| Bug #21913 | DATE_FORMAT() Crashes mysql server if I use it through mysql-connector-j driver. | ||
|---|---|---|---|
| Submitted: | 29 Aug 2006 23:17 | Modified: | 14 Sep 2006 13:54 |
| Reporter: | Hang Zhao | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S1 (Critical) |
| Version: | mysql 4.1.21 mysql-connector-j 3.1.13 | OS: | Linux (RHEL4) |
| Assigned to: | Tatiana Azundris Nuernberg | CPU Architecture: | Any |
[29 Aug 2006 23:20]
Hang Zhao
Make the Synopsis more clear
[29 Aug 2006 23:41]
Hang Zhao
Make the priority higher.
[30 Aug 2006 12:34]
Tonci Grgin
Hi and thanks for your problem report. Verified as described by reporter.
[30 Aug 2006 13:26]
Mark Matthews
Changing to server category as this is a server issue, and changing priority since it's a server crashing bug, given that the following testcase script run w/ the MySQL client crashes the server: SET NAMES latin1; SET character_set_results = NULL; SHOW VARIABLES; SHOW COLLATION; SET autocommit=1; SELECT VERSION(); DROP TABLE IF EXISTS testBug8868; CREATE TABLE testBug8868 (field1 DATE, field2 VARCHAR(32) CHARACTER SET BINARY); INSERT INTO testBug8868 VALUES (NOW(), 'abcd'); SELECT DATE_FORMAT(field1,'%b-%e %l:%i%p') as fmtddate, field2 FROM testBug8868
[30 Aug 2006 13:59]
Elliot Murphy
(gdb) bt
#0 0x00002aaaab2a3807 in pthread_kill () from /lib/libpthread.so.0
#1 0x00000000006b3f10 in write_core (sig=11) at stacktrace.c:220
#2 0x0000000000584183 in handle_segfault (sig=11) at mysqld.cc:2022
#3 <signal handler called>
#4 0x00000000009c4f52 in my_charset_same (cs1=0xd79600, cs2=0x0)
at charset.c:37
#5 0x000000000057f994 in String::needs_conversion (arg_length=3,
from_cs=0xd79600, to_cs=0x0, offset=0x438ec9e8) at sql_string.cc:259
#6 0x000000000057fce1 in String::copy (this=0x438ecb20, str=0xa74f5f "Aug",
arg_length=3, from_cs=0xd79600, to_cs=0x0, errors=0x438ecb4c)
at sql_string.cc:340
#7 0x00000000005414a5 in make_date_time (format=0x438ecc10,
l_time=0x438ecbe0, type=MYSQL_TIMESTAMP_DATE, str=0x438ed070)
at item_timefunc.cc:515
#8 0x00000000005447e3 in Item_func_date_format::val_str (this=0x1780358,
str=0x438ed070) at item_timefunc.cc:1682
#9 0x00000000005025d1 in Item::send (this=0x1780358, protocol=0x1753860,
buffer=0x438ed070) at item.cc:2416
#10 0x00000000005706cf in select_send::send_data (this=0x1780528,
items=@0x1752ed0) at sql_class.cc:832
#11 0x00000000005dce16 in end_send (join=0x1780540, join_tab=0x1781b08,
end_of_records=false) at sql_select.cc:6750
#12 0x00000000005d9b55 in do_select (join=0x1780540, fields=0x1752ed0,
table=0x0, procedure=0x0) at sql_select.cc:6047
#13 0x00000000005ec47e in JOIN::exec (this=0x1780540) at sql_select.cc:1566
#14 0x00000000005ec7fb in mysql_select (thd=0x1752be8,
rref_pointer_array=0x1752fd8, tables=0x1780480, wild_num=0,
fields=@0x1752ed0, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0,
proc_param=0x0, select_options=2189707776, result=0x1780528,
unit=0x1752c60, select_lex=0x1752e00) at sql_select.cc:1686
#15 0x00000000005ecab2 in handle_select (thd=0x1752be8, lex=0x1752c50,
result=0x1780528) at sql_select.cc:192
#16 0x000000000059ecef in mysql_execute_command (thd=0x1752be8)
at sql_parse.cc:2127
#17 0x00000000005a42d0 in mysql_parse (thd=0x1752be8,
inBuf=0x1780188 "select DATE_FORMAT(f1, '%b-%e %l:%i%p') as fmtddate from test", length=61) at sql_parse.cc:4368
#18 0x00000000005a4d02 in dispatch_command (command=COM_QUERY, thd=0x1752be8,
packet=0x1777fe9 "", packet_length=62) at sql_parse.cc:1530
#19 0x00000000005a6336 in do_command (thd=0x1752be8) at sql_parse.cc:1331
#20 0x00000000005a66f7 in handle_one_connection (arg=0x1752be8)
at sql_parse.cc:1063
#21 0x00002aaaab2a00fa in start_thread () from /lib/libpthread.so.0
---Type <return> to continue, or q <return> to quit---
#22 0x00002aaaab845ce2 in clone () from /lib/libc.so.6
#23 0x0000000000000000 in ?? ()
[2 Sep 2006 20:26]
Paul Sindelar
I'm also running into this issue. Here's what I've noticed.
1. It happens on my windows (4.1.21-community-nt) with 3.1.13 & 5.0.3 connectors, but it does NOT happen with 5.0.19-nt server (same machine) with either connector, nor does it happen on my linux db server (4.1.20-log x86_64 redhat-linux-gnu) using either connector.
2. It seems to be dependent upon what you enter for the date value. For instance, each of these statements will bring down the mysql server.
SELECT DATE_FORMAT('2006-07-01', '%W') AS d1
SELECT DATE_FORMAT(now(), '%W') AS d1
SELECT DATE_FORMAT('20060701', '%W') AS d1
SELECT DATE_FORMAT(20060701, '%W') AS d1
yet these statements works as expected, and return a null which is the same as the cli
SELECT DATE_FORMAT('07-01-2006', '%W') AS d1
SELECT DATE_FORMAT('07012006', '%W') AS d1
[4 Sep 2006 4:16]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/11325 ChangeSet@1.2538, 2006-09-04 06:16:34+02:00, tnurnberg@salvation.intern.azundris.com +3 -0 Bug#21913: DATE_FORMAT() Crashes mysql server if I use it through mysql-connector-j driver. Variable character_set_results can legally be NULL (for "no conversion.") This could result in a NULL deref that crashed the server. Fixed. (Although ran some additional precursory tests to see whether I could break anything else, but no breakage so far.)
[4 Sep 2006 7:13]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/11330 ChangeSet@1.2538, 2006-09-04 09:13:40+02:00, tnurnberg@salvation.intern.azundris.com +3 -0 Bug#21913: DATE_FORMAT() Crashes mysql server if I use it through mysql-connector-j driver. Variable character_set_results can legally be NULL (for "no conversion.") This could result in a NULL deref that crashed the server. Fixed. (Although ran some additional precursory tests to see whether I could break anything else, but no breakage so far.)
[4 Sep 2006 8:26]
Tatiana Azundris Nuernberg
q'd for 5.0.25 in 5.0-maint
[4 Sep 2006 14:37]
Magnus BlÄudd
Pushed to 5.0.25
[4 Sep 2006 16:16]
Tatiana Azundris Nuernberg
Thank you, Magnus! Also pushed to 4.1.22 in 4.1-maint
[13 Sep 2006 8:55]
Timothy Smith
Pushed to 5.1.12
[14 Sep 2006 13:54]
Paul DuBois
Noted in 4.1.22, 5.0.25, 5.1.12 changelogs.
[3 Oct 2006 20:01]
Chad MILLER
Available in 5.0.26.
[3 Oct 2006 20:15]
Chad MILLER
Available in 5.1.12-beta.
[4 Oct 2006 13:56]
Chad MILLER
Available in 4.1.22.
