Uploaded image for project: 'MariaDB Server'
  1. MDEV-490

DNAMES: Server crashes in Item_dyncol_get::get_dyn_value => String::charset on COLUMN_GET with NULL as a column number/name

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects versions: None
    • Fix versions: 10.0.0
    • Components: None
    • Labels:
      None
    • Sprint:

      Description

      Filing on behalf of Sergey Petrunia who wrote about it on the dev list

      #3  0x083cea84 in handle_fatal_signal (sig=11)
          at sql/signal_handler.cc:262
      #4  <signal handler called>
      #5  0x081acb0a in String::charset (this=0x0)
          at sql/sql_string.h:113
      #6  0x08452d3a in Item_dyncol_get::get_dyn_value (this=0x971ed80, val=0xad189984,
          tmp=0xad1899f0) at sql/item_strfunc.cc:4172
      #7  0x08452f8f in Item_dyncol_get::val_str (this=0x971ed80, str_result=0xad18a0b4)
          at sql/item_strfunc.cc:4232
      #8  0x0847a238 in Item_char_typecast::val_str (this=0x971ee08, str=0xad18a0b4)
          at sql/item_timefunc.cc:2302
      #9  0x083eb321 in Item::send (this=0x971ee08, protocol=0x966f7b0, buffer=0xad18a0b4)
          at sql/item.cc:6317
      #10 0x081aad13 in Protocol::send_result_set_row (this=0x966f7b0, row_items=0x9670e78)
          at sql/protocol.cc:900
      #11 0x08207a4e in select_send::send_data (this=0x971efd8, items=...)
          at sql/sql_class.cc:2275
      #12 0x0826d5cb in JOIN::exec (this=0x971efe8)
          at sql/sql_select.cc:2229
      #13 0x0826ff66 in mysql_select (thd=0x966f350, rref_pointer_array=0x9670f20, tables=0x0,
          wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0,
          proc_param=0x0, select_options=2147748608, result=0x971efd8, unit=0x9670930,
          select_lex=0x9670de0) at sql/sql_select.cc:3050
      #14 0x08267932 in handle_select (thd=0x966f350, lex=0x96708cc, result=0x971efd8,
          setup_tables_done_option=0) at sql/sql_select.cc:313
      #15 0x08243498 in execute_sqlcom_select (thd=0x966f350, all_tables=0x0)
          at sql/sql_parse.cc:4621
      #16 0x0823c432 in mysql_execute_command (thd=0x966f350)
          at sql/sql_parse.cc:2189
      #17 0x08245a89 in mysql_parse (thd=0x966f350,
          rawbuf=0x971ea48 "SELECT COLUMN_GET( COLUMN_CREATE( 'col', 'val' ), NULL AS CHAR )",
          length=64, parser_state=0xad18ada4) at sql/sql_parse.cc:5736
      #18 0x08239ed4 in dispatch_command (command=COM_QUERY, thd=0x966f350, packet=0x9718d19 "",
          packet_length=64) at sql/sql_parse.cc:1055
      #19 0x08239399 in do_command (thd=0x966f350)
          at sql/sql_parse.cc:794
      #20 0x08325471 in do_handle_one_connection (thd_arg=0x966f350)
          at sql/sql_connect.cc:1253
      #21 0x08324fbc in handle_one_connection (arg=0x966f350)
          at sql/sql_connect.cc:1168
      #22 0x0854fd1b in pfs_spawn_thread (arg=0x975fae0)
          at storage/perfschema/pfs.cc:1015
      #23 0xb77fbb25 in start_thread () from /lib/libpthread.so.0
      
      Some pointers may be invalid and cause the dump to abort.
      Query (0x971ea48): SELECT COLUMN_GET( COLUMN_CREATE( 'col', 'val' ), NULL AS CHAR )
      Connection ID (thread ID): 2
      Status: NOT_KILLED
      
      bzr version-info
      revision-id: sanja@askmonty.org-20120823152900-3ngz79t2yvtq28f6
      date: 2012-08-23 18:29:00 +0300
      build-date: 2012-08-26 22:22:52 +0400
      revno: 3496
      

      Test case:

      SELECT COLUMN_GET( COLUMN_CREATE( 'col', 'val' ), NULL AS CHAR );
      

        Attachments

          Issue links

            Activity

              People

              • Assignee:
                sanja Oleksandr Byelkin
                Reporter:
                elenst Elena Stepanova
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: