0

MDEV-15940

 3 years ago
source link: https://jira.mariadb.org/browse/MDEV-15940
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
[MDEV-15940] Crash when using CURSOR with VALUES()

Details

Description

This script crashes the server:



DELIMITER $$
BEGIN NOT ATOMIC
  DECLARE v INT;
  DECLARE cur CURSOR FOR VALUES(7);
  OPEN cur;
  FETCH cur INTO v;
  SELECT v;
END; 
$$
DELIMITER $$;


The same crash happens with an implicit CURSOR in a FOR loop:



DELIMITER $$
BEGIN NOT ATOMIC
DECLARE v INT DEFAULT 0;
FOR a IN (VALUES (7)) DO SET v = v + 1; END FOR;
SELECT v;
END; 
$$
DELIMITER $$;




10.3 d71a8855eef3

#3  <signal handler called>
#4  0x000055f2d94978d2 in st_select_lex_unit::get_column_types (this=0x7f8fec023d20, for_cursor=true) at /data/src/10.3/sql/sql_union.cc:1877
#5  0x000055f2d9356e2a in Select_materialize::send_result_set_metadata (this=0x7f8fec027d18, list=..., flags=5) at /data/src/10.3/sql/sql_cursor.cc:443
#6  0x000055f2d9492928 in select_union_direct::send_result_set_metadata (this=0x7f8fec027ea0, list=..., flags=5) at /data/src/10.3/sql/sql_union.cc:538
#7  0x000055f2d95a503d in table_value_constr::exec (this=0x7f8fec020e78, sl=0x7f8fec024498) at /data/src/10.3/sql/sql_tvc.cc:345
#8  0x000055f2d949613b in st_select_lex_unit::exec (this=0x7f8fec023d20) at /data/src/10.3/sql/sql_union.cc:1430
#9  0x000055f2d9491362 in mysql_union (thd=0x7f8fec000b00, lex=0x7f8fec023c58, result=0x7f8fec027d18, unit=0x7f8fec023d20, setup_tables_done_option=0) at /data/src/10.3/sql/sql_union.cc:41
#10 0x000055f2d93e2d31 in handle_select (thd=0x7f8fec000b00, lex=0x7f8fec023c58, result=0x7f8fec027d18, setup_tables_done_option=0) at /data/src/10.3/sql/sql_select.cc:360
#11 0x000055f2d93ae2e3 in execute_sqlcom_select (thd=0x7f8fec000b00, all_tables=0x0) at /data/src/10.3/sql/sql_parse.cc:6539
#12 0x000055f2d93a4a44 in mysql_execute_command (thd=0x7f8fec000b00) at /data/src/10.3/sql/sql_parse.cc:3768
#13 0x000055f2d935604c in mysql_open_cursor (thd=0x7f8fec000b00, result=0x7f8fec0161b0, pcursor=0x7f8fec0161e8) at /data/src/10.3/sql/sql_cursor.cc:145
#14 0x000055f2d92e4bf8 in sp_cursor::open (this=0x7f8fec0161a8, thd=0x7f8fec000b00) at /data/src/10.3/sql/sp_rcontext.cc:772
#15 0x000055f2d92d6653 in sp_instr_copen::exec_core (this=0x7f8fec020f38, thd=0x7f8fec000b00, nextp=0x7f90593329bc) at /data/src/10.3/sql/sp_head.cc:4283
#16 0x000055f2d92d3e98 in sp_lex_keeper::reset_lex_and_exec_core (this=0x7f8fec020f00, thd=0x7f8fec000b00, nextp=0x7f90593329bc, open_tables=false, instr=0x7f8fec020f38) at /data/src/10.3/sql/sp_head.cc:3311
#17 0x000055f2d92d4266 in sp_lex_keeper::cursor_reset_lex_and_exec_core (this=0x7f8fec020f00, thd=0x7f8fec000b00, nextp=0x7f90593329bc, open_tables=false, instr=0x7f8fec020f38) at /data/src/10.3/sql/sp_head.cc:3410
#18 0x000055f2d92d65ce in sp_instr_copen::execute (this=0x7f8fec020f38, thd=0x7f8fec000b00, nextp=0x7f90593329bc) at /data/src/10.3/sql/sp_head.cc:4272
#19 0x000055f2d92ce405 in sp_head::execute (this=0x7f8fec01fb58, thd=0x7f8fec000b00, merge_da_on_success=true) at /data/src/10.3/sql/sp_head.cc:1349
#20 0x000055f2d92d0daa in sp_head::execute_procedure (this=0x7f8fec01fb58, thd=0x7f8fec000b00, args=0x7f8fec0056e0) at /data/src/10.3/sql/sp_head.cc:2287
#21 0x000055f2d93a240b in do_execute_sp (thd=0x7f8fec000b00, sp=0x7f8fec01fb58) at /data/src/10.3/sql/sql_parse.cc:2944
#22 0x000055f2d93abc6a in mysql_execute_command (thd=0x7f8fec000b00) at /data/src/10.3/sql/sql_parse.cc:5894
#23 0x000055f2d93b1cf4 in mysql_parse (thd=0x7f8fec000b00, rawbuf=0x7f8fec013888 "BEGIN NOT ATOMIC\n  DECLARE v INT;\n  DECLARE cur CURSOR FOR VALUES(7);\n  OPEN cur;\n  FETCH cur INTO v;\n  SELECT v;\nEND", length=117, parser_state=0x7f9059334620, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:8001
#24 0x000055f2d939f4d7 in dispatch_command (command=COM_QUERY, thd=0x7f8fec000b00, packet=0x7f8fec01bab1 "BEGIN NOT ATOMIC\n  DECLARE v INT;\n  DECLARE cur CURSOR FOR VALUES(7);\n  OPEN cur;\n  FETCH cur INTO v;\n  SELECT v;\nEND;", packet_length=118, is_com_multi=false, is_next_command=false) at /data/src/10.3/sql/sql_parse.cc:1846
#25 0x000055f2d939df16 in do_command (thd=0x7f8fec000b00) at /data/src/10.3/sql/sql_parse.cc:1391
#26 0x000055f2d9500a13 in do_handle_one_connection (connect=0x55f2dcd89fb0) at /data/src/10.3/sql/sql_connect.cc:1402
#27 0x000055f2d95007a0 in handle_one_connection (arg=0x55f2dcd89fb0) at /data/src/10.3/sql/sql_connect.cc:1308
#28 0x00007f905e492494 in start_thread (arg=0x7f9059335700) at pthread_create.c:333
#29 0x00007f905c87893f in clone () from /lib/x86_64-linux-gnu/libc.so.6

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK