MySQL Bugs: #35406: 5.1-opt crashes on select from I_S.REFERENTIAL

Bug #35406	5.1-opt crashes on select from I_S.REFERENTIAL_CONSTRAINTS
Submitted:	18 Mar 2008 15:32	Modified:	18 Jun 2010 2:05
Reporter:	Sergei Glukhov	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: Information schema	Severity:	S3 (Non-critical)
Version:	5.1-opt	OS:	Any
Assigned to:	Sergei Glukhov	CPU Architecture:	Any

Description:
5.1-opt crashes on select from I_S.REFERENTIAL_CONSTRAINTS because of uninitialized variable.
In function
int
ha_innobase::get_foreign_key_list(THD *thd, List<FOREIGN_KEY_INFO> *f_key_list)

we have the following code:

         if (foreign->referenced_index &&
              foreign->referenced_index->name)
	    f_key_info.referenced_key_name = thd_make_lex_string(
		    thd, f_key_info.referenced_key_name,
		    foreign->referenced_index->name,
		    strlen(foreign->referenced_index->name), 1);

If referenced table is dropped(foreign->referenced_index=0)  then
f_key_info.referenced_key_name field may be uninitialized. It
leads to crash in get_referential_constraints_record(),sql_show.cc

How to repeat:
Test case from the bug#35108  report:

create table p1(id int primary key) engine = Innodb;

create table c1(pid int, foreign key (pid) references p1(id)) engine = Innodb;

select * 
from information_schema.referential_constraints 
where constraint_schema = schema();

set foreign_key_checks = 0;

drop table p1;

select * 
from information_schema.referential_constraints 
where constraint_schema = schema();

Suggested fix:
http://lists.mysql.com/commits/44101

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/44179

ChangeSet@1.2563, 2008-03-18 19:42:04+04:00, gluh@mysql.com +1 -0
  Bug#35406 5.1-opt crashes on select from I_S.REFERENTIAL_CONSTRAINTS
  added intialization of f_key_info.referenced_key_name for the case when
  referenced table is dropped

Pushed into 5.1.24-rc

Pushed into 6.0.5-alpha

Noted in 5.1.24, 6.0.5 changelogs.

Selecting from INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS could cause
a server crash.

Pushed into 5.1.47 (revid:joro@sun.com-20100505145753-ivlt4hclbrjy8eye) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)

Push resulted from incorporation of InnoDB tree. No changes pertinent to this bug.
Re-closing.

Pushed into mysql-next-mr (revid:alik@sun.com-20100524190136-egaq7e8zgkwb9aqi) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (pib:16)

Pushed into 6.0.14-alpha (revid:alik@sun.com-20100524190941-nuudpx60if25wsvx) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)

Pushed into 5.5.5-m3 (revid:alik@sun.com-20100524185725-c8k5q7v60i5nix3t) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)

Push resulted from incorporation of InnoDB tree. No changes pertinent to this bug.
Re-closing.

Pushed into 5.1.47-ndb-7.0.16 (revid:martin.skold@mysql.com-20100617114014-bva0dy24yyd67697) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)

Pushed into 5.1.47-ndb-6.2.19 (revid:martin.skold@mysql.com-20100617115448-idrbic6gbki37h1c) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)

Pushed into 5.1.47-ndb-6.3.35 (revid:martin.skold@mysql.com-20100617114611-61aqbb52j752y116) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)