Bug #34313 Server crash when using EXISTS with a subquery that errors and extra parenthesis
Submitted: 5 Feb 2008 16:38 Modified: 5 Feb 2008 17:45
Reporter: David Shrewsbury Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.0, 5.1 OS:Any
Assigned to: CPU Architecture:Any

[5 Feb 2008 16:38] David Shrewsbury 
Description:
MySQL server crashes when using the EXISTS clause with a subquery that produces an error. The subquery must be enclosed within an extra set of parenthesis before the crash occurs.

Below is a backtrace from 5.1.22:

(gdb) bt
#0  0x00002ba334001422 in pthread_kill () from /lib/libpthread.so.0
#1  0x000000000078194c in write_core (sig=11) at stacktrace.c:240
#2  0x00000000006376d0 in handle_segfault (sig=11) at mysqld.cc:2278
#3  <signal handler called>
#4  Item_ref::fix_fields (this=0x1a6fc38, thd=0x1a35af8, reference=0x1a6fe60)
    at item.cc:5271
#5  0x00000000005ad5f1 in Item_func::fix_fields (this=0x1a6fde0, thd=0x1a35af8, 
    ref=<value optimized out>) at item_func.cc:162
#6  0x000000000069cf5f in JOIN::prepare (this=0x1a74ea8, rref_pointer_array=0x1a67380, 
    tables_init=<value optimized out>, wild_num=0, conds_init=<value optimized out>, 
    og_num=1, order_init=0x0, group_init=0x1a6fbd8, having_init=0x1a6fde0, 
    proc_param_init=0x0, select_lex_arg=0x1a67198, unit_arg=0x1a67458) at sql_select.cc:487
#7  0x00000000005f46e5 in subselect_single_select_engine::prepare (this=0x1a700a0)
    at item_subselect.cc:1695
#8  0x00000000005f3af0 in Item_subselect::fix_fields (this=0x1a6ffc0, 
    thd_param=<value optimized out>, ref=0x1a74570) at item_subselect.cc:155
#9  0x000000000067cd2c in setup_conds (thd=0x1a35af8, tables=0x0, leaves=0x1a66798, 
    conds=0x1a74570) at sql_base.cc:6752
#10 0x000000000069ce4b in JOIN::prepare (this=0x1a72ea8, rref_pointer_array=0x1a37748, 
    tables_init=<value optimized out>, wild_num=0, conds_init=<value optimized out>, 
    og_num=0, order_init=0x0, group_init=0x0, having_init=0x0, proc_param_init=0x0, 
    select_lex_arg=0x1a37560, unit_arg=0x1a37150) at sql_select.cc:397
#11 0x00000000006af98e in mysql_select (thd=0x1a35af8, rref_pointer_array=0x1a37748, 
    tables=0x1a66798, wild_num=0, fields=@0x1a37668, conds=0x1a6ffc0, og_num=0, order=0x0, 
    group=0x0, having=0x0, proc_param=0x0, select_options=2147764736, result=0x1a701b8, 
    unit=0x1a37150, select_lex=0x1a37560) at sql_select.cc:2249
#12 0x00000000006afed8 in handle_select (thd=0x1a35af8, lex=0x1a370b0, result=0x1a701b8, 
    setup_tables_done_option=0) at sql_select.cc:258
#13 0x00000000006401bf in execute_sqlcom_select (thd=0x1a35af8, all_tables=0x1a66798)
    at sql_parse.cc:4539
#14 0x00000000006430ba in mysql_execute_command (thd=0x1a35af8) at sql_parse.cc:1883
#15 0x00000000006492e6 in mysql_parse (thd=0x1a35af8, 
    inBuf=0x1a65908 "SELECT `hast`.hast_id, `hast`.`hast_client_id`, `hast`.`hast_prev_status_lmas_id`, `hast`.`hast_prev_flag_date`, `hast`.`hast_new_status_lmas_id`, `hast`.`hast_note_mnot_id` FROM `tbl_aa_hast_history_"..., length=420, found_semicolon=0x44088c80)
    at sql_parse.cc:5446
#16 0x000000000064a4e0 in dispatch_command (command=COM_QUERY, thd=0x1a35af8, 
    packet=<value optimized out>, packet_length=421) at sql_parse.cc:953
#17 0x000000000064b3be in do_command (thd=0x1a35af8) at sql_parse.cc:712
#18 0x000000000063ca24 in handle_one_connection (arg=<value optimized out>)
    at sql_connect.cc:1099
#19 0x00002ba333ffc317 in start_thread () from /lib/libpthread.so.0
#20 0x00002ba334dced5d in clone () from /lib/libc.so.6
#21 0x0000000000000000 in ?? ()

How to repeat:
DROP TABLE IF EXISTS a;

CREATE TABLE a (id INT);

-- This SELECT produces a normal error
SELECT EXISTS (SELECT non_existent_column FROM a);

-- This SELECT causes the crash
SELECT EXISTS ((SELECT non_existent_column FROM a));
[5 Feb 2008 17:45] David Shrewsbury 
Sorry. This is a duplicate of bug #32036.