Bug #19843 crash in WHERE NOT IN()
Submitted: 16 May 2006 10:16 Modified: 16 May 2006 21:22
Reporter: Sergei Golubchik Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S1 (Critical)
Version:5.0, 5.1 OS:
Assigned to: CPU Architecture:Any

[16 May 2006 10:16] Sergei Golubchik 
Description:
crash in WHERE NOT IN()

How to repeat:
CREATE TABLE `crash_test` (`id` smallint(5) unsigned NOT NULL auto_increment,PRIMARY KEY  (`id`));
insert into crash_test values (1);
insert into crash_test values (2);
SELECT id FROM crash_test WHERE id NOT IN (1, -1);
[16 May 2006 11:45] Domas Mituzas 
Verified on current 5.1-bk snapshot too.

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x0000001c
0x0017c906 in SEL_ARG::last (this=0x0) at opt_range.cc:1403
1403      if (!next_arg->right)
(gdb) bt
#0  0x0017c906 in SEL_ARG::last (this=0x0) at opt_range.cc:1403
#1  0x001881c8 in get_func_mm_tree (param=0xb04c88bc, cond_func=0x5888770, field=0x58c7918, value=0x0, cmp_type=INT_RESULT, inv=true) at opt_range.cc:4753
#2  0x00189062 in get_mm_tree (param=0xb04c88bc, cond=0x5888770) at opt_range.cc:4989
#3  0x001923fd in SQL_SELECT::test_quick_select (this=0x5889988, thd=0x5886c18, keys_to_use={map = 1}, prev_tables=0, limit=18446744073709551615, force_quick_range=false) at opt_range.cc:1958
#4  0x00105680 in get_quick_record_count (thd=0x5886c18, select=0x5889988, table=0x58c7018, keys=0x588978c, limit=18446744073709551615) at sql_select.cc:1976
#5  0x00117b59 in make_join_statistics (join=0x5888898, tables=0x0, conds=0x5888770, keyuse_array=0x58895b8) at sql_select.cc:2305
#6  0x00123532 in JOIN::optimize (this=0x5888898) at sql_select.cc:710
#7  0x00129681 in mysql_select (thd=0x5886c18, rref_pointer_array=0x5886fbc, tables=0x5888398, wild_num=0, fields=@0x5886f20, conds=0x5888770, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2181319168, result=0x5888888, unit=0x5886c68, select_lex=0x5886e98) at sql_select.cc:1919
#8  0x00129a30 in handle_select (thd=0x5886c18, lex=0x5886c58, result=0x5888888, setup_tables_done_option=0) at sql_select.cc:250
#9  0x000c0a86 in mysql_execute_command (thd=0x5886c18) at sql_parse.cc:2539
#10 0x000ca66b in mysql_parse (thd=0x5886c18, inBuf=0x5888228 "SELECT id FROM crash_test WHERE id NOT IN (1, -1)", length=49) at sql_parse.cc:5885
#11 0x000cb26f in dispatch_command (command=COM_QUERY, thd=0x5886c18, packet=0x5329019 "SELECT id FROM crash_test WHERE id NOT IN (1, -1)", packet_length=50) at sql_parse.cc:1762
#12 0x000cc8eb in do_command (thd=0x5886c18) at sql_parse.cc:1548
#13 0x000ccd33 in handle_one_connection (arg=0x5886c18) at sql_parse.cc:1190
#14 0x90024a27 in _pthread_body ()
[16 May 2006 12:08] Jeremias Reith 
Backtrace of 5.0.21 on OS X (10.4.6 x86)

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x0000001c
[Switching to process 994 thread 0x2c6b]
0x00156b58 in SEL_ARG::last (this=0x0) at opt_range.cc:1295
1295    in opt_range.cc
(gdb) bt
#0  0x00156b58 in SEL_ARG::last (this=0x0) at opt_range.cc:1295
#1  0x001609e6 in get_func_mm_tree (param=0xb049791c, cond_func=0x4056950, field=0x40667b8, value=0x0, cmp_type=INT_RESULT, inv=true) at opt_range.cc:3556
#2  0x001618be in get_mm_tree (param=0xb049791c, cond=0x4056950) at opt_range.cc:3792
#3  0x0016d034 in SQL_SELECT::test_quick_select (this=0x4057b68, thd=0x402ae00, keys_to_use={map = 1}, prev_tables=0, limit=18446744073709551615, force_quick_range=false) at opt_range.cc:1848
#4  0x000e8c94 in get_quick_record_count (thd=0x402ae00, select=0x4057b68, table=0x4064a00, keys=0x405796c, limit=18446744073709551615) at sql_select.cc:1944
#5  0x000fc49c in make_join_statistics (join=0x4056a78, tables=0x0, conds=0x4056950, keyuse_array=0x4057798) at sql_select.cc:2263
#6  0x00107e1d in JOIN::optimize (this=0x4056a78) at sql_select.cc:690
#7  0x0010ddd0 in mysql_select (thd=0x402ae00, rref_pointer_array=0x402b19c, tables=0x4056580, wild_num=0, fields=@0x402b100, conds=0x4056950, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2156153344, result=0x4056a68, unit=0x402ae50, select_lex=0x402b078) at sql_select.cc:1887
#8  0x0010e17e in handle_select (thd=0x402ae00, lex=0x402ae40, result=0x4056a68, setup_tables_done_option=0) at sql_select.cc:250
#9  0x000abf8a in mysql_execute_command (thd=0x402ae00) at sql_parse.cc:2499
#10 0x000b51d8 in mysql_parse (thd=0x402ae00, inBuf=0x4056410 "SELECT id FROM crash_test WHERE id NOT IN (1, -1)", length=49) at sql_parse.cc:5695
#11 0x000b5d78 in dispatch_command (command=COM_QUERY, thd=0x402ae00, packet=0x2bc5001 "SELECT id FROM crash_test WHERE id NOT IN (1, -1)", packet_length=50) at sql_parse.cc:1736
#12 0x000b7441 in do_command (thd=0x402ae00) at sql_parse.cc:1522
#13 0x000b7897 in handle_one_connection (arg=0x402ae00) at sql_parse.cc:1165
#14 0x90024a27 in _pthread_body ()
[16 May 2006 21:22] Igor Babaev 
This ia a duplicate of bug #19618 (already fixed)