Bug #29444 crash with partition refering to table in create-select
Submitted: 29 Jun 2007 13:29 Modified: 19 Oct 2007 8:35
Reporter: Martin Friebe (Gold Quality Contributor) (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Partitions Severity:S2 (Serious)
Version:5.1.20 OS:Any (Linux, FreeBSD)
Assigned to: Ramil Kalimullin CPU Architecture:Any
Tags: bfsm_2007_10_18, crash, create, partition, qc

[29 Jun 2007 13:29] Martin Friebe 
Description:
See the statement in how to repeat. It causes a server crash

The partiton clause attemps (incorectly) to resolve against tables from the select clause.

How to repeat:

drop table if exists t1,t2;
create table t2 (b int);

create table t1 (b INT) 
PARTITION BY RANGE ( t2.b ) ( 
 PARTITION p1 VALUES LESS THAN (10),
 PARTITION p2 VALUES LESS THAN (20)
) select * from t2;

Suggested fix:
-

#11 0x08054715 in fix_partition_func (thd=0xa365000, table=0x8486915, is_create_table_ind=144) at sql_partition.cc:1629
#12 0x08139c76 in open_table_from_share (thd=0xa365000, share=0xbf96e7b4, alias=0x843a7ff "", db_stat=0, prgflag=1, ha_open_flags=0, outparam=0xbf96ebb4,
    is_create_table=true) at table.cc:1602
#13 0x081c24b2 in ha_create_table (thd=0xa365000, path=0xbf96f554 "./test/t1", db=0xa3fc378 "test", table_name=0xa3fc1a8 "t1", create_info=0xbf9706c4,
    update_create_info=false) at handler.cc:2605
#14 0x08191a10 in rea_create_table (thd=0xa365000, path=0xbf96f554 "./test/t1", db=0xa3fc378 "test", table_name=0xa3fc1a8 "t1", create_info=0xbf9706c4,
    create_fields=@0xbf970768, keys=0, key_info=0xa3c4678, file=0xa3c4270) at unireg.cc:360
#15 0x081d679b in mysql_create_table_no_lock (thd=0xa365000, db=0xa3fc378 "test", table_name=0xa3fc1a8 "t1", create_info=0xbf9706c4, alter_info=0xbf970744,
    internal_tmp_table=false, select_field_count=1) at sql_table.cc:3438
#16 0x081661c1 in create_table_from_items (thd=0xa365000, create_info=0xbf9706c4, create_table=0xa3fc1d0, alter_info=0xbf970744, items=0x0, lock=0xa365058,
    hooks=0xbf9700d4) at sql_insert.cc:3299
#17 0x0816655b in select_create::prepare (this=0xa3fccb8, values=@0xa36605c, u=0x0) at sql_insert.cc:3443
#18 0x0813ffd6 in JOIN::prepare (this=0xa3fcd40, rref_pointer_array=0xa3660cc, tables_init=0x0, wild_num=1, conds_init=0x0, og_num=0, order_init=0x0, group_init=0x0,
    having_init=0x0, proc_param_init=0x0, select_lex_arg=0xa365fc8, unit_arg=0xa365d8c) at sql_select.cc:608
#19 0x08144232 in mysql_select (thd=0xa365000, rref_pointer_array=0xa3660cc, tables=0xa3fc868, wild_num=1, fields=@0xa36605c, conds=0x0, og_num=0, order=0x0,
    group=0x0, having=0x0, proc_param=0x0, select_options=2416200192, result=0xa3fccb8, unit=0xa365d8c, select_lex=0xa365fc8) at sql_select.cc:2253
#20 0x0813f4c3 in handle_select (thd=0xa365000, lex=0xa365d30, result=0xa3fccb8, setup_tables_done_option=0) at sql_select.cc:246
#21 0x080f9968 in mysql_execute_command (thd=0xa365000) at sql_parse.cc:2241
#22 0x0810068b in mysql_parse (thd=0xa365000,
    inBuf=0xa3fc010 "CREATE TABLE t1 (b INT)  engine myisam  PARTITION BY RANGE ( t2.b ) ( PARTITION p1 VALUES LESS THAN (10) ,  PARTITION p2 VALUES LESS THAN (20)    ) select * from t2", length=3214346740, found_semicolon=0xbf970acc) at sql_parse.cc:5388
#23 0x080f73ca in dispatch_command (command=COM_QUERY, thd=0xa365000,
    packet=0xa3b5001 "CREATE TABLE t1 (b INT)  engine myisam  PARTITION BY RANGE ( t2.b ) ( PARTITION p1 VALUES LESS THAN (10) ,  PARTITION p2 VALUES LESS THAN (20) ) select * from t2", packet_length=165) at sql_parse.cc:909
#24 0x080f6bb0 in do_command (thd=0xa365000) at sql_parse.cc:668
#25 0x080f585b in handle_one_connection (arg=0x0) at sql_connect.cc:1094
#26 0x284f3902 in pthread_mutexattr_init () from /usr/lib/libpthread.so.1
#27 0x284fe76c in _thread_state_running () from /usr/lib/libpthread.so.1
[29 Jun 2007 13:31] Sveta Smirnova 
Thank you for the report.

Verified as described on Linux.
[9 Oct 2007 14:17] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/35201

ChangeSet@1.2582, 2007-10-09 19:16:39+05:00, ramil@mysql.com +6 -0
  Fix for bug #29444: crash with partition refering to table in create-select
  
  Problem: creating a partitioned table during name resolution for the 
  partition function we search for column names in all parts of the
  CREATE TABLE query. It is superfluous (and wrong) sometimes.
  
  Fix: launch name resolution for the partition function against
  the table we're creating.
[18 Oct 2007 21:34] Bugs System 
Pushed into 5.1.23-beta
[18 Oct 2007 21:58] Jon Stephens 
Am I correct to assume that referring to a column from a different table in PARTITION BY ... is now checked for and disallowed?

Thanks.
[19 Oct 2007 6:35] Mikael Ronström 
The bug was that by mistake fields from the table in the select part of
CREATE TABLE t1 ... AS SELECT ... FROM t2
was allowed in the partition function. This was a side effect of the fix_fields.
This fix ensures that only fields from the created table are allowed in the partition
function, all other fields will be reported as a non-existing field.
[19 Oct 2007 8:35] Jon Stephens 
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release.

If necessary, you can access the source repository and build the latest available version, including the bug fix. More information about accessing the source trees is available at

    http://dev.mysql.com/doc/en/installing-source.html

Documented fix in 5.1.23 changelog. Closed.