Bug #10218 Command line recall rolls into Segmentation Fault(coredump)
Submitted: 27 Apr 2005 21:52 Modified: 10 Jul 2007 22:03
Reporter: Vito Munoz Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S2 (Serious)
Version:4.1.16-pro, 5.0.30-cluster OS:Solaris (Solaris 8, 10)
Assigned to: Magnus Blåudd CPU Architecture:Any
Tags: bfsm_2007_04_19, bfsm_2007_05_31, libedit

[27 Apr 2005 21:52] Vito Munoz 
Description:
When in the mysql client pushing the up arrow to recall the preivious command will result in a segfault if you attempt to up-arrow twice.

How to repeat:
Script started on Wed Apr 27 16:44:57 2005
./mysql -u root^M
Welcome to the MySQL monitor.  Commands end with ; or \g.^M
Your MySQL connection id is 30022 to server version: 4.1.11-pro-log^M
^M
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.^M
^M
mysql> status^M
--------------^M
./mysql  Ver 14.7 Distrib 4.1.11, for sun-solaris2.10 (sparc)^M
^M
Connection id:          30022^M
Current database:       ^M
Current user:           root@localhost^M
SSL:                    Not in use^M
Current pager:          stdout^M
Using outfile:          ''^M
Using delimiter:        ;^M
Server version:         4.1.11-pro-log^M
Protocol version:       10^M
Connection:             Localhost via UNIX socket^M
Server characterset:    latin1^M
Db     characterset:    latin1^M
Client characterset:    latin1^M
Conn.  characterset:    latin1^M
UNIX socket:            /tmp/mysql.sock^M
Uptime:                 25 min 24 sec^M
^M
Threads: 2  Questions: 748944  Slow queries: 0  Opens: 25443  Flush tables: 1  Open tables: 0  Queries per second avg: 491.433^M
--------------^M
^M
*** I TYPED "show databases" and hit enter. ***
mysql> show databases;^M
+----------+^M
| Database |^M
+----------+^M
| mysql    |^M
| test     |^M
| vito     |^M
+----------+^M
3 rows in set (0.00 sec)^M
^M
*** HERE I uparrowed and hit enter.  ***
mysql> show databases;^M
+----------+^M
| Database |^M
+----------+^M
| mysql    |^M
| test     |^M
| vito     |^M
+----------+^M
3 rows in set (0.00 sec)^M
^M
*** Here I uparrowed, it brought back 'show databases' and I uparrowed again.
It then had a SegFault ***
mysql> show databases;Segmentation Fault(coredump)^M
sscmysql@sscsnd02(global):/mysql/db01/mysql-pro-4.1.11-sun-solaris2.10-sparc-64bit/bin# exit^M

script done on Wed Apr 27 16:45:25 2005
[4 May 2005 19:46] Hartmut Holzgraefe 
On what CPU architecture does this happen?
[5 May 2005 23:16] Vito Munoz 
Sparc
[9 May 2005 19:52] Vito Munoz 
mysql-pro-4.1.11-sun-solaris2.10-sparc-64b
[9 Jun 2005 23:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[15 Jun 2005 17:49] Vito Munoz 
I added the Platform some time ago.  

This was on Sun Sparc.
[28 Jul 2005 15:14] Valeriy Kravchuk 
Thank you for your bug report.

What distribution did you use (pkg or tar.gz)? Please, try the latest (4.1.13 or 5.0.10). I was unable to reproduce this core dump on Solaris 9 on our SPARC with 5.0.10-beta build from sources (tar.gz):

bash-2.05$ uname -a
SunOS sunfire280 5.9 Generic_118558-09 sun4u sparc SUNW,Sun-Fire-280R
bash-2.05$ bin/mysql -uroot
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3 to server version: 5.0.10-beta

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> status
--------------
bin/mysql  Ver 14.12 Distrib 5.0.10-beta, for sun-solaris2.9 (sparc) using  Edit
Line wrapper

Connection id:          3
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server version:         5.0.10-beta
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    latin1
Conn.  characterset:    latin1
UNIX socket:            /tmp/mysql.sock
Uptime:                 35 min 30 sec

Threads: 1  Questions: 33  Slow queries: 0  Opens: 0  Flush tables: 1  Open tables: 18  Queries per second avg: 0.015
--------------

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| test               |
+--------------------+
3 rows in set (0.01 sec)

Then I hit arrow up and Enter:

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| test               |
+--------------------+
3 rows in set (0.01 sec)

Then, once more arrow up and Enter:

mysql> status
--------------
bin/mysql  Ver 14.12 Distrib 5.0.10-beta, for sun-solaris2.9 (sparc) using  Edit
Line wrapper

Connection id:          3
Current database:
Current user:           root@localhost
SSL:                    Not in use
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server version:         5.0.10-beta
Protocol version:       10
Connection:             Localhost via UNIX socket
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    latin1
Conn.  characterset:    latin1
UNIX socket:            /tmp/mysql.sock
Uptime:                 36 min 26 sec

Threads: 1  Questions: 37  Slow queries: 0  Opens: 0  Flush tables: 1  Open tables: 18  Queries per second avg: 0.017
[28 Aug 2005 23:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
[14 Jan 2006 8:00] Valeriy Kravchuk 
Vito,

Can you, send the output of "ldd mysql" run from your shell prompt?

Also, please send the output of "SHOW VARIABLES LIKE 'version%'" run from the MySQL client.
[22 Jan 2006 2:01] Kolbe Kegel 
Install a 64-bit non-GPL MySQL build on a 64-bit Sparc Solaris system.

Start the server, and connect to it using the mysql client.

Issue a statement to the server
Press the up arrow to review the previous statement
Issue the statement again
Press the up arrow twice to review the original statement

This will cause a segfault

kkegel@sunfire100b mysql-pro-4.1.16-sun-solaris2.8-sparc-64bit $ ./bin/mysql
--socket=./data/mysql.sock
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 4.1.16-pro

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql 4.1.16-pro (root) "test"> show databases;
+----------+
| Database |
+----------+
| mysql    |
| test     |
+----------+
2 rows in set (0.01 sec)

mysql 4.1.16-pro (root) "test"> show databases;
+----------+
| Database |
+----------+
| mysql    |
| test     |
+----------+
2 rows in set (0.00 sec)

mysql 4.1.16-pro (root) "test"> show databases;Segmentation Fault (core dumped)
[14 Feb 2006 23:56] JOrdan L 
I'm getting the exact same error on a CentOS release 3.6 (Final) with a static binary install from the mysql website. 

root@sj3d22 rsct_4]# mysqld -V
mysqld  Ver 5.0.18-standard-log for pc-linux-gnu on i686 (MySQL Community Edition - Standard (GPL))

root@sj3d22 rsct_4]# mysql -V
mysql  Ver 14.12 Distrib 5.0.18, for pc-linux-gnu (i686) using readline 5.0

[root@sj3d22 rsct_4]# uname -a
Linux sj3d22 2.4.21-37.ELsmp #1 SMP Wed Sep 28 14:05:46 EDT 2005 i686 i686 i386 GNU/Linux

[root@sj3d22 rsct_4]# cat /proc/cpuinfo  | grep 'model name'
model name      : Intel(R) Pentium(R) 4 CPU 3.00GHz

[root@sj3d22 rsct_4]# ldd /usr/local/mysql/bin/mysqld
        not a dynamic executable
[root@sj3d22 rsct_4]# ldd /usr/local/mysql/bin/mysql
        not a dynamic executable

mysql> SHOW VARIABLES LIKE 'version%';
+-------------------------+------------------------------------------+
| Variable_name           | Value                                    |
+-------------------------+------------------------------------------+
| version                 | 5.0.18-standard-log                      |
| version_comment         | MySQL Community Edition - Standard (GPL) |
| version_compile_machine | i686                                     |
| version_compile_os      | pc-linux-gnu                             |
+-------------------------+------------------------------------------+
4 rows in set (0.00 sec)

Let me know if you've had any progress on this.
[14 Feb 2006 23:59] JOrdan L 
I would also like to say that we've installed many other installs of mysql (even on centOS boxes) and never had this problem.  I have a feeling this will be a hard bug to duplicate.
[5 Jul 2006 14:45] Mark Round 
Hi,

We're having the exact same problem, but have a little more information to add.

