Bug #6873 PS, having with subquery, crash during execute
Submitted: 29 Nov 2004 11:47 Modified: 8 Dec 2004 21:37
Reporter: Matthias Leich Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:4.1 OS:
Assigned to: Konstantin Osipov CPU Architecture:Any

[29 Nov 2004 11:47] Matthias Leich 
Description:
If I execute
SELECT PNUM FROM t2
HAVING PNUM IN (SELECT 'P1' FROM t1) ;
as prepared statement, the MySQL server crashes.
The non prepared version of this statement is harmless.

My environment:
   - Intel PC with Linux(SuSE 9.1)
   - MySQL compiled from source
        Version 5.0 ChangeSet@1.1688, 2004-11-28
        Version 4.1 ChangeSet@1.2092.1.73, 2004-11-29

How to repeat:
Please use my attached test file xnist3.test , copy it to mysql-test/t
  ./mysql-test-run xnist3
[29 Nov 2004 11:49] Matthias Leich 
test cases + some comments

Attachment: xnist3.test (application/test, text), 1.77 KiB.
[30 Nov 2004 13:33] MySQL Verification Team 
Back trace:

(gdb) bt
#0  0x080fdb36 in Item_ref::fix_fields (this=0x8cc0f08, thd=0x8cbc550, tables=0x8cc0c30, reference=0x8cc100c) at item.cc:2198
#1  0x081097bc in Item_func::fix_fields (this=0x8cc0fc8, thd=0x8cbc550, tables=0x8cc0c30, ref=0x8cc4dc4) at item_func.cc:307
#2  0x0818b83a in setup_conds (thd=0x8cbc550, tables=0x8cc0c30, conds=0x8cc4dc4) at sql_base.cc:2599
#3  0x0819016f in JOIN::prepare (this=0x8cc43f8, rref_pointer_array=0x8cc0a94, tables_init=0x8cc0c30, wild_num=0,
    conds_init=0x8cc0fc8, og_num=0, order_init=0x0, group_init=0x0, having_init=0x0, proc_param_init=0x0,
    select_lex_arg=0x8cc0990, unit_arg=0x8cc0ac0) at sql_select.cc:229
#4  0x08139fb0 in subselect_single_select_engine::prepare (this=0x8cc0d38) at item_subselect.cc:1146
#5  0x08136e30 in Item_subselect::fix_fields (this=0x8cc0c98, thd_param=0x8cbc550, tables=0x8cc08b8, ref=0x8cc4268)
    at item_subselect.cc:144
#6  0x08190275 in JOIN::prepare (this=0x8cc39f8, rref_pointer_array=0x8cc8b70, tables_init=0x8cc08b8, wild_num=0,
    conds_init=0x0, og_num=0, order_init=0x0, group_init=0x0, having_init=0x8cc0c98, proc_param_init=0x0,
    select_lex_arg=0x8cc8a6c, unit_arg=0x8cc8984) at sql_select.cc:288
#7  0x081937b3 in mysql_select (thd=0x8cbc550, rref_pointer_array=0x8cc8b70, tables=0x8cc08b8, wild_num=0,
    fields=@0x8cc8ad4, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x8cc0c98, proc_param=0x0,
    select_options=277105152, result=0x8cc0d60, unit=0x8cc8984, select_lex=0x8cc8a6c) at sql_select.cc:1564
#8  0x0818feec in handle_select (thd=0x8cbc550, lex=0x8cc8978, result=0x8cc0d60) at sql_select.cc:193
#9  0x0816d96f in mysql_execute_command (thd=0x8cbc550) at sql_parse.cc:2009
#10 0x081ae712 in execute_stmt (thd=0x8cbc550, stmt=0x8cc8948, expanded_query=0xbe5ff2b8, set_context=false)
    at sql_prepare.cc:1883
#11 0x081ae608 in mysql_sql_stmt_execute (thd=0x8cbc550, stmt_name=0x8cbcab0) at sql_prepare.cc:1840
#12 0x0816dc87 in mysql_execute_command (thd=0x8cbc550) at sql_parse.cc:2105
#13 0x081724d1 in mysql_parse (thd=0x8cbc550, inBuf=0x8cc38f0 "execute stmt1", length=13) at sql_parse.cc:4074
#14 0x0816c642 in dispatch_command (command=COM_QUERY, thd=0x8cbc550, packet=0x8cbe769 "execute stmt1", packet_length=14)
    at sql_parse.cc:1494
#15 0x0816bf62 in do_command (thd=0x8cbc550) at sql_parse.cc:1280
#16 0x0816b53b in handle_one_connection (arg=0x8cbc550) at sql_parse.cc:1024
#17 0xb7e4714b in pthread_start_thread () from /lib/libpthread.so.0
#18 0xb7e471df in pthread_start_thread_event () from /lib/libpthread.so.0
#19 0xb7d7a50a in clone () from /lib/libc.so.6
[8 Dec 2004 20:21] Konstantin Osipov 
Subject: bk commit - 4.1 tree (konstantin:1.2145) BUG#6873

ChangeSet
  1.2145 04/12/08 23:18:13 konstantin@mysql.com +3 -0
  A fix and test case for Bug#6873 "PS, having with subquery, crash
  during execute"
[8 Dec 2004 21:37] Konstantin Osipov 
Fixed in 4.1.8