Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-8833

Crash of server on prepared statement with conversion to semi-join

        Details

        • Type: Bug
        • Status: In Progress
        • Priority: Major
        • Resolution: Unresolved
        • Affects Version/s: 10.0.21, 10.1.7, 5.5.45
        • Fix Version/s: 10.1, 10.0, 5.5
        • Component/s: None
        • Labels:
          None
        • Sprint:
          10.1.8-3, 10.1.8-4

          Description

          INSERT INTO t2 VALUES (1),(4);

          CREATE TABLE t3 (column3 INT) ENGINE=MyISAM;
          INSERT INTO t3 VALUES (6),(8);

          CREATE TABLE t4 (column4 INT) ENGINE=MyISAM;
          INSERT INTO t4 VALUES (2),(5);

          PREPARE stmt FROM "
          SELECT (
          SELECT MAX( table1.column1 ) AS field1
          FROM t1 AS table1
          WHERE table3.column3 IN ( SELECT table2.column2 AS field2 FROM t2 AS table2 )
          ) AS sq
          FROM t3 AS table3, t4 AS table4";

          EXECUTE stmt;
          EXECUTE stmt;

          deallocate prepare stmt;
          drop table t1,t2,t3,t4;

            Gliffy Diagrams

              Attachments

                Issue Links

                relates to

                Bug - A problem which impairs or prevents the functions of the product. MDEV-7846 Server crashes in Item_subselect::fix_fields or fails with Thread stack overrun

                • Critical - Crashes, loss of data, severe memory leak.
                • In Review

                  Activity

                  Ascending order - Click to sort in descending order
                  Hide
                  Permalink
                  sanja Oleksandr Byelkin added a comment -

                  The problem is that artificially created context created in hope on automatic 'fix_field' by cache has different select_lex which trigger fix_outer_field call which cause problems because context is artificial.

                  Show
                  sanja Oleksandr Byelkin added a comment - The problem is that artificially created context created in hope on automatic 'fix_field' by cache has different select_lex which trigger fix_outer_field call which cause problems because context is artificial.
                  Hide
                  Permalink
                  sanja Oleksandr Byelkin added a comment -

                  the problem is that the Item (left expr) which we "pull out" from inner subquery is actually external reference.
                  Artificial context created for it during pullout can't be processed by fix_outer_field() which will be called because the field is outer.

                  Mysql has no such problem because the do not create new name resolution context but 'fix' existing one.

                  Show
                  sanja Oleksandr Byelkin added a comment - the problem is that the Item (left expr) which we "pull out" from inner subquery is actually external reference. Artificial context created for it during pullout can't be processed by fix_outer_field() which will be called because the field is outer. Mysql has no such problem because the do not create new name resolution context but 'fix' existing one.

                    People

                    • Assignee:
                      sanja Oleksandr Byelkin
                      Reporter:
                      sanja Oleksandr Byelkin
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      1 Start watching this issue

                      Dates

                      • Created:
                        Updated:

                        Agile