| Bug #6806 | Subquery crash if many parentheses | ||
|---|---|---|---|
| Submitted: | 24 Nov 2004 16:51 | Modified: | 3 Dec 2004 23:14 |
| Reporter: | Peter Gulutzan | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S3 (Non-critical) |
| Version: | 4.1 | OS: | Linux (SuSE 8.2) |
| Assigned to: | Oleksandr Byelkin | CPU Architecture: | Any |
[24 Nov 2004 20:26]
MySQL Verification Team
Verified with 5.0.2-alpha-debug-log
(gdb) bt
#0 sortcmp (s=0x8d3aaa0, t=0xa5a5a5a5, cs=0x86b3a00) at sql_string.h:82
#1 0x081245ff in Arg_comparator::compare_e_string (this=0x8d3c518) at item_cmpfunc.cc:370
#2 0x08124c05 in Arg_comparator::compare_e_row (this=0x8d3b3f4) at item_cmpfunc.cc:550
#3 0x081251d2 in Item_func_equal::val_int (this=0x8d3b388) at item_cmpfunc.h:65
#4 0x08116ea9 in eval_const_cond (cond=0x8d3b388) at item_func.cc:119
#5 0x081b78b2 in remove_eq_conds (thd=0x8d2db28, cond=0x8d3b388, cond_value=0x8d3c18c)
at sql_select.cc:7393
#6 0x081b7174 in optimize_cond (join=0x8d3b460, conds=0x8d3b388, join_list=0x8d2ddfc,
cond_value=0x8d3c18c) at sql_select.cc:7259
#7 0x081a977a in JOIN::optimize (this=0x8d3b460) at sql_select.cc:563
#8 0x081ad17b in mysql_select (thd=0x8d2db28, rref_pointer_array=0x8d2de50, tables=0x8d3a958,
wild_num=1, fields=@0x8d2dd9c, conds=0x8d3b388, og_num=0, order=0x0, group=0x0, having=0x0,
proc_param=0x0, select_options=42224128, result=0x8d3b450, unit=0x8d2db74,
select_lex=0x8d2dd30) at sql_select.cc:2011
#9 0x081a8cba in handle_select (thd=0x8d2db28, lex=0x8d2db68, result=0x8d3b450)
at sql_select.cc:231
#10 0x0817fbe6 in mysql_execute_command (thd=0x8d2db28) at sql_parse.cc:2186
#11 0x0818544d in mysql_parse (thd=0x8d2db28,
inBuf=0x8d3a820 "select * from t where ((((('a',null) <=> (select 'a',s2 from t where s1\n= 0)))))", length=81) at sql_parse.cc:4588
#12 0x0817e36f in dispatch_command (command=COM_QUERY, thd=0x8d2db28,
packet=0x8d253a9 "select * from t where ((((('a',null) <=> (select 'a',s2 from t where s1\n= 0)))))", packet_length=82) at sql_parse.cc:1503
#13 0x0817dd28 in do_command (thd=0x8d2db28) at sql_parse.cc:1311
#14 0x0817d28a in handle_one_connection (arg=0x8d2db28) at sql_parse.cc:1047
#15 0xb7e4714b in pthread_start_thread () from /lib/libpthread.so.0
#16 0xb7e471df in pthread_start_thread_event () from /lib/libpthread.so.0
#17 0xb7d7a50a in clone () from /lib/libc.so.6
[25 Nov 2004 20:55]
Oleksandr Byelkin
ChangeSet 1.2145 04/11/25 22:54:49 bell@sanja.is.com.ua +3 -0 init values to avoid junk returning in case of null value asking without assigning value (BUG#6806)
[3 Dec 2004 23:14]
Oleksandr Byelkin
Thank you for bugreport! Bugfix is pushed into our source repository.
Description: A certain series of SELECTs, all of which contain row subquery comparisons, eventually crashes the server. The crash happens only if the SELECTs occur in sequence. The crash happens only if the final SELECT's WHERE clause condition is enclosed in multiple parentheses, e.g. "(((((( search condition ))))))". How to repeat: mysql> create table t (s1 int,s2 int); Query OK, 0 rows affected (0.83 sec) mysql> insert into t values (20,15); Query OK, 1 row affected (0.00 sec) mysql> select * from t where ( (null,null) <=> (select s1,s2 from t where s1 = 0)); +------+------+ | s1 | s2 | +------+------+ | 20 | 15 | +------+------+ 1 row in set (0.00 sec) mysql> select * from t where ( (null,null)) <=> (select s1,s2 from t where s1 = 0)); ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 mysql> select * from t where ((((( (null,null) <=> (select s1,s2 from t where s1 = 0)))))); +------+------+ | s1 | s2 | +------+------+ | 20 | 15 | +------+------+ 1 row in set (0.01 sec) mysql> select * from t where ((((('a',null) <=> (select 'a',s2 from t where s1 = 0))))); ERROR 2013 (HY000): Lost connection to MySQL server during query