Bug #11643 Shuts down MySQL server
Submitted: 29 Jun 2005 17:01 Modified: 13 Jul 2005 18:08
Reporter: Yuri Koba Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Command-line Clients Severity:S1 (Critical)
Version:4.1 OS:Windows (Windows XP/Linux)
Assigned to: Jim Winstead CPU Architecture:Any

[29 Jun 2005 17:01] Yuri Koba 
Description:
select des_encrypt('hello');
error 2003 (HY000): Lost connection to MySQL server during query

How to repeat:
select des_encrypt('hello');
[29 Jun 2005 17:10] MySQL Verification Team 
Thank you for the bug report.
Call stack on Windows:

 	ntdll.dll!7c918fea() 	
 	ntdll.dll!7c90104b() 	
>	mysqld-debug.exe!Item_func_des_encrypt::val_str(String * str=0x00000000)  Line 382	C++
 	mysqld-debug.exe!Item::field_type()  Line 3249 + 0xb	C++
 	03f8e2b0()	
 	ntdll.dll!7c9106eb() 	
 	mysqld-debug.exe!_heap_alloc_base(unsigned int size=66642628)  Line 200	C
 	mysqld-debug.exe!_heap_alloc_dbg(unsigned int nSize=50967520, int nBlockUse=0, const char * szFileName=0x00000000, int nLine=16614416)  Line 341 + 0x1e	C
 	00fd7c48()	
 	mysqld-debug.exe!malloc(unsigned int nSize=202)  Line 130 + 0x15	C
 	mysqld-debug.exe!_mymalloc(unsigned int size=15648136, const char * filename=0x005db81d, unsigned int lineno=16625768, int MyFlags=66643048)  Line 202 + 0x16	C
 	mysqld-debug.exe!my_wildcmp_unicode(charset_info_st * cs=0x005db81d, const char * str=0x00fdb068, const char * str_end=0x03f8e468, const char * wildstr=0x00571082, const char * wildend=0x00fdb068, int escape=0, int w_one=37, int w_many=8, unicase_info_st * * weights=0x03f8e474)  Line 1858 + 0x3	C
 	00eec588()	
 	mysqld-debug.exe!String::copy(const char * str=0x03092fe9, unsigned long arg_length=50975376, charset_info_st * from_cs=0x0000002a, charset_info_st * to_cs=0x0309d2ad, unsigned int * errors=0x00000008)  Line 354 + 0x23	C++
 	mysqld-debug.exe!net_write_buff(st_net * net=0x004aca63, const char * packet=0x03093017, unsigned long len=8775704)  Line 427 + 0x14	C++
 	03f8e494()	
 	mysqld-debug.exe!net_write_buff(st_net * net=0x00fd8180, const char * packet=0x0085e818, unsigned long len=1)  Line 427 + 0x14	C++
 	mysqld-debug.exe!my_net_write(st_net * net=0x03f8e58c, const char * packet=0x03f8e5c0, unsigned long len=4999332)  Line 283 + 0x11	C++
 	mysqld-debug.exe!String::~String()  Line 78 + 0xf	C++
 	mysqld-debug.exe!Protocol::send_fields(List<Item> * list=0x00fd7c48, unsigned int flags=5)  Line 644 + 0x47	C++
 	mysqld-debug.exe!select_send::send_fields(List<Item> & list={...}, unsigned int flags=16612424)  Line 847	C++
 	03f8e668()	
 	mysqld-debug.exe!JOIN::exec()  Line 1205 + 0x96	C++
 	mysqld-debug.exe!mysql_select(THD * thd=0x00fd7958, Item * * * rref_pointer_array=0x00fd7ce0, st_table_list * tables=0x00000000, unsigned int wild_num=0, List<Item> & fields={...}, Item * conds=0x00000000, unsigned int og_num=0, st_order * order=0x00000000, st_order * group=0x00000000, Item * having=0x00000000, st_order * proc_param=0x00000000, unsigned long select_options=2156153344, select_result * result=0x0309b478, st_select_lex_unit * unit=0x00fd79b8, st_select_lex * select_lex=0x00fd7bd0)  Line 2042	C++
 	mysqld-debug.exe!handle_select(THD * thd=0x00fd7958, st_lex * lex=0x00fd79a0, select_result * result=0x0309b478, unsigned long setup_tables_done_option=0)  Line 252 + 0x92	C++
 	mysqld-debug.exe!mysql_execute_command(THD * thd=0x00fd7958)  Line 2425 + 0x13	C++
 	mysqld-debug.exe!mysql_parse(THD * thd=0x00fd7958, char * inBuf=0x0309b248, unsigned int length=27)  Line 5363 + 0x9	C++
 	mysqld-debug.exe!dispatch_command(enum_server_command command=COM_QUERY, THD * thd=0x00fd7958, char * packet=0x03092fe1, unsigned int packet_length=28)  Line 1674 + 0x1d	C++
 	mysqld-debug.exe!do_command(THD * thd=0x00fd7958)  Line 1477 + 0x31	C++
 	mysqld-debug.exe!handle_one_connection(void * arg=0x00fd7958)  Line 1126 + 0x9	C++
 	mysqld-debug.exe!pthread_start(void * param=0x03092d50)  Line 63 + 0x7	C
 	mysqld-debug.exe!_threadstart(void * ptd=0x03097020)  Line 173 + 0xd	C
 	kernel32.dll!7c80b50b() 	
 	kernel32.dll!7c8399f3() 

Backtrace on Linux:

050629 14:09:36 [Note] /home/miguel/dbs/5.0/libexec/mysqld: ready for connections.
