Bug #34335 InnoDB: Crash with auto_increment bigint
Submitted: 6 Feb 0:27 Modified: 25 Jun 4:00
Reporter: Peter Gulutzan
Status: Closed
Category:Server: InnoDB Severity:S3 (Non-critical)
Version:5.1.24-rc-debug OS:Linux (SUSE 10 64-bit)
Assigned to: Timothy Smith Target Version:5.1.24
Triage: D1 (Critical)

[6 Feb 0:27] Peter Gulutzan 
Description:
I create an InnoDB table with two columns.
One column is BIGINT and AUTO_INCREMENT.
I insert, auto_increment column = 9223372036854775807.
I insert, auto_increment column is NULL.
Crash.

It reminds me of Bug#31860, but the test case for
Bug#31860 works fine now.

How to repeat:
mysql> create table th (s1 bigint primary key auto_increment, s2 varchar(10))
engine=innodb;
Query OK, 0 rows affected (0.02 sec)

mysql> insert into th values (9223372036854775807, null);
Query OK, 1 row affected (0.01 sec)

mysql> insert into th (s2) values ('e');
ERROR 2013 (HY000): Lost connection to MySQL server during query
[6 Feb 0:46] Miguel Solorzano 
Thank you for the bug report. Verified as described.

handler.cc
--1869--

 if (nr == ~(ulonglong) 0)
        DBUG_RETURN(HA_ERR_AUTOINC_READ_FAILED);  // Mark failure

 	mysqld.exe!ha_innobase::innobase_get_auto_increment()  + 0x116	C++
 	mysqld.exe!ha_innobase::get_auto_increment()  + 0x45	C++
>	mysqld.exe!handler::update_auto_increment()  Line 1869	C++
 	mysqld.exe!ha_innobase::write_row()  + 0x216	C++
 	mysqld.exe!Item_string::save_in_field(Field * field=0x02c668f8, int no_conversions=0) 
Line 4673 + 0x2b	C++
 	mysqld.exe!write_record(THD * thd=0x011296e0, st_table * table=0x0113ffcc, st_copy_info
* info=0x0342f29c)  Line 1546 + 0xc	C++
 	mysqld.exe!mysql_insert(THD * thd=0x011296e0, TABLE_LIST * table_list=0x02c5a4d8,
List<Item> & fields={...}, List<List<Item> > & values_list={...}, List<Item> &
update_fields={...}, List<Item> & update_values={...}, enum_duplicates duplic=DUP_ERROR,
int ignore=0)  Line 803 + 0xc	C++
 	mysqld.exe!mysql_execute_command(THD * thd=)  Line 2942 + 0x35	C++
 	mysqld.exe!mysql_parse(THD * thd=0x011296e0, const char * inBuf=0x02c5a418, unsigned int
length=32, const char * * found_semicolon=0x0342fac8)  Line 5627	C++
 	mysqld.exe!dispatch_command(enum_server_command command=COM_QUERY, THD * thd=0x011296e0,
char * packet=0x02c523e9, unsigned int packet_length=32)  Line 1123	C++
 	mysqld.exe!do_command(THD * thd=0x00000003)  Line 781 + 0xf	C++
 	mysqld.exe!handle_one_connection(void * arg=0x011296e0)  Line 1120 + 0x6	C++
 	mysqld.exe!_pthread_start()  + 0x3b	C
 	mysqld.exe!_threadstart(void * ptd=0x02c49e50)  Line 196 + 0x6	C
 	kernel32.dll!7c80b683()
[6 Feb 14:10] Heikki Tuuri 
Sunny,

please check what is the problem.

Regards,

Heikki
[6 Mar 19:05] Heikki Tuuri 
Putting the status to Patch approved, since I approved the minimal patch yesterday.
[31 Mar 10:36] Vasil Dimov 
Fix for this has been committed in InnoDB 5.1 repo under r2353:

--- cut ---
r2353 | sunny | 2008-03-06 07:23:39 +1100 (Thu, 06 Mar 2008) | 7 lines
 
branches/5.1: Change the InnoDB autoinc type to ulint64. For this added a
new typedef to univ.i (ib_ulonglong). Added checks for overflow and removed
the assertion where it crashed previously, since the type has now changed
to unsigned, it doesn't make sense to check for < 0. Added new tests, to
check for overflow, for the different INT types supported for both
signed and unsigned.
--- cut ---

It is queued with the 5.1 snapshot-r2360.
[1 Apr 15:47] Trudy Pelzer 
Pushed into 5.1.24 (per Danny)
[1 Apr 20:19] Paul DuBois 
Noted in 5.1.24 changelog.

InnoDB could crash if overflow occurred for an AUTO_INCREMENT column.

Resetting report to Patch queued waiting for push into 6.0.x.
[24 Jun 23:41] Calvin Sun 
Merged into 6.0.6-alpha, according to Tim.
[25 Jun 4:00] Paul DuBois 
Noted in 6.0.6 changelog.