Bug #30385 Server crash when deleting with order by and limit
Submitted: 13 Aug 2007 10:07 Modified: 14 Sep 2007 14:43
Reporter: Xuan MA Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S2 (Serious)
Version:5.0.24a, 5.1.20-beta, 4.1, 5.0, 5.1, 5.2 BK OS:Linux (ELsmp, Athlon Opteron dual core)
Assigned to: Sergey Petrunya CPU Architecture:Any
Tags: delete, limit, order by, server crash

[13 Aug 2007 10:07] Xuan MA 
Description:
MySQL server will crash when issue delete command with "order by" and limit.

How to repeat:
CREATE TABLE `test` (
  `date` date default NULL,
  `time` time default NULL,
  `seq` int(10) unsigned NOT NULL auto_increment,
  PRIMARY KEY  (`seq`),
  KEY `seq` (`seq`),
  KEY `time` (`time`),
  KEY `date` (`date`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1;

when issuing command "delete from test order by date ASC, time ASC limit 1", the server will crash (restart).
[13 Aug 2007 10:30] Sveta Smirnova 
Thank you for the report.

Verified as described.

DELETE from empty table will cause crash.
[13 Aug 2007 10:58] MySQL Verification Team 
also crashes: update test set seq=null order by date ASC, time ASC limit 1;

Stack range sanity check OK, backtrace follows:
0x81ff55b handle_segfault + 541
0x81e608c _ZN5Field2eqEPS_ + 18
0x82d1f56 _Z19get_index_for_orderP8st_tableP8st_ordery + 242
0x828ee7d _Z12mysql_updateP3THDP10TABLE_LISTR4ListI4ItemES6_PS4_jP8st_ordery15enum_duplicatesb + 2491
0x820e8fb _Z21mysql_execute_commandP3THD + 9043
0x8215928 _Z11mysql_parseP3THDPKcjPS2_ + 372
0x820b06d _Z16dispatch_command19enum_server_commandP3THDPcj + 2369
0x820a720 _Z10do_commandP3THD + 600
0x820911b handle_one_connection + 255
[13 Aug 2007 11:21] Xuan MA 
when the table is not empty, it crashes too.
[8 Sep 2007 16:15] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/33962

ChangeSet@1.2523, 2007-09-08 20:14:17+04:00, sergefp@mysql.com +3 -0
  BUG#30385: Server crash when deleting with ORDER BY and LIMIT
  in get_index_for_order(), don't walk over the end of the index key parts
  when matching index description and needed ordering.
[10 Sep 2007 12:28] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/33991

ChangeSet@1.2683, 2007-09-10 16:26:51+04:00, sergefp@mysql.com +3 -0
  BUG#30385: Server crash when deleting with ORDER BY and LIMIT
  in get_index_for_order(), don't walk over the end of the index key parts
  when matching index description and needed ordering.
[14 Sep 2007 7:45] Bugs System 
Pushed into 5.1.23-beta
[14 Sep 2007 7:46] Bugs System 
Pushed into 5.0.50
[14 Sep 2007 7:47] Bugs System 
Pushed into 4.1.24
[14 Sep 2007 14:43] Jon Stephens 
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release.

If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at

    http://dev.mysql.com/doc/en/installing-source.html

Documented bugfix in 4.1.24, 5.0.50, and 5.1.23 changelogs as follows:

          Issuing a DELETE statement having both
          an ORDER BY clause and a LIMIT clause
          could cause mysqld to crash. (Bug #30385)