Version: '5.0.9-beta-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread 180236 (LWP 2255)]
safe_mutex: Trying to lock unitialized mutex at item_strfunc.cc, line 382

Program received signal SIGABRT, Aborted.
[Switching to Thread 180236 (LWP 2255)]
0x40269ef1 in kill () from /lib/libc.so.6
(gdb) backtrace full
#0  0x40269ef1 in kill () from /lib/libc.so.6
No symbol table info available.
#1  0x4018fbb1 in pthread_kill () from /lib/libpthread.so.0
No symbol table info available.
#2  0x4018ff2b in raise () from /lib/libpthread.so.0
No symbol table info available.
#3  0x40269b24 in raise () from /lib/libc.so.6
No symbol table info available.
#4  0x4026b3fd in abort () from /lib/libc.so.6
No symbol table info available.
#5  0x0855fe7f in safe_mutex_lock (mp=0x879de60, file=0x85a0969 "item_strfunc.cc", line=382) at thr_mutex.c:104
        error = 0
#6  0x081801dd in Item_func_des_encrypt::val_str (this=0x8e06cc8, str=0xbe3fed34) at item_strfunc.cc:382
        code = 1108
        ivec = "Èlà\bàkà\b"
        keyblock = {key1 = "Ü\000\000\000lì?¾", key2 = "hì?¾dì?¾", key3 = "Htà\b¸\202à\b"}
        keyschedule = {ks1 = {ks = {{cblock = "\000\000\000\000\000\000\000", deslong = {0, 0}} <repeats 13 times>, {
        cblock = "|ë?¾\006uT\b", deslong = {3191860092, 139752710}}, {cblock = "qüf\b\022üf\b", deslong = {140967025, 140966930}}, {
        cblock = "\214ë?¾\006uT\b", deslong = {3191860108, 139752710}}}}, ks2 = {ks = {{cblock = "\\¯à\b(­à\b", deslong = {148942684, 
          148942120}}, {cblock = "lë?¾W\003\034\b", deslong = {3191860076, 136053591}}, {cblock = "å*â\b¨ªâ\b", deslong = {149039845, 
          149072552}}, {cblock = "\003\000\000\000të?¾", deslong = {3, 3191860084}}, {cblock = "H­à\bàkà\b", deslong = {148942152, 
          148925408}}, {cblock = "àlà\b\000\000\000", deslong = {148925664, 0}}, {cblock = "\000\000\000\000s?\000", deslong = {0, 16243}}, {
        cblock = "\234ë?¾Èÿ\033\b", deslong = {3191860124, 136052680}}, {cblock = "\224´à\b¨ªâ\b", deslong = {148944020, 149072552}}, {
        cblock = "\003\000\000\000àlà\b", deslong = {3, 148925664}}, {cblock = "Xlà\b̯à\b", deslong = {148925528, 148942796}}, {
        cblock = "Ìë?¾\000\000\000", deslong = {3191860172, 0}}, {cblock = "\033[[\b\003\000\000\n", deslong = {140204827, 167772163}}, {
