Bug #39186 Crash in String::append when inserting duplicate empty strings an uft8 SET col
Submitted: 2 Sep 2008 13:49 Modified: 18 Oct 2008 15:56
Reporter: Davi Arnaut (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:6.0 OS:Any
Assigned to: Georgi Kodinov CPU Architecture:Any
Tags: regression

[2 Sep 2008 13:49] Davi Arnaut
Description:
This is a bug split from Bug#38701 because on 5.1 it happens to trigger a different problem.

When executing a query that would insert a duplicate empty string in an uft8 SET column
with at least 20 different possible values, mysqld crashes as follows:

#5  0x00432f5f in memcpy () from /lib/libc.so.6
#6  0x082ece26 in String::append (this=0xad27d0cc, s=@0xad27c070) at sql_string.cc:351
#7  0x082d5fbd in key_unpack (to=0xad27d0cc, table=0x9dc9248, idx=0) at key.cc:391
#8  0x0841ae07 in handler::print_keydup_error (this=0x9dc9920, key_nr=0, msg=0x9d269f3
"Duplicate entry '%-.64s' for key '%-.192s'") at handler.cc:2530
#9  0x0841afc0 in handler::print_error (this=0x9dc9920, error=121, errflag=0) at
handler.cc:2583
#10 0x08391906 in write_record (thd=0x9d75d90, table=0x9dc9248, info=0xad27e36c) at
sql_insert.cc:1603
#11 0x08395913 in mysql_insert (thd=0x9d75d90, table_list=0x9dd1a20, fields=@0x9d77564,
values_list=@0x9d77588, update_fields=@0x9d7757c,
    update_values=@0x9d77570, duplic=DUP_ERROR, ignore=false) at sql_insert.cc:828
#12 0x08307ac2 in mysql_execute_command (thd=0x9d75d90) at sql_parse.cc:2944
#13 0x0830e1e1 in mysql_parse (thd=0x9d75d90, inBuf=0x9dd1720 "INSERT INTO C (
set_unique_utf8 ) VALUES ( '' )", length=47, found_semicolon=0xad27f270)
    at sql_parse.cc:5800
#14 0x0830ec55 in dispatch_command (command=COM_QUERY, thd=0x9d75d90, packet=0x9dc2b99
"INSERT INTO C ( set_unique_utf8 ) VALUES ( '' )", packet_length=47)
    at sql_parse.cc:1050
#15 0x0830ff1f in do_command (thd=0x9d75d90) at sql_parse.cc:723
#16 0x082fc99b in handle_one_connection (arg=0x9d75d90) at sql_connect.cc:1153
#17 0x0057d32f in start_thread () from /lib/libpthread.so.0
#18 0x0049a27e in clone () from /lib/libc.so.6

How to repeat:
CREATE TABLE t1 (set_unique_utf8 set ('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z') CHARACTER SET utf8, unique (set_unique_utf8));
INSERT INTO t1 ( set_unique_utf8 ) VALUES ('');
--error ER_DUP_ENTRY 
INSERT INTO t1 ( set_unique_utf8 ) VALUES ('');
DROP TABLE t1;
[8 Sep 2008 14:55] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53534

2692 Georgi Kodinov	2008-09-08
      Bug #39186: Crash in String::append when inserting duplicate empty strings an uft8 SET col
      
      Fixed a problem in constructing a string representation of a ENUM field when reporting
      key duplicate error.
      Note : no test case as the one for bug #38701 covers this one as well.
[9 Sep 2008 12:39] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53604

2692 Georgi Kodinov	2008-09-08
      Bug #39186: Crash in String::append when inserting duplicate empty strings an uft8 SET col
      
      Fixed a problem in constructing a string representation of a ENUM field when reporting
      key duplicate error.
      Note : no test case as the one for bug #38701 covers this one as well.
[17 Oct 2008 16:41] Bugs System
Pushed into 6.0.8-alpha  (revid:kgeorge@mysql.com-20080908145416-wvmvl4aigvthra71) (version source revid:kpettersson@mysql.com-20080911114255-81pt7q1uvl1fkojq) (pib:5)
[18 Oct 2008 15:56] Paul DuBois
Noted in 6.0.8 changelog.

The server could crash when attempting to insert duplicate empty
strings into a utf8 SET column.