Bug #12281 Geometry: crash if trigger
Submitted: 29 Jul 2005 23:20 Modified: 12 Aug 2005 19:33
Reporter: Peter Gulutzan Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0.11-beta-debug OS:Linux (SUSE 9.2)
Assigned to: Alexey Botchkov CPU Architecture:Any

[29 Jul 2005 23:20] Peter Gulutzan 
Description:
I have a table with a GEOMETRY column.
I have an AFTER UPDATE trigger on the table.
I try to insert NULLs; it fails; okay.
I try to drop the table ... crash.

How to repeat:
mysql> create table tr1 (s1 geometry not null,s2 char(100));
Query OK, 0 rows affected (0.00 sec)

mysql> create trigger tr1_bu before update on tr1 for each row set new.s1 = null;
Query OK, 0 rows affected (0.01 sec)

mysql> insert into tr1 values (null,null);
ERROR 1048 (23000): Column 's1' cannot be null
mysql> drop table tr1;
ERROR 2013 (HY000): Lost connection to MySQL server during query
[29 Jul 2005 23:45] MySQL Verification Team 
Thank you for the bug report.

Version: '5.0.11-beta-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread 1132452784 (LWP 12354)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1132452784 (LWP 12354)]
0x00000000 in ?? ()
(gdb) backtrace full
#0  0x00000000 in ?? ()
No symbol table info available.
#1  0x08331c34 in ~Table_triggers_list (this=0x8e23340) at sql_trigger.cc:457
        fld_ptr = (class Field **) 0x8e233ec
#2  0x0820b448 in intern_close_table (table=0x8e221d8) at sql_base.cc:210
No locals.
#3  0x0820b4f2 in free_cache_entry (table=0x8e221d8) at sql_base.cc:231
        _db_func_ = 0x87bee60 ""
        _db_file_ = 0x879b4a0 ""
        _db_level_ = 139845491
        _db_framep_ = (char **) 0x437fb4c8
#4  0x0855e24a in hash_delete (hash=0x879b4a0, record=0x8e221d8 "à&â\b\200(â\bÈ\016á\bÈ\016á\b") at hash.c:509
        blength = 4
        pos2 = 4294967295
        pos_hashnr = 142339664
        lastpos_hashnr = 0
        idx = 0
        empty_index = 2
        data = (HASH_LINK *) 0x87bee50
        lastpos = (HASH_LINK *) 0x87bee60
        gpos = (HASH_LINK *) 0x87bee58
        pos = (HASH_LINK *) 0x87bee60
        pos3 = (HASH_LINK *) 0x855dabd
        empty = (HASH_LINK *) 0x87bee60
        _db_func_ = 0x9 <Address 0x9 out of bounds>
        _db_file_ = 0x8e11880 "test"
        _db_level_ = 1
        _db_framep_ = (char **) 0x437fb4b8
#5  0x08213c4d in remove_table_from_cache (thd=0x8e04460, db=0x8e05ed0 "test", table_name=0x8e201f8 "tr1", flags=0) at sql_base.cc:4152
        key = "test\000tr1\000È0@ô¯0@\000È0@°Û\177C¬µ\177C·\214%@\027ý\027@¨\016á\bR\000\000\000\000\000\000\000Hµ\177CÀ\000\030@\000D\000\000\000Ë0@8È0@°Û\177Ct\006\000\000³ÒV\b\027ý\027@\000\000\000\000ȶ\177C\000\000\000\000xµ\177CÀ\000\030@\230µ\177C\026ÔV\b\000×z\b\000È0@\000\004\000\000\000\031\000\000\027ý\027@`Áá\bS\000\000\000\000\000\000\000¨µ\177CÀ\000\030@ȵ\177C\026ÔV\b\000×z\b°Û\177C}\006\000\000³ÒV\b\000\000\000\000\000\000\000\000(·\177C\003KU\bÊ\000\000\000\024·\177C"...
        key_length = 9
        table = (TABLE *) 0x0
        result = false
        signalled = false
        _db_func_ = 0x2030 <Address 0x2030 out of bounds>
        _db_file_ = 0x40257036 "\201þ?\v"
---Type <return> to continue, or q <return> to quit---
        _db_level_ = 141620
        _db_framep_ = (char **) 0x437fdbb0
#6  0x081c9ad9 in lock_table_name (thd=0x8e04460, table_list=0x8e20220) at lock.cc:617
        table = (TABLE *) 0x8e1c180
        key = "test\000tr1\000·\177C¸·\177CÕlg\bvlg\bÈ·\177CÍCU\b\220·\177C\230\031y\b\000\000\000\000\000\000\000\000h\036â\bh\036â\b\001\000\000\000Í\017T\b\200Dà\b¨\001â\bØ\tâ\b¼·\177C\000\000\000\000\000\000\000\000ø·\177CV\017T\bëGg\b", '\0' <repeats 12 times>, "à·\177C\230\031y\b\000\000\000\000\000\000\000\000X\036â\bX\036â\b\001\000\000\000ôo)\bU\005\000\000\000\000\000\000\017\000\000\000\214¤)\000ù\000\000\000\000\000\000\000ð\001â\b\027¸\177C./test/\0008¸\177CÅï\"\b\000\tâ\b\001\000\000\000\002\000"...
        db = 0x8e05ed0 "test"
        key_length = 9
        _db_func_ = 0x0
        _db_file_ = 0x0
        _db_level_ = 0
        _db_framep_ = (char **) 0x3
#7  0x081c9cde in lock_table_names (thd=0x8e04460, table_list=0x8e20220) at lock.cc:696
        got_lock = 137149442
        got_all_locks = true
        lock_table = (TABLE_LIST *) 0x8e20220
#8  0x082cbc13 in mysql_rm_table_part2 (thd=0x8e04460, tables=0x8e20220, if_exists=false, drop_temporary=false, drop_view=false, 
    dont_log_query=false) at sql_table.cc:223
        table = (TABLE_LIST *) 0x0
        path = "\000\000\000\000\000\000s \000\000\000\000ÿÿÿÿüÿÿÿ\000\000\000\000\000\000\000\000\200\004â\bX\005â\b\000\000\000\000\001\000\000\000 \002â\b./test/tr1.frm\000\000\000\000\000\000\000\000\000
[5 Aug 2005 15:10] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/27927
[5 Aug 2005 15:17] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/27928
[5 Aug 2005 15:19] Alexey Botchkov 
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html
[8 Aug 2005 12:36] Alexey Botchkov 
pushed in 5.0.12
[12 Aug 2005 19:33] Paul DuBois 
Noted in 5.0.12 changelog.