        cblock = "Ìë?¾q*\034\b", deslong = {3191860172, 136063601}}, {cblock = "\224´à\b¨ªâ\b", deslong = {148944020, 149072552}}, {
        cblock = "Ìë?¾¹\002\024\b", deslong = {3191860172, 135529145}}}}, ks3 = {ks = {{cblock = "\004ì?¾\230rà\b", deslong = {3191860228, 
          148927128}}, {cblock = "Lï?¾| \033\b", deslong = {3191861068, 136028284}}, {cblock = "ÄK[\b I[\b", deslong = {140200900, 
          140200224}}, {cblock = "Lï?¾Ó¡\033\b", deslong = {3191861068, 136028627}}, {cblock = "\004ì?¾\000ì?¾", deslong = {3191860228, 
          3191860224}}, {cblock = "üë?¾øë?¾", deslong = {3191860220, 3191860216}}, {cblock = "û\003\031@ô_\031@", deslong = {1075381243, 
          1075404788}}, {cblock = "\000\000\000\000\000\000\000", deslong = {0, 0}}, {cblock = "\000\000\000\000\000\000\000@", deslong = {
          0, 1073741824}}, {cblock = "ÿÿÿÿÿÿï\177", deslong = {4294967295, 2146435071}}, {cblock = "$ì?¾þ\002\000", deslong = {3191860260, 
          766}}, {cblock = "þ\002\000\000\000Ó\023", deslong = {766, 1299200}}, {cblock = " \212x\b\000\000\000", deslong = {142117408, 0}}, 
      {cblock = "|ì?¾\006uT\b", deslong = {3191860348, 139752710}}, {cblock = "qüf\b\022üf\b", deslong = {140967025, 140966930}}, {
        cblock = "|ì?¾GwT\b", deslong = {3191860348, 139753287}}}}}
        append_str = 0x85a0c38 "********"
        key_number = 0
        res_length = 5
        tail = 0
---Type <return> to continue, or q <return> to quit---
        res = (String *) 0x8e06c48
#7  0x08149642 in Item::send (this=0x8e06cc8, protocol=0x8e0b724, buffer=0xbe3fed34) at item.cc:3833
        res = (String *) 0x0
        result = false
        type = MYSQL_TYPE_VARCHAR
#8  0x081ba0d8 in select_send::send_data (this=0x8e06e18, items=@0x8e0afcc) at sql_class.cc:878
        li = {<base_list_iterator> = {list = 0x8e0afcc, el = 0x8e06d80, prev = 0x0, current = 0x0}, <No data fields>}
        protocol = (class Protocol *) 0x8e0b724
        buff = ")\000\000\000ÿÿÿÿ\234í?¾{M\031\b\234mà\b<\000\000\000@Ïv\b\vlà\b\024\000\000\000@\232x\b\220í?¾\033Ó\023\b ¤Xuàû?¾\210mà\b\000\000\000\000\024\000\000\000\210mà\bÜí?¾\v\034\024\b÷kà\b\024\000\000\000@\232x\bÈ\033{\bÈ\032{\b@\232x\bÔö?¾h­à\b\f\000\000\000(­à\bÈlà\bÇì\037\bX\003\000\000àû?¾\f÷?¾ÁË\036\bÔö?¾(­à\b\024\000\000\000@\232x\bHtà\b\001\000\000\000\234î?)\233Äà\bÿÿÿÿ\\¯à\bLî?¾Çu\034\b@Ïv\bDî?¾"...
