Description:
The following simple SELECT crashes the MySQL server.

How to repeat:
CREATE TABLE `EMP` (
  `id` int(11) NOT NULL,
  `name` varchar(20) NOT NULL,
  `dept` varchar(20) NOT NULL,
  `age` tinyint(3) unsigned NOT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `EMP_key` (`name`,`dept`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

/* fill in some data */

select distinct EMP.name, EMP.dept from EMP where (EMP.name='abc');

Suggested fix:
Make the server not crash

How to repeat:

shell> mysql test
mysql> \. testcase.sql

5.0.36 stack

Attachment: 5.0.36_windows_stack.txt (text/plain), 2.46 KiB.

Shanes stack trace suggests this is a bug in the optimizer

some additional test results:

5.0.36 crashes
5.0.27 crashes
5.0.26 crashes
5.0.24a crashes
5.0.24 crashes
5.0.22 doesn't crash
5.0.21 crashes
5.0.20 crashes
5.0.19 crashes
5.0.18 crashes
5.0.16 crashes
5.0.15 crashes
5.0.13 crashes

4.1.21 doesn't crash
4.1.20 doesn't crash

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/19658

ChangeSet@1.2410, 2007-02-10 23:55:56-08:00, igor@olga.mysql.com +3 -0
  Fixed bug #26159.
  A wrong order of statements in QUICK_GROUP_MIN_MAX_SELECT::reset
  caused a crash when a query with DISTINCT was executed by a loose scan
  for an InnoDB table that had been emptied.

The fix has been pushed to 5.0.36 and 5.1.16-beta.

Noted in 5.0.36, 5.1.16 changelogs.

DISTINCT queries that were executed using a loose scan for an InnoDB
table that had been emptied caused a server crash.