| Bug #40120 | Possible infinite loop in remove_dup_with_compare() | ||
|---|---|---|---|
| Submitted: | 17 Oct 2008 18:35 | Modified: | 10 Feb 2018 16:52 |
| Reporter: | Ingo Strüwing | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server: General | Severity: | S3 (Non-critical) |
| Version: | 4.1, 5.0, 5.1, 6.0 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
[21 Oct 2008 6:08]
Sveta Smirnova
Thank you for the report. Verified as described.
[10 Feb 2018 16:52]
Roy Lyseng
Posted by developer: Fixed in version 5.5 and up.
Description: This code snippet from sql/sql_select.cc:remove_dup_with_compare() shows that we could possibly run into an infinite loop: file->ha_rnd_init(1); error=file->rnd_next(record); for (;;) { if (thd->killed) { thd->send_kill_message(); error=0; goto err; } if (error) { if (error == HA_ERR_RECORD_DELETED) continue; If the first record is a deleted one... However, this may be unused code. It seems like duplicate removal is done by unique indexes nowadays. How to repeat: I was not able to create a test case to exploit this problem. But it is quite obvious from code reading. Suggested fix: Either read the next record before continuing, or eliminate the unused code altogether.