Bug #12097 Range and list expressions gets non-fixed in prepared statement protocol
Submitted: 21 Jul 2005 21:57 Modified: 7 Aug 2005 1:46
Reporter: Mikael Ronström Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.1.0 OS:Linux (RHEL)
Assigned to: Mikael Ronström CPU Architecture:Any

[21 Jul 2005 21:57] Mikael Ronström 
Description:
When using the prepared statement protocol the item trees of the CREATE TABLE statements
gets unfixed after completing the prepare part. This makes calling val_int on them to get the
integer value dangerous in check_list_constants and check_range_constants.

It does however behave correctly so the problem is only detected in a debug version where
there is a DBUG_ASSERT that crashes the server

How to repeat:
CREATE TABLE (a int)
PARTITION BY LIST (a)
(PARTITION p1 VALUES IN (70+43));

executed in debug mode and using the prepared statement protocol should do the trick.

Suggested fix:
Evaluate the item tree constant already in the parser and save only the integer value it
produces.
[22 Jul 2005 19:20] Mikael Ronström 
Unsafe code in CREATE TABLE with partitions that crashed the MySQL Server in an
DBUG_ASSERT in debug mode.
[3 Aug 2005 20:32] Mike Hillyer 
There is no patch to document in the changelogs, therefore this bug should not be in documenting status. Reverting to Open status.
[4 Aug 2005 14:31] Mikael Ronström 
Fixed in version 5.1.1
ChangeSets pappa:1.1869, pappa:1.1870, pappa:1.1871 on 22 july 2005
[7 Aug 2005 1:46] Mike Hillyer 
Documented in 5.1.1 changelog:

<listitem><para>
 Performing a <literal>CREATE TABLE</literal> statement with a <literal>PARTITION BY</literal> clause in a prepared statement could crash a server running in debug mode. (Bug #12097)
</para></listitem>