Bug #15819 LIST partitioning: crash on attempt to insert a value < lowest_list_const
Submitted: 17 Dec 2005 4:56 Modified: 28 Dec 2005 14:30
Reporter: Sergey Petrunya Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Partitions Severity:S2 (Serious)
Version:5.1-bk OS:Linux (Linux)
Assigned to: Sergey Petrunya CPU Architecture:Any

[17 Dec 2005 4:56] Sergey Petrunya 
Description:
If one has a table partitioned by LIST, attempt to insert a value less then lowest 
list constant will cause crash.

How to repeat:
Run:

create table t4 (a int not null, b int not null) partition by LIST (a+b) (
  partition p0 values in (12),
  partition p1 values in (14)
);
insert into t4 values (10,1);

And get this:

  [Switching to Thread 180236 (LWP 31470)]
  0x0815d0bd in get_partition_id_list (part_info=0x91f1480, part_id=0xb55b8180) at sql_partition.cc:2476
(gdb) where
  #0  0x0815d0bd in get_partition_id_list (part_info=0x91f1480, part_id=0xb55b8180) at sql_partition.cc:2476
  #1  0x0839c716 in ha_partition::write_row (this=0x91ce0b0, buf=0x91ce420 "ΓΏ\n") at ha_partition.cc:1167
  #2  0x082741ea in write_record (thd=0x91cc7b8, table=0x91d3d20, info=0xb55b83f0) at sql_insert.cc:1113
  #3  0x08272a7a in mysql_insert (thd=0x91cc7b8, table_list=0x91f34d8, fields=@0x91ccc84, values_list=@0x91ccca8, update_fields=@0x91ccc9c, update_values=@0x91ccc90, duplic=DUP_ERROR, ignore=false) at sql_insert.cc:513
  #4  0x08210b2e in mysql_execute_command (thd=0x91cc7b8) at sql_parse.cc:3257
  #5  0x08217a26 in mysql_parse (thd=0x91cc7b8, inBuf=0x91f3458 "insert into t4 values (10,1)", length=28) at sql_parse.cc:5626
  #6  0x0820c9d5 in dispatch_command (command=COM_QUERY, thd=0x91cc7b8, packet=0x91ea941 "insert into t4 values (10,1)", packet_length=29) at sql_parse.cc:1708
  #7  0x0820c1d1 in do_command (thd=0x91cc7b8) at sql_parse.cc:1509
  #8  0x0820b24a in handle_one_connection (arg=0x91cc7b8) at sql_parse.cc:1152
  #9  0xb7e1beea in pthread_start_thread () from /lib/libpthread.so.0
  #10 0xb7e1c089 in pthread_start_thread_event () from /lib/libpthread.so.0
  #11 0xb7d52cea in clone () from /lib/libc.so.6
(gdb) p/x list_index
  $2 = 0x1fffffff

i.e. it walks over left bound of list_array.
[17 Dec 2005 13:40] MySQL Verification Team 
051217 11:42:03 [Note] /home/miguel/dbs/5.1/libexec/mysqld: ready for connections.
Version: '5.1.4-alpha-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread 1119861680 (LWP 28294)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1119861680 (LWP 28294)]
0x0815d772 in get_partition_id_list (part_info=0x919acb0, part_id=0x42bfa500) at sql_partition.cc:2476
2476        list_value= list_array[list_index].list_value;
(gdb)
[27 Dec 2005 5:55] Sergey Petrunya 
Fixed by implementation of  WL#2985 "Partition pruning".
The fix has been pushed into 5.1.5 tree.
[28 Dec 2005 14:30] Jon Stephens 
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

Note: The behaviour in such cases is now to return ERROR 1500 (HY000): Table has no partition for value %s. (Verified with clone from latest 5.1)

Documented fix in 5.1.5 changelog. Closed.