Hardware : Sun Ultra 20 (Opteron)
OS : SunOS 5.10 Generic_118844-26 i86pc i386 i86pc
MySQL distro : 4.1.20, built by us from source using Sun Studio 11.

We have discovered that a 64-bit client dumps core when using command recall, but a 32-bit client works fine. This is connecting to a local 64-bit server. The stack from the core file is :

core './core' of 21538: mysql -uroot -p
 fffffd7fff3587b2 tputs () + 22
 000000000041f272 term_move_to_char () + 122
 000000000041dcc3 re_update_line () + 4f3
 000000000041d501 re_refresh () + 191
 000000000041cfdf el_gets () + 29f
 00000000004188c8 readline () + 108
 0000000000410af6 __1cKread_lines6Fb_i_ () + d6
 000000000040fe25 main () + 495
 000000000040f7dc ???????? ()

And the ldd information is as follows :

 libcurses.so.1 =>        /lib/64/libcurses.so.1
        libmysqlclient.so.14 =>  /usr/local/mysql/lib/mysql/amd64/libmysqlclient.so.14
        librt.so.1 =>    /lib/64/librt.so.1
        libgen.so.1 =>   /lib/64/libgen.so.1
        libsocket.so.1 =>        /lib/64/libsocket.so.1
        libnsl.so.1 =>   /lib/64/libnsl.so.1
        libm.so.2 =>     /lib/64/libm.so.2
        libz.so.1 =>     /usr/lib/64/libz.so.1
        libCstd.so.1 =>  /usr/lib/64/libCstd.so.1
        libCrun.so.1 =>  /usr/lib/64/libCrun.so.1
        libthread.so.1 =>        /lib/64/libthread.so.1
        libc.so.1 =>     /lib/64/libc.so.1
        libaio.so.1 =>   /lib/64/libaio.so.1
        libmd5.so.1 =>   /lib/64/libmd5.so.1
        libmp.so.2 =>    /lib/64/libmp.so.2
        libscf.so.1 =>   /lib/64/libscf.so.1
        libdoor.so.1 =>  /lib/64/libdoor.so.1
        libuutil.so.1 =>         /lib/64/libuutil.so.1

The 64-bit binaries were compiled using the defaults, with the following environment :

CC=/opt/SUNWspro/bin/cc
CFLAGS="-xtarget=opteron -xarch=amd64"
CXX=/opt/SUNWspro/bin/CC
CXXFLAGS="-xtarget=opteron -xarch=amd64"
LDFLAGS="-xtarget=opteron -xarch=amd64 -L/usr/local/mysql/lib/mysql -R/usr/local/mysql/lib/mysql/amd64"
CCAS="/usr/sfw/bin/gas"

If there is any other output you would like, or any other tests I can run, please let me know.
[6 Nov 2006 23:20] Johan Andersson 
What is the progress on this one?

The same problem exists on 5.0.2x on Solaris9.

-johan
[20 May 2007 21:58] Magnus Blåudd 
Unfortunately I get exactly the same crash with the examples/test program supplied with "libedit-20070302-2.10" - when configured to use termcap which the configure provided with that package does not look for by default.

