Bug #37719 Crash if rename Archive table to same name with different case and then select
Submitted: 28 Jun 2008 13:49 Modified: 11 Nov 2008 22:31
Reporter: Mattias Jonsson
Status: Closed
Category:Server: Archive Severity:S3 (Non-critical)
Version:5.1 OS:Linux
Assigned to: Mattias Jonsson Target Version:5.1+
Triage: Triaged: D1 (Critical)

[28 Jun 2008 13:49] Mattias Jonsson 
Description:
When having a case sensitive file system and lower_case_table_names = 0 (as default on
Unix/Linux, accept for Mac OS X), it is possible to crash the server when having two
tables with the same name but different name cases, if one first renames and then select
(see below).

How to repeat:
--source include/have_archive.inc
SHOW VARIABLES LIKE '%case%';
CREATE TABLE TABLEA (a INT) ENGINE = 'Archive';
INSERT INTO TABLEA VALUES (1), (2), (7), (8), (9), (10);
CREATE TABLE tablea (a INT) ENGINE = 'Archive';
INSERT INTO tablea VALUES (1), (2), (7), (8), (9), (10);
SHOW TABLES;
RENAME TABLE TABLEA to tableA;
--echo # with this execution order, it will crash in the following statement:
SELECT * FROM tablea;

Result:
mysqltest: At line 10: query 'SELECT * FROM tablea' failed: 2013: Lost connection to
MySQL server during query

The result from queries just before the failure was:
SHOW VARIABLES LIKE '%case%';
Variable_name	Value
lower_case_file_system	OFF
lower_case_table_names	0
CREATE TABLE TABLEA (a INT) ENGINE = 'Archive';
INSERT INTO TABLEA VALUES (1), (2), (7), (8), (9), (10);
CREATE TABLE tablea (a INT) ENGINE = 'Archive';
INSERT INTO tablea VALUES (1), (2), (7), (8), (9), (10);
SHOW TABLES;
Tables_in_test
TABLEA
tablea
RENAME TABLE TABLEA to tableA;
# with this execution order, it will crash in the following statement:
SELECT * FROM tablea;

Suggested fix:
Have not investigated it further, fix the bug :)
[28 Jun 2008 14:13] Sveta Smirnova 
Thank you for the report.

Verified as described.
[31 Jul 2008 9:20] Giuseppe Maxia 
Can't repeat the crash with latest 5.1.26-rc binaries on Ubuntu 8.04.

The given test does not crash she server, but it marks "tablea" as corrupt.
It only affects the archive engine. 
Changed the description to reflect this fact.

drop table if exists TABLEA
Query OK, 0 rows affected, 1 warning

drop table if exists tablea
Query OK, 0 rows affected

drop table if exists tableA
Query OK, 0 rows affected

SHOW VARIABLES LIKE '%case%'
+------------------------+-------+
| Variable_name          | Value |
+------------------------+-------+
| lower_case_file_system | OFF   | 
| lower_case_table_names | 0     | 
+------------------------+-------+
2 rows in set

CREATE TABLE TABLEA (a INT) ENGINE = 'Archive'
Query OK, 0 rows affected

INSERT INTO TABLEA VALUES (1), (2), (7), (8), (9), (10)
Query OK, 6 rows affected
Records: 6  Duplicates: 0  Warnings: 0

CREATE TABLE tablea (a INT) ENGINE = 'Archive'
Query OK, 0 rows affected

INSERT INTO tablea VALUES (1), (2), (7), (8), (9), (10)
Query OK, 6 rows affected
Records: 6  Duplicates: 0  Warnings: 0

SHOW TABLES
+----------------+
| Tables_in_test |
+----------------+
| TABLEA         | 
| tablea         | 
+----------------+
2 rows in set

RENAME TABLE TABLEA to tableA
Query OK, 0 rows affected

SELECT * FROM tablea
ERROR 1194 (HY000) at line 13: Table 'tablea' is marked as crashed and should be
repaired
[3 Oct 2008 14:30] Mattias Jonsson 
Here is another test on the same theme:
CREATE TABLE TableA (a INT) ENGINE = 'Archive';
INSERT INTO TableA VALUES (1), (2), (7), (8), (9), (10);
INSERT INTO TableA VALUES (3), (4), (5), (6), (11), (12);
CREATE TABLE tablea (a INT) ENGINE = 'Archive';
INSERT INTO tablea VALUES (1), (2), (7), (8), (9), (10);
SELECT * FROM tablea;
a
1
2
7
8
9
10
3
4
5
6
11
12
1
2
7
8
9
10

I inactivate the parts.partition_mgm_lc0_archive because of that. Please test and enable
it when pushing.
[3 Oct 2008 16:25] Mattias Jonsson 
I found the problem: it uses the system_charset, which is not case sensitive, for
comparing archive_share's

The fix is simple:
=== modified file 'storage/archive/ha_archive.cc'
--- storage/archive/ha_archive.cc	2008-07-23 08:52:08 +0000
+++ storage/archive/ha_archive.cc	2008-10-03 14:11:17 +0000
@@ -177,7 +177,7 @@
 
   if (pthread_mutex_init(&archive_mutex, MY_MUTEX_INIT_FAST))
     goto error;
-  if (hash_init(&archive_open_tables, system_charset_info, 32, 0, 0,
+  if (hash_init(&archive_open_tables, &my_charset_bin, 32, 0, 0,
                 (hash_get_key) archive_get_key, 0, 0))
   {
     pthread_mutex_destroy(&archive_mutex);
[3 Oct 2008 19:25] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/55281

2689 Mattias Jonsson	2008-10-03
      Bug#37719: Crash if rename Archive table to same name with different
      case and then select
      
      Problem was that the archive share was using a case insensitive
      charset when comparing table names
      
      Solution was to use a case sensitive char set when the table
      names are case sensitive
      12345678901234567890123456789012345678901234567890123456789012345678901234567890
[3 Oct 2008 19:26] Mattias Jonsson 
Assigning myself, since I had a patch...
[3 Oct 2008 20:09] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/55283

2689 Mattias Jonsson	2008-10-03
      Bug#37719: Crash if rename Archive table to same name with different
      case and then select
      
      Problem was that the archive share was using a case insensitive
      charset when comparing table names
      
      Solution was to use a case sensitive char set when the table
      names are case sensitive
[7 Oct 2008 11:48] Mattias Jonsson 
closed bug#38055 as a duplicate of this
[5 Nov 2008 22:27] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/57949

2697 Mattias Jonsson	2008-11-05 [merge]
      merge and pre push fix for test of bug#37719
[6 Nov 2008 11:08] Mattias Jonsson 
pushed into mysql-5.1-bugteam and mysql-6.0-bugteam
[10 Nov 2008 11:52] Bugs System 
Pushed into 6.0.8-alpha  (revid:mattias.jonsson@sun.com-20081105212639-hbh6mjexr896gy6m)
(version source revid:mattias.jonsson@sun.com-20081106061815-rub56lesg18z5ens) (pib:5)
[10 Nov 2008 12:36] Bugs System 
Pushed into 5.1.30  (revid:mattias.jonsson@sun.com-20081105212639-hbh6mjexr896gy6m)
(version source revid:mattias.jonsson@sun.com-20081106062907-gkpe2vr84le6c7wm) (pib:5)
[11 Nov 2008 17:05] Paul DuBois 
The versions are actually 5.1.31, 6.0.9.
[11 Nov 2008 22:31] Paul DuBois 
Noted in 5.1.31, 6.0.9 changelogs.

Renaming an ARCHIVE table to the same name with different lettercase
and then selecting from it could cause a server crash.
[19 Jan 12:26] Bugs System 
Pushed into 5.1.31-ndb-6.2.17 (revid:tomas.ulin@sun.com-20090119095303-uwwvxiibtr38djii)
(version source revid:tomas.ulin@sun.com-20090108105244-8opp3i85jw0uj5ib) (merge vers:
5.1.31-ndb-6.2.17) (pib:6)
[19 Jan 14:03] Bugs System 
Pushed into 5.1.31-ndb-6.3.21 (revid:tomas.ulin@sun.com-20090119104956-guxz190n2kh31fxl)
(version source revid:tomas.ulin@sun.com-20090119104956-guxz190n2kh31fxl) (merge vers:
5.1.31-ndb-6.3.21) (pib:6)
[19 Jan 17:09] Bugs System 
Pushed into 5.1.31-ndb-6.4.1 (revid:tomas.ulin@sun.com-20090119144033-4aylstx5czzz88i5)
(version source revid:tomas.ulin@sun.com-20090119144033-4aylstx5czzz88i5) (merge vers:
5.1.31-ndb-6.4.1) (pib:6)