Bug #32229 Range optimizer crashes for 'range checked for each record' query
Submitted: 9 Nov 2007 13:24 Modified: 16 Nov 2010 3:55
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S1 (Critical)
Version:6.0.3, 6.0.4 OS:Any
Assigned to: Sergey Petrunya CPU Architecture:Any

[9 Nov 2007 13:24] Shane Bester 
Description:
crash in subquery:

mysqld.exe!SEL_ARG::store_min_key
mysqld.exe!sel_arg_range_seq_next
mysqld.exe!handler::multi_range_read_info_const
mysqld.exe!check_quick_select
mysqld.exe!get_key_scans_params
mysqld.exe!SQL_SELECT::test_quick_select
mysqld.exe!make_join_select
mysqld.exe!JOIN::optimize
mysqld.exe!mysql_select
mysqld.exe!mysql_derived_filling
mysqld.exe!mysql_handle_derived
mysqld.exe!open_and_lock_tables
mysqld.exe!execute_sqlcom_select
mysqld.exe!mysql_execute_command
mysqld.exe!mysql_parse
mysqld.exe!dispatch_command
mysqld.exe!do_command
mysqld.exe!handle_one_connection
mysqld.exe!pthread_start
mysqld.exe!_threadstart
kernel32.dll!FlsSetValue

How to repeat:
drop table if exists `t1`;
create table `t1` (`a` int,`b` int,key (`b`),key (`a`),key (`b`,`a`)) engine=myisam;
insert into `t1`(`a`,`b`) values (1,2),(3,4),(5,6),(7,8);
drop table if exists `t2`;
create table `t2` (`c` int) engine=myisam ;
insert into `t2`(`c`) values (1),(5),(6),(7),(8);
select 1 from (select `c` from `t1`,`t2` where `b` >= 1 and `a` <=> `c` group by 1 limit 1) as `d1`;
[9 Nov 2007 13:28] MySQL Verification Team 
5.1 and 5.0 didn't crash
[9 Nov 2007 13:31] MySQL Verification Team 
doesn't need subquery. this crashes too:

select `c` from `t1`,`t2` where `b` >= 1 and `a` <=> `c` group by 1 limit 1;
[14 Nov 2007 19:55] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/37775

ChangeSet@1.2686, 2007-11-14 22:55:11+03:00, sergefp@mysql.com +3 -0
  BUG#32229: Range optimizer crashes for 'range checked for each record' query
  The problem:
  New code in sel_arg_range_sext() function didn't take into account that 
  SEL_ARG tree may contain objects of type SEL_ARG::MAYBE_KEY which do not
  represent intervals but just signal about possibility to use the "range
  checked for each record" optimization. Attempt to get min/max bounds from
  those objects caused the crash
  Fix:
  Make sel_arg_range_seq_next ignore SEL_ARG objects that have type other 
  than SEL_ARG::KEY_RANGE.
[15 Nov 2007 20:37] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/37890

ChangeSet@1.2665, 2007-11-15 23:36:06+03:00, sergefp@mysql.com +3 -0
  BUG#32229: Range optimizer crashes for 'range checked for each record' query
  The problem:
  New code in sel_arg_range_sext() function didn't take into account that 
  SEL_ARG tree may contain objects of type SEL_ARG::MAYBE_KEY which do not
  represent intervals but just signal about possibility to use the "range
  checked for each record" optimization. Attempt to get min/max bounds from
  those objects caused the crash
  Fix:
  Make sel_arg_range_seq_next ignore SEL_ARG objects that have type other 
  than SEL_ARG::KEY_RANGE.
  [re-committing to push into the build clone]
[16 Nov 2007 9:36] Bugs System 
Pushed into 6.0.4-alpha
[16 Nov 2007 16:11] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/37963

ChangeSet@1.2636, 2007-11-16 19:09:45+03:00, sergefp@mysql.com +3 -0
  BUG#32229: Range optimizer crashes for 'range checked for each record' query
  The problem:
  New code in sel_arg_range_sext() function didn't take into account that 
  SEL_ARG tree may contain objects of type SEL_ARG::MAYBE_KEY which do not
  represent intervals but just signal about possibility to use the "range
  checked for each record" optimization. Attempt to get min/max bounds from
  those objects caused the crash
  Fix:
  Make sel_arg_range_seq_next ignore SEL_ARG objects that have type other 
  than SEL_ARG::KEY_RANGE.
  [re-committing to push into the build clone]
[19 Nov 2007 4:24] Paul DuBois 
Noted in 6.0.4 changelog.
[21 Nov 2007 18:55] Bugs System 
Pushed into 6.0.4-alpha
[22 Nov 2007 10:54] Stefan Hinz 
Moved from 6.0.4 to 6.0.3 as per Build team; changelog revised accordingly.
[29 Nov 2007 12:53] Bugs System 
Pushed into 6.0.4-alpha
[16 Aug 2010 6:33] Bugs System 
Pushed into mysql-next-mr (revid:alik@sun.com-20100816062819-bluwgdq8q4xysmlg) (version source revid:alik@sun.com-20100816062612-enatdwnv809iw3s9) (pib:20)
[13 Nov 2010 16:12] Bugs System 
Pushed into mysql-trunk 5.6.99-m5 (revid:alexander.nozdrin@oracle.com-20101113155825-czmva9kg4n31anmu) (version source revid:vasil.dimov@oracle.com-20100629074804-359l9m9gniauxr94) (merge vers: 5.6.99-m4) (pib:21)
[16 Nov 2010 3:55] Paul DuBois 
Noted in 5.6.1 changelog.