Bug#33279604 Instance crash when run a SQL query with many window functions

Dag Wanvik · Dag Wanvik · commit 95c3ea765123 · 2021-11-17T12:14:52.000+01:00
The immediate reason for this issue is the stack size of the thread,
which is not large enough to accomodate the number of windows of a
query specification in the query, cf. also Bug#33364125, when creating
iterator from access path.

This patch limits the number of windows, be they named or implicit, in
a query specification (SELECT) to 127. If this number is exceeded, an
error message will be given.

Note that even that number may require increasing the default thread
stack size on some platforms. The default stack size for MDS should be
tuned to make 127 fit.

Also, in order to make this number safe, we increase the range of
plan_idx, since each temporary table assigned to a window will grab a
value from that range and 127 windows would overflow the old range.

The 127 limit could be increased if need be, modulo other possible
problems. We could also make it a system variable.

As for Bug#33364125, this patch will make it safe it increase the
stack size so it could run ok: it needs 127 windows exactly.

Change-Id: Id2af258d0622b4c6be70f8e498b7ccb6de260645
diff --git a/share/messages_to_clients.txt b/share/messages_to_clients.txt
@@ -9685,6 +9685,8 @@ ER_WARN_SF_UDF_NAME_COLLISION
 ER_CANNOT_PURGE_BINLOG_WITH_BACKUP_LOCK
   eng "Could not purge binary logs since another session is executing LOCK INSTANCE FOR BACKUP. Wait for that session to release the lock."
 
+ER_TOO_MANY_WINDOWS
+  eng "Too many windows in SELECT: %d. Maximum allowed is %d. Use named windows to share windows between window functions."
 #
 #  End of 8.0 error messages (server-to-client).
 #  Do NOT add messages intended for the error log above!
diff --git a/sql/sql_opt_exec_shared.h b/sql/sql_opt_exec_shared.h
@@ -50,7 +50,7 @@ struct POSITION;
    before-first-table" (firstmatch_return==PRE_FIRST_PLAN_IDX) from "No
    FirstMatch" (firstmatch_return==NO_PLAN_IDX).
 */
-typedef int8 plan_idx;
+using plan_idx = int;
 #define NO_PLAN_IDX (-2)  ///< undefined index
 #define PRE_FIRST_PLAN_IDX \
   (-1)  ///< right before the first (first's index is 0)
@@ -487,7 +487,10 @@ class QEP_shared_owner {
   // (before optimization).
   plan_idx idx() const { return m_qs->idx(); }
   void set_idx(plan_idx i) { return m_qs->set_idx(i); }
-  qep_tab_map idx_map() const { return qep_tab_map{1} << m_qs->idx(); }
+  qep_tab_map idx_map() const {
+    assert(m_qs->idx() < static_cast<plan_idx>(CHAR_BIT * sizeof(qep_tab_map)));
+    return qep_tab_map{1} << m_qs->idx();
+  }
 
   TABLE *table() const { return m_qs->table(); }
   POSITION *position() const { return m_qs->position(); }
diff --git a/sql/table.h b/sql/table.h
@@ -110,7 +110,7 @@ struct TABLE_LIST;
 struct TABLE_SHARE;
 struct handlerton;
 struct Name_resolution_context;
-typedef int8 plan_idx;
+using plan_idx = int;
 
 namespace dd {
 class Table;
diff --git a/sql/window.cc b/sql/window.cc
@@ -1086,6 +1086,12 @@ bool Window::setup_windows1(THD *thd, Query_block *select,
                             List<Window> *windows) {
   // Only possible at resolution time.
   assert(thd->lex->current_query_block()->first_execution);
+
+  if (windows->elements > kMaxWindows) {
+    my_error(ER_TOO_MANY_WINDOWS, MYF(0), windows->elements, kMaxWindows);
+    return true;
+  }
+
   /*
     We can encounter aggregate functions in the ORDER BY and PARTITION clauses
     of window function, so make sure we allow it:
diff --git a/sql/window.h b/sql/window.h
@@ -71,6 +71,16 @@ enum class Window_retrieve_cached_row_reason {
   MISC_POSITIONS = 5  // NTH_VALUE, LEAD/LAG have dynamic indexes 5..N
 };
 
+/**
+  The number of windows is limited to avoid the stack blowing up
+  when constructing iterators recursively. There used to be no limit, but
+  it would be unsafe since QEP_shared::m_idx of tmp tables assigned for windows
+  would exceed the old range of its type plan_idx (int8). It
+  has now been widened, so the max number of windows could be increased
+  if need be, modulo other problems. We could also make it a system variable.
+*/
+constexpr int kMaxWindows = 127;
+
 /**
   Represents the (explicit) window of a SQL 2003 section 7.11 \<window clause\>,
   or the implicit (inlined) window of a window function call, or a reference to

Original file line number	Diff line number	Diff line change
`@@ -9685,6 +9685,8 @@ ER_WARN_SF_UDF_NAME_COLLISION`
`9685`	`9685`	`ER_CANNOT_PURGE_BINLOG_WITH_BACKUP_LOCK`
`9686`	`9686`	`eng "Could not purge binary logs since another session is executing LOCK INSTANCE FOR BACKUP. Wait for that session to release the lock."`
`9687`	`9687`
	`9688`	`+ER_TOO_MANY_WINDOWS`
	`9689`	`+ eng "Too many windows in SELECT: %d. Maximum allowed is %d. Use named windows to share windows between window functions."`
`9688`	`9690`	`#`
`9689`	`9691`	`# End of 8.0 error messages (server-to-client).`
`9690`	`9692`	`# Do NOT add messages intended for the error log above!`