Bug #17602 Server crash on AVG/SUM over DECIMAL column
Submitted: 21 Feb 2006 0:19 Modified: 4 Mar 2006 7:31
Reporter: Kolbe Kegel Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:5.0.18 OS:Linux (Linux)
Assigned to: Sergei Glukhov CPU Architecture:Any

[21 Feb 2006 0:19] Kolbe Kegel 
Description:
The MySQL server can crash with out of memory errors and die with SIGFPE when doing certain aggregate functions on a DECIMAL column.

Data was loaded into a MyISAM table in a 5.0.18 installation using LOAD DATA LOCAL INFILE (i.e. was not upgraded from 4.1 or an earlier version of 5.0).

The problem only seems to occur on one of many (20+) decimal columns in a MyISAM table.

Crashes have been witnessed using AVG() and SUM() functions over a single column from a single table with no explicit GROUP BY clause. The crash was not observed when doing COUNT(DISTINCT) over the same column. These functions applied to other DECIMAL columns do not cause any crashes.

How to repeat:
Not yet available.

Suggested fix:
n/a
[21 Feb 2006 3:02] Kolbe Kegel 
There are apparently two separate but almost certainly related things happening here. 

mysql 5.0.18-max (root) [test]> select sum(col1) from t17602;
ERROR 5 (HY000): Out of memory (Needed 4294965600 bytes)

mysql 5.0.18-max (root) [test]> select avg(col1) from t17602;
ERROR 2013 (HY000): ./bin/mysqld_safe: line 384: 21475 Segmentation fault      (core dumped) nohup /home/kolbe/MySQL/inst/5.0.18/bin/mysqld --basedir=/home/kolbe/MySQL/inst/5.0.18 --datadir=/home/kolbe/MySQL/inst/5.0.18/data --pid-file=/home/kolbe/MySQL/inst/5.0.18/data/beluga.pid --skip-locking --socket=../mysql.sock >>/home/kolbe/MySQL/inst/5.0.18/data/beluga.err 2>&1
[27 Feb 2006 13:59] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/3189
[28 Feb 2006 9:33] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/3223
[1 Mar 2006 7:24] Sergei Glukhov 
Fixed in 5.0.19
[1 Mar 2006 18:11] Trudy Pelzer 
Also fixed in 5.1.8.
[1 Mar 2006 19:22] Magnus BlÄudd 
"type_decimal" fails in "ps_mode" after the patch for this bug has been fixed.
[4 Mar 2006 7:31] Jon Stephens 
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

Documented fix in 5.0.19 and 5.1.8 changelogs. Closed.