Description: mysql 4.1.21 mysql-connector-j 3.1.13 DATE_FORMAT() Crashes mysql server if I use mysql-connector-j driver, the mysqld server will after that. Directly use DATE_FORMAT() inside mysql client program seems fine (same sql statement). I can easily reproduce it with a small test case as shown below (TestJDBC.java). the output from java is: ============================================================================ com.mysql.jdbc.CommunicationsException: Communications link failure due to underlying exception: ** BEGIN NESTED EXCEPTION ** java.io.EOFException STACKTRACE: java.io.EOFException at com.mysql.jdbc.MysqlIO.readFully(MysqlIO.java:1934) at com.mysql.jdbc.MysqlIO.reuseAndReadPacket(MysqlIO.java:2380) at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2909) at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1600) at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1695) at com.mysql.jdbc.Connection.execSQL(Connection.java:2998) at com.mysql.jdbc.Connection.execSQL(Connection.java:2927) at com.mysql.jdbc.Statement.executeQuery(Statement.java:956) at TestJDBC.test(TestJDBC.java:46) at TestJDBC.main(TestJDBC.java:15) ** END NESTED EXCEPTION ** Last packet sent to the server was 47 ms ago. at com.mysql.jdbc.MysqlIO.reuseAndReadPacket(MysqlIO.java:2592) at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2909) at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1600) at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1695) at com.mysql.jdbc.Connection.execSQL(Connection.java:2998) at com.mysql.jdbc.Connection.execSQL(Connection.java:2927) at com.mysql.jdbc.Statement.executeQuery(Statement.java:956) at TestJDBC.test(TestJDBC.java:46) at TestJDBC.main(TestJDBC.java:15) TEST FAILED =============================================================================== The output in mysql error log is: =============================================================================== mysqld got signal 11; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. key_buffer_size=8388600 read_buffer_size=131072 max_used_connections=1 max_connections=100 threads_connected=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 225791 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. thd=0x898cc68 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... Cannot determine thread, fp=0x6e4104, backtrace may not be correct. Stack range sanity check OK, backtrace follows: 0x8125b50 0xa498b8 0x84a2ac0 0x80f77c0 0x80f8c6d 0x80d129c 0x811bae9 0x816c6d1 0x8165010 0x815cccd 0x815d844 0x8159f72 0x8138741 0x813da4a 0x81373fe 0x8137072 0x8136869 0xa433ae 0x8d5aee New value of fp=(nil) failed sanity check, terminating stack trace! Please read http://dev.mysql.com/doc/mysql/en/Using_stack_trace.html and follow instructions on how to resolve the stack trace. Resolved stack trace is much more helpful in diagnosing the problem, so please do resolve it Trying to get some variables. Some pointers may be invalid and cause the dump to abort... thd->query at 0x89c4c40 = SELECT DATE_FORMAT(field1,'%b-%e %l:%i%p') as fmtddate, field2 FROM testBug thd->thread_id=1 The manual page at http://www.mysql.com/doc/en/Crashing.html contains information that should help you find out what is causing the crash. Number of processes running now: 0 060829 16:05:15 mysqld restarted 060829 16:05:15 InnoDB: Started; log sequence number 0 43634 /opt/oss/libexec/mysql/mysqld: ready for connections. Version: '4.1.21-pro-log' socket: '/opt/oss/var/mysql/mysql.sock' port: 3306 MySQL Pro (Commercial) ================================================================================ How to repeat: import com.mysql.jdbc.NonRegisteringDriver; import com.mysql.jdbc.NotUpdatable; import com.mysql.jdbc.SQLError; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import java.sql.DriverManager; public class TestJDBC { public static void main(String []args) { if (test()) { System.out.println("TEST PASSED"); } else { System.out.println("TEST FAILED"); } } public static boolean test(){ Statement stmt = null; String dbClass = "com.mysql.jdbc.Driver"; String dbUrl = "jdbc:mysql:///test"; ResultSet rs = null; Connection conn = null; try { Class.forName(dbClass).newInstance(); conn = DriverManager.getConnection(dbUrl); } catch (Exception ex) { ex.printStackTrace(); return false; } try { stmt = conn.createStatement(); stmt.executeUpdate("DROP TABLE IF EXISTS testBug"); stmt.executeUpdate("CREATE TABLE testBug (field1 DATE, field2 VARCHAR(32) CHARACTER SET BINARY)"); stmt.executeUpdate("INSERT INTO testBug VALUES (NOW(), 'abcd')"); } catch (SQLException SQLE) { SQLE.printStackTrace(); System.exit(1); } try { rs = stmt.executeQuery("SELECT DATE_FORMAT(field1,'%b-%e %l:%i%p') as fmtddate, field2 FROM testBug"); } catch (SQLException SQLE) { SQLE.printStackTrace(); return false; } finally { if (rs != null) { try { rs.close(); } catch (SQLException SQLE) { ; } } } if (stmt != null) { try { stmt.close(); } catch (SQLException SQLE) { ; } } if (conn != null) { try { conn.close(); } catch (SQLException SQLE) { ; } } return true; } }