Details
-
Type:
Bug
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 10.0.8
-
Fix Version/s: 10.0
-
Component/s: None
-
Labels:None
Description
CREATE TABLE t1 (i INT); INSERT INTO t1 VALUES (1),(2); SELECT DISTINCT DEFAULT(i) FROM t1 GROUP BY @A := 'a' WITH ROLLUP;
==18644== Thread 19: ==18644== Invalid read of size 1 ==18644== at 0x6E45B4: Field::is_real_null(long long) const (in /data/repo/10.0/sql/mysqld) ==18644== by 0x6CD293: create_tmp_table(THD*, TMP_TABLE_PARAM*, List<Item>&, st_order*, bool, bool, unsigned long long, unsigned long long, char const*, bool, bool) (sql_select.cc:15925) ==18644== by 0x6ACDA2: JOIN::exec_inner() (sql_select.cc:2738) ==18644== by 0x6AB7CF: JOIN::exec() (sql_select.cc:2355) ==18644== by 0x6AEB4E: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3292) ==18644== by 0x6A527E: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:372) ==18644== by 0x67A250: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5301) ==18644== by 0x6725FB: mysql_execute_command(THD*) (sql_parse.cc:2587) ==18644== by 0x67C9DA: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:6447) ==18644== by 0x66F7A8: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1308) ==18644== by 0x66EB4A: do_command(THD*) (sql_parse.cc:1005) ==18644== by 0x7880EC: do_handle_one_connection(THD*) (sql_connect.cc:1379) ==18644== by 0x787E3F: handle_one_connection (sql_connect.cc:1293) ==18644== by 0xA2CAC4: pfs_spawn_thread (pfs.cc:1853) ==18644== by 0x4E35B4F: start_thread (pthread_create.c:304) ==18644== by 0x6964A7C: clone (clone.S:112) ==18644== Address 0x166ca958 is 56 bytes inside a block of size 244 free'd ==18644== at 0x4C27BF4: free (vg_replace_malloc.c:469) ==18644== by 0xE0D576: free_memory (safemalloc.c:276) ==18644== by 0xE0D23A: sf_free (safemalloc.c:194) ==18644== by 0xDFC565: my_free (my_malloc.c:216) ==18644== by 0xDD64EC: delete_dynamic (array.c:301) ==18644== by 0x7BE33B: Dynamic_array<Explain_union*>::~Dynamic_array() (sql_array.h:223) ==18644== by 0x7BB7C8: Explain_query::~Explain_query() (sql_explain.cc:32) ==18644== by 0x7BDEE9: delete_explain_query(LEX*) (sql_explain.cc:937) ==18644== by 0x670FD8: log_slow_statement(THD*) (sql_parse.cc:1823) ==18644== by 0x670C98: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1739) ==18644== by 0x66EB4A: do_command(THD*) (sql_parse.cc:1005) ==18644== by 0x7880EC: do_handle_one_connection(THD*) (sql_connect.cc:1379) ==18644== by 0x787E3F: handle_one_connection (sql_connect.cc:1293) ==18644== by 0xA2CAC4: pfs_spawn_thread (pfs.cc:1853) ==18644== by 0x4E35B4F: start_thread (pthread_create.c:304) ==18644== by 0x6964A7C: clone (clone.S:112) ==18644== Invalid read of size 1 ==18644== at 0x4C2ABC4: memcpy (mc_replace_strmem.c:883) ==18644== by 0x6CD301: create_tmp_table(THD*, TMP_TABLE_PARAM*, List<Item>&, st_order*, bool, bool, unsigned long long, unsigned long long, char const*, bool, bool) (sql_select.cc:15930) ==18644== by 0x6ACDA2: JOIN::exec_inner() (sql_select.cc:2738) ==18644== by 0x6AB7CF: JOIN::exec() (sql_select.cc:2355) ==18644== by 0x6AEB4E: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3292) ==18644== by 0x6A527E: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:372) ==18644== by 0x67A250: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5301) ==18644== by 0x6725FB: mysql_execute_command(THD*) (sql_parse.cc:2587) ==18644== by 0x67C9DA: mysql_parse(THD*, char*, unsigned int, Parser_state*) (sql_parse.cc:6447) ==18644== by 0x66F7A8: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1308) ==18644== by 0x66EB4A: do_command(THD*) (sql_parse.cc:1005) ==18644== by 0x7880EC: do_handle_one_connection(THD*) (sql_connect.cc:1379) ==18644== by 0x787E3F: handle_one_connection (sql_connect.cc:1293) ==18644== by 0xA2CAC4: pfs_spawn_thread (pfs.cc:1853) ==18644== by 0x4E35B4F: start_thread (pthread_create.c:304) ==18644== by 0x6964A7C: clone (clone.S:112) ==18644== Address 0x166ca95c is 60 bytes inside a block of size 244 free'd ==18644== at 0x4C27BF4: free (vg_replace_malloc.c:469) ==18644== by 0xE0D576: free_memory (safemalloc.c:276) ==18644== by 0xE0D23A: sf_free (safemalloc.c:194) ==18644== by 0xDFC565: my_free (my_malloc.c:216) ==18644== by 0xDD64EC: delete_dynamic (array.c:301) ==18644== by 0x7BE33B: Dynamic_array<Explain_union*>::~Dynamic_array() (sql_array.h:223) ==18644== by 0x7BB7C8: Explain_query::~Explain_query() (sql_explain.cc:32) ==18644== by 0x7BDEE9: delete_explain_query(LEX*) (sql_explain.cc:937) ==18644== by 0x670FD8: log_slow_statement(THD*) (sql_parse.cc:1823) ==18644== by 0x670C98: dispatch_command(enum_server_command, THD*, char*, unsigned int) (sql_parse.cc:1739) ==18644== by 0x66EB4A: do_command(THD*) (sql_parse.cc:1005) ==18644== by 0x7880EC: do_handle_one_connection(THD*) (sql_connect.cc:1379) ==18644== by 0x787E3F: handle_one_connection (sql_connect.cc:1293) ==18644== by 0xA2CAC4: pfs_spawn_thread (pfs.cc:1853) ==18644== by 0x4E35B4F: start_thread (pthread_create.c:304) ==18644== by 0x6964A7C: clone (clone.S:112)
Stack trace from:
revision-id: sergii@pisem.net-20140228200458-2nzjwfzn554m5aja revno: 4017 branch-nick: 10.0
Gliffy Diagrams
Attachments
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions