oqgraph-dev team mailing list archive
-
oqgraph-dev team
-
Mailing list archive
-
Message #00212
[Bug 1133093] Re: Crash on ORDER BY in OQGRAPH v3
Seems to be because
ha_oqgraph::position() --> oqgraph::row_ref() --> cursor->current() -->
...
ends up at ref= last;
where struct open_query::reference assignment operator ends up at oqgraph3::cursor_ptr::operator= (which is implicit)
--> intrusive_ptr operator= which for some reason is designed to swap the input argument with itself.
Which means if your try and assign _to_ garbage memory, you end up with garbage in the thing being assigned from.
Hence crash.
Question is, why does intrusive_ptr use swap (i.e, its more than an
'usual' assignment operator) - the 'why' is not described in the doco.
This ends up clobbering last which then crashes in
intrusive_ptr_release.
Looking at graphcore.cc, AFAICS member last is actually only ever used
in a local fashion... I can only assume done this way to save stack
space or initalisation or something?
More important question: should ha_oqgraph::position(record) be being
called with 'ref' set to point to junk (uninitialised?) memory?
--
You received this bug notification because you are a member of OQgraph
developers, which is a bug assignee.
https://bugs.launchpad.net/bugs/1133093
Title:
Crash on ORDER BY in OQGRAPH v3
Status in OQGraph Engine for MariaDB:
Triaged
Bug description:
SELECT * FROM graph WHERE latch=1 AND origid=1 AND destid=6;
works
SELECT * FROM graph WHERE latch=1 AND origid=1 AND destid=6 ORDER BY seq;
segfaults.
To manage notifications about this bug go to:
https://bugs.launchpad.net/oqgraph/+bug/1133093/+subscriptions
References