Bug #42511 mysqld: ctype-ucs2.c:2044: my_strnncollsp_utf32: Assertion `(tlen % 4) == 0' fai
Submitted: 1 Feb 2009 9:36 Modified: 2 Sep 2010 15:58
Reporter: Philip Stoev Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Charsets Severity:S2 (Serious)
Version:5.5, 6.0-maria OS:Any
Assigned to: Alexander Barkov CPU Architecture:Any

[1 Feb 2009 9:36] Philip Stoev
Description:
When executing a workload involving numerous keys and unicode columns, Maria asserted as follows:

mysqld: ctype-ucs2.c:2044: my_strnncollsp_utf32: Assertion `(tlen % 4) == 0' failed.

#6  0x000000315a42bec9 in __assert_fail () from /lib64/libc.so.6
#7  0x0000000000c783fc in my_strnncollsp_utf32 (cs=0x12e98c0, s=0x7f0d2a66e393 "", slen=424, t=0x429e0ca "", tlen=1019,
    diff_if_only_endspace_difference=0 '\0') at ctype-ucs2.c:2044
#8  0x0000000000c42936 in ha_compare_text (charset_info=0x12e98c0, a=0x7f0d2a66e393 "", a_length=424, b=0x429e0ca "", b_length=1019, part_key=0 '\0',
    skip_end_space=1 '\001') at my_handler.c:30
#9  0x0000000000c42ec4 in ha_key_cmp (keyseg=0x401b7d8, a=0x7f0d2a66e393 "", b=0x429e0ca "", key_length=1022, nextflag=1048682, diff_pos=0x7f0d2a66e940)
    at my_handler.c:189
#10 0x0000000000b91263 in _ma_seq_search (key=0x7f0d2a66eb00, page=0x4299a66 "\200\003Ъ\002╔m", comp_flag=106, ret_pos=0x7f0d2a66ea28,
    buff=0x429dcb0 "\001&yqulnlfkblpibvpijfxpsqnheoufcgeournmqd", last_key=0x7f0d2a66ea37 "") at ma_search.c:337
#11 0x0000000000bcefc7 in _ma_search_pos (info=0x4299038, key=0x7f0d2a66eb00, nextflag=106, pos=368640) at ma_range.c:223
#12 0x0000000000bcecc7 in _ma_record_pos (info=0x4299038, key_data=0x7f0d2a66f6e0 "", keypart_map=1, search_flag=HA_READ_AFTER_KEY) at ma_range.c:182
#13 0x0000000000bcea1f in maria_records_in_range (info=0x4299038, inx=33, min_key=0x7f0d2a66ece0, max_key=0x0) at ma_range.c:97
#14 0x0000000000b77dd2 in ha_maria::records_in_range (this=0x42518d0, inx=33, min_key=0x7f0d2a66ece0, max_key=0x0) at ha_maria.cc:2695
#15 0x000000000080c0fe in handler::multi_range_read_info_const (this=0x42518d0, keyno=33, seq=0x7f0d2a66f160, seq_init_param=0x7f0d2a66eea0, n_ranges_arg=0,
    bufsz=0x7f0d2a66edd0, flags=0x7f0d2a66edd4, cost=0x7f0d2a66f1f0) at handler.cc:4123
#16 0x000000000080d9e9 in DsMrr_impl::dsmrr_info_const (this=0x4251ad0, keyno=33, seq=0x7f0d2a66f160, seq_init_param=0x7f0d2a66eea0, n_ranges=0,
    bufsz=0x7f0d2a66f24c, flags=0x7f0d2a66f250, cost=0x7f0d2a66f1f0) at handler.cc:4630
#17 0x0000000000b769ef in ha_maria::multi_range_read_info_const (this=0x42518d0, keyno=33, seq=0x7f0d2a66f160, seq_init_param=0x7f0d2a66eea0, n_ranges=0,
    bufsz=0x7f0d2a66f24c, flags=0x7f0d2a66f250, cost=0x7f0d2a66f1f0) at ha_maria.cc:3183
#18 0x00000000007f14c1 in check_quick_select (param=0x7f0d2a66f370, idx=33, index_only=false, tree=0x417f148, update_tbl_stats=true,
    mrr_flags=0x7f0d2a66f250, bufsize=0x7f0d2a66f24c, cost=0x7f0d2a66f1f0) at opt_range.cc:7554
#19 0x00000000007f820a in get_key_scans_params (param=0x7f0d2a66f370, tree=0x417eb00, index_read_must_be_used=false, update_tbl_stats=true, read_time=194)
    at opt_range.cc:4823
#20 0x00000000007fcf3f in SQL_SELECT::test_quick_select (this=0x42343f0, thd=0x4218c78, keys_to_use={map = 2199023255551}, prev_tables=0, limit=1,
    force_quick_range=false, ordered_output=false) at opt_range.cc:2427
#21 0x000000000078ea11 in SQL_SELECT::check_quick (this=0x42343f0, thd=0x4218c78, force_quick_range=false, limit=1) at opt_range.h:733
#22 0x0000000000790b1e in mysql_delete (thd=0x4218c78, table_list=0x4233820, conds=0x4234140, order=0x421ae58, limit=1, options=0,
    reset_auto_increment=false) at sql_delete.cc:180
#23 0x00000000006d4f53 in mysql_execute_command (thd=0x4218c78) at sql_parse.cc:3244
#24 0x00000000006d9f57 in mysql_parse (thd=0x4218c78,
---Type <return> to continue, or q <return> to quit---
    inBuf=0x4233360 "DELETE FROM `table100_maria_int_autoinc` WHERE `char_255_key_utf32_not_null` > CONVERT( 'qywjlgqqvjghvlscaegkybnmkvxvhuuhfg' USING ASCII ) LIMIT 1", length=146, found_semicolon=0x7f0d2a673f00) at sql_parse.cc:5735
#25 0x00000000006dab42 in dispatch_command (command=COM_QUERY, thd=0x4218c78,
    packet=0x4223549 "DELETE FROM `table100_maria_int_autoinc` WHERE `char_255_key_utf32_not_null` > CONVERT( 'qywjlgqqvjghvlscaegkybnmkvxvhuuhfg' USING ASCII ) LIMIT 1", packet_length=146) at sql_parse.cc:1007
#26 0x00000000006dc06b in do_command (thd=0x4218c78) at sql_parse.cc:690
#27 0x00000000006ca181 in handle_one_connection (arg=0x4218c78) at sql_connect.cc:1145
#28 0x000000315b0073da in start_thread () from /lib64/libpthread.so.0
#29 0x000000315a4e627d in clone () from /lib64/libc.so.6

(gdb) list
2039      MY_UNICASE_INFO **uni_plane= cs->caseinfo;
2040      LINT_INIT(s_wc);
2041      LINT_INIT(t_wc);
2042
2043      DBUG_ASSERT((slen % 4) == 0);
2044      DBUG_ASSERT((tlen % 4) == 0); <<<<<<<<<<<<<< HERE
2045
2046    #ifndef VARCHAR_WITH_DIFF_ENDSPACE_ARE_DIFFERENT_FOR_UNIQUE
2047      diff_if_only_endspace_difference= FALSE;
2048    #endif

(gdb) print tlen
$2 = 1019

(gdb) print tlen % 4
$3 = 3

How to repeat:
If this is repeatable, a test case will be provided
[1 Feb 2009 9:38] Philip Stoev
Same happens with MyISAM:

#6  0x000000315a42bec9 in __assert_fail () from /lib64/libc.so.6
#7  0x0000000000c783fc in my_strnncollsp_utf32 (cs=0x12e98c0, s=0x7ff66db3d3f3 "", slen=512, t=0x3736cd9 "", tlen=1019,
    diff_if_only_endspace_difference=0 '\0') at ctype-ucs2.c:2044
#8  0x0000000000c42936 in ha_compare_text (charset_info=0x12e98c0, a=0x7ff66db3d3f3 "", a_length=512, b=0x3736cd9 "", b_length=1019, part_key=0 '\0',
    skip_end_space=1 '\001') at my_handler.c:30
#9  0x0000000000c42ec4 in ha_key_cmp (keyseg=0x36db578, a=0x7ff66db3d3f3 "", b=0x3736cd9 "", key_length=1022, nextflag=106, diff_pos=0x7ff66db3d9a0)
    at my_handler.c:189
#10 0x0000000000907aab in _mi_seq_search (info=0x3733728, keyinfo=0x36da9b8, page=0x3733ebe "\200\003Ъ\003]j", key=0x3736cd6 "Ъ\003Ш", key_len=1022,
    comp_flag=106, ret_pos=0x7ff66db3da70, buff=0x37368c0 "", last_key=0x7ff66db3da7f "") at mi_search.c:266
#11 0x0000000000928ba7 in _mi_search_pos (info=0x3733728, keyinfo=0x36da9b8, key=0x3736cd6 "Ъ\003Ш", key_len=1022, nextflag=106, pos=151552)
    at mi_range.c:208
#12 0x0000000000928878 in _mi_record_pos (info=0x3733728, key=0x7ff66db3e6e0 "", keypart_map=1, search_flag=HA_READ_AFTER_KEY) at mi_range.c:175
#13 0x0000000000928576 in mi_records_in_range (info=0x3733728, inx=33, min_key=0x7ff66db3dce0, max_key=0x0) at mi_range.c:96
#14 0x00000000008f18c2 in ha_myisam::records_in_range (this=0x366e6d0, inx=33, min_key=0x7ff66db3dce0, max_key=0x0) at ha_myisam.cc:1949
#15 0x000000000080c0fe in handler::multi_range_read_info_const (this=0x366e6d0, keyno=33, seq=0x7ff66db3e160, seq_init_param=0x7ff66db3dea0, n_ranges_arg=0,
    bufsz=0x7ff66db3ddd0, flags=0x7ff66db3ddd4, cost=0x7ff66db3e1f0) at handler.cc:4123
#16 0x000000000080d9e9 in DsMrr_impl::dsmrr_info_const (this=0x366e8c8, keyno=33, seq=0x7ff66db3e160, seq_init_param=0x7ff66db3dea0, n_ranges=0,
    bufsz=0x7ff66db3e24c, flags=0x7ff66db3e250, cost=0x7ff66db3e1f0) at handler.cc:4630
