Bug #19809 SIG11
Submitted: 14 May 2006 22:16 Modified: 15 May 2006 0:22
Reporter: Tordjman Yohan Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:5.0.22 OS:Linux (Linux)
Assigned to: CPU Architecture:Any

[14 May 2006 22:16] Tordjman Yohan
Description:
Threaded from http://bugs.mysql.com/18137

SIG11 . Crashes the server

I tryied witith 5.0.22-nightly-20060504 (i tryied that ! less crashs.. )

Same thing with 5.0.22-nightly-20060512-debug...

How to repeat:
table:

CREATE TABLE `phpwebgallery_image_category` (
  `image_id` mediumint(8) unsigned NOT NULL default '0',
  `category_id` smallint(5) unsigned NOT NULL default '0',
  PRIMARY KEY  (`image_id`,`category_id`),
  KEY `category_id` (`category_id`),
  KEY `image_id` (`image_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci 

with :

mysql> select * from phpwebgallery_image_category ;
+----------+-------------+
| image_id | category_id |
+----------+-------------+
|        1 |           2 |
|        2 |           2 |
|        3 |           2 |
|        4 |           2 |
|        5 |           2 |
|        6 |           2 |
|        7 |           2 |
+----------+-------------+
7 rows in set (0.02 sec)

this request crashes the mysql:

select image_id from phpwebgallery_image_categorywhere category_id not in ( 5, -1  );

Suggested fix:
it seems that's the -1 ...
not in ( -1 ) works but with some other values it crashes
[15 May 2006 0:22] MySQL Verification Team
Thank you for the bug report. According the gdb back trace:

060514 21:11:59 [Note] /home/miguel/dbs/5.0/libexec/mysqld: ready for connections.
Version: '5.0.22-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread -1256227920 (LWP 7340)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1256227920 (LWP 7340)]
0x082ca75d in SEL_ARG::last (this=0x0) at opt_range.cc:1297
1297      if (!next_arg->right)

it is duplicate of bug:

http://bugs.mysql.com/bug.php?id=19687

However that bug was marked as InnoDB engine, I will change it.