Bug #22053 REPAIR table can crash server for some really damaged MyISAM tables
Submitted: 6 Sep 2006 15:20 Modified: 3 Jan 2007 11:07
Reporter: Valeriy Kravchuk Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: MyISAM storage engine Severity:S1 (Critical)
Version:5.0.25-BK, 5.0.24a, 5.1.11 OS:Linux (Linux)
Assigned to: Sergey Vojtovich CPU Architecture:Any

[6 Sep 2006 15:20] Valeriy Kravchuk 
Description:
openxs@suse:~/dbs/5.0> bin/mysql -uroot test
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3 to server version: 5.0.25-debug-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show table status like 'file%';
+-----------+--------+---------+------------+------+----------------+-----------
--+-----------------+--------------+-----------+----------------+---------------
------+---------------------+------------+-------------------+----------+-------
---------+---------+
| Name      | Engine | Version | Row_format | Rows | Avg_row_length | Data_lengt
h | Max_data_length | Index_length | Data_free | Auto_increment | Create_time
      | Update_time         | Check_time | Collation         | Checksum | Create
_options | Comment |
+-----------+--------+---------+------------+------+----------------+-----------
--+-----------------+--------------+-----------+----------------+---------------
------+---------------------+------------+-------------------+----------+-------
---------+---------+
| file_file | MyISAM |      10 | Dynamic    |    0 |              0 |
0 | 281474976710655 |         1024 |         0 |              1 | 2006-09-06 14:
31:25 | 2006-08-11 13:28:20 | NULL       | latin1_swedish_ci |     NULL |
         |         |
+-----------+--------+---------+------------+------+----------------+-----------
--+-----------------+--------------+-----------+----------------+---------------
------+---------------------+------------+-------------------+----------+-------
---------+---------+
1 row in set (0.01 sec)

mysql> select * from file_file;
Empty set (0.01 sec)

mysql> repair table file_file;
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>
Number of processes running now: 0
060906 16:33:12  mysqld restarted

openxs@suse:~/dbs/5.0> tail -50 var/suse.err
Cannot determine thread, fp=0x428d16dc, backtrace may not be correct.
Stack range sanity check OK, backtrace follows:
0x81d4d44
0x401f6fcc
0x84b85b1
0x84b72a9
0x84c14e9
0x84c10df
0x84b5355
0x82adcb8
0x82ad65c
0x82a8c00
0x82dcd88
0x82dd7c0
0x81ee6b5
0x81f511b
0x81eb3c4
0x81eac20
0x81e9e0c
0x40050aa7
0x40247c2e
New value of fp=(nil) failed sanity check, terminating stack trace!
Please read http://dev.mysql.com/doc/mysql/en/Using_stack_trace.html and follow
instructions on how to resolve the stack trace. Resolved
stack trace is much more helpful in diagnosing the problem, so please do
resolve it
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0x8e43d68 = repair table file_file
thd->thread_id=3
...

Stack trace looks weird when resolved:

openxs@suse:~/dbs/5.0> bin/resolve_stack_dump -s /tmp/mysqld.sym 11421.stack
0x81d4d44 _Z20create_func_disjointP4ItemS0_ + 0
0x401f6fcc _end + 931978220
0x84b85b1 __rep_log + 343
0x84b72a9 __rep_page_gap + 291
0x84c14e9 heap_panic + 225
0x84c10df heap_extra + 27
0x84b5355 __rep_walk_dir + 584
0x82adcb8 _Z18find_uniq_filenamePc + 118
0x82ad65c _Z15binlog_rollbackP3THDb + 22
0x82a8c00 _Z10merge_walkPhjjP10st_buffpekS1_PFiPvjS2_ES2_PFiS2_PKvS6_ES2_P11st_i
o_cache + 58
0x82dcd88 _ZN24QUICK_INDEX_MERGE_SELECT4initEv + 66
0x82dd7c0 _ZN18QUICK_RANGE_SELECT20init_ror_merged_scanEb + 926
0x81ee6b5 _ZN11Field_float5storeEd + 39
0x81f511b _ZN15Field_varstring11sort_stringEPcj + 197
0x81eb3c4 _ZN10Field_tiny5storeEPKcjP15charset_info_st + 428
0x81eac20 _ZN17Field_new_decimal5storeEd + 342
0x81e9e0c _ZN13Field_decimal7val_strEP6StringS1_ + 120
0x40050aa7 _end + 930248391
0x40247c2e _end + 932309070

Server should not crash, even if table is damaged, have 0 rows etc.

How to repeat:
Add table files from the associated issue to test database. Then run REPAIR TABLE file_file.

Suggested fix:
Server should not crash, even if table is seriously damaged.
[27 Sep 2006 0:40] Trudy Pelzer 
This problem may be related to bug#22562.
[13 Oct 2006 10:10] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/13649

ChangeSet@1.2530, 2006-10-13 15:10:14+05:00, svoj@may.pils.ru +1 -0
  BUG#22053 - REPAIR table can crash server for some
              really damaged MyISAM tables
  
  When unpacking a blob column from broken row server crash
  could happen. This could rather happen when trying to repair
  a table using either REPAIR TABLE or myisamchk, though it
  also could happend when trying to access broken row using
  other SQL statements like SELECT if table is not marked as
  crashed.
  
  Fixed ulong overflow when trying to extract blob from
  broken row.
  
  Affects MyISAM only.
  
  No test case, since it needs broken myisam table.
[27 Dec 2006 0:15] Antony Curtis 
Pushed to 5.1.15-beta repository
[27 Dec 2006 2:27] Antony Curtis 
Pushed to 5.0.34 repository
[27 Dec 2006 10:01] Antony Curtis 
Pushed to 4.1.23 repository
[3 Jan 2007 11:07] Jon Stephens 
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release.

If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at

    http://dev.mysql.com/doc/en/installing-source.html

Documented bugfix in 4.1.23, 5.0.34, and 5.1.15 changelogs.