Bug #2495 Crash with default-character-set=tis620
Submitted: 23 Jan 2004 11:51 Modified: 18 Mar 2004 23:39
Reporter: Alexander Keremidarski Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0 OS:
Assigned to: Alexander Barkov CPU Architecture:Any

[23 Jan 2004 11:51] Alexander Keremidarski 
Description:
When tis620 is default character set mysqld crashes with any statement at various places within:

ctype-simple.c

int my_wc_mb_8bit(CHARSET_INFO *cs,my_wc_t wc,
                  unsigned char *str,
                  unsigned char *end __attribute__((unused)))
{
  MY_UNI_IDX *idx;
    
  if (str >= end)
    return MY_CS_TOOSMALL;
    
  for (idx=cs->tab_from_uni; idx->tab ; idx++)

In line above cs->tab_from_uni is not initialized. 

This happens with 5.0 only. I have tested it with 4.1, but didn't succeeded to crash it.

One of backtraces I got is below.

(gdb) bt
#0  0x084035fa in my_wc_mb_8bit (cs=0x855b580, wc=100, str=0x8597908 "", end=0x859790b "¥¥¥¥¥h4z\025Ñ\001") at ctype-simple.c:139
#1  0x081615eb in copy_and_convert(char*, unsigned, charset_info_st*, char const*, unsigned, charset_info_st*) (to=0x8597908 "", to_length=3, to_cs=0x855b580, from=0x8474843 "ef", from_length=3, from_cs=0x857b340) at sql_string.cc:671
#2  0x08160aea in String::copy(char const*, unsigned, charset_info_st*, charset_info_st*) (this=0x40152fa4, str=0x8474842 "def", arg_length=3, from_cs=0x857b340, to_cs=0x855b580) at sql_string.cc:243
#3  0x0815d1a5 in Protocol_simple::store(char const*, unsigned, charset_info_st*, charset_info_st*) (this=0x40152f98, from=0x8474842 "def", length=3, fromcs=0x857b340, tocs=0x40152fa4) at protocol.cc:719
#4  0x0815c84a in Protocol::send_fields(List<Item>*, unsigned) (this=0x85d43d8, list=0x85d3d40, flag=1) at protocol.cc:531
#5  0x08154a09 in select_send::send_fields(List<Item>&, unsigned) (this=0x0, list=@0x855b580, flag=139834752) at sql_class.cc:610
#6  0x081a7dfb in JOIN::exec() (this=0x85cd660) at sql_select.cc:1091
#7  0x081a9757 in mysql_select(THD*, Item***, st_table_list*, unsigned, List<Item>&, Item*, unsigned, st_order*, st_order*, Item*, st_order*, unsigned long, select_result*, st_select_lex_unit*, st_select_lex*) (thd=0x85d3be8, rref_pointer_array=0x85d3dcc, tables=0x0, wild_num=0, fields=@0x855b580, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=8669696, result=0x85cd650, unit=0x85d3c04, select_lex=0x85d3cd8) at sql_select.cc:1616
#8  0x081a5929 in handle_select(THD*, st_lex*, select_result*) (thd=0x85d3be8, lex=0x85d3bf8, result=0x85cd650) at sql_select.cc:183
#9  0x081797ad in mysql_execute_command(THD*) (thd=0x85d3be8) at sql_parse.cc:1917
#10 0x0817fc06 in mysql_parse(THD*, char*, unsigned) (thd=0x85d3be8, inBuf=0x85cd5e0 "select 1", length=140327928) at sql_parse.cc:4149
#11 0x081781f7 in dispatch_command(enum_server_command, THD*, char*, unsigned) (command=COM_QUERY, thd=0x85d3be8, packet=0x85da8d9 "", packet_length=9) at sql_parse.cc:1396
#12 0x08177b14 in do_command(THD*) (thd=0x85d3be8) at sql_parse.cc:1226
#13 0x08176fe5 in handle_one_connection (arg=0x855b580) at sql_parse.cc:991
#14 0x45255484 in start_thread () from /lib/tls/libpthread.so.0
#15 0x450a9147 in clone () from /lib/tls/libc.so.6

How to repeat:

As from original report, Start mysqld with default_character_set=tis620 then send:

show databases;
[26 Jan 2004 2:48] Alexander Barkov 
I fixed this bug in 4.1.x a week ago,
I guess the sources haven't been merged
since that.
[18 Mar 2004 23:39] Alexander Barkov 
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html