Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TiDB server crashes when parsing query #45838

Closed
SteveLeungYL opened this issue Aug 6, 2023 · 1 comment · Fixed by #45916
Closed

TiDB server crashes when parsing query #45838

SteveLeungYL opened this issue Aug 6, 2023 · 1 comment · Fixed by #45916
Assignees
@djshow832
Labels
severity/moderate sig/sql-infra SIG: SQL Infra type/bug This issue is a bug.

Comments

@SteveLeungYL
Copy link

Bug Report

1. Minimal reproduce step (Required)

  1. Compile the TiDB using the source repository: link
  2. Check out with the latest master version: a626b0562c, also tested with released version: v7.1.1(cf44157).
  3. Compile the TiDB server using go1.20. Use make in the repo root directory.
  4. Launch TiDB server using command:
./tidb-server -P 8000 -socket /tmp/mysql_0.sql -path $(pwd)/db_data
  1. Connect to the server using mysql client:
mysql -h 127.0.0.1 -P 8000 -u root --socket /tmp/mysql_0.sql
  1. Input the PoC Query to trigger the crash of the server.
( WITH v0 AS  ( SELECT TRUE )  (    SELECT 'abc'  EXCEPT  ( SELECT TRUE )  ) );

2. What did you expect to see? (Required)

The TiDB should return the result of the query, or throw out semantic error for the query.

3. What did you see instead (Required)

The TiDB server crashes with error:

mysql> ( WITH v0 AS  ( SELECT TRUE )  (    SELECT 'abc'  EXCEPT  ( SELECT TRUE )  ) );
ERROR 1105 (HY000): interface conversion: ast.StmtNode is *ast.SetOprStmt, not *ast.SelectStmt

4. What is your TiDB version? (Required)

+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| tidb_version() |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Release Version: v7.1.1
Edition: Community
Git Commit Hash: cf44157
Git Branch: HEAD
UTC Build Time: 2023-08-06 19:14:34
GoVersion: go1.20
Race Enabled: false
TiKV Min Version: 6.2.0-alpha
Check Table Before Drop: false
Store: unistore |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.01 sec)

4. Additional Information (Required)

The bug seems to be a bug in the parser code.
@SteveLeungYL SteveLeungYL added the type/bug This issue is a bug. label Aug 6, 2023
@djshow832
Copy link
Contributor

It is indeed a parser bug: in https://github.com/pingcap/tidb/blob/v7.3.0-alpha/parser/parser.y#L9933, it takes SelectStmtWithClause as a SelectStmt, but it can also be a SetOprStmt.

@djshow832 djshow832 self-assigned this Aug 8, 2023
@djshow832 djshow832 mentioned this issue Aug 8, 2023
Merged
12 tasks
ti-chi-bot bot pushed a commit that referenced this issue Aug 9, 2023
@djshow832
parser: fix panic in parsing CTE within a subquery (#45916)
a0cbff2 
close #45838
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@djshow832 djshow832

Labels
severity/moderate sig/sql-infra SIG: SQL Infra type/bug This issue is a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

parser: fix panic in parsing CTE within a subquery djshow832/tidb
3 participants
@aytrack @SteveLeungYL @djshow832