830871 "\217\216\333\001") at sql_join_cache.cc:1944
          #14 0x084541aa in JOIN_CACHE_BNL::join_matching_records (this=0xc7b55b8, skip_last=false) at sql_join_cache.cc:1836
          #15 0x084535a0 in JOIN_CACHE::join_records (this=0xc7b55b8, skip_last=false) at sql_join_cache.cc:1639
          #16 0x084e1a70 in sub_select_cache (join=0xc8b0570, join_tab=0xc7b4be8, end_of_records=true) at sql_select.cc:12878
          #17 0x084e1fea in sub_select (join=0xc8b0570, join_tab=0xc7b4a28, end_of_records=true) at sql_select.cc:13040
          #18 0x084e090e in do_select (join=0xc8b0570, fields=0x0, table=0xc909938, procedure=0x0) at sql_select.cc:12636
          #19 0x084abced in JOIN::exec (this=0xc8b0570) at sql_select.cc:1933
          #20 0x084aff87 in mysql_select (thd=0xc777928, rref_pointer_array=0xc77939c, tables=0xc89b228, wild_num=0, fields=..., conds=0x0, og_num=3, order=0x0,
          group=0xc89c860, having=0x0, proc_param=0x0, select_options=2147764736, result=0xc89c9a8, unit=0xc779000, select_lex=0xc779298) at sql_select.cc:2556
          #21 0x084a1141 in handle_select (thd=0xc777928, lex=0xc778fa4, result=0xc89c9a8, setup_tables_done_option=0) at sql_select.cc:276
          #22 0x083ccf82 in execute_sqlcom_select (thd=0xc777928, all_tables=0xc89b228) at sql_parse.cc:5081
          #23 0x083ba20b in mysql_execute_command (thd=0xc777928) at sql_parse.cc:2265
          #24 0x083d167c in mysql_parse (thd=0xc777928,
          inBuf=0xc89a9f0 "SELECT table2 . `col_date_key` AS field1 , table2 . `col_int_key` AS field2 , table2 . `col_varchar_key` AS field3 FROM ( E AS table1 INNER JOIN ( ( E AS table2 INNER JOIN CC AS table3 ON (table3 ."..., length=326, found_semicolon=0xaedf8230) at sql_parse.cc:6027
          #25 0x083b53f7 in dispatch_command (command=COM_QUERY, thd=0xc777928,
          packet=0xc78ffb1 " SELECT table2 . `col_date_key` AS field1 , table2 . `col_int_key` AS field2 , table2 . `col_varchar_key` AS field3 FROM ( E AS table1 INNER JOIN ( ( E AS table2 INNER JOIN CC AS table3 ON (table3 "..., packet_length=328) at sql_parse.cc:1184
          #26 0x083b3bbc in do_command (thd=0xc777928) at sql_parse.cc:890
          #27 0x083ad49c in handle_one_connection (arg=0xc777928) at sql_connect.cc:1153
          #28 0x00bea919 in start_thread () from /lib/libpthread.so.0
          #29 0x00b2ccbe in clone () from /lib/libc.so.6

          (gdb) frame 6
          #6 0x08452ab5 in JOIN_CACHE::read_flag_fields (this=0xc7b55b8) at sql_join_cache.cc:1388
          1388 memcpy(copy->str, pos, copy->length);
          (gdb) print pos
          $2 = (uchar *) 0x482f460 <Address 0x482f460 out of bounds>

          bzr version-info
          revision-id: <email address hidden>
          date: 2010-08-19 19:52:58 +0200
          build-date: 2010-09-04 19:38:48 +0300
          revno: 2821
          branch-nick: maria-5.3-dsmrr-cpk

            Gliffy Diagrams

              Attachments

                Activity

                Ascending order - Click to sort in descending order
                Hide
                Permalink
                philipstoev Philip Stoev added a comment -

                This may be a duplicate of bug #623209 – same query produced both backtraces. Maybe the outcome depends on some memory pressure/situation that does not occur on a freshly restarted server? Valgrind does not report any warnings.
                var-bug630318.zip
                LPexportBug630318_var-bug630318.zip

                Show
                philipstoev Philip Stoev added a comment - This may be a duplicate of bug #623209 – same query produced both backtraces. Maybe the outcome depends on some memory pressure/situation that does not occur on a freshly restarted server? Valgrind does not report any warnings. var-bug630318.zip LPexportBug630318_var-bug630318.zip
                Hide
                Permalink
                philipstoev Philip Stoev added a comment -

                Re: Crash in JOIN_CACHE::read_flag_fields with aria-5.3-dsmrr-cpk
                This may be a duplicate of bug #623209 – same query produced both backtraces. Maybe the outcome depends on some memory pressure/situation that does not occur on a freshly restarted server? Valgrind does not report any warnings.

                Show
                philipstoev Philip Stoev added a comment - Re: Crash in JOIN_CACHE::read_flag_fields with aria-5.3-dsmrr-cpk This may be a duplicate of bug #623209 – same query produced both backtraces. Maybe the outcome depends on some memory pressure/situation that does not occur on a freshly restarted server? Valgrind does not report any warnings.
                Hide
                Permalink
                psergey Sergei Petrunia added a comment -

                Re: Crash in JOIN_CACHE::read_flag_fields with aria-5.3-dsmrr-cpk
                Cannot repeat with the latest lp:~maria-captains/maria/maria-5.3-mwl128-dsmrr-cpk (revid: psergey@askmonty.org-20101202132152-8h9ix97xile87c6v)

                Since fix for bug#623209 is in the tree, this can be explained by this bug being indeed a duplicate of that one.

                Show
                psergey Sergei Petrunia added a comment - Re: Crash in JOIN_CACHE::read_flag_fields with aria-5.3-dsmrr-cpk Cannot repeat with the latest lp:~maria-captains/maria/maria-5.3-mwl128-dsmrr-cpk (revid: psergey@askmonty.org-20101202132152-8h9ix97xile87c6v) Since fix for bug#623209 is in the tree, this can be explained by this bug being indeed a duplicate of that one.
                Hide
                Permalink
                ratzpo Rasmus Johansson added a comment -

                Launchpad bug id: 630318

                Show
                ratzpo Rasmus Johansson added a comment - Launchpad bug id: 630318

                  People

                  • Assignee:
                    psergey Sergei Petrunia
                    Reporter:
                    philipstoev Philip Stoev
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    0 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: