| Bug #12913 | Simple SQL can crash server or connection | ||
|---|---|---|---|
| Submitted: | 31 Aug 2005 15:56 | Modified: | 16 Jan 2006 22:12 |
| Reporter: | Paul Keenan | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S1 (Critical) |
| Version: | 4.1 and 5.0 | OS: | Windows (Win XP and Linux) |
| Assigned to: | Andrey Hristov | CPU Architecture: | Any |
[31 Aug 2005 15:58]
Jorge del Conde
Thanks for your bug report. I was able to reproduce this bug under Linux using 5.0.12 from bk
[31 Aug 2005 15:58]
Jorge del Conde
mysql> CREATE TABLE t1 (f1 ENUM ('a','b')) AS SELECT 'a' AS f1;
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>
[31 Aug 2005 16:28]
Andrey Hristov
4.1.15-dev
Program received signal SIGSEGV, Segmentation fault.
check_duplicates_in_interval (set_or_name=0x834136d "ENUM", name=0x8bb4bf8 "f1", typelib=0x0, cs=0x84e5a80) at sql_table.cc:396
/work/mysql-4.1-clean/sql/sql_table.cc:396:10767:beg:0x81604f1
(gdb) bt
#0 check_duplicates_in_interval (set_or_name=0x834136d "ENUM", name=0x8bb4bf8 "f1", typelib=0x0, cs=0x84e5a80) at sql_table.cc:396
#1 0x08160fff in mysql_prepare_table (thd=0x8bb34b0, create_info=0x8bb3874, fields=@0x0, keys=@0x8bb37a4, tmp_table=false, db_options=@0xbfffbba4, file=0x8bb5708, key_info_buffer=@0xbfffbba8, key_count=0xbfffbbac, select_field_count=1) at sql_table.cc:727
#2 0x0816284f in mysql_create_table (thd=0x8bb34b0, db=0x8ba6b00 "test", table_name=0x8bb4a50 "t1", create_info=0x8bb3874, fields=@0x8bb37b0, keys=@0x8bb4bf8, tmp_table=false, select_field_count=146492408) at sql_table.cc:1337
#3 0x081630ca in create_table_from_items (thd=0x8bb34b0, create_info=0x8bb3874, db=0x8ba6b00 "test", name=0x8bb4a50 "t1", extra_fields=0x8bb37b0, keys=0x8bb4bf8, items=0x80844a00, lock=0x8bb4c68) at sql_table.cc:1551
#4 0x08116d05 in select_create::prepare (this=0x8bb4c00, values=@0x8bb3640, u=0x8bb4bf8) at sql_insert.cc:1809
#5 0x080fae29 in JOIN::prepare (this=0x8bb4c70, rref_pointer_array=0x8bb36c0, tables_init=0x8bb4bf8, wild_num=146492408, conds_init=0x8bb4bf8, og_num=146492408, order_init=0x8bb4bf8, group_init=0x8bb4bf8, having_init=0x8bb4bf8, proc_param_init=0x8bb4bf8, select_lex_arg=0x8bb35d8, unit_arg=0x8bb34f8) at sql_select.cc:406
#6 0x080fe0b5 in mysql_select (thd=0x8bb34b0, rref_pointer_array=0x8bb36c0, tables=0x0, wild_num=0, fields=@0x8bb4bf8, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2424588800, result=0x8bb4c00, unit=0x8bb34f8, select_lex=0x8bb35d8) at sql_select.cc:1597
#7 0x080fa617 in handle_select (thd=0x8bb34b0, lex=0x8bb34ec, result=0x8bb4c00) at sql_select.cc:179
#8 0x080d0faf in mysql_execute_command (thd=0x8bb34b0) at sql_parse.cc:2508
#9 0x080d5841 in mysql_parse (thd=0x8bb34b0, inBuf=0x8bb49f0 "CREATE TABLE t1 (f1 ENUM ('a','b')) AS SELECT 'a' AS f1", length=55) at sql_parse.cc:4278
#10 0x080ce728 in dispatch_command (command=COM_QUERY, thd=0x8bb34b0, packet=0x8bb8719 "CREATE TABLE t1 (f1 ENUM ('a','b')) AS SELECT 'a' AS f1", packet_length=56) at sql_parse.cc:1500
#11 0x080ce018 in do_command (thd=0x8bb34b0) at sql_parse.cc:1313
#12 0x080cd448 in handle_one_connection (arg=0x8bb4bf8) at sql_parse.cc:1045
#13 0x080be122 in create_new_thread (thd=0x8bb34b0) at mysqld.cc:3473
#14 0x080be7e4 in handle_connections_sockets (arg=0x0) at mysqld.cc:3748
#15 0x080bdb77 in main (argc=146492408, argv=0xbffff094) at mysqld.cc:3158
[31 Aug 2005 22:06]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/internals/29137
[16 Jan 2006 16:55]
Andrey Hristov
Fixed in 4.1.17
[16 Jan 2006 22:11]
Mike Hillyer
Noted in 4.1.17 changelog:
<listitem>
<para>
Certain <literal>CREATE TABLE ... AS ...</literal> statements
involving <literal>ENUM</literal> columns could cause server
crash. (Bug #12913)
</para>
</listitem>
Description: The following statement causes serious problems : CREATE TABLE t1 (f1 ENUM ('a','b')) AS SELECT 'a' AS f1; On Win XP Pro / MySQL 4.1.14 the mysql-nt process crashes with an application exception. The database restarts normally after admin intervention. On another box running Linux and MySQL 5.0.11, the connection is lost but the server process remains running and no intervention is required. If I split the statement into two parts : CREATE TABLE t1 (f1 ENUM ('a','b')); INSERT INTO t1 SELECT 'a' AS f1; the problem does not occur. From reading the online manual, I believe the first form is valid syntactically. How to repeat: mysql> \s -------------- c:\Program Files\MySQL\MySQL Server 5.0\bin\mysql.exe Ver 14.12 Distrib 5.0.10a-beta, for Win32 (ia32) Connection id: 1 SSL: Not in use Using delimiter: ; Server version: 4.1.14-nt Protocol version: 10 Connection: tz884-01 via TCP/IP Client characterset: latin1 Server characterset: latin1 TCP port: 3306 -------------- mysql> CREATE TABLE t1 (f1 ENUM ('a','b')) AS SELECT 'a' AS f1; ERROR 2013 (HY000): Lost connection to MySQL server during query mysql> CREATE TABLE t1 (f1 ENUM ('a','b')) AS SELECT 'a' AS f1; ERROR 2006 (HY000): MySQL server has gone away No connection. Trying to reconnect... ERROR 2003 (HY000): Can't connect to MySQL server on 'tz884-01' (10061) ERROR: Can't connect to the server