index out of range [0] with length 0 in chunk.MutRow.ShallowCopyPartialRow->chunk.(*Column).IsNull

[ycybfhb]

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

SQL to init database

init.sql.txt

SQL that causes error

SELECT
  cast((cast(subq_0.c0 as decimal) <= cast(subq_0.c1 as signed)) as unsigned) as c2,
  subq_0.c0 as c7,
  subq_0.c1 as c8,
  subq_0.c0 as c9
FROM
  (select  
          ref_0.c_d3wokzls77 as c0, 
          ref_0.c_l1t as c1
        from 
          t_dci as ref_0
        where ((ref_0.c_gs6c2wzbdg not like 'rk%z%g_6')) 
          and ((NOT NOT(cast((ref_0.c_gs6c2wzbdg >= cast(null as char)) as unsigned))))) as subq_0
WHERE
  0<>0
union all
(SELECT
  (
        stddev_samp(
          cast(cast(nullif(
            (select c_dph7 from t_dci order by c_dph7 limit 1 offset 1)
              , 
            (select c_m2y from t_rc order by c_m2y limit 1 offset 1)
              
            ) as signed) as signed)) over (partition by ref_1.c_yu order by ref_1.c_yu, ref_1.c_yu) in (
      select  
          ref_2.c_wd3x as c0
        from 
          t_glzh3lb0ro as ref_2
        where (abs(
            cast(-6091065890992339257 as signed)) not in (
          cast((ref_2.c_pf8vmpo8 ^ ref_2.c_i3ml) as signed), -7790602823151664550, 5290185684177402134, -224260232966424670, case when (NOT NOT(cast((cast(ref_2.c_p as signed) <> cast(2655086899823506853 as signed)) as unsigned))) then 3398291683088373699 else 3533803436526595472 end
            )))) as c2,
  ref_1.c_m2y as c7,
  (NOT NOT(cast(((select c_w9qyk_fpj from t_dci order by c_w9qyk_fpj limit 1 offset 1)
           < ref_1.c_m2y) as unsigned))) as c8,
  ref_1.c_m2y as c9
FROM
  t_rc as ref_1)
LIMIT 99;

2. What did you expect to see? (Required)

Expect no crashes

3. What did you see instead (Required)

runtime error: index out of range [0] with length 0
github.com/pingcap/errors.AddStack
	/root/go/pkg/mod/github.com/pingcap/errors@v0.11.5-0.20240318064555-6bd07397691f/errors.go:178
github.com/pingcap/errors.Trace
	/root/go/pkg/mod/github.com/pingcap/errors@v0.11.5-0.20240318064555-6bd07397691f/juju_adaptor.go:15
github.com/pingcap/tidb/pkg/util.GetRecoverError
	/workspace/source/tidb/pkg/util/util.go:288
github.com/pingcap/tidb/pkg/executor/join.(*ProbeWorkerV1).handleProbeWorkerPanic
	/workspace/source/tidb/pkg/executor/join/hash_join_v1.go:235
github.com/pingcap/tidb/pkg/util.(*WaitGroupWrapper).RunWithRecover.func1.1
	/workspace/source/tidb/pkg/util/wait_group_wrapper.go:185
runtime.gopanic
	/usr/local/go/src/runtime/panic.go:914
runtime.goPanicIndex
	/usr/local/go/src/runtime/panic.go:114
github.com/pingcap/tidb/pkg/util/chunk.(*Column).IsNull
	/workspace/source/tidb/pkg/util/chunk/column.go:197
github.com/pingcap/tidb/pkg/util/chunk.MutRow.ShallowCopyPartialRow
	/workspace/source/tidb/pkg/util/chunk/mutrow.go:380
github.com/pingcap/tidb/pkg/executor/join.(*baseJoiner).makeShallowJoinRow
	/workspace/source/tidb/pkg/executor/join/joiner.go:256
github.com/pingcap/tidb/pkg/executor/join.(*leftOuterSemiJoiner).TryToMatchInners
	/workspace/source/tidb/pkg/executor/join/joiner.go:602
github.com/pingcap/tidb/pkg/executor/join.(*ProbeWorkerV1).joinMatchedProbeSideRow2Chunk
	/workspace/source/tidb/pkg/executor/join/hash_join_v1.go:781
github.com/pingcap/tidb/pkg/executor/join.(*ProbeWorkerV1).join2Chunk
	/workspace/source/tidb/pkg/executor/join/hash_join_v1.go:901
github.com/pingcap/tidb/pkg/executor/join.(*ProbeWorkerV1).runJoinWorker
	/workspace/source/tidb/pkg/executor/join/hash_join_v1.go:345
github.com/pingcap/tidb/pkg/executor/join.(*HashJoinV1Exec).fetchAndProbeHashTable.func2
	/workspace/source/tidb/pkg/executor/join/hash_join_v1.go:227
github.com/pingcap/tidb/pkg/util.(*WaitGroupWrapper).RunWithRecover.func1
	/workspace/source/tidb/pkg/util/wait_group_wrapper.go:189
runtime.goexit
	/usr/local/go/src/runtime/asm_amd64.s:1650

4. What is your TiDB version? (Required)

Release Version: v8.4.0-alpha-66-g1167e0c
Edition: Community
Git Commit Hash: 1167e0c06fc8e2dd066bd974315284bc0e884acc
Git Branch: HEAD
UTC Build Time: 2024-09-03 01:15:19
GoVersion: go1.21.13
Race Enabled: false
Check Table Before Drop: false
Store: tikv

We are the BASS team from the School of Cyber Science and Technology at Beihang University. Our main focus is on system software security, operating systems, and program analysis research, as well as the development of automated program testing frameworks for detecting software defects. Using our self-developed database vulnerability testing tool, we have identified the above-mentioned vulnerabilities in TiDB that may lead to database crashes.

[jebter]

refer to #55878

[windtalker]

duplicated with #55885, close it.