Core was generated by `/home/msvensson/mysql/bug10218/libedit-20070302-2.10/examples/.libs/lt-test'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000003b26c011d6 in tputs () from /lib64/libtermcap.so.2
(gdb) where
#0  0x0000003b26c011d6 in tputs () from /lib64/libtermcap.so.2
#1  0x00002aaaaaac56ce in term_move_to_char (el=0x6021b0, where=6)
    at term.c:614
#2  0x00002aaaaaac190b in re_refresh (el=0x6021b0) at refresh.c:314
#3  0x00002aaaaaac10c2 in el_gets (el=0x6021b0, nread=0x7fff73534a04)
    at read.c:560
#4  0x0000000000401653 in main (argc=1, argv=0x7fff73534b28) at test.c:163
[21 May 2007 10:03] Magnus Blåudd 
It appears libedit calls the function 'tgoto' from termcap library. It's supposed to return a pointer to a string that when "put" will move the cursor to the selected posistion. Unfortunately the pointer returned by tgoto is not adressable.

term.c>>
protected void
term_move_to_char(EditLine *el, int where)
{
<snip>
	del = where - el->el_cursor.h;
	if ((del < -4 || del > 4) && GoodStr(T_ch))
		/* go there directly */
          (void) tputs(tgoto(Str(T_ch), where, where), where, term__putc);
                       ^^^^^^^^^^^^^^
                       will return illegal pointer that tputs uses
<<

While debugging the 'tgoto' function it looks like the generated string is valid, but it's generated in a static buffer located in tparam.c "static char tgoto_buf[50];" and maybe that cuases this problem. It appears like it shoud be possible to use tparam instead of tgoto which allows a buffer to be supplied by the calling application.
[21 May 2007 11:10] Magnus Blåudd 
It seems like the problem is that we include curses.h or ncurses.h when we compile the program and then link with libtermcap.
[4 Jun 2007 14:42] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/28059

ChangeSet@1.2645, 2007-06-04 16:42:42+02:00, msvensson@pilot.(none) +2 -0
  Bug#10218 Command line recall rolls into Segmentation Fault(coredump)'
   - Declare 'tgoto' if not already declared in system header files.
[16 Jun 2007 4:50] Bugs System 
Pushed into 5.0.44
[16 Jun 2007 4:51] Bugs System 
Pushed into 5.1.20-beta
[18 Jun 2007 15:49] Paul DuBois 
Noted in 5.0.44, 5.1.20 changelogs.

Resetting report to Patch Queued pending push into 4.1.x.
[10 Jul 2007 13:29] Bugs System 
Pushed into 4.1.24
[10 Jul 2007 22:03] Paul DuBois 
Noted in 4.1.24 changelog.
[9 Nov 2007 13:35] Janusz Batko 
I have the same problem in 5.0.45-log (binary version). Every time I recall previous command (by up arrow) I get segmentation fault:
mysql> \sSegmentation fault

My Linux distro is Red Hat 9.0 - 2.4.26-ow1 #2 SMP i686 
Glibc version is glibc-2.3.2-27.9.7

I did strace and here's result (ending lines):
open("/lib/ld-linux.so.2", O_RDONLY)    = 4
read(4, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 \f\0\000"..., 1024) = 1                                024
brk(0x82d5000)                          = 0x82d5000
fstat64(4, {st_mode=S_IFREG|0755, st_size=106400, ...}) = 0
old_mmap(NULL, 87796, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0x15e000
mprotect(0x173000, 1780, PROT_NONE)     = 0
old_mmap(0x173000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 4, 0x15000                                ) = 0x173000
close(4)                                = 0
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
[9 Nov 2007 13:50] Janusz Batko 
OK, it seems that the reason why I got Segmentation fault lies in glibc.

I downgraded glibc from glibc-2.3.2-27.9.7 to glibc-2.3.2-11.9 (which comes from RH 9.0 installation source while version 2.3.2-27.9.7 is an update for it) and now everything's fine. I can recall previous commands using up-arrow.
But it's strange anyway why binary version of mysql client is so sensitive on glibc subversion.
[13 Nov 2007 7:54] Magnus Blåudd 
This bug only occurs on Solaris
[13 Nov 2007 7:54] Magnus Blåudd 
s/occurs/occured/ ;)