← Back to team overview

oqgraph-dev team mailing list archive

[Bug 1133093] Re: Crash on ORDER BY in OQGRAPH v3

 

Seems to be because

ha_oqgraph::position() --> oqgraph::row_ref() --> cursor->current() -->
...

ends up at     ref= last;

where struct open_query::reference assignment operator ends up at oqgraph3::cursor_ptr::operator= (which is implicit) 
--> intrusive_ptr operator= which for some reason is designed to swap the input argument with itself.
Which means if your try and assign _to_ garbage memory, you end up with garbage in the thing being assigned from.
Hence crash.

Question is, why does intrusive_ptr use swap (i.e, its more than an
'usual' assignment operator) - the 'why' is not described in the doco.
This ends up clobbering last which then crashes in
intrusive_ptr_release.

Looking at graphcore.cc, AFAICS member last is actually only ever used
in a local fashion... I can only assume done this way to save stack
space or initalisation or something?

More important question: should ha_oqgraph::position(record)  be being
called with 'ref' set to point to junk (uninitialised?) memory?

-- 
You received this bug notification because you are a member of OQgraph
developers, which is a bug assignee.
https://bugs.launchpad.net/bugs/1133093

Title:
  Crash on ORDER BY in OQGRAPH v3

Status in OQGraph Engine for MariaDB:
  Triaged

Bug description:
  SELECT * FROM graph WHERE latch=1 AND origid=1 AND destid=6;
  works

  SELECT * FROM graph WHERE latch=1 AND origid=1 AND destid=6 ORDER BY seq;
  segfaults.

To manage notifications about this bug go to:
https://bugs.launchpad.net/oqgraph/+bug/1133093/+subscriptions


References