Bug #54582 stack overflow when opening many tables linked with foreign keys at once
Submitted: 17 Jun 2010 11:37 Modified: 1 Dec 2010 0:43
Reporter: Susanne Ebrecht Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: InnoDB storage engine Severity:S1 (Critical)
Version:5.0.91,5.1.48, 5.1.49, 5.5.3 OS:Any (Ubuntu 10.04 amd64)
Assigned to: Jimmy Yang CPU Architecture:Any

[17 Jun 2010 11:37] Susanne Ebrecht
Description:
Server: youngest bzr tree

Installed from source.

mysql> select * from information_schema.triggers;

=> Seg fault

I will attach core file

How to repeat:
See above
[17 Jun 2010 13:39] MySQL Verification Team
import this file into server. then shutdown/restart mysqld and "select * from information_schema.tables"

Attachment: bug54582.sql (application/octet-stream, text), 62.35 KiB.

[17 Jun 2010 13:54] MySQL Verification Team
partial workaround is to set a huge value for --thread-stack, such as 4M or 10M, depending how many tables are linked with FK
[17 Jun 2010 14:11] Valeriy Kravchuk
I see the same problem with 5.1.49-bzr on Mac OS X. Workaround also helps.
[18 Jun 2010 5:48] MySQL Verification Team
just a comment. you dont have to select from information_schema. you can just open t1 first, which will cause all the linked tables to be opened.

in my testcase, you can open t400, t350, t300, t250 ... t1 successfully since
not too much stack space is needed.  but if you first open t1, it'll crash.
[18 Jun 2010 5:56] MySQL Verification Team
innodb never calls check_stack_overrun function... perhaps it should consider doing so and thus return ER_STACK_OVERRUN_NEED_MORE when needed.

or we can ask that the design is fixed so that there is no limit :)
[1 Jul 2010 13:25] Kristofer Pettersson
Security Response Team: Severity C;
There is a potential for arbitrary code execution but not in any obvious way and the server needs to be restarted. User must be authenticated, authorized and this is likely to show up in any audit.
CVSS  1.7
[9 Jul 2010 6:46] MySQL Verification Team
stack trace of the crash....

Attachment: bug54582_stack.zip (application/x-zip-compressed, text), 5.27 KiB.

[28 Sep 2010 8:48] Bugs System
Pushed into mysql-5.1 5.1.52 (revid:sunanda.menon@sun.com-20100928083322-wangbv97uobu7g66) (version source revid:sunanda.menon@sun.com-20100928083322-wangbv97uobu7g66) (merge vers: 5.1.52) (pib:21)
[6 Oct 2010 5:31] MySQL Verification Team
the fix for this bug introduced bug #57255
[14 Oct 2010 8:38] Bugs System
Pushed into mysql-5.1-telco-7.0 5.1.51-ndb-7.0.20 (revid:martin.skold@mysql.com-20101014082627-jrmy9xbfbtrebw3c) (version source revid:martin.skold@mysql.com-20101014082627-jrmy9xbfbtrebw3c) (merge vers: 5.1.51-ndb-7.0.20) (pib:21)
[14 Oct 2010 8:53] Bugs System
Pushed into mysql-5.1-telco-6.3 5.1.51-ndb-6.3.39 (revid:martin.skold@mysql.com-20101014083757-5qo48b86d69zjvzj) (version source revid:martin.skold@mysql.com-20101014083757-5qo48b86d69zjvzj) (merge vers: 5.1.51-ndb-6.3.39) (pib:21)
[14 Oct 2010 9:11] Bugs System
Pushed into mysql-5.1-telco-6.2 5.1.51-ndb-6.2.19 (revid:martin.skold@mysql.com-20101014084420-y54ecj85j5we27oa) (version source revid:martin.skold@mysql.com-20101014084420-y54ecj85j5we27oa) (merge vers: 5.1.51-ndb-6.2.19) (pib:21)
[26 Oct 2010 23:50] John Russell
Added to the changelog (the private changelog, until the private flag is lifted):

The server could crash when opening an InnoDB table linked through foreign keys to a long chain of child tables.
[9 Nov 2010 19:49] Bugs System
Pushed into mysql-5.5 5.5.7-rc (revid:sunanda.menon@sun.com-20101109182959-otkxq8vo2dcd13la) (version source revid:sunanda.menon@sun.com-20101109182959-otkxq8vo2dcd13la) (merge vers: 5.5.7-rc) (pib:21)
[13 Nov 2010 16:21] Bugs System
Pushed into mysql-trunk 5.6.99-m5 (revid:alexander.nozdrin@oracle.com-20101113155825-czmva9kg4n31anmu) (version source revid:alexander.nozdrin@oracle.com-20101113152450-2zzcm50e7i4j35v7) (merge vers: 5.6.1-m4) (pib:21)
[13 Nov 2010 16:41] Bugs System
Pushed into mysql-next-mr (revid:alexander.nozdrin@oracle.com-20101113160336-atmtmfb3mzm4pz4i) (version source revid:vasil.dimov@oracle.com-20100629074804-359l9m9gniauxr94) (pib:21)