Bug #39353 Multiple conditions on timestamp column crashes server
Submitted: 9 Sep 2008 22:20 Modified: 20 Oct 2008 15:31
Reporter: chris lundberg Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:5.1.26-rc/5.0/6.0 OS:Linux (RedHat Enterprise)
Assigned to: Georgi Kodinov CPU Architecture:Any
Tags: crash, regression, timestamp

[9 Sep 2008 22:20] chris lundberg 
Description:
Multiple conditions on an InnoDB timestamp column causes MySQL to crash

How to repeat:
create table t (t timestamp) engine=innodb; select * from t where t>'2008-01-01' and t='0000-00-00';

MySQL immediately crashes.

Suggested fix:
Handle conditions that, while perhaps not logically useful, still arise in complex systems somewhat frequently.
[12 Sep 2008 15:36] Georgi Kodinov 
Introduced by the fix for bug #31887.
The test case assigned is not always causing crashes, but the valgrind output is clear (see attached).

The problem is that Field_timestamp is treated as a descendant of Field_num (which it's not).
[12 Sep 2008 15:38] Georgi Kodinov 
valgrind output demonstrating the problem

Attachment: wrong.txt (text/plain), 13.34 KiB.
[12 Sep 2008 15:52] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53984

2685 Georgi Kodinov	2008-09-12
      Bug #39353: Multiple conditions on timestamp column crashes server
      
      The fix for bug 31887 was incomplete : it assumes that all the 
      field types returned by the IS_NUM macro are descendants of 
      Item_num and tries to zero-fill the values before doing constant
      substitution with such fields when thy are compared to constant string
      values.
      The only exception to this is Field_timestamp : it's in the IS_NUM
      macro, but is not a descendant of Field_num.
      Fixed by excluding timestamp fields (Field_timestamp) when zero-filling
      when converting the constant to compare with to a string.
[18 Sep 2008 12:50] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/54298

2685 Georgi Kodinov	2008-09-18
      Bug #39353: Multiple conditions on timestamp column crashes server
      
      The fix for bug 31887 was incomplete : it assumes that all the 
      field types returned by the IS_NUM macro are descendants of 
      Item_num and tries to zero-fill the values before doing constant
      substitution with such fields when thy are compared to constant string
      values.
      The only exception to this is Field_timestamp : it's in the IS_NUM
      macro, but is not a descendant of Field_num.
      Fixed by excluding timestamp fields (Field_timestamp) when zero-filling
      when converting the constant to compare with to a string.
      Note that this will not exclude the timestamp columns from const 
      propagation.
[18 Sep 2008 12:56] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/54299

2685 Georgi Kodinov	2008-09-18
      Bug #39353: Multiple conditions on timestamp column crashes server
            
      The fix for bug 31887 was incomplete : it assumes that all the 
      field types returned by the IS_NUM macro are descendants of 
      Item_num and tries to zero-fill the values before doing constant
      substitution with such fields when they are compared to constant string
      values.
      The only exception to this is Field_timestamp : it's in the IS_NUM
      macro, but is not a descendant of Field_num.
      Fixed by excluding timestamp fields (Field_timestamp) when zero-filling
      when converting the constant to compare with to a string.
      Note that this will not exclude the timestamp columns from const 
      propagation.
[7 Oct 2008 20:05] Paul DuBois 
Noted in 5.1.29 changelog.

For a TIMESTAMP column in an InnoDB table, testing the column with
multiple conditions in the WHERE clause caused a server crash.

Leaving report status unchanged; this is early documentation of an upcoming push into 5.1.29.
[9 Oct 2008 18:01] Bugs System 
Pushed into 5.1.30  (revid:kgeorge@mysql.com-20080918125536-o0zch2w4rwa4nfck) (version source revid:kgeorge@mysql.com-20081001094725-vf4mqjkmajlm22qy) (pib:4)
[10 Oct 2008 20:07] Paul DuBois 
Setting report to NDI pending push into 5.0.x, 6.0.x
[17 Oct 2008 16:42] Bugs System 
Pushed into 6.0.8-alpha  (revid:kgeorge@mysql.com-20080918125536-o0zch2w4rwa4nfck) (version source revid:kgeorge@mysql.com-20081001100520-exs1tupnfanm1mij) (pib:5)
[17 Oct 2008 18:10] Paul DuBois 
Noted in 6.0.8 changelog.

Setting report to NDI pending push into 5.0.x.
[20 Oct 2008 15:31] Paul DuBois 
Noted in 5.0.70 changelog.
[28 Oct 2008 21:03] Bugs System 
Pushed into 5.1.29-ndb-6.2.17  (revid:kgeorge@mysql.com-20080918125536-o0zch2w4rwa4nfck) (version source revid:tomas.ulin@sun.com-20081028140209-u4emkk1xphi5tkfb) (pib:5)
[28 Oct 2008 22:21] Bugs System 
Pushed into 5.1.29-ndb-6.3.19  (revid:kgeorge@mysql.com-20080918125536-o0zch2w4rwa4nfck) (version source revid:tomas.ulin@sun.com-20081028194045-0353yg8cvd2c7dd1) (pib:5)
[1 Nov 2008 9:47] Bugs System 
Pushed into 5.1.29-ndb-6.4.0  (revid:kgeorge@mysql.com-20080918125536-o0zch2w4rwa4nfck) (version source revid:jonas@mysql.com-20081101082305-qx5a1bj0z7i8ueys) (pib:5)