| Bug #14233 | Crash after tampering with the mysql.proc table | ||
|---|---|---|---|
| Submitted: | 22 Oct 2005 19:23 | Modified: | 8 Dec 2005 23:38 |
| Reporter: | Joe Knall | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S2 (Serious) |
| Version: | 5.0.13rc/5.0.16 BK source | OS: | Linux (Linux) |
| Assigned to: | Per-Erik Martin | CPU Architecture: | Any |
[22 Oct 2005 19:23]
Joe Knall
[22 Oct 2005 21:48]
MySQL Verification Team
Thank you for the bug report.
miguel@hegel:~/dbs/5.0> bin/mysql -uroot mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 5.0.16-debug
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> insert into `proc` ( `db` , `name` , `type` , `specific_name` , `language` ,
-> `sql_data_access` , `is_deterministic` , `security_type` , `param_list` ,
-> `returns` , `body` , `definer` , `created` , `modified` , `sql_mode` , `comment`
-> )
-> values (
-> 'mysql', 'test', 'FUNCTION', 'test', 'SQL', 'READS_SQL_DATA', 'NO', 'DEFINER',
-> '', 'int(10)', 'begin select count(*) from `user`; end', 'root@localhost', NOW(
-> ) , '0000-00-00 00:00:00', '', ''
-> );
Query OK, 1 row affected (0.01 sec)
mysql> select test();
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>
051022 19:45:42 [Note] /home/miguel/dbs/5.0/libexec/mysqld: ready for connections.
Version: '5.0.16-debug' socket: '/tmp/mysql.sock' port: 3306 Source distribution
[New Thread 1129679792 (LWP 6676)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1129679792 (LWP 6676)]
0x00000000 in ?? ()
(gdb) bt full
#0 0x00000000 in ?? ()
No symbol table info available.
#1 0x08148848 in Item::val_uint (this=0x8e6df18) at item.h:455
No locals.
#2 0x08147bea in st_select_lex_unit::set_limit (this=0x8e41110, sl=0x8e41324) at sql_lex.cc:1838
select_limit_val = 604156325066335496
#3 0x08228400 in handle_select (thd=0x8e410c0, lex=0x8e41100, result=0x8e6e020, setup_tables_done_option=0) at sql_select.cc:228
unit = (SELECT_LEX_UNIT *) 0x8e41110
res = false
select_lex = (SELECT_LEX *) 0x8e41324
_db_func_ = 0xe410c0 <Address 0xe410c0 out of bounds>
_db_file_ = 0x81f03c3 "\203Ä \210Eç\200}ç"
_db_level_ = 1129676776
_db_framep_ = (char **) 0xc0
#4 0x081f05a3 in mysql_execute_command (thd=0x8e410c0) at sql_parse.cc:2484
result = (class select_result *) 0x8e6e020
res = false
result = 0
lex = (LEX *) 0x8e41100
select_lex = (SELECT_LEX *) 0x8e41324
first_table = (TABLE_LIST *) 0x0
all_tables = (TABLE_LIST *) 0x0
unit = (SELECT_LEX_UNIT *) 0x8e41110
_db_func_ = 0x0
_db_file_ = 0x8e41100 "\230\"[\b\001"
_db_level_ = 1129676776
_db_framep_ = (char **) 0x8e6d6e0
#5 0x081f813d in mysql_parse (thd=0x8e410c0, inBuf=0x8e6d6f0 "select test()", length=13) at sql_parse.cc:5558
lex = (LEX *) 0x8e41100
_db_func_ = 0x87badc0 "ÈÆb\b"
_db_file_ = 0x81ee871 "\203Ä \203=\024µ|\b"
_db_level_ = 1129676820
_db_framep_ = (char **) 0x0
#6 0x081ee8ed in dispatch_command (command=COM_QUERY, thd=0x8e410c0, packet=0x8e65691 "select test()", packet_length=14)
at sql_parse.cc:1697
packet_end = 0x8e6d6fd ""
net = (NET *) 0x8e41894
error = false
_db_func_ = 0xe <Address 0xe out of bounds>
---Type <return> to continue, or q <return> to quit---
_db_file_ = 0x2000 <Address 0x2000 out of bounds>
_db_level_ = 0
_db_framep_ = (char **) 0x2
#7 0x081ee1e4 in do_command (thd=0x8e410c0) at sql_parse.cc:1498
packet = 0x8e65690 "\003select test()"
old_timeout = 30
packet_length = 14
net = (NET *) 0x8e41894
command = COM_QUERY
_db_func_ = 0x8e42210 "ÿÿÿÿ"
_db_file_ = 0x81c6843 "\203Ä\020\213E\bÆ\200à\021"
_db_level_ = 1129677672
_db_framep_ = (char **) 0x1010
#8 0x081ed37f in handle_one_connection (arg=0x8e410c0) at sql_parse.cc:1143
error = 0
net = (NET *) 0x8e41894
sctx = (Security_context *) 0x8e4206c
thd = (class THD *) 0x8e410c0
launch_time = 0
set = {__val = {0 <repeats 32 times>}}
#9 0x40174aa7 in start_thread () from /lib/tls/libpthread.so.0
No symbol table info available.
#10 0x402a5c2e in clone () from /lib/tls/libc.so.6
No symbol table info available.
(gdb)
[26 Oct 2005 14:13]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/internals/31503
[26 Oct 2005 14:15]
Per-Erik Martin
Please note that tampering directly with the mysql.proc table is not supported and is not likely to work in general.
[26 Oct 2005 15:14]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/internals/31506
[25 Nov 2005 16:15]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/internals/32719
[6 Dec 2005 14:29]
Per-Erik Martin
Pushed to 5.0.17 bk. If the mysql.proc table is at all mentioned in the documentation, it should perhaps be pointed out that it should not be manipulated directly. (If it doesn't say so already.)
[8 Dec 2005 23:38]
Paul DuBois
Noted in 5.0.17 changelog. Put a note about manual proc table manipulation in the stored routines chapter.
