| Bug #10969 | Stored procedures: crash if default() function | ||
|---|---|---|---|
| Submitted: | 30 May 2005 21:30 | Modified: | 3 Jun 2005 14:08 |
| Reporter: | Peter Gulutzan | ||
| Status: | Closed | ||
| Category: | Server | Severity: | S3 (Non-critical) |
| Version: | 5.0.7-beta-debug | OS: | Linux (SUSE 9.2) |
| Assigned to: | Bugs System | Target Version: | |
[30 May 2005 21:30]
Peter Gulutzan
[30 May 2005 21:57]
Miguel Solorzano
Thank you for the bug report.
Call stack:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 245776 (LWP 14553)]
0x0814b641 in Item_default_value::fix_fields (this=0x8ed91c8, thd=0x8e7a068,
table_list=0x8ed92d8,
items=0x8ed9284) at item.cc:4477
4477 if (!(def_field= (Field*) sql_alloc(field_arg->field->size_of())))
(gdb) backtrace full
#0 0x0814b641 in Item_default_value::fix_fields (this=0x8ed91c8, thd=0x8e7a068,
table_list=0x8ed92d8,
items=0x8ed9284) at item.cc:4477
field_arg = (Item_field *) 0x8ed9178
def_field = (class Field *) 0xbdbfe7b4
#1 0x0821667d in setup_fields (thd=0x8e7a068, ref_pointer_array=0x8ed95b8,
tables=0x8ed92d8,
fields=@0x8e9b3c4, set_query_id=true, sum_func_list=0x8e9d554, allow_sum_func=true)
at sql_base.cc:3141
item = (class Item *) 0x8ed91c8
it = {<base_list_iterator> = {list = 0x8e9b3c4, el = 0x8ed9280, prev =
0x8e9b3c4,
current = 0x8ed9280}, <No data fields>}
_db_func_ = 0x813e41f
"ÉÃ\220U\211å\203ì\030\213E\020\211D$\b\213E\f\211D$\004\213E\b\213@(\211\004$èo\022G"
_db_file_ = 0xbdbfe7bc "ijé\b\200\222í\b°\215í\b<"
_db_level_ = 0
_db_framep_ = (char **) 0x0
ref = (class Item **) 0x8ed95b8
#2 0x0821f5ec in JOIN::prepare (this=0x8e9c828, rref_pointer_array=0x8e9b464,
tables_init=0x8ed92d8,
wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, group_init=0x0,
having_init=0x0,
proc_param_init=0x0, select_lex_arg=0x8e9b354, unit_arg=0x8e9b170) at
sql_select.cc:343
_db_func_ = 0x80a04a00 <Address 0x80a04a00 out of bounds>
_db_file_ = 0x8e9b3c4 "\200\222í\b\200\222í\b\001"
_db_level_ = 149397608
_db_framep_ = (char **) 0x8e9c828
#3 0x08224dcb in mysql_select (thd=0x8e7a068, rref_pointer_array=0x8e9b464,
tables=0x8ed92d8,
wild_num=0, fields=@0x8e9b3c4, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0,
proc_param=0x0,
select_options=2157988352, result=0x8e9c818, unit=0x8e9b170, select_lex=0x8e9b354)
at sql_select.cc:2030
err = 189
free_join = true
_db_func_ = 0x8e9b354 "\2103_\b"
_db_file_ = 0xbdbfe91c
"T³é\bT³é\bp±é\b\030Èé\b<鿽\025;\037\b\030Èé\b\001"
---Type <return> to continue, or q <return> to quit---
_db_level_ = 4294967295
_db_framep_ = (char **) 0xffffffff
join = (JOIN *) 0x8e9c828
#4 0x0821f2c4 in handle_select (thd=0x8e7a068, lex=0x8e9b160, result=0x8e9c818,
setup_tables_done_option=0) at sql_select.cc:242
unit = (SELECT_LEX_UNIT *) 0x8e9b170
res = false
select_lex = (SELECT_LEX *) 0x8e9b354
_db_func_ = 0x8e9c818 "ÈÕa\bh ç\b\004"
_db_file_ = 0x81f3b15 "\213E\bÇ"
_db_level_ = 3183470908
_db_framep_ = (char **) 0x8e9c818
#5 0x081e707a in mysql_execute_command (thd=0x8e7a068) at sql_parse.cc:2400
result = (class select_result *) 0x8e9c818
res = false
result = 0
lex = (LEX *) 0x8e9b160
select_lex = (SELECT_LEX *) 0x8e9b354
slave_fake_lock = false
fake_prev_lock = (MYSQL_LOCK *) 0x0
first_table = (TABLE_LIST *) 0x8ed92d8
all_tables = (TABLE_LIST *) 0x8ed92d8
unit = (SELECT_LEX_UNIT *) 0x8e9b170
_db_func_ = 0xbdbfeeac ""
_db_file_ = 0x0
_db_level_ = 142598240
_db_framep_ = (char **) 0x4018dd00
#6 0x0833c86f in sp_instr_stmt::exec_core (this=0x8ed9438, thd=0x8e7a068,
nextp=0xbdbfefe4)
at sp_head.cc:1454
res = 149397608
#7 0x0833c606 in sp_lex_keeper::reset_lex_and_exec_core (this=0x8ed9454, thd=0x8e7a068,
---Type <return> to continue, or q <return> to quit---
nextp=0xbdbfefe4, open_tables=false, instr=0x8ed9438) at sp_head.cc:1373
res = 0
#8 0x0833c7b2 in sp_instr_stmt::execute (this=0x8ed9438, thd=0x8e7a068,
nextp=0xbdbfefe4)
at sp_head.cc:1431
query = 0x8e9c3f8 "call p30()"
query_length = 10
_db_func_ = 0x81f3a61 "\211\203D\027"
_db_file_ = 0x1 <Address 0x1 out of bounds>
_db_level_ = 3183472456
_db_framep_ = (char **) 0x8ed8ef8
res = 0
#9 0x0833a453 in sp_head::execute (this=0x8ed8db0, thd=0x8e7a068) at sp_head.cc:624
i = (sp_instr *) 0x8ed9438
hip = 3183472564
_db_func_ = 0x814035f
"ÉÃ\220U\211å\203ì\030\213E\024\211D$\f\213E\020\211D$\b\213E\f\211D$\004\213E\b\211\004$è²\021"
_db_file_ = 0x5 <Address 0x5 out of bounds>
_db_level_ = 142551936
_db_framep_ = (char **) 0x8e9c780
olddb = '\0' <repeats 24 times>,
"\\ð¿½öóZ\bÚ\000\000\000Lð¿½Hð¿½Dð¿½\233\177\030@\000Ý\030@<ð¿½ð}\030@HÇé\bàû¿½Lð¿½Qä\024\b\001\000\000\000\000Ý\030@lð¿½f\017\024\b\200Çé\b\200+\177\b\004\000\000\000\000\000\000\000h
ç\bHÇé\b\214ð¿½A\005\025\b"
dbchanged = false
ctx = (sp_rcontext *) 0x8e9c6b8
ret = 0
ip = 1
old_arena = (class Item_arena *) 0x8e7a074
old_query_id = 890664
old_derived_tables = (TABLE *) 0x0
old_lex = (LEX *) 0x8e7a0a8
old_change_list = {<base_ilist> = {first = 0x8e7b9e4, last = {_vptr.ilink =
0x861d888,
---Type <return> to continue, or q <return> to quit---
prev = 0x8e7b9e0, next = 0x0}}, <No data fields>}
old_packet = {Ptr = 0x8ed0d90
"\003def\004test\002tv\002tv\tstddev(0)\tstddev(0)\f?",
str_length = 49, Alloced_length = 16384, alloced = true, str_charset = 0x87f2b80}
#10 0x0833ae88 in sp_head::execute_procedure (this=0x8ed8db0, thd=0x8e7a068,
args=0x8e7a4d4)
at sp_head.cc:857
