Bug #9210 Server crash with a simple query with GROUP BY
Submitted: 15 Mar 2005 22:14 Modified: 20 Apr 2005 1:44
Reporter: Konstantin Osipov (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S3 (Non-critical)
Version:5.0 OS:Linux (SuSE Linux 9.1)
Assigned to: Igor Babaev CPU Architecture:Any

[15 Mar 2005 22:14] Konstantin Osipov 
Description:
Server crashes when processing a simple query with GROUP BY.
50316  1:10:32 [Note] /home/kostja/work/mysql-5.0-root/sql/mysqld: ready for connections.
Version: '5.0.3-alpha-valgrind-max-debug'  socket: '/opt/local/var/mysql/mysql.sock'  port: 3307  Source distribution
[New Thread 1085610928 (LWP 21653)]
mysqld: sql_select.cc:11911: void calc_group_buffer(JOIN*, ORDER*): Assertion `0' failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread 1085610928 (LWP 21653)]
0xffffe410 in ?? ()
(gdb) bt
#0  0xffffe410 in ?? ()
#1  0x40b50ea0 in ?? ()
#2  0x00000006 in ?? ()
#3  0x40201f79 in abort () from /lib/tls/libc.so.6
#4  0x401f9fe3 in __assert_fail () from /lib/tls/libc.so.6
#5  0x0823c1ca in calc_group_buffer (join=0x8800228, group=0x88001a0)
    at sql_select.cc:11911
#6  0x0822222c in JOIN::optimize (this=0x8800228) at sql_select.cc:804
#7  0x08225e15 in mysql_select (thd=0x87fa090, rref_pointer_array=0x87fa3dc, 
    tables=0x87f7778, wild_num=0, fields=@0x87fa324, conds=0x0, og_num=1, 
    order=0x0, group=0x88001a0, having=0x0, proc_param=0x0, 
    select_options=2156153344, result=0x8800200, unit=0x87fa0e0, 
    select_lex=0x87fa2b8) at sql_select.cc:2036
#8  0x0822081c in handle_select (thd=0x87fa090, lex=0x87fa0d0, 
    result=0x8800200, setup_tables_done_option=0) at sql_select.cc:227
#9  0x081f17a4 in mysql_execute_command (thd=0x87fa090) at sql_parse.cc:2381
#10 0x081f87ce in mysql_parse (thd=0x87fa090, 
    inBuf=0x87fffb0 "select  sum(a) from t1 group by b/c", length=35)
    at sql_parse.cc:5138
#11 0x081efc6c in dispatch_command (command=COM_QUERY, thd=0x87fa090, 
    packet=0x87ebc39 "select  sum(a) from t1 group by b/c", packet_length=36)
    at sql_parse.cc:1646
#12 0x081ef5ba in do_command (thd=0x87fa090) at sql_parse.cc:1452
#13 0x081ee83c in handle_one_connection (arg=0x87fa090) at sql_parse.cc:1109
#14 0x401659dd in start_thread () from /lib/tls/libpthread.so.0
#15 0x40290ffa in clone () from /lib/tls/libc.so.6

How to repeat:
create table t1 (a int, b int, c int);
insert into t1 (a, b, c) values (1,1,1), (1,1,2), 
                   (1,1,3), (1,2,1), (1,2,2), (1,2,3), (1,3,1), (1,3,2), 
                   (1,3,3), (2,1,1), (2,1,2), (2,1,3), (2,2,1), (2,2,2), 
                   (2,2,3), (2,3,1), (2,3,2), (2,3,3), (3,1,1), (3,1,2), 
                   (3,1,3), (3,2,1), (3,2,2), (3,2,3), (3,3,1), (3,3,2), 
                   (3,3,3);

select  sum(a) from t1 group by b/c ; -- crash here

4.1 doesn't crash.
[16 Mar 2005 15:57] Hartmut Holzgraefe 
Crashes with fresh bk build from today, works fine with older builds 
(most recent  i had was from Feb 1st)
[20 Mar 2005 7:13] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/23211
[20 Mar 2005 7:52] Igor Babaev 
The fix for this bug will appear in the release 5.0.4 (or maybe even in 5.0.3)

ChangeSet
  1.1829 05/03/19 23:12:50 igor@rurik.mysql.com +3 -0
  func_group.test, func_group.result:
    Added a test case for bug #9210.
  sql_select.cc:
    Fixed bug #9210.
    The function calc_group_buffer did not cover the case
    when the GROUP BY expression was decimal.
    Slightly optimized the other code.
[20 Apr 2005 1:44] Paul DuBois 
Noted in 5.0.4 changelog.