Bug #57882 Item_func_conv_charset::val_str(String*): Assertion `fixed == 1' failed
Submitted: 1 Nov 2010 8:40 Modified: 14 Dec 2010 0:00
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Data Types Severity:S1 (Critical)
Version:5.5.7-debug, 5.5.8-debug OS:Any
Assigned to: Jørgen Løland CPU Architecture:Any
Tags: regression

[1 Nov 2010 8:40] Shane Bester 
Description:
Version: '5.5.8-ga-valgrind-max-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread 0x7ffff406e710 (LWP 17144)]
mysqld: ./sql/item_strfunc.cc:2952: virtual String* Item_func_conv_charset::val_str(String*): Assertion `fixed == 1' failed.

#0  in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  in abort () at abort.c:92
#2  in __assert_fail at assert.c:81
#3  in Item_func_conv_charset::val_str at ./sql/item_strfunc.cc:2952
#4  in in_string::set  at ./sql/item_cmpfunc.cc:3412
#5  in Item_func_in::fix_length_and_dec at ./sql/item_cmpfunc.cc:4033
#6  in Item_func::fix_fields  at ./sql/item_func.cc:219
#7  in Item_func_in::fix_fields  at ./sql/item_cmpfunc.cc:3816
#8  in setup_fields  at ./sql/sql_base.cc:7727
#9  in JOIN::prepare at ./sql/sql_select.cc:542
#10 in mysql_select  at ./sql/sql_select.cc:2547
#11 in handle_select  at ./sql/sql_select.cc:296
#12 in execute_sqlcom_select  at ./sql/sql_parse.cc:4469
#13 in mysql_execute_command  at ./sql/sql_parse.cc:2065
#14 in mysql_parse  at ./sql/sql_parse.cc:5512
#15 in dispatch_command at ./sql/sql_parse.cc:1029
#16 in do_command  at ./sql/sql_parse.cc:769
#17 in do_handle_one_connection at ./sql/sql_connect.cc:745
#18 in handle_one_connection at ./sql/sql_connect.cc:684
#19 in start_thread  at pthread_create.c:301
#20 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115
(gdb) 

How to repeat:
on debug build:
select (convert('0' using latin1) in (char(cot('v') using utf8),''));
[1 Nov 2010 8:41] MySQL Verification Team 
i am sorry if this is a duplicate of bug 57515
wasn't sure..
[1 Nov 2010 9:04] Valeriy Kravchuk 
Verified on Ubuntu:

openxs@ubuntu:~/dbs/5.5$ bin/mysql --no-defaults -uroot test
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.5.7-rc-debug Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> select (convert('0' using latin1) in (char(cot('v') using utf8),''));
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql> 101101 11:02:28 mysqld_safe Number of processes running now: 0
101101 11:02:28 mysqld_safe mysqld restarted

mysql> exit
Bye
openxs@ubuntu:~/dbs/5.5$ tail -80 var/ubuntu.err 
101022 17:56:48  InnoDB: Shutdown completed; log sequence number 1606401
101022 17:56:48 [Note] /home/openxs/dbs/5.5/libexec/mysqld: Shutdown complete

101022 17:56:48 mysqld_safe mysqld from pid file /home/openxs/dbs/5.5/var/ubuntu.pid ended
101101 11:02:23 mysqld_safe Starting mysqld daemon with databases from /home/openxs/dbs/5.5/var
101101 11:02:24 [Note] Plugin 'FEDERATED' is disabled.
InnoDB: The InnoDB memory heap is disabled
InnoDB: Mutexes and rw_locks use GCC atomic builtins
InnoDB: Compressed tables use zlib 1.2.3
101101 11:02:25  InnoDB: highest supported file format is Barracuda.
101101 11:02:25 InnoDB 1.1.2 started; log sequence number 1606401
101101 11:02:25 [Note] Event Scheduler: Loaded 0 events
101101 11:02:25 [Note] /home/openxs/dbs/5.5/libexec/mysqld: ready for connections.
Version: '5.5.7-rc-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
mysqld: item_strfunc.cc:2909: virtual String* Item_func_conv_charset::val_str(String*): Assertion `fixed == 1' failed.
101101 11:02:28 - mysqld got signal 6 ;
...

5.1.53-debug does NOT crash, so this is a regression bug.
[1 Nov 2010 15:49] MySQL Verification Team 
another testcase:

select ((@@global.basedir) not in ((polygonfromwkb((rtrim((0xcf))))),(char((pow((32767),(32767))) using geostd8))));
[3 Nov 2010 13:48] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/122684

3120 Jorgen Loland	2010-11-03
      Bug#57882 - Item_func_conv_charset::val_str(String*): 
                  Assertion `fixed == 1' failed
      
      (also fixes duplicate bug 57515)
      
      agg_item_set_converter() (item.cc) handles conversion of 
      character sets by creating a new Item. fix_fields() is then 
      called on this newly created item. Prior to this patch, it was
      not checked whether fix_fields() was successful or not. Thus, 
      agg_item_set_converter() would return success even when an 
      error occured. This patch makes it return error (TRUE) if 
      fix_fields() fails.
     @ mysql-test/r/errors.result
        Add test for BUG#57882
     @ mysql-test/t/errors.test
        Add test for BUG#57882
     @ sql/item.cc
        Make agg_item_set_converter() return with error if fix_fields() 
        on the newly created converted item fails.
[3 Nov 2010 21:41] Alexander Barkov 
Jorgen, the patch looks fine.

Please also remove these comments just before the line you changed:

+    /*
+      We do not check conv->fixed, because Item_func_conv_charset which can
+      be return by safe_charset_converter can't be fixed at creation
+    */

and make sure that all tests work fine with --ps.
[4 Nov 2010 8:36] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/122796

3123 Jorgen Loland	2010-11-04
      Bug#57882 - Item_func_conv_charset::val_str(String*): 
                  Assertion `fixed == 1' failed
      
      (also fixes duplicate bug 57515)
      
      agg_item_set_converter() (item.cc) handles conversion of 
      character sets by creating a new Item. fix_fields() is then 
      called on this newly created item. Prior to this patch, it was
      not checked whether fix_fields() was successful or not. Thus, 
      agg_item_set_converter() would return success even when an 
      error occured. This patch makes it return error (TRUE) if 
      fix_fields() fails.
     @ mysql-test/r/errors.result
        Add test for BUG#57882
     @ mysql-test/t/errors.test
        Add test for BUG#57882
     @ sql/item.cc
        Make agg_item_set_converter() return with error if fix_fields() 
        on the newly created converted item fails.
[4 Nov 2010 8:37] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/122797

3324 Jorgen Loland	2010-11-04 [merge]
      Merge BUG#57882 from 5.5-bf -> trunk
[4 Nov 2010 8:50] Jørgen Løland 
Pushed to 5.5-bf, merged to trunk-bf
[4 Nov 2010 12:37] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/122830

3120 Jorgen Loland	2010-11-04
      Bug#57882 - Item_func_conv_charset::val_str(String*): 
                  Assertion `fixed == 1' failed
      
      Followup patch. Test case relied on system variable that is
      only available if replication is compiled in. Replaced with
      variable available in all builds.
     @ mysql-test/r/errors.result
        Test case relied on system variable that is only available if
        replication is compiled in. Replaced with variable available in
        all builds.
     @ mysql-test/t/errors.test
        Test case relied on system variable that is only available if
        replication is compiled in. Replaced with variable available in
        all builds.
[13 Nov 2010 16:14] Bugs System 
Pushed into mysql-trunk 5.6.99-m5 (revid:alexander.nozdrin@oracle.com-20101113155825-czmva9kg4n31anmu) (version source revid:alexander.nozdrin@oracle.com-20101113152450-2zzcm50e7i4j35v7) (merge vers: 5.6.1-m4) (pib:21)
[13 Nov 2010 16:39] Bugs System 
Pushed into mysql-next-mr (revid:alexander.nozdrin@oracle.com-20101113160336-atmtmfb3mzm4pz4i) (version source revid:alexander.nozdrin@oracle.com-20101113152540-gxro4g0v29l27f5x) (pib:21)
[11 Dec 2010 17:59] Paul DuBois 
How do I describe this bug for the changelog entry?
[13 Dec 2010 8:32] Jørgen Løland 
Incorrect error handling would trigger ASSERT if character set
conversion wrapped an item that failed.
[14 Dec 2010 0:00] Paul DuBois 
Noted in 5.5.8 changelog.

Incorrect error handling raised an assertion if character set
conversion wrapped an item that failed.
[16 Dec 2010 22:33] Bugs System 
Pushed into mysql-5.5 5.5.9 (revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (version source revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (merge vers: 5.5.9) (pib:24)