_db_func_ = 0x1000000 <Address 0x1000000 out of bounds>
_db_file_ = 0x0
_db_level_ = 149403364
_db_framep_ = (char **) 0x8ed9590
ret = 0
csize = 2
params = 0
hmax = 0
cmax = 0
octx = (sp_rcontext *) 0x8e9c700
nctx = (sp_rcontext *) 0x8e9c6b8
tmp_octx = 1 '\001'
#11 0x081ec522 in mysql_execute_command (thd=0x8e7a068) at sql_parse.cc:4113
select_limit = 18446744073709551615
save_options = 2158250496
save_ctx = {changed = false, master_access = 3183473992, db_access = 3183473988,
priv_user = 0x81c6c84 "\211\235àþÿÿëtÇD$\b",
priv_host =
"ôõ¿½Äö¿½\000\000\000\000Àõ¿½~\217\030@\000=\030@\021\213\030@\000\000\000\000\001",
'\0' <repeats 12 times>, "Ý\030@$Xé\b\000\000\000\000\214õ¿½z", user = 0x8e95834 "",
host = 0x8e7a074 "XÖa\b\210Çé\bèÃé\b", ip = 0xbdbff58c "\021\213\030@"}
bits_to_be_cleared = 8
nsok = 0 '\0'
sp = (class sp_head *) 0x8ed8db0
res = false
result = 0
lex = (LEX *) 0x8e7a0a8
---Type <return> to continue, or q <return> to quit---
select_lex = (SELECT_LEX *) 0x8e7a29c
slave_fake_lock = false
fake_prev_lock = (MYSQL_LOCK *) 0x0
first_table = (TABLE_LIST *) 0x0
all_tables = (TABLE_LIST *) 0x0
unit = (SELECT_LEX_UNIT *) 0x8e7a0b8
_db_func_ = 0x0
_db_file_ = 0x0
_db_level_ = 0
_db_framep_ = (char **) 0x8e7a0a8
#12 0x081ef82b in mysql_parse (thd=0x8e7a068, inBuf=0x8e9c3f8 "call p30()", length=10)
at sql_parse.cc:5260
lex = (LEX *) 0x8e7a0a8
_db_func_ = 0x8e8e1cb ""
_db_file_ = 0x0
_db_level_ = 3183474424
_db_framep_ = (char **) 0x0
#13 0x081e5196 in dispatch_command (command=COM_QUERY, thd=0x8e7a068, packet=0x8e8e1c1
"call p30()",
packet_length=11) at sql_parse.cc:1653
packet_end = 0x8e9c402 ""
net = (NET *) 0x8e7a7dc
error = false
_db_func_ = 0x0
_db_file_ = 0x0
_db_level_ = 0
_db_framep_ = (char **) 0x0
#14 0x081e49a6 in do_command (thd=0x8e7a068) at sql_parse.cc:1456
packet = 0x8e8e1c0 "\003call p30()"
old_timeout = 30
packet_length = 11
net = (NET *) 0x8e7a7dc
---Type <return> to continue, or q <return> to quit---
command = COM_QUERY
_db_func_ = 0x8e7b828 "ÿÿÿÿ"
_db_file_ = 0x81bbeb0 "ÉÃU\211å\203ì(\213E\b\211\004$è¡"
_db_level_ = 3183475180
_db_framep_ = (char **) 0x1010
#15 0x081e3afb in handle_one_connection (arg=0x8e7a068) at sql_parse.cc:1114
error = 0
net = (NET *) 0x8e7a7dc
thd = (class THD *) 0x8e7a068
launch_time = 1
set = {__val = {0 <repeats 32 times>}}
#16 0x40184e51 in pthread_start_thread () from /lib/libpthread.so.0
No symbol table info available.
#17 0x40184ecf in pthread_start_thread_event () from /lib/libpthread.so.0
No symbol table info available.
#18 0x4030c65a in clone () from /lib/libc.so.6
No symbol table info available.
(gdb)
[3 Jun 2005 13:21]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/internals/25565
