MySQL Bugs: #26089: Query can cause crash in enterprise 5.0.30 and above, but not prior versions

Bug #26089	Query can cause crash in enterprise 5.0.30 and above, but not prior versions
Submitted:	5 Feb 2007 17:03	Modified:	16 Feb 2007 22:23
Reporter:	Harrison Fisk
Status:	Duplicate
Category:	Server	Severity:	S1 (Critical)
Version:	MySQL Enterprise 5.0.30 and up	OS:	Mac OS X (Mac OS X.4, Windows, Linux)
Assigned to:	Evgeny Potemkin	Target Version:
Tags:	regression, bfsm_2007_02_15

Description:
A query is provided which can cause a mysql server to crash.  I believe the underlying
problem is a stack overrun, but am not 100% sure.  Not sure what part of the query causes
the crash directly, I've reduced it as much as I can, but it is still quite large.

The attached query will cause a signal 10 on Mac OS X, near 100% of the time from
testing.  On some linux systems, it will not cause an immediate crash, but will in some
cases, not sure what else is required to cause the crash on linux.

It appears to only affect 5.0.30, 5.0.32, 5.0.34, and does not appear to be present in
previous versions (tested against 5.0.28), so this would appear to be a regression bug.

How to repeat:
Run the two attached script files, one to generate the data and the second one to cause
the crash.

Suggested fix:
Make the server not crash.

stack trace from windows crash, 5.0.36-debug

Attachment: bug26089_windows_stack.txt (text/plain), 910 bytes.

this testcase crashes my 5.0.36 windows version

Attachment: bug26089_testcase_reduced.sql (application/octet-stream, text), 738 bytes.

This is a regression and thus a showstopper. Feel free to prove me wrong :)

Both test cases do not crash latest 5.0.36-debug on linux.

Both test cases do not crash latest 5.0.36-debug on windows.

I have not been able to reproduce it using most recent bk build of 5.0.36 on Mac OS X.

Bug #25383 can be related/duplicate.

It seems that this bug is a duplicate of the bug#25172.

Duplicate of bug#25172.