Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 10.1.1
-
Fix Version/s: 10.1.3
-
Component/s: Data Definition - Procedure
-
Labels:
Description
create table t1 (i int);
--delimiter |
create function f() returns int
begin
analyze insert into t1 values (1);
return 1;
end |
--delimiter ;
select f();
query 'select f()' failed: 2027: Malformed packet
10.1/sql/protocol.cc:1091: virtual bool Protocol_text::store_long(longlong): Assertion `field_types == 0 || field_types[field_pos] == MYSQL_TYPE_INT24 || field_types[field_pos] == MYSQL_TYPE_LONG' failed. 141105 3:55:26 [ERROR] mysqld got signal 6 ;
#6 0x00007fc8aaee96f1 in *__GI___assert_fail (assertion=0x7fc8ae0ed5f0 "field_types == 0 || field_types[field_pos] == MYSQL_TYPE_INT24 || field_types[field_pos] == MYSQL_TYPE_LONG", file=<optimized out>, line=1091, function=0x7fc8ae0ee5e0 "virtual bool Protocol_text::store_long(longlong)") at assert.c:81 #7 0x00007fc8ad74d031 in Protocol_text::store_long (this=0x7fc8a83f85f8, from=1) at 10.1/sql/protocol.cc:1089 #8 0x00007fc8ada424a9 in Item::send (this=0x7fc8a18ff330, protocol=0x7fc8a83f85f8, buffer=0x7fc8ad2cba20) at 10.1/sql/item.cc:6477 #9 0x00007fc8ad74c6ec in Protocol::send_result_set_row (this=0x7fc8a83f85f8, row_items=0x7fc8a83fc598) at 10.1/sql/protocol.cc:905 #10 0x00007fc8ad7c0b03 in select_send::send_data (this=0x7fc8a1900f10, items=...) at 10.1/sql/sql_class.cc:2667 #11 0x00007fc8ad83c59d in JOIN::exec_inner (this=0x7fc8a19ef088) at 10.1/sql/sql_select.cc:2469 #12 0x00007fc8ad83c058 in JOIN::exec (this=0x7fc8a19ef088) at 10.1/sql/sql_select.cc:2392 #13 0x00007fc8ad83f650 in mysql_select (thd=0x7fc8a83f8070, rref_pointer_array=0x7fc8a83fc6f8, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0x7fc8a1900f10, unit=0x7fc8a83fbd98, select_lex=0x7fc8a83fc480) at 10.1/sql/sql_select.cc:3317 #14 0x00007fc8ad835621 in handle_select (thd=0x7fc8a83f8070, lex=0x7fc8a83fbcd0, result=0x7fc8a1900f10, setup_tables_done_option=0) at 10.1/sql/sql_select.cc:372 #15 0x00007fc8ad80752d in execute_sqlcom_select (thd=0x7fc8a83f8070, all_tables=0x0) at 10.1/sql/sql_parse.cc:5680 #16 0x00007fc8ad7fdac3 in mysql_execute_command (thd=0x7fc8a83f8070) at 10.1/sql/sql_parse.cc:2802 #17 0x00007fc8ad80a681 in mysql_parse (thd=0x7fc8a83f8070, rawbuf=0x7fc8a18ff088 "select f()", length=10, parser_state=0x7fc8ad2cd1c0) at 10.1/sql/sql_parse.cc:6953 #18 0x00007fc8ad7fa741 in dispatch_command (command=COM_QUERY, thd=0x7fc8a83f8070, packet=0x7fc8a6bfa071 "", packet_length=10) at 10.1/sql/sql_parse.cc:1466 #19 0x00007fc8ad7f955f in do_command (thd=0x7fc8a83f8070) at 10.1/sql/sql_parse.cc:1095 #20 0x00007fc8ad926f27 in do_handle_one_connection (thd_arg=0x7fc8a83f8070) at 10.1/sql/sql_connect.cc:1351 #21 0x00007fc8ad926c6c in handle_one_connection (arg=0x7fc8a83f8070) at 10.1/sql/sql_connect.cc:1262 #22 0x00007fc8adeb8f2e in pfs_spawn_thread (arg=0x7fc8aa4249f0) at 10.1/storage/perfschema/pfs.cc:1860 #23 0x00007fc8acf03b50 in start_thread (arg=<optimized out>) at pthread_create.c:304 #24 0x00007fc8aaf9a20d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
Stack trace from
commit 43f185e171eecdce41e71c548ce0bc2bd6969c0f Author: Alexander Barkov <bar@mariadb.org> Date: Mon Nov 3 21:45:06 2014 +0400
Gliffy Diagrams
Attachments
Issue Links
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
mem_root where field_types was allocated was freed after executing instruction 0,and crash happens in instruction 1 execution (RETURN).
The problem is that statement which returns result sets should be prohibited for the functions => ANALYZE should be prohibited as it done for EXPLAIN & SELECT.
The problem was that sp_head::MULTI_RESULTS was not set correctly for ANALYZE statement.
Ok to push
Protocol_text::store_long is trying to work on freed memory:
gdb) p/x field_types[13]
$6 = 0x8f8f8f8f
(gdb) p/x field_types[12]
$7 = 0x8f8f8f8f
(gdb)