Bug #24490 segfault at unpack_row->Field_bit::set_default
Submitted: 21 Nov 2006 22:16 Modified: 1 Feb 2007 1:24
Reporter: Andrei Elkin Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Row Based Replication ( RBR ) Severity:S3 (Non-critical)
Version:5.1.14 OS:Linux (linux)
Assigned to: Mats Kindahl CPU Architecture:Any

[21 Nov 2006 22:16] Andrei Elkin 
Description:
./mysql-test-run --mysqld=--innodb --mysqld=--binlog-format=row   \ rpl_row_tabledefs_3innodb 

leads to segfault.

How to repeat:
see description, notice --innodb, which is a part of the failure - there is no
-slave.opt with --innodb as in all others rpl_row_innodb tests.

Suggested fix:
1. fix the test to add the -slave.opt file to let "make test" start slave server    with innodb
2. fix the code
[22 Nov 2006 7:50] Mats Kindahl 
The problem occurs when row-based replication is used to replicate to a table that has at least one extra BIT column with a default value on slave as compared to master.

The following is a test case to trigger the bug:

master> CREATE TABLE t1 (a INT) engine=innodb;
slave>  ALTER TABLE t1 ADD x BIT(3) DEFAULT b'110';
master> INSERT INTO t1 VALUES (1),(2);
[22 Nov 2006 10:20] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/15691

ChangeSet@1.2371, 2006-11-22 11:20:07+01:00, mats@romeo.(none) +5 -0
  BUG#24490 (segfault inside unpack_row at Field_bit_as_char::set_default()):
  Field_bit_as_char::set_default() was not defined, so it used Field_bit::set_default() instead,
  which uses unset bit_ptr internally.
[1 Dec 2006 5:33] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/16273

ChangeSet@1.2374, 2006-12-01 06:32:42+01:00, mats@kindahl-laptop.dnsalias.net +5 -0
  BUG#24490 (segfault inside unpack_row at Field_bit_as_char::set_default()):
  Field_bit_as_char::set_default() was not defined, so Field_bit::set_default()
  was used instead, causing a crash.
[4 Dec 2006 14:27] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/16386

ChangeSet@1.2374, 2006-12-04 15:27:02+01:00, mats@romeo.(none) +5 -0
  BUG#24490 (segfault inside unpack_row at Field_bit_as_char::set_default()):
  Field_bit_as_char::set_default() was not defined, so Field_bit::set_default()
  was used instead, causing a crash.
[5 Dec 2006 7:49] Mats Kindahl 
From reading the code, the bug can also appear for cases where bit_len is 0 and the actual class is Field_bit, i.e., even when using a MyISAM table, but with a BIT field that is an even multiple of 8.
[5 Dec 2006 9:46] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/16444

ChangeSet@1.2374, 2006-12-05 10:46:03+01:00, mats@romeo.(none) +7 -0
  BUG#24490 (segfault inside unpack_row at Field_bit_as_char::set_default()):
  Field_bit::set_default() did not check the bit_len, hence used the undefined
  bit_ptr, causing a crash. The patch adds a check that bit_len > 0 before
  following the bit_ptr.
[18 Jan 2007 15:38] Lars Thalmann 
Pushed into 5.1.15
[1 Feb 2007 1:24] Jon Stephens 
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release.

If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at

    http://dev.mysql.com/doc/en/installing-source.html

Documented bugfix in 5.1.15 changelog.