Bug #21135 Crash in test "func_time"
Submitted: 19 Jul 2006 8:26 Modified: 19 Jul 2006 18:21
Reporter: Joerg Bruehe Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:4.1.21 OS:Unix (various)
Assigned to: Magnus Blåudd CPU Architecture:Any

[19 Jul 2006 8:26] Joerg Bruehe 
Description:
Release build of 4.1.21

Crash in the "func_time" test on an invalid (at least: dubious) date syntax:

=====
func_time                      [ fail ]

Errors are (from /PATH/mysqltest-time) :
mysqltest: At line NNN: query 'select f1 from t1 where date(f1) between "2006-1-1" and "2006.1.1"' failed: 2013: Lost connection to MySQL server during query
(the last lines may be the most important ones)
=====

Occurs on several (but not all) platforms;
if it crashes, then in all products and all test runs (default, PS, NDB):
butch-64bit
etpglb0
octane2
octane2-64bit
osx-tiger-ppc
osx-tiger-ppc-64bit
pegasos3
powermacg5
sol10-sparc-a
sol10-sparc-a-64bit
sunfire100a-64bit
sunfire100b
sunfire100c

This test also crashes in "embedded" runs, but there it lacks diagnostic info:
=====
func_time                      [ fail ]

Errors are (from /PATH/mysqltest-time) :
mysqltest returned unexpected code 139, it has probably crashed
(the last lines may be the most important ones)
=====
butch-64bit    embedded
etpglb0    embedded
octane2    embedded
octane2    embedded
pegasos3    embedded
sol10-sparc-a    embedded
sol10-sparc-a-64bit    embedded
sunfire100a-64bit    embedded
sunfire100b    embedded
sunfire100c    embedded

=====
func_time                      [ fail ]

Errors are (from /PATH/mysqltest-time) :
YYMMDD HH:MM:SS [Warning] Setting lower_case_table_names=2 because file system for /PATH/mysql-test/var/master-data/ is cas
e insensitive
mysqltest returned unexpected code 138, it has probably crashed
(the last lines may be the most important ones)
=====
osx-tiger-ppc    embedded
osx-tiger-ppc-64bit    embedded
powermacg5    embedded

How to repeat:
Run the test suite.
[19 Jul 2006 10:38] Magnus Blåudd 
(dbx) where
current thread: t@3
  [1] _lwp_kill(0x0, 0xb, 0xffffffffffffffeb, 0x0, 0x64, 0x0), at 0xffffffff7dca822c
=>[2] write_core(sig = 11), line 217 in "stacktrace.c"
  [3] handle_segfault(sig = 11), line 2018 in "mysqld.cc"
  [4] __sighndlr(0xb, 0x0, 0xffffffff7cd2d3b0, 0x1001b0348, 0x0, 0x0), at 0xffffffff7f018478
  ---- called from signal handler with signal 11 (SIGSEGV) ------
  [5] Field_date::store(this = 0x10087d770, from = 0x10087c578 "2006-1-1", len = 8U, cs = 0x1006ecd98), line 4328 in "field.cc"
  [6] Item_string::save_in_field(this = 0x10087c588, field = 0x10087d770, no_conversions = true), line 2205 in "item.cc"
  [7] convert_constant_item(thd = 0x1008721e0, field = 0x10087d770, item = 0x10087c7a8), line 322 in "item_cmpfunc.cc"
  [8] agg_cmp_type(thd = 0x1008721e0, type = 0x10087c738, items = 0x10087c7a0, nitems = 3U), line 177 in "item_cmpfunc.cc"
  [9] Item_func_between::fix_length_and_dec(this = 0x10087c688), line 1019 in "item_cmpfunc.cc"
  [10] Item_func::fix_fields(this = 0x10087c688, thd = 0x1008721e0, tables = 0x10087c388, ref = 0x10087d6b8), line 178 in "item_func.cc"
  [11] Item_func_between::fix_fields(this = 0x10087c688, thd = 0x1008721e0, tables = 0x10087c388, ref = 0x10087d6b8), line 992 in "item_cmpfunc.cc"
  [12] setup_conds(thd = 0x1008721e0, tables = 0x10087c388, conds = 0x10087d6b8), line 2748 in "sql_base.cc"
  [13] setup_without_group(thd = 0x1008721e0, ref_pointer_array = 0x10087d720, tables = 0x10087c388, fields = CLASS, all_fields = CLASS, conds = 0x10087d6b8, order = (nil), group = (nil), hidden_group_fields = 0x10087d5ae), line 220 in "sql_select.cc"
  [14] JOIN::prepare(this = 0x10087c7d8, rref_pointer_array = 0x1008725d0, tables_init = 0x10087c388, wild_num = 0, conds_init = 0x10087c688, og_num = 0, order_init = (nil), group_init = (nil), having_init = (nil), proc_param_init = (nil), select_lex_arg = 0x1008723f8, unit_arg = 0x100872258), line 266 in "sql_select.cc"
  [15] mysql_select(thd = 0x1008721e0, rref_pointer_array = 0x1008725d0, tables = 0x10087c388, wild_num = 0, fields = CLASS, conds = 0x10087c688, og_num = 0, order = (nil), group = (nil), having = (nil), proc_param = (nil), select_options = 2189707776U, result = 0x10087c7c0, unit = 0x100872258, select_lex = 0x1008723f8), line 1642 in "sql_select.cc"
  [16] handle_select(thd = 0x1008721e0, lex = 0x100872248, result = 0x10087c7c0), line 177 in "sql_select.cc"
  [17] mysql_execute_command(thd = 0x1008721e0), line 2124 in "sql_parse.cc"
  [18] mysql_parse(thd = 0x1008721e0, inBuf = 0x10087c200 "select f1 from t1 where date(f1) between "2006-1-1" and "2006.1.1"", length = 66U), line 4365 in "sql_parse.cc"
  [19] dispatch_command(command = COM_QUERY, thd = 0x1008721e0, packet = 0x1008741b1 "select f1 from t1 where date(f1) between "2006-1-1" and "2006.1.1"", packet_length = 67U), line 1527 in "sql_parse.cc"
  [20] do_command(thd = 0x1008721e0), line 1328 in "sql_parse.cc"
  [21] handle_one_connection(arg = 0x1008721e0), line 1060 in "sql_parse.cc"
[19 Jul 2006 13:55] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/9337
[19 Jul 2006 18:21] Paul DuBois 
Noted in 4.1.21, 5.0.24 changelogs.

Failure to account for a NULL table pointer on big-endian machines
could cause a server crash during type conversion.