Skip to content

MDEV-36792: UBSAN load of null pointer and Assertion b == &type_handler_row || b == &type_handler_null in Arg_comparator::set_cmp_func when using ROW()#4988

Open
raghunandanbhat wants to merge 1 commit into11.8from
11.8-mdev-36792
Open

Conversation

@raghunandanbhat
Copy link
Copy Markdown
Contributor

@raghunandanbhat raghunandanbhat commented Apr 24, 2026
edited
Loading

fixes MDEV-36792

Problem:

When a stored function returning ROW type is used as a ROW field and comapred against a non-ROW field, server crashes trying to aggregate types for comparison in- Type_collection_row::aggregate_for_comparison.
for example:

CREATE FUNCTION f() RETURNS ROW TYPE OF t RETURN 1;
CREATE TABLE t (a INT);
SELECT ROW(f(),1)=ROW(1,1) AS eq;

Fix:

Convert assertions in Type_collection_row::aggregate_for_comparison into a condition and return NULL if an invalid type combination is detected.

@raghunandanbhat
MDEV-36792: UBSAN load of null pointer and Assertion `b == &type_hand…
093be2a 
…ler_row || b == &type_handler_null` in `Arg_comparator::set_cmp_func when using ROW()`

Problem:
  When a stored function returning `ROW` type is used as a `ROW` field
  and comapred against a non-ROW field, server crashes trying to
  aggregate types for comaprison in-
  `Type_collection_row::aggregate_for_comparison`.
  for example:
  CREATE FUNCTION f() RETURNS ROW TYPE OF t RETURN 1;
  SELECT ROW(f(),1)=ROW(1,1) AS eq;

Fix:
  Convert assertions in `Type_collection_row::aggregate_for_comparison`
  into a condition and return `NULL` if an invalid type combination is
  detected.
@raghunandanbhat raghunandanbhat marked this pull request as ready for review April 24, 2026 12:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

MariaDB Corporation

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@raghunandanbhat