Bug #12636 Query crashes MySQL server
Submitted: 18 Aug 2005 8:49 Modified: 25 Aug 2005 11:07
Reporter: Ritesh Nadhani Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S1 (Critical)
Version:5.0.12-200508181000 OS:Any (All)
Assigned to: Igor Babaev CPU Architecture:Any

[18 Aug 2005 8:49] Ritesh Nadhani 
Description:
Just created a test database test and run the following query:

show table status from `test` where `name` in ( select `TABLE_NAME` from `INFORMATION_SCHEMA`.`TABLES` where `TABLE_SCHEMA` = 'test' and `TABLE_TYPE` = 'BASE TABLE')

I have tested it with 5.0.6 and 5.0.10 and both the times, the query crashed the server.

How to repeat:
As stated above.

Suggested fix:
No idea :)
[18 Aug 2005 9:45] Andrey Hristov 
Program received signal SIGSEGV, Segmentation fault.
0x0837564d in my_strcasecmp_utf8 (cs=0x85c0c40, s=0x847f97b "information_schema", t=0x0) at ctype-utf8.c:2347
/work/mysql-5.0-bug125922/strings/ctype-utf8.c:2347:103427:beg:0x837564d
Current language:  auto; currently c
(gdb) up
#1  0x081e7c0e in make_db_list (thd=0x8694250, files=0xbfffccc0, idx_field_vals=0xbfffdcf8, with_i_schema=0xbfffccdf, is_wild_value=false) at sql_show.cc:1892
/work/mysql-5.0-bug125922/sql/sql_show.cc:1892:62091:beg:0x81e7c0e
Current language:  auto; currently c++
(gdb) bt
#0  0x0837564d in my_strcasecmp_utf8 (cs=0x85c0c40, s=0x847f97b "information_schema", t=0x0) at ctype-utf8.c:2347
#1  0x081e7c0e in make_db_list (thd=0x8694250, files=0xbfffccc0, idx_field_vals=0xbfffdcf8, with_i_schema=0xbfffccdf, is_wild_value=false) at sql_show.cc:1892
#2  0x081e7ff4 in get_all_tables (thd=0x8694250, tables=0x869c348, cond=0x86f6c80) at sql_show.cc:1998
#3  0x081ef58f in get_schema_tables_result (join=0x86a5fe8) at sql_show.cc:3700
#4  0x08136f85 in JOIN::exec (this=0x86a5fe8) at sql_select.cc:1280
#5  0x080b0542 in subselect_single_select_engine::exec (this=0x869c9d8) at item_subselect.cc:1571
#6  0x080ac64a in Item_subselect::exec (this=0x869c940) at item_subselect.cc:198
#7  0x080adec0 in Item_in_subselect::val_bool (this=0x869c940) at item_subselect.cc:727
#8  0x0805fda2 in Item::val_bool_result (this=0x869c940) at item.h:540
#9  0x08084e13 in Item_in_optimizer::val_int (this=0x86a5b88) at item_cmpfunc.cc:719
#10 0x0814ad67 in evaluate_join_record (join=0x86a4698, join_tab=0x86a7020, error=0, report_error=0x8694c40 "") at sql_select.cc:9451
#11 0x0814abfb in sub_select (join=0x86a4698, join_tab=0x86a7020, end_of_records=false) at sql_select.cc:9404
#12 0x0814a74e in do_select (join=0x86a4698, fields=0x8694514, table=0x0, procedure=0x0) at sql_select.cc:9167
#13 0x081384ad in JOIN::exec (this=0x86a4698) at sql_select.cc:1673
#14 0x08139605 in mysql_select (thd=0x8694250, rref_pointer_array=0x86945ac, tables=0x869d588, wild_num=0, fields=@0x8694514, conds=0x869c940, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2693024256, result=0x86a4688, unit=0x86942a0, select_lex=0x8694494) at sql_select.cc:2093
#15 0x08133785 in handle_select (thd=0x8694250, lex=0x8694290, result=0x86a4688, setup_tables_done_option=0) at sql_select.cc:238
#16 0x080f8cb0 in mysql_execute_command (thd=0x8694250) at sql_parse.cc:2429
#17 0x08101783 in mysql_parse (thd=0x8694250, inBuf=0x869bcf0 "show table status from `test` where `name` in ( select `TABLE_NAME` from\n`INFORMATION_SCHEMA`.`TABLES` where `TABLE_SCHEMA` = 'test' and `TABLE_TYPE` =\n'BASE TABLE')", length=165) at sql_parse.cc:5439
#18 0x080f6d69 in dispatch_command (command=COM_QUERY, thd=0x8694250, packet=0x868a649 "", packet_length=166) at sql_parse.cc:1659
#19 0x080f6536 in do_command (thd=0x8694250) at sql_parse.cc:1458
#20 0x080f5616 in handle_one_connection (arg=0x8694250) at sql_parse.cc:1111
#21 0x080e36ad in create_new_thread (thd=0x8694250) at mysqld.cc:3654
#22 0x080e3e8d in handle_connections_sockets (arg=0x0) at mysqld.cc:3926
#23 0x080e30ed in main (argc=2, argv=0xbffff0b4) at mysqld.cc:3325
[23 Aug 2005 0:32] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/28662
[24 Aug 2005 21:08] Igor Babaev 
ChangeSet
  1.1903 05/08/22 17:32:02 igor@rurik.mysql.com +3 -0
  sql_show.cc:
    Database name was set incorrectly for any show command
    that used sunqueries in its where condition.
  information_schema.test, information_schema.result:
    Added a test case for bug #12636.

The fix will appear in 5.0.12.
[24 Aug 2005 21:37] Igor Babaev 
Correction: the fix will appear in 5.0.13.
[25 Aug 2005 11:07] Jon Stephens 
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

Documented bugfix in 5.0.13 changeset. Closed.