maria-developers team mailing list archive

[Alexander Barkov <bar@xxxxxxxxxxx>]

Hello Sergei,


On 10/25/21 7:28 PM, Sergei Golubchik wrote:
> Hi, Alexander!
>
> On Oct 25, Alexander Barkov wrote:
> > revision-id: d1ec0231553 (mariadb-10.5.4-550-gd1ec0231553)
> > parent(s): 8b115503563
> > author: Alexander Barkov
> > committer: Alexander Barkov
> > timestamp: 2021-10-07 20:58:18 +0400
> > message:
> >
> > MDEV-26732 Assertion `0' failed in Item::val_native
> >
> > Also fixes MDEV-24619 Wrong result or Assertion `0' in Item::val_native / Type_handler_inet6::Item_val_native_with_conversion
>
> would be good to have some explanation here, what was wrong, what was
> the fix.

Right, I suggest this comment:


    MDEV-26732 Assertion `0' failed in Item::val_native

    Also fixes MDEV-24619 Wrong result or Assertion `0' in 
Item::val_native / Type_handler_inet6::Item_val_native_with_conversion


Type_handler::create_item_copy() created a generic Item_copy_string,
which does not implement val_native() - it has a dummy implementation
with DBUG_ASSERT(0), which made the server crash.

Fix:

- Adding a new class Item_copy_inet6, which implements val_native().
- Fixing Type_handler::create_item_copy() to make Item_copy_inet6
instead of Item_copy_string.



> > diff --git a/plugin/type_inet/mysql-test/type_inet/type_inet6.result b/plugin/type_inet/mysql-test/type_inet/type_inet6.result
> > index da949481337..ac16f5c06ce 100644
> > --- a/plugin/type_inet/mysql-test/type_inet/type_inet6.result
> > +++ b/plugin/type_inet/mysql-test/type_inet/type_inet6.result
> > @@ -2159,3 +2159,38 @@ IFNULL(c, '::1')
> >   ::1
> >   DROP TABLE t2;
> >   DROP TABLE t1;
> > +#
> > +# MDEV-26732 Assertion `0' failed in Item::val_native
> > +#
> > +SELECT CAST(CONCAT('::', REPEAT('',RAND())) AS INET6) AS f, var_pop('x') FROM dual HAVING f > '';
>
> do you need RAND() here for a test case? can you replace it with a
> literal?
>
> do you need var_pop() here?

I need both:
- RAND(), to avoid treating the expressions as a constant
- var_pop(), or any other aggregate functions.
  With count() instead of var_pop() it also crashes.

If I remove any of these two, it does not crash - the execution goes 
through different paths.


> > +f	var_pop('x')
> > +Warnings:
> > +Warning	1292	Truncated incorrect DOUBLE value: 'x'
> > +Warning	1292	Incorrect inet6 value: ''
> > +SELECT CAST(CONCAT('::', REPEAT('',RAND())) AS INET6) AS f, var_pop(1) FROM dual HAVING f >= '::';
> > +f	var_pop(1)
> > +::	0.0000
> > +CREATE TABLE t1(id INET6 NOT NULL PRIMARY KEY, dsc INET6);
> > +INSERT INTO t1 VALUES ('::1', '1::1'),('::3', '1::3'),('::4', NULL);
> > +CREATE TABLE t2 SELECT COALESCE(t1.dsc), COUNT(*) FROM t1 GROUP BY t1.id;
> > +SELECT * FROM t2 ORDER BY 1,2;
> > +COALESCE(t1.dsc)	COUNT(*)
> > +NULL	1
> > +1::1	1
> > +1::3	1
> > +DROP TABLE t1, t2;
> > +#
> > +# MDEV-24619 Wrong result or Assertion `0' in Item::val_native / Type_handler_inet6::Item_val_native_with_conversion
> > +#
> > +CREATE TABLE t1 (a INET6);
> > +INSERT INTO t1 VALUES ('::'),('::');
> > +SELECT IF(1, '::', a) AS f FROM t1 GROUP BY 'foo' HAVING f != '';
> > +f
> > +Warnings:
> > +Warning	1292	Incorrect inet6 value: ''
> > +SELECT IF(1, '::', a) AS f FROM t1 GROUP BY 'foo' HAVING f != '::';
> > +f
> > +SELECT IF(1, '::', a) AS f FROM t1 GROUP BY 'foo' HAVING f != '::1';
> > +f
> > +::
> > +DROP TABLE t1;
>
> Regards,
> Sergei
> VP of MariaDB Server Engineering
> and security@xxxxxxxxxxx