Bug #93 4.1 protocl crash on corupted frm and SHOW TABLE STATUS
Submitted: 24 Feb 2003 11:17 Modified: 26 Feb 2003 0:19
Reporter: Sergei Golubchik Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version: OS:
Assigned to: Bugs System CPU Architecture:Any

[24 Feb 2003 11:17] Sergei Golubchik 
Description:
actually subject says it all. See also How-to-repeat

How to repeat:
copy any file to database dir as foobar.frm
% mysql
mysql> SHOW TABLE STATUS;
assertion "field_types == 0 || field_types[field_pos] == MYSQL_TYPE_DECIMAL || ( field_types[field_pos] >= MYSQL_TYPE_ENUM && field_types[field_pos] <= MYSQL_TYP E_GEOMETRY)" failed: file "protocol.cc", line 710
[24 Feb 2003 15:09] Venu Anuganti 
Dear serg,

Thanks for the nice bug report, and this is now fixed in the current development version.

What is happening is that in mysqld_extend_show_tables(), if it can't open the .frm file(open_ltable()), then the Comment field(count 16) is supposed to contain the error message from 'SHOW TABLE STATUS', but currently it is returning a 0 length string and error is sent to next 2 higher levels of field count(count 18), which is obviously wrong.

I fixed this in 4.1 tree to send this correctly. I will also back port this to mysql 3.23 and 4.0 as they also do the same thing, and they aren't caught because of no internal debug asserts for them not no test is covering to catch this error message from the Comment field.

But the server->client packet is always sending extra two fields data in this case, and they are ignored at the client end which buffering using 'read_rows'.

I also added a test 'test_frm_bug()' in tests/client_test.c for this case to manually check for the error message.

Thanks
[24 Feb 2003 15:09] Venu Anuganti 
Dear serg,

Thanks for the nice bug report, and this is now fixed in the current development version.

What is happening is that in mysqld_extend_show_tables(), if it can't open the .frm file(open_ltable()), then the Comment field(count 16) is supposed to contain the error message from 'SHOW TABLE STATUS', but currently it is returning a 0 length string and error is sent to next 2 higher levels of field count(count 18), which is obviously wrong.

I fixed this in 4.1 tree to send this correctly. I will also back port this to mysql 3.23 and 4.0 as they also do the same thing, and they aren't caught because of no internal debug asserts for them not no test is covering to catch this error message from the Comment field.

But the server->client packet is always sending extra two fields data in this case, and they are ignored at the client end which buffering using 'read_rows'.

I also added a test 'test_frm_bug()' in tests/client_test.c for this case to manually check for the error message.

Thanks
[26 Feb 2003 0:19] Michael Widenius 
Thank you for your bug report. This issue has already been fixed
in the latest released version of that product, which you can download at 
http://www.mysql.com/downloads/

This is fixed in 3.23.56 and will be merged to other trees shortly
[13 Oct 2005 13:52] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/31028