#17 0x00000000008f16ef in ha_myisam::multi_range_read_info_const (this=0x366e6d0, keyno=33, seq=0x7ff66db3e160, seq_init_param=0x7ff66db3dea0, n_ranges=0,
    bufsz=0x7ff66db3e24c, flags=0x7ff66db3e250, cost=0x7ff66db3e1f0) at ha_myisam.cc:2069
#18 0x00000000007f14c1 in check_quick_select (param=0x7ff66db3e370, idx=33, index_only=false, tree=0x38c6c78, update_tbl_stats=true,
    mrr_flags=0x7ff66db3e250, bufsize=0x7ff66db3e24c, cost=0x7ff66db3e1f0) at opt_range.cc:7554
#19 0x00000000007f820a in get_key_scans_params (param=0x7ff66db3e370, tree=0x38c6630, index_read_must_be_used=false, update_tbl_stats=true, read_time=254)
    at opt_range.cc:4823
#20 0x00000000007fcf3f in SQL_SELECT::test_quick_select (this=0x37dfbe0, thd=0x3796e58, keys_to_use={map = 2199023255551}, prev_tables=0, limit=1,
    force_quick_range=false, ordered_output=false) at opt_range.cc:2427
#21 0x000000000078ea11 in SQL_SELECT::check_quick (this=0x37dfbe0, thd=0x3796e58, force_quick_range=false, limit=1) at opt_range.h:733
#22 0x0000000000790b1e in mysql_delete (thd=0x3796e58, table_list=0x37df010, conds=0x37df930, order=0x3799038, limit=1, options=0,
    reset_auto_increment=false) at sql_delete.cc:180
#23 0x00000000006d4f53 in mysql_execute_command (thd=0x3796e58) at sql_parse.cc:3244
#24 0x00000000006d9f57 in mysql_parse (thd=0x3796e58,
    inBuf=0x37deb50 "DELETE FROM `table100_myisam_int_autoinc` WHERE `char_255_key_utf32_not_null` > CONVERT( 'qywjlgqqvjghvlscaegkybnmkvxvhuuhfg' USING ASCII ) LIMIT 1", length=147, found_semicolon=0x7ff66db42f00) at sql_parse.cc:5735
#25 0x00000000006dab42 in dispatch_command (command=COM_QUERY, thd=0x3796e58,
    packet=0x3814449 "DELETE FROM `table100_myisam_int_autoinc` WHERE `char_255_key_utf32_not_null` > CONVERT( 'qywjlgqqvjghvlscaegkybnmkvxvhuuhfg' USING ASCII ) LIMIT 1", packet_length=147) at sql_parse.cc:1007
Missing separate debuginfos, use: debuginfo-install glibc-2.9-2.x86_64 libgcc-4.3.2-7.x86_64 libstdc++-4.3.2-7.x86_64
---Type <return> to continue, or q <return> to quit---
#26 0x00000000006dc06b in do_command (thd=0x3796e58) at sql_parse.cc:690
#27 0x00000000006ca181 in handle_one_connection (arg=0x3796e58) at sql_connect.cc:1145
#28 0x000000315b0073da in start_thread () from /lib64/libpthread.so.0
#29 0x000000315a4e627d in clone () from /lib64/libc.so.6
[1 Feb 2009 9:51] Philip Stoev
The simplifed test case is actually fairly minimalistic:

