Bug #35108 SELECT FROM REFERENTIAL_CONSTRAINTS crashes
Submitted: 6 Mar 2008 13:46 Modified: 11 Apr 2008 16:06
Reporter: Roland Bouman Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Information schema Severity:S1 (Critical)
Version:5.1.23-rc/6.0 OS:Windows (XP Home)
Assigned to: Sergei Glukhov CPU Architecture:Any

[6 Mar 2008 13:46] Roland Bouman 
Description:
A select on information_schema.REFERENTIAL_CONSTRAINTS crashes the server on windows if the parent table in a foreign key was dropped.

The problem could not be repeated on linux

How to repeat:
create table p1(id int primary key) engine = Innodb;

create table c1(pid int, foreign key (pid) references p1(id)) engine = Innodb;

select * 
from information_schema.referential_constraints 
where constraint_schema = schema();

set foreign_key_checks = 0;

drop table p1;

select * 
from information_schema.referential_constraints 
where constraint_schema = schema();

Suggested fix:
Don't crash
[6 Mar 2008 14:02] MySQL Verification Team 
Verified on 5.1.24 source.

 	mysqld.exe!_my_wildcmp_unicode()  + 0x322	C
 	mysqld.exe!_my_well_formed_len_mb()  + 0x34	C
>	mysqld.exe!well_formed_copy_nchars(charset_info_st * to_cs=0x00000000, char * to=0x030553b1, unsigned int to_length=192, charset_info_st * from_cs=0x007cda88, const char * from=0x00000000, unsigned int from_length=192, unsigned int nchars=64, const char * * well_formed_error_pos=0x0302eb7c, const char * * cannot_convert_error_pos=0x0302eb80, const char * * from_end_pos=0x0302eb74)  Line 929	C++
 	mysqld.exe!Field_varstring::store(const char * from=0x00000000, unsigned int length=65536, charset_info_st * cs=0x007cda88)  Line 6958	C++
 	mysqld.exe!get_referential_constraints_record(THD * thd=0x010deff8, TABLE_LIST * tables=0x01132178, st_table * table=0x03030058, int res=50696384, st_mysql_lex_string * db_name=0x0302ec54, st_mysql_lex_string * table_name=0x0302ec5c)  Line 5281	C++
 	mysqld.exe!get_all_tables(THD * thd=, TABLE_LIST * tables=, Item * cond=)  Line 3303 + 0x23	C++
 	mysqld.exe!get_schema_tables_result(JOIN * join=0x03057e08, enum_schema_table_state executed_place=PROCESSED_BY_JOIN_EXEC)  Line 5879 + 0xc	C++
 	mysqld.exe!JOIN::exec()  Line 1729 + 0x1c	C++
 	mysqld.exe!mysql_select(THD * thd=0x010deff8, Item * * * rref_pointer_array=0x010e0394, TABLE_LIST * tables=0x011305b8, unsigned int wild_num=1, List<Item> & fields={...}, Item * conds=0x011308f8, unsigned int og_num=0, st_order * order=0x00000000, st_order * group=0x00000000, Item * having=0x00000000, st_order * proc_param=0x00000000, unsigned __int64 select_options=2751744512, select_result * result=0x011312a8, st_select_lex_unit * unit=0x010dffc8, st_select_lex * select_lex=0x010e0290)  Line 2375	C++
 	mysqld.exe!handle_select(THD * thd=0x010deff8, st_lex * lex=0x010dff68, select_result * result=0x011312a8, unsigned long setup_tables_done_option=0)  Line 268 + 0x79	C++
 	mysqld.exe!execute_sqlcom_select(THD * thd=0x007cda88, TABLE_LIST * all_tables=0x000000c0)  Line 4755 + 0xa	C++
 	mysqld.exe!mysql_execute_command(THD * thd=)  Line 2056 + 0xb	C++
 	mysqld.exe!mysql_parse(THD * thd=0x010deff8, const char * inBuf=0x011303b0, unsigned int length=93, const char * * found_semicolon=0x0302fac8)  Line 5637	C++
 	mysqld.exe!dispatch_command(enum_server_command command=COM_QUERY, THD * thd=0x010deff8, char * packet=0x01128381, unsigned int packet_length=93)  Line 1123	C++
 	mysqld.exe!do_command(THD * thd=0x00000003)  Line 781 + 0xf	C++
 	mysqld.exe!handle_one_connection(void * arg=0x010deff8)  Line 1105 + 0x6	C++
 	mysqld.exe!_pthread_start()  + 0x3b	C
 	mysqld.exe!_threadstart(void * ptd=0x0111e3c0)  Line 196 + 0x6	C
 	kernel32.dll!7c80b683()
[6 Mar 2008 14:07] MySQL Verification Team 
Thank you for the bug report.
[10 Mar 2008 10:20] Martin Hansson 
Miguel, Roland,
On which platform/platforms did you verify this? XP home/XP professional/200X ?
[10 Mar 2008 10:21] Roland Bouman 
Martin, I verified it on XP Home with 5.1.23 official binary from MySQL
[13 Mar 2008 13:07] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/43914

ChangeSet@1.2583, 2008-03-13 17:06:04+04:00, gluh@mysql.com +3 -0
  Bug#35108 SELECT FROM REFERENTIAL_CONSTRAINTS crashes
  referenced_key_name field can be uninitialized in the case when
  referenced table is dropped.
  Added codition which allows to handle this situation.
[13 Mar 2008 13:16] Alexander Barkov 
http://lists.mysql.com/commits/43914 is ok to push.
[14 Mar 2008 10:20] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/43984

ChangeSet@1.2562, 2008-03-14 14:12:39+04:00, gluh@mysql.com +3 -0
  Bug#35108 SELECT FROM REFERENTIAL_CONSTRAINTS crashes
  referenced_key_name field can be uninitialized in the case when
  referenced table is dropped.
  Added codition which allows to handle this situation.
[17 Mar 2008 11:18] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/44101

ChangeSet@1.2563, 2008-03-17 15:17:38+04:00, gluh@mysql.com +1 -0
  additional fix for Bug#35108 SELECT FROM REFERENTIAL_CONSTRAINTS crashes
[28 Mar 2008 9:21] Bugs System 
Pushed into 5.1.24-rc
[31 Mar 2008 13:58] Bugs System 
Pushed into 6.0.5-alpha
[11 Apr 2008 16:06] Jon Stephens 
Documented in the 5.1.24 and 6.0.5 changelogs as follows:

        SELECT ... FROM INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS caused the
        server to crash if the table referenced by a foreign key had been
        dropped. This issue was observed on Windows platforms only.