Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Server crash on LATERAL (sqlsmith) #6319

Closed
monetdb-team opened this issue Nov 30, 2020 · 0 comments
Closed

Server crash on LATERAL (sqlsmith) #6319

monetdb-team opened this issue Nov 30, 2020 · 0 comments

Comments

@monetdb-team
Copy link

@monetdb-team monetdb-team commented Nov 30, 2020

Date: 2017-05-16 09:59:24 +0200
From: @mlkersten
To: SQL devs <>
Version: -- development
CC: @njnes

Last updated: 2017-07-17 16:07:28 +0200

Comment 25332

Date: 2017-05-16 09:59:24 +0200
From: @mlkersten

User-Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build Identifier:

The following is causing a crash

Reproducible: Always

Steps to Reproduce:

select
subq_0
from
sys.keys ,
lateral (select ref_2.id
from tmp.keys
where ((select role_id from sys.user_role) is NULL)
or (false)) as subq_0;

Actual Results:

Thread 1 "mserver5" received signal SIGSEGV, Segmentation fault.
0x00007fffee055026 in rel_column_ref (sql=0x1bb9630, rel=0x7fffffffccb0,
column_r=0x1c90410, f=2)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:1065
1065 while(gb->l && !is_groupby(gb->op))
(gdb) where
0 0x00007fffee055026 in rel_column_ref (sql=0x1bb9630, rel=0x7fffffffccb0,
column_r=0x1c90410, f=2)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:1065
1 0x00007fffee064808 in rel_value_exp2 (sql=0x1bb9630, rel=0x7fffffffccb0,
se=0x1c90410, f=2, ek=..., is_last=0x7fffffffcbcc)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4345
2 0x00007fffee0652c5 in rel_value_exp (sql=0x1bb9630, rel=0x7fffffffccb0,
se=0x1c90410, f=2, ek=...)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4489
3 0x00007fffee0653aa in column_exp (sql=0x1bb9630, rel=0x7fffffffccb0,
column_e=0x1c90490, f=2)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4502
4 0x00007fffee065611 in rel_column_exp (sql=0x1bb9630, rel=0x7fffffffccb0,
column_e=0x1c90490, f=2)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4546
5 0x00007fffee0661d8 in rel_select_exp (sql=0x1bb9630, rel=0x1c93de0,
sn=0x1c90c10, ek=...)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4741
6 0x00007fffee067275 in rel_query (sql=0x1bb9630, rel=0x0, sq=0x1c90c10,
toplevel=1, ek=..., apply=8)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4990
7 0x00007fffee068b55 in rel_subquery (sql=0x1bb9630, rel=0x0, sq=0x1c90c10,
ek=..., apply=8)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:5355
8 0x00007fffee051391 in rel_subquery_optname (sql=0x1bb9630, rel=0x0,
query=0x1c90c10)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:259
9 0x00007fffee0547ac in table_ref (sql=0x1bb9630, rel=0x0, tableref=0x1c90c10,
lateral=0)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:937
10 0x00007fffee066dcc in rel_query (sql=0x1bb9630, rel=0x0, sq=0x1c90e00,
toplevel=1, ek=..., apply=8)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:4920
11 0x00007fffee068b55 in rel_subquery (sql=0x1bb9630, rel=0x0, sq=0x1c90e00,
ek=..., apply=8)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:5355
12 0x00007fffee068c66 in rel_selects (sql=0x1bb9630, s=0x1c90e00)
at /export/scratch1/home/mk/default//package/sql/server/rel_select.c:5376
13 0x00007fffee04fffe in rel_semantic (sql=0x1bb9630, s=0x1c90e00)

Comment 25334

Date: 2017-05-16 11:11:41 +0200
From: @mlkersten

select
subq_0
from
sys.keys ,
lateral (select ref_2.id
from tmp.keys as ref_2
where ((select role_id from sys.user_role) is NULL)
or (false)) as subq_0;

Comment 25362

Date: 2017-05-31 16:57:39 +0200
From: @njnes

solved, ie added more protection when we lookup the group by expression needed for the proper error message in column_ref.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant