Bug #16752 MySQL crashes on a query
Submitted: 24 Jan 2006 17:22 Modified: 21 Feb 2006 2:52
Reporter: Andrej Pirman Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.0.18/5.0.19 BK OS:Windows (windows 2003/Linux)
Assigned to: Evgeny Potemkin CPU Architecture:Any

[24 Jan 2006 17:22] Andrej Pirman 
Description:
I noticed this behaviour on phpBB forum all versions from 2.0.1x and newer combined with ANY MySQL installation from 5.0 and newer.
On MySQL 4.1.x this does not occure.

Server crashes with this Event:
----------------------------------------------
EventLog Error:
----------------------------------------------
Faulting application mysqld.exe, version 0.0.0.0, faulting module ntdll.dll, version 5.2.3790.1830, fault address ....

If I export this critical table to SQL and re-create it, it will work until first table update. Then it will crash the server again.

Since I tried this SQL QUERY manually from shell prompt, and it also crashed the MySQL server, I suspect ther must be something wrong with MySQL program code.
 

How to repeat:
SELECT poster_ip, COUNT(*) AS postings 
			FROM posts 
			WHERE poster_id = 115 
			GROUP BY poster_ip 
			ORDER BY postings DESC
[24 Jan 2006 17:48] MySQL Verification Team 
Thank you for the bug report.
The debug server not crashes on Linux but display memory overrun
messages. I was unable to repeat on 4.1:

mysql> SELECT poster_ip, COUNT(*) AS postings 
    -> FROM posts 
    -> WHERE poster_id = 115 
    -> GROUP BY poster_ip 
    -> ORDER BY postings DESC;
+-----------+----------+
| poster_ip | postings |
+-----------+----------+
| d4764194  |        2 |
+-----------+----------+
1 row in set (0.01 sec)

mysql> select version();
+--------------+
| version()    |
+--------------+
| 5.0.19-debug |
+--------------+
1 row in set (0.00 sec)

miguel@hegel:~/dbs/5.0> libexec/mysqld
030424 15:40:15  InnoDB: Started; log sequence number 0 178416
030424 15:40:15 [Note] libexec/mysqld: ready for connections.
Version: '5.0.19-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'hp_block.c:79'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'hp_block.c:79'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'sql_select.cc:5841'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'sql_select.cc:11550'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'filesort.cc:329'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'mf_cache.c:65'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'mf_cache.c:66'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'mf_iocache.c:218'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'filesort.cc:861'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'filesort.cc:272'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'filesort.cc:273'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'mf_iocache.c:1243'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'mf_cache.c:118'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'mf_cache.c:119'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'sql_base.cc:253'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'filesort.cc:308'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'sql_select.cc:5841'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'lock.cc:257'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'hp_close.c:49'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'hp_block.c:148'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'hp_block.c:148'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'hp_create.c:268'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'hp_create.c:269'
Error: Memory allocated at my_alloc.c:197 was overrun, discovered at 'my_alloc.c:347'
[24 Jan 2006 18:32] Andrej Pirman 
You may try with my snapshot of disk files of table "posts" for MySQL 5.0.x version:
http://www.hostmachine.net/posts.rar
[8 Feb 2006 12:13] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/2315
[14 Feb 2006 11:16] Evgeny Potemkin 
Reported MyISAM table was created in mysqld 4.1 and contains varchar field.
When binary files of that table was moved to 5.0, mysqld treats that varchar 
field as a string field. 
In order to make grouping server calculates group buffer, and because
that field is string server assumes it has fixed length and doesn't add
space for length, but later that field is converted to a varchar field. 
Due to this, when field values were actually copied, additional space for
length bytes is taken and buffer overrun occurs, which may lead to server crash.

Fixed in 5.0.19, cset 1.2022.13.1
[21 Feb 2006 2:52] Paul DuBois 
Noted in 5.0.19 changelog.

          For a MySQL 5.0 server, using MySQL 4.1 tables in queries with
          a <literal>GROUP BY</literal> clause could result in buffer 
          overrun or a server crash. (Bug #16752)