        buffer = {Ptr = 0xbe3fed54 ")", str_length = 766, Alloced_length = 766, alloced = false, str_charset = 0x8788a20}
        _db_func_ = 0x8e06c0b ""
        _db_file_ = 0x8e06c0b ""
        _db_level_ = 3191860564
        _db_framep_ = (char **) 0x8789a40
        item = (class Item *) 0x8e06cc8
#9  0x08219167 in JOIN::exec (this=0x8e06e28) at sql_select.cc:1203
        tmp_error = 0
        _db_func_ = 0x0
        _db_file_ = 0x8e0b064 ""
        _db_level_ = 148925992
        _db_framep_ = (char **) 0x8e0af5c
        curr_join = (JOIN *) 0x0
        curr_all_fields = (List<Item> *) 0x8e06e28
        curr_fields_list = (List<Item> *) 0x8e06e18
        curr_tmp_table = (TABLE *) 0x80844a00
#10 0x0821b74e in mysql_select (thd=0x8e0ad28, rref_pointer_array=0x8e0b064, tables=0x0, wild_num=0, fields=@0x8e0afcc, conds=0x0, og_num=0, 
    order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2156153344, result=0x8e06e18, unit=0x8e0ad78, select_lex=0x8e0af5c)
    at sql_select.cc:2040
        err = false
        free_join = true
        _db_func_ = 0x813db48 "\203Ä\020\211Eð\211Uôë\016ÇEðÿÿÿÿÇEôÿÿÿÿ\213Eð\213Uô\211Eø\211Uü\213U\b\211Uì\213E\f\203¸\004\001"
        _db_file_ = 0xbe3ff17c ""
        _db_level_ = 140582735
        _db_framep_ = (char **) 0x861220c
        join = (JOIN *) 0x8e06e28
#11 0x08216175 in handle_select (thd=0x8e0ad28, lex=0x8e0ad68, result=0x8e06e18, setup_tables_done_option=0) at sql_select.cc:240
        unit = (SELECT_LEX_UNIT *) 0x8e0ad78
---Type <return> to continue, or q <return> to quit---
        res = false
        select_lex = (SELECT_LEX *) 0x8e0af5c
        _db_func_ = 0x8e0ad28 "HS[\b(0y\b,0y\bXS[\bÈmà\bH­à\b"
        _db_file_ = 0x81e0fd6 "\203Ä \210Eç\200}ç"
        _db_level_ = 3191863052
        _db_framep_ = (char **) 0xad28
#12 0x081e11bc in mysql_execute_command (thd=0x8e0ad28) at sql_parse.cc:2425
        result = (class select_result *) 0x8e06e18
        res = false
        result = 0
        lex = (LEX *) 0x8e0ad68
        select_lex = (SELECT_LEX *) 0x8e0af5c
        slave_fake_lock = false
        fake_prev_lock = (MYSQL_LOCK *) 0x0
        first_table = (TABLE_LIST *) 0x0
        all_tables = (TABLE_LIST *) 0x0
        unit = (SELECT_LEX_UNIT *) 0x8e0ad78
        _db_func_ = 0x0
        _db_file_ = 0x0
        _db_level_ = 0
        _db_framep_ = (char **) 0xbe3ff6d0
#13 0x081e89d4 in mysql_parse (thd=0x8e0ad28, inBuf=0x8e06bf0 "select des_encrypt('hello')", length=27) at sql_parse.cc:5363
        lex = (LEX *) 0x8e0ad68
        _db_func_ = 0x8795240 "¨Û_\b"
        _db_file_ = 0x81df56e "\203Ä \203=TVz\b"
        _db_level_ = 3191863740
        _db_framep_ = (char **) 0x2c00c
#14 0x081df5ce in dispatch_command (command=COM_QUERY, thd=0x8e0ad28, packet=0x8e22a59 "", packet_length=28) at sql_parse.cc:1674
        packet_end = 0x8e06c0b ""
        net = (NET *) 0x8e0b494
        error = false
        _db_func_ = 0x604b58 <Address 0x604b58 out of bounds>
        _db_file_ = 0x0
        _db_level_ = 136918254
        _db_framep_ = (char **) 0xbe3ff9dc
#15 0x081deeb5 in do_command (thd=0x8e0ad28) at sql_parse.cc:1477
        packet = 0x8e22a58 "\001"
        old_timeout = 30
        packet_length = 28
---Type <return> to continue, or q <return> to quit---
        net = (NET *) 0x8e0b494
        command = COM_QUERY
        _db_func_ = 0x8e0bd90 "ÿÿÿÿ"
        _db_file_ = 0x81b83b7 "\203Ä\020ÉÃU\211å\203ì\b\203ì\fÿu\bè\217"
        _db_level_ = 3191863804
        _db_framep_ = (char **) 0x1010
#16 0x081de0bd in handle_one_connection (arg=0x8e0ad28) at sql_parse.cc:1126
        error = 0
        net = (NET *) 0x8e0b494
        thd = (class THD *) 0x8e0ad28
        launch_time = 0
        set = {__val = {0 <repeats 32 times>}}
#17 0x4018d54e in pthread_start_thread () from /lib/libpthread.so.0
No symbol table info available.
#18 0x4018d5df in pthread_start_thread_event () from /lib/libpthread.so.0
No symbol table info available.
#19 0x402fab8a in clone () from /lib/libc.so.6
No symbol table info available.
(gdb)
[7 Jul 2005 18:17] Jim Winstead 
Problem exists in 4.1, too.
[7 Jul 2005 18:50] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/26785
[13 Jul 2005 16:29] Jim Winstead 
Fixed in 4.1.13 and 5.0.10.
[13 Jul 2005 18:08] Paul DuBois 
Noted in 4.1.13, 5.0.10 changelogs.