| Bug #2698 | Valid SQL causes seg fault in mysqld daemon | ||
|---|---|---|---|
| Submitted: | 10 Feb 2004 6:30 | Modified: | 12 Feb 2004 10:58 |
| Reporter: | Richard Smith | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S3 (Non-critical) |
| Version: | 4.0.17 | OS: | Linux (Linux [2.4 kernel]/Win XP) |
| Assigned to: | Bugs System | CPU Architecture: | Any |
[10 Feb 2004 6:31]
Richard Smith
Extract from mysql error log
Attachment: mysql-err (application/octet-stream, text), 2.02 KiB.
[10 Feb 2004 6:41]
Richard Smith
Back trace resolved to include symbols
Attachment: mysql-stack (application/octet-stream, text), 804 bytes.
[10 Feb 2004 6:52]
MySQL Verification Team
Thank you for the bug report I was able to repeat also on Windows.
[10 Feb 2004 7:26]
MySQL Verification Team
Forgot call stack:
/sql/opt_range.cc
if (w->right->color == SEL_ARG::BLACK && w->left->color == SEL_ARG::BLACK)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
{
w->color=SEL_ARG::RED;
-------------------------------------------------------------------------------
> mysqld.exe!rb_delete_fixup(SEL_ARG * root=0x00bfc048, SEL_ARG * key=0x0077a6b0, SEL_ARG * par=0x00bfc010) Line 2054 + 0x6 C++
mysqld.exe!SEL_ARG::tree_delete(SEL_ARG * key=0x00bfbfd8) Line 1901 + 0x11 C++
mysqld.exe!key_or(SEL_ARG * key1=0x00bfbfd8, SEL_ARG * key2=0x00bfbfa0) Line 1636 + 0xc C++
mysqld.exe!key_or(SEL_ARG * key1=0x00bfb5b0, SEL_ARG * key2=0x00bfbe90) Line 1680 + 0x10 C++
mysqld.exe!key_or(SEL_ARG * key1=0x00bfb420, SEL_ARG * key2=0x00bfbc40) Line 1680 + 0x10 C++
mysqld.exe!tree_or(st_qsel_param * param=0x01ffec5c, SEL_TREE * tree1=0x00bfb390, SEL_TREE * tree2=0x00bfbbb8) Line 1310 + 0x11 C++
mysqld.exe!get_mm_tree(st_qsel_param * param=0x01ffec5c, Item * cond=0x00bfe478) Line 792 + 0x11 C++
mysqld.exe!SQL_SELECT::test_quick_select(THD * thd=0x00bdc298, unsigned long keys_to_use=1, unsigned long prev_tables=0, unsigned long limit=4294967295, int force_quick_range=0) Line 678 + 0x16 C++
mysqld.exe!SQL_SELECT::check_quick(THD * thd=0x00bdc298, int force_quick_range=0, unsigned long limit=4294967295) Line 129 + 0x1f C++
mysqld.exe!mysql_delete(THD * thd=0x00bdc298, st_table_list * table_list=0x00bfd4e0, Item * conds=0x00bfe478, st_order * order=0x00000000, unsigned long limit=4294967295, unsigned long options=0) Line 82 + 0x2c C++
mysqld.exe!mysql_execute_command() Line 2055 + 0x29 C++
mysqld.exe!mysql_parse(THD * thd=0x00bdc298, char * inBuf=0x00bfd3c0, unsigned int length=245) Line 2991 C++
mysqld.exe!dispatch_command(enum_server_command command=COM_QUERY, THD * thd=0x00bdc298, char * packet=0x00bf9301, unsigned int packet_length=245) Line 1073 + 0x17 C++
mysqld.exe!do_command(THD * thd=0x00bdc298) Line 944 + 0x31 C++
mysqld.exe!handle_one_connection(void * arg=0x00bdc298) Line 725 + 0x9 C++
mysqld.exe!pthread_start(void * param=0x00bdf110) Line 63 + 0x7 C
mysqld.exe!_threadstart(void * ptd=0x00bdeb90) Line 173 + 0xd C
kernel32.dll!77e6d33b()
[12 Feb 2004 10:58]
Victor Vagin
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.
If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information
about accessing the source trees is available at
http://www.mysql.com/doc/en/Installing_source_tree.html
Additional info:
The fix will be in 4.0.19, 4.1.2 and later ones
Description: Executing the following SQL listed under 'How to repeat' causes the mysqld daemon to seg fault. This is happening with the official 4.0.17 Mysql-debug build as well as with versions of 4.0.17 that I have compiled from source. How to repeat: CREATE TABLE op ( a integer, u varchar(15), r integer, key uao_idx( r, a, u)); DELETE FROM op WHERE ( r = 1 AND a IN ( 1, 2 ) AND ( u = 'w' OR u LIKE 'w/%' ) ) OR ( r = 1 AND a IN ( 3 ) AND ( u = 'w/U' OR u LIKE 'w/U/%' ) ) OR ( r = 1 AND a IN ( 1, 2, 3 ) AND ( u = 'w' ) );