Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segfault when using expression index with complex expression [CORE6015] #6265

Closed
firebird-issue-importer opened this issue Mar 1, 2019 · 11 comments

Comments

@firebird-issue-importer
Copy link

@firebird-issue-importer firebird-issue-importer commented Mar 1, 2019

Submitted by: @AlexPeshkoff

Nothing limits use of rather complex expression in the index. One can use selectable stored procedure to calculate that expression, and in that stored procedure one can select rows from the table on which expression index is created. During garbage collection of such index key value is calculated which causes expression evaluation, execution of SP and tabke scan - which in turn causes GC. I.e. we have unlimited recursion with obvious stack overflow and segfault.

Commits: 5bbf69b dc9e026 fbb7068 2caa4f7 1eba28b 35282da a4c886a 606e9e3

====== Test Details ======

Case when SP tries to change record via ES+EDS mechanism remains uncovered.
ISQL will hang and, though it can be interrupted by Ctrl-C, firebird process keeps DB file opened infinitely.
Discussed with Vlad, letters 17.04.2021 09:52 and 21.04.2021 10:40.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Mar 1, 2019

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Mar 1, 2019

Commented by: @AlexPeshkoff

Explicitly disable further GC when doing any index GC.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Mar 1, 2019

Modified by: @AlexPeshkoff

status: Open [ 1 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 2.5.9 [ 10862 ]

Fix Version: 3.0.5 [ 10885 ]

Fix Version: 4.0 Beta 2 [ 10888 ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Mar 7, 2019

Commented by: @pavel-zotov

Run following script (replace "C:\FBTESTING\qa\misc\c6015.fdb" with your env.):

set bail on;
set echo on;

shell del C:\\FBTESTING\\qa\\misc\\c6015\.fdb 2\>nul;
create database 'localhost:C:\\FBTESTING\\qa\\misc\\c6015\.fdb' user 'SYSDBA' password 'masterkey';
show version;

create sequence g;
set term ^;
create procedure sp\_eval\(a\_id int\) returns\(x\_cnt int\) as 
begin 
   suspend;
end^
set term ;^
commit;
create table test\(id int primary key, x int\);
create index test\_eval\_1 on test computed by \( \( select x\_cnt from sp\_eval\(x\) \) \);
commit;

insert into test\(id, x\) values\(1, 111\);
insert into test\(id, x\) values\(2, 222\);
commit;

\-\- Prevent from appearing "Modifying procedure SP\_EVAL which is currently in use by active user requests" in FB log:
connect 'localhost:C:\\FBTESTING\\qa\\misc\\c6015\.fdb' user 'SYSDBA' password 'masterkey';

set term ^;
alter procedure sp\_eval\(a\_id int\) returns\(x\_cnt int\) as 
begin 

   update test set x = \-x
   \-\-where id = :a\_id
   order by x rows 1
   returning x into x\_cnt ;

   suspend;
end^
set term ;^
commit;

set transaction read committed;
set plan on;

/\*
\-\- case\-1:
\-\- =======
select
    <http://t.id> as id\_case\_1
    ,t\.x as x\_case\_1
    ,\( select \* from sp\_eval\( <http://t.id> \) \)
from test t 
;
\-\-\*/


/\*
\-\- case\-2:
\-\- =======
select 
    <http://t.id> as id\_case\_2
    ,t\.x as x\_case\_2
from test t 
left join sp\_eval\( <http://t.id> \) on 1=1
;
\-\-\*/


\-\-/\*
\-\- case\-3:
\-\- =======
select 
    <http://t.id> as id\_case\_3
    ,t\.x as x\_case\_3
from test t 
where exists\( select 1 from sp\_eval\( <http://t.id> \) \)
;
\-\-\*/
quit;

=====

All of cases (1,2,3) that are in this script lead FB to crash.
Checked on 2.5.9.27129, 3.0.5.33109 and 4.0.0.1457

Dumps, stack traces and snapshots with .pdb files can be found here:

https://drive.google.com/open?id=1odge6pliSlieYrkJiTnEplnfX7mr68me

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Mar 7, 2019

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: No test => Deferred

Test Details: See comment 07/Mar/19 07:38 AM

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 9, 2021

Modified by: @AlexPeshkoff

status: Resolved [ 5 ] => Reopened [ 4 ]

resolution: Fixed [ 1 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 13, 2021

Modified by: @AlexPeshkoff

assignee: Alexander Peshkov [ alexpeshkoff ] => Vlad Khorsun [ hvlad ]

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 16, 2021

Modified by: @hvlad

status: Reopened [ 4 ] => Resolved [ 5 ]

resolution: Fixed [ 1 ]

Fix Version: 4.0.0 [ 10931 ]

Fix Version: 3.0.8 [ 10960 ]

Fix Version: 2.5.9 [ 10862 ] =>

Fix Version: 3.0.5 [ 10885 ] =>

Fix Version: 4.0 Beta 2 [ 10888 ] =>

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 17, 2021

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

Test Details: See comment 07/Mar/19 07:38 AM => Found issues related to diff. behaviour between FB 3.x and 4.x; also have question related to unable to stop FB service when ES is used in SP.
Sent letter to Vlad et al, 17.04.2021 09:52, waiting for reply.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 22, 2021

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Resolved [ 5 ]

QA Status: Deferred => Done with caveats

Test Details: Found issues related to diff. behaviour between FB 3.x and 4.x; also have question related to unable to stop FB service when ES is used in SP.
Sent letter to Vlad et al, 17.04.2021 09:52, waiting for reply.

=>

Case when SP tries to change record via ES+EDS mechanism remains uncovered.
ISQL will hang and, though it can be interrupted by Ctrl-C, firebird process keeps DB file opened infinitely.
Discussed with Vlad, letters 17.04.2021 09:52 and 21.04.2021 10:40.

@firebird-issue-importer
Copy link
Author

@firebird-issue-importer firebird-issue-importer commented Apr 22, 2021

Modified by: @pavel-zotov

status: Resolved [ 5 ] => Closed [ 6 ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment