Server crash on LATERAL (sqlsmith) #6319
Milestone
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Date: 2017-05-16 09:59:24 +0200
From: @mlkersten
To: SQL devs <>
Version: -- development
CC: @njnes
Last updated: 2017-07-17 16:07:28 +0200
Comment 25332
Date: 2017-05-16 09:59:24 +0200
From: @mlkersten
User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build Identifier:
The following is causing a crash
Reproducible: Always
Steps to Reproduce:
select
subq_0
from
sys.keys ,
lateral (select ref_2.id
from tmp.keys
where ((select role_id from sys.user_role) is NULL)
or (false)) as subq_0;
Actual Results:
Thread 1 "mserver5" received signal SIGSEGV, Segmentation fault.
0x00007fffee055026 in rel_column_ref (sql=0x1bb9630, rel=0x7fffffffccb0,
column_r=0x1c90410, f=2)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:1065
1065 while(gb->l && !is_groupby(gb->op))
(gdb) where
0 0x00007fffee055026 in rel_column_ref (sql=0x1bb9630, rel=0x7fffffffccb0,
column_r=0x1c90410, f=2)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:1065
1 0x00007fffee064808 in rel_value_exp2 (sql=0x1bb9630, rel=0x7fffffffccb0,
se=0x1c90410, f=2, ek=..., is_last=0x7fffffffcbcc)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4345
2 0x00007fffee0652c5 in rel_value_exp (sql=0x1bb9630, rel=0x7fffffffccb0,
se=0x1c90410, f=2, ek=...)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4489
3 0x00007fffee0653aa in column_exp (sql=0x1bb9630, rel=0x7fffffffccb0,
column_e=0x1c90490, f=2)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4502
4 0x00007fffee065611 in rel_column_exp (sql=0x1bb9630, rel=0x7fffffffccb0,
column_e=0x1c90490, f=2)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4546
5 0x00007fffee0661d8 in rel_select_exp (sql=0x1bb9630, rel=0x1c93de0,
sn=0x1c90c10, ek=...)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4741
6 0x00007fffee067275 in rel_query (sql=0x1bb9630, rel=0x0, sq=0x1c90c10,
toplevel=1, ek=..., apply=8)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4990
7 0x00007fffee068b55 in rel_subquery (sql=0x1bb9630, rel=0x0, sq=0x1c90c10,
ek=..., apply=8)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:5355
8 0x00007fffee051391 in rel_subquery_optname (sql=0x1bb9630, rel=0x0,
query=0x1c90c10)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:259
9 0x00007fffee0547ac in table_ref (sql=0x1bb9630, rel=0x0, tableref=0x1c90c10,
lateral=0)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:937
10 0x00007fffee066dcc in rel_query (sql=0x1bb9630, rel=0x0, sq=0x1c90e00,
toplevel=1, ek=..., apply=8)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4920
11 0x00007fffee068b55 in rel_subquery (sql=0x1bb9630, rel=0x0, sq=0x1c90e00,
ek=..., apply=8)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:5355
12 0x00007fffee068c66 in rel_selects (sql=0x1bb9630, s=0x1c90e00)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:5376
13 0x00007fffee04fffe in rel_semantic (sql=0x1bb9630, s=0x1c90e00)
Comment 25334
Date: 2017-05-16 11:11:41 +0200
From: @mlkersten
select
subq_0
from
sys.keys ,
lateral (select ref_2.id
from tmp.keys as ref_2
where ((select role_id from sys.user_role) is NULL)
or (false)) as subq_0;
Comment 25362
Date: 2017-05-31 16:57:39 +0200
From: @njnes
solved, ie added more protection when we lookup the group by expression needed for the proper error message in column_ref.
The text was updated successfully, but these errors were encountered: