Description:
This seems to be related to bug 11553 although results in a segfault rather than an error message.

I noticed this problem when upgrading to MySQL 5.0.41 on a production server a while back and at that time I just rolled back to .27 as I did not have time to investigate the issue.

Having now tested our code with a 5.0.45 install (on both Linux and OSX) it still exhibits the crash.

I have managed to isolate things down to a simple test case which I'll attach. I also enclose backtraces both full and abridged.

I have marked this as serious as this is a fairly large regression for users of aggregate UDFs. Certainly I cannot upgrade my servers beyond 5.0.27 at present.

How to repeat:
1. Compile the attached UDF function.

For me this was:
g++ -shared -Wall  -I/usr/include/mysql -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fexceptions -fstack-protector-all -fPIC -fstack-protector -fPIC -o libbug.so bug.cc

2. Install the UDF;
 mysql -u root mysql
 CREATE AGGREGATE FUNCTION bug     RETURNS STRING  SONAME 'libbug.so';

3. Test it.
 mysql -u root test
 CREATE TABLE bug(foo INT(10), bar INT(10));
 INSERT INTO bug VALUES(1,2),(1,3),(2,2),(2,2);
 SELECT BUG(bar) FROM bug GROUP BY foo;
+----------+
| BUG(bar) |
+----------+
| 42       | 
| 42       | 
+----------+
2 rows in set (0.00 sec)

 SELECT BAR(bar) AS plonk FROM bug GROUP BY foo HAVING plonk='42';
ERROR 2013 (HY000): Lost connection to MySQL server during query
 SELECT COUNT(*) FROM bug GROUP BY foo HAVING BAR(bar)='42';
ERROR 2013 (HY000): Lost connection to MySQL server during query

The lost connection is a result of the segfault.

Suggested fix:
Dunno :(

Example UDF. It accepts an integer argument but always returns the string "42".

Attachment: bug.cc (text/x-c++src), 1.81 KiB.

Normal backtrace (with debug).

Attachment: mysql.backtrace.txt (text/plain), 1.96 KiB.

Full backtrace.

Attachment: mysql.backtrace.full.txt (text/plain), 4.59 KiB.

NB I should note that although my Linux test system recently is 64bit, the OSX machine is 32bit and when I upgraded my linux servers a while back these were also 32 bit so I doubt architecture plays a significant part in this bug.

Thank you for the bug report. I wasn't able to repeat with current source tree:

[miguel@skybr 5.0]$ bin/mysql -uroot test
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.0.48-debug Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> CREATE AGGREGATE FUNCTION bug     RETURNS STRING  SONAME 'libbug.so';
Query OK, 0 rows affected (0.03 sec)

mysql> CREATE TABLE bug(foo INT(10), bar INT(10));
Query OK, 0 rows affected (0.03 sec)

mysql>  INSERT INTO bug VALUES(1,2),(1,3),(2,2),(2,2);
Query OK, 4 rows affected (0.00 sec)
Records: 4  Duplicates: 0  Warnings: 0

mysql>  SELECT BUG(bar) FROM bug GROUP BY foo;
+----------+
| BUG(bar) |
+----------+
| 42       | 
| 42       | 
+----------+
2 rows in set (0.00 sec)

mysql> SELECT BAR(bar) AS plonk FROM bug GROUP BY foo HAVING plonk='42';
ERROR 1305 (42000): FUNCTION test.BAR does not exist
mysql> SELECT BUG(bar) AS plonk FROM bug GROUP BY foo HAVING plonk='42';
+-------+
| plonk |
+-------+
| 42    | 
| 42    | 
+-------+
2 rows in set (0.01 sec)

mysql> SELECT COUNT(*) FROM bug GROUP BY foo HAVING BAR(bar)='42';
ERROR 1305 (42000): FUNCTION test.BAR does not exist
mysql> SELECT COUNT(*) FROM bug GROUP BY foo HAVING BUG(bar)='42';
+----------+
| COUNT(*) |
+----------+
|        2 | 
|        2 | 
+----------+
2 rows in set (0.00 sec)

mysql>

Thanks for testing Miguel. I will compile up a 5.0.48 version here and confirm.

I have tested with a 5.0.48 snapshot and can confirm there are no crashes in the test cases I managed to come up with (e.g. the internal ones I have rather than just the example one I created).

Is there a release planned soon? As the current stable does seem to exhibit this bug.

Hello,

It seems the snapshots have disappeared which means I cannot do more regression testing for you with the pre-release versions.

I don't know if there was some sort of server problem and the snapshots got deleted in error or something but this location was where I downloaded it from the other week:
http://downloads.mysql.com/snapshots/mysql-5.0/

Both 5.0 and 5.1 have their snapshots missing although they do exist fine for the 3.x and 4.x series which is odd.

I thought briefly about checking out a copy of the code from your SCM but I see you use BitKeeper which I do not have a licence for so this is not an option (also I only have Open Source tools installed on my main development machine). 

The snapshots were very convenient for me to do the testing. Hopefully you can restore them ASAP.

Cheers

Col.

Is a release of MySQL expected to address this bug?

I can no longer get snapshot releases of MySQL code and I do not want to deploy a random snapshot taken at a random point in time.

This is a serious bug and may be causing issues for multiple users.

For the benefit of other people affected by this bug, and seeing as no-one from MySQL seems to care enough to even comment on it past their initial reply, it seems this bug is fixed in the 5.0.51 release of mysql now available.