List:Commits« Previous MessageNext Message »
From:Sergei Golubchik Date:November 12 2007 6:40pm
Subject:Re: bk commit into 5.0 tree (evgen:1.2549) BUG#31048
View as plain text  
Hi!

On Oct 30, eugene@stripped wrote:
> ChangeSet@stripped, 2007-10-30 15:39:51+00:00, evgen@stripped +4 -0
>   Bug#31048: Many nested subqueries may cause server crash.
>   
>   This bug is actually two. The first one manifests itself on an EXPLAIN
>   SELECT query with nested subqueries that employs the filesort algorithm.
>   The whole SELECT under explain is marked as UNCACHEABLE_EXPLAIN to preserve
>   some temporary structures for explain. As a side-effect of this values of
>   nested subqueries weren't cached and subqueries were re-evaluated many
>   times. Each time buffer for filesort was allocated but wasn't freed because
>   freeing occurs at the end of topmost SELECT. Thus all available memory was
>   eaten up step by step and OOM event occur.
>   The second bug manifests itself on SELECT queries with conditions where
>   a subquery result is compared with a key field and the subquery itself also
>   has such condition. When a long chain of such nested subqueries is present
>   the stack overrun occur. This happens because at some point the range optimizer
>   temporary puts the PARAM structure on the stack. Its size if about 8K and
>   the stack is exhausted very fast.
>   
>   Now the subselect_single_select_engine::exec function allows subquery result
>   caching when the UNCACHEABLE_EXPLAIN flag is set.
>   Now the SQL_SELECT::test_quick_select function allocates the PARAM structure
>   on the heap and frees it on exit.

can you create two tests that test these bugs separately ?
(e.g. without EXPLAIN, I think, only the second would be triggered)
 
> diff -Nrup a/sql/item_subselect.cc b/sql/item_subselect.cc
> --- a/sql/item_subselect.cc	2007-06-29 07:39:15 +00:00
> +++ b/sql/item_subselect.cc	2007-10-30 15:37:39 +00:00
> @@ -1800,7 +1800,9 @@ int subselect_single_select_engine::exec
>        DBUG_RETURN(1);
>      }
>    }
> -  if (select_lex->uncacheable && executed)
> +  if (select_lex->uncacheable &&
> +      select_lex->uncacheable != UNCACHEABLE_EXPLAIN
> +      && executed)

ok

>    {
>      if (join->reinit())
>      {
> diff -Nrup a/sql/opt_range.cc b/sql/opt_range.cc
> --- a/sql/opt_range.cc	2007-10-23 11:32:03 +00:00
> +++ b/sql/opt_range.cc	2007-10-30 15:38:30 +00:00
> @@ -1982,33 +1982,39 @@ int SQL_SELECT::test_quick_select(THD *t
>      SEL_TREE *tree= NULL;
>      KEY_PART *key_parts;
>      KEY *key_info;
> -    PARAM param;
> +    PARAM *param;
> +
> +    param= (PARAM*)my_malloc(sizeof(PARAM),MYF(0));
> +    if (!param)
> +      DBUG_RETURN(0);				// Can't use range

Uhm. Does stack overflow detection catches it ? If not, can it be added
here to catch it ?

Regards / Mit vielen Grüssen,
Sergei

-- 
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /   Sergei Golubchik <serg@stripped>
 / /|_/ / // /\ \/ /_/ / /__  Principal Software Developer
/_/  /_/\_, /___/\___\_\___/  MySQL GmbH, Dachauer Str. 37, D-80335 München
       <___/                  Geschäftsführer: Kaj Arnö - HRB
München 162140
Thread
bk commit into 5.0 tree (evgen:1.2549) BUG#31048eugene30 Oct
  • Re: bk commit into 5.0 tree (evgen:1.2549) BUG#31048Sergei Golubchik12 Nov