Bug #6517 crash, set @uservar= (SELECT ... FROM (SELECT ...) ...)
Submitted: 9 Nov 2004 10:52 Modified: 3 Dec 2004 23:08
Reporter: Matthias Leich Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:4.1 OS:
Assigned to: Oleksandr Byelkin CPU Architecture:Any

[9 Nov 2004 10:52] Matthias Leich 
Description:
The following command sequence crashes the server:
use test;
set @got_val= (SELECT 1 FROM (SELECT 'A' as my_col) as T1 ) ;

Observations, which might be of interest:
The crash disappears if I:
- perform an additional SQL command like 'SELECT 1;' between 
   'use test;' and the 'set @got_val ...'              or
- replace the given 'set @got_val= ....' with
       SELECT 1 FROM (SELECT 'A' as my_col) as T1 ;    or
       set @got_val= (SELECT 1 ) ;
The crash will not disappear if I:
- assign a value to the uservariable @got_val just before the
  critical statement the crash                      or
- replace the numeric constant with 'A', 'count(*)' or the 
  column 'my_col' 

There is something wrong with the uservariable handling at the 
beginning of a session/connection or maybe the SELECT with the
inner query "SELECT 'A' as mycol" destroys some structures
needed for the uservariable.

My environment:
   - Intel PC with Linux(SuSE 9.1)
   - MySQL 4.1 compiled from source
        last ChangeSet@1.2085, 2004-11-09
BTW: Version 5.0 (last Changeset 2004-11-08) does not show
        this bug 

How to repeat:
Please execute
<connection start>
use test;
set @got_val= (SELECT 1 FROM (SELECT 'A' as my_col) as T1 ) ;
[9 Nov 2004 11:16] MySQL Verification Team 
back trace:

(gdb) bt
#0  0x081b33b2 in setup_procedure (thd=0xb6215908, param=0xa5a5a5a5, result=0x8cdbd88,
    field_list=@0x8cdb600, error=0x8cdc804) at procedure.cc:61
#1  0x0818f6a4 in JOIN::prepare (this=0x8cdbe48, rref_pointer_array=0x8cdb69c, tables_init=0x0,
    wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, group_init=0x0, having_init=0x0,
    proc_param_init=0xa5a5a5a5, select_lex_arg=0x8cdb598, unit_arg=0x8cdb6c8)
    at sql_select.cc:350
#2  0x0822fb2c in st_select_lex_unit::prepare (this=0x8cdb6c8, thd_arg=0xb6215908,
    sel_result=0x8cdbd88, additional_options=0) at sql_union.cc:234
#3  0x082312f9 in mysql_derived (thd=0xb6215908, lex=0xb6215944, unit=0x8cdb6c8,
    org_table_list=0x8cdb848) at sql_derived.cc:127
#4  0x0823120d in mysql_handle_derived (lex=0xb6215944) at sql_derived.cc:60
#5  0x081890d4 in open_and_lock_tables (thd=0xb6215908, tables=0x8cdbd28) at sql_base.cc:1702
#6  0x0816f1a5 in mysql_execute_command (thd=0xb6215908) at sql_parse.cc:3055
#7  0x08171711 in mysql_parse (thd=0xb6215908,
    inBuf=0x8cdb2b0 "set @got_val= (SELECT 1 FROM (SELECT 'A' as my_col) as T1 )", length=59)
    at sql_parse.cc:4063
#8  0x0816b8c2 in dispatch_command (command=COM_QUERY, thd=0xb6215908,
    packet=0xb6217551 "set @got_val= (SELECT 1 FROM (SELECT 'A' as my_col) as T1 )",
    packet_length=60) at sql_parse.cc:1494
#9  0x0816b1e2 in do_command (thd=0xb6215908) at sql_parse.cc:1280
#10 0x0816a7bb in handle_one_connection (arg=0xb6215908) at sql_parse.cc:1024
#11 0xb7e4714b in pthread_start_thread () from /lib/libpthread.so.0
#12 0xb7e471df in pthread_start_thread_event () from /lib/libpthread.so.0
#13 0xb7d7a50a in clone () from /lib/libc.so.6
[15 Nov 2004 12:41] Oleksandr Byelkin 
ChangeSet 
  1.2106 04/11/15 14:37:40 bell@sanja.is.com.ua +4 -0 
  moved procedure list initialization (BUG#6517)
[3 Dec 2004 23:08] Oleksandr Byelkin 
Thank you for bugreport! Bugfix is pushed in our source repository.