Bug #32137 prepared statement crash with str_to_date in update clause
Submitted: 6 Nov 2007 8:52 Modified: 20 Dec 2007 0:23
Reporter: Shane Bester Email Updates:
Status: Closed
Category:Server: PS Severity:S2 (Serious)
Version:5.1.23-debug, 6.0.3-debug OS:Any
Assigned to: Ramil Kalimullin Target Version:
Tags: STR_TO_DATE, crash, assertion
Triage: D2 (Serious)

[6 Nov 2007 8:52] Shane Bester 
Description:
Assertion failed: !table || (!table->read_set || bitmap_is_set(table->read_set,
field_index)), file .\field.cc, line 3524

mysqld-debug.exe!_NMSG_WRITE
mysqld-debug.exe!abort
mysqld-debug.exe!_assert
mysqld-debug.exe!Field_long::val_str
mysqld-debug.exe!Item_field::val_str
mysqld-debug.exe!Item_func_str_to_date::fix_length_and_dec
mysqld-debug.exe!Item_func::fix_fields
mysqld-debug.exe!Item_str_func::fix_fields
mysqld-debug.exe!setup_fields
mysqld-debug.exe!mysql_test_update
mysqld-debug.exe!check_prepared_statement
mysqld-debug.exe!Prepared_statement::prepare
mysqld-debug.exe!mysql_sql_stmt_prepare
mysqld-debug.exe!mysql_execute_command
mysqld-debug.exe!mysql_parse
mysqld-debug.exe!dispatch_command
mysqld-debug.exe!do_command
mysqld-debug.exe!handle_one_connection
mysqld-debug.exe!pthread_start
mysqld-debug.exe!_threadstart
kernel32.dll!FlsSetValue

So far I didn't notice this crash on a 5.1-release build, nor on any 5.x build.
Running the statement without preparing it also didn't crash for me.

How to repeat:
#run a debug build of 5.1, then execute the following statements:

drop table if exists `t1`;
create table `t1` (`a` int,`b` tinyint)engine=myisam;
prepare stmt from 'update `t1` set `b`=(str_to_date(`a`,`a`))';
execute stmt;
deallocate prepare stmt;
[7 Nov 2007 8:47] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/37241

ChangeSet@1.2688, 2007-11-07 12:47:19+04:00, ramil@mysql.com +3 -0
  Fix for bug #32137: prepared statement crash with str_to_date in update clause
  
  Problem: calling non-constant argument's val_xxx() methods 
  in the ::fix_length_and_dec() is inadmissible.
  
  Fix: call the method only for constant arguments.
[7 Dec 2007 23:08] Bugs System 
Pushed into 6.0.5-alpha
[7 Dec 2007 23:09] Bugs System 
Pushed into 5.1.23-rc
[7 Dec 2007 23:10] Bugs System 
Pushed into 5.0.54
[7 Dec 2007 23:10] Bugs System 
Pushed into 4.1.24
[20 Dec 2007 0:23] Paul DuBois 
Noted in 4.1.24, 5.0.54, 5.1.23, 6.0.5 changelogs.

Executing a prepared statement that used STR_TO_DATE() in the SET
clause of an UPDATE statement caused an assertion failure.