CREATE TABLE `table10_myisam_int_autoinc` (
`varchar_255_key_utf32` varchar(255) CHARACTER SET utf32,
pk integer auto_increment,
`char_255_key_utf32` char(255) CHARACTER SET utf32,
key (`varchar_255_key_utf32` ),
primary key (pk),
key (`char_255_key_utf32` )
) ENGINE=myisam;

INSERT IGNORE INTO table10_myisam_int_autoinc VALUES  ('with', NULL, 'd') ,  ('y', NULL, 'f') ,  ('j', NULL, 'j') ,  ('q', NULL, 'x') ,  ('was', NULL, 'h') ,  ('not', NULL, 'l') ,  ('get', NULL, 'n') ,  ('why', NULL, 'l') ,  ('it', NULL, 'x') ,  ('t', NULL, 'tell');

UPDATE `table10_myisam_int_autoinc` SET `varchar_255_key_utf32` = CONVERT( 'what' USING UTF32 ) WHERE `char_255_key_utf32` BETWEEN CONVERT( 'his' USING LATIN1 ) AND CONVERT( 'like' USING UTF32 ) LIMIT 9;
[16 Mar 2009 7:07] Alexander Barkov
The same problem is reproducible with ENGINE=MARIA.
[5 Aug 2010 6:02] Alexander Barkov
A smaller script reproducing the same problem:

DROP TABLE IF EXISTS t1;
CREATE TABLE t1 (
 b char(255) CHARACTER SET utf32,
 key (b)
) ENGINE=MYISAM;
INSERT INTO t1 VALUES ('d'),('f');
SELECT * FROM t1 WHERE b BETWEEN 'a' AND 'z';

ERROR 2013 (HY000) at line 7: Lost connection to MySQL server during query
[5 Aug 2010 7:10] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/115056

3187 Alexander Barkov	2010-08-05
      Bug#42511 mysqld: ctype-ucs2.c:2044: my_strnncollsp_utf32: Assertion (tlen % 4) == 0' fai
      
      Problem: trailing spaces were stripped using 8-bit code,
      so the truncation result length was incorrect, which led
      to an assertion failure.
      Fix: using multi-byte safe code.
[24 Aug 2010 10:20] Ingo Strüwing
Patch approved. All is fine. No email comments.
[26 Aug 2010 12:49] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/116876

3196 Alexander Barkov	2010-08-26
      Bug#42511 mysqld: ctype-ucs2.c:2044: my_strnncollsp_utf32: Assertion (tlen % 4) == 0' fai
      
      Problem: trailing spaces were stripped using 8-bit code,
      so the truncation result length was incorrect, which led
      to an assertion failure.
      Fix: using multi-byte safe code.
[26 Aug 2010 12:52] Alexander Barkov
Pushed into mysql-5.0-bugfixing [5.5.6-m3]
[26 Aug 2010 13:36] Alexander Barkov
Pushed into mysql-trunk-bugfixing    [5.6.1-m4]
Pushed into mysql-next-mr-bugfixing  [5.6.99-m5]
[30 Aug 2010 8:31] Bugs System
Pushed into mysql-trunk 5.6.1-m4 (revid:alik@sun.com-20100830082732-n2eyijnv86exc5ci) (version source revid:alik@sun.com-20100830082732-n2eyijnv86exc5ci) (merge vers: 5.6.1-m4) (pib:21)
[30 Aug 2010 8:34] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100830082745-n6sh01wlwh3itasv) (version source revid:alik@sun.com-20100830082745-n6sh01wlwh3itasv) (pib:21)
[30 Aug 2010 8:36] Bugs System
Pushed into mysql-5.5 5.5.7-m3 (revid:alik@sun.com-20100830082727-5ac4czrxl61w9wle) (version source revid:alik@sun.com-20100830082727-5ac4czrxl61w9wle) (merge vers: 5.5.7-m3) (pib:21)
[31 Aug 2010 20:01] Paul DuBois
Noted in 5.5.7, 5.6.1 changelogs.

Trailing space removal for utf32 strings was done with
non-multibyte-safe code, leading to incorrect result length and
assertion failure.