| Bug #45883 | Buffer function crashes mysqld | ||
|---|---|---|---|
| Submitted: | 1 Jul 17:37 | Modified: | 1 Jul 20:41 |
| Reporter: | John Powell | ||
| Status: | Verified | ||
| Category: | Server: GIS | Severity: | S2 (Serious) |
| Version: | 5.1 WL#1326 | OS: | Linux (Centos 64-bit 5.2 final) |
| Assigned to: | Alexey Botchkov | Target Version: | |
| Tags: | buffer, crash | ||
| Triage: | Triaged: D1 (Critical) | ||
[1 Jul 17:38]
John Powell
File containing query to make geometry to reproduce bug
Attachment: buffer.txt (text/plain), 39.81 KiB.
[1 Jul 17:44]
John Powell
File containing query to make geometry to reproduce bug, corrected
Attachment: buffer.txt (text/plain), 19.95 KiB.
[1 Jul 18:22]
Miguel Solorzano
Thank you for the bug report. It is that server self-compiled or release package if yes which one?. Thanks in advance.
[1 Jul 19:07]
John Powell
Miguel, it is built from source from 5.1 WL#1326, bzr branch lp:~mysql/mysql-server/mysql-5.1-wl1326 These bugs are usually assigned to Holyfoot, as he is the developer who has created the new GIS functions.
[1 Jul 20:41]
Sveta Smirnova
Thank you for the report.
Verified as described.
Backtrace in my env:
Thread 1 (process 6220):
#0 0x0000003429e0b002 in pthread_kill () from /lib64/libpthread.so.0
#1 0x0000000000b055d9 in my_write_core (sig=11) at stacktrace.c:310
#2 0x00000000006958d5 in handle_segfault (sig=11) at mysqld.cc:2536
#3 <signal handler called>
#4 0x000000000064a750 in get_n_sincos (n=16653, sinus=0x40a80380, cosinus=0x40a80378) at
item_geofunc.cc:824
#5 0x000000000064a905 in fill_gap (trn=0x40a803f0, x=458515, y=526624,
ax=nan(0x8000000000000), ay=nan(0x8000000000000), bx=22.810891686770937,
by=97.363562077680825, d=100,
empty_gap=0x40a8041e) at item_geofunc.cc:863
#6 0x000000000064aea3 in Item_func_buffer::add_edge_buffer (this=0xe7833f8,
p1=0xe7d8480, p2=0xe7d84b0, p3=0xe7ac0b0, d=100, round_p1=false, round_p2=false) at
item_geofunc.cc:929
#7 0x000000000064b4cf in Item_func_buffer::add_poly_buffer (this=0xe7833f8,
ptr_p=0x40a80558, n_p=0x40a80554, d=100) at item_geofunc.cc:1014
#8 0x000000000064ba56 in Item_func_buffer::val_str (this=0xe7833f8, str_value=0xe783a90)
at item_geofunc.cc:1113
#9 0x00000000005ef345 in Item_func_set_user_var::check (this=0xe7836d0,
use_result_field=false) at item_func.cc:4160
#10 0x00000000006bc5cf in set_var_user::check (this=0xe783b10, thd=0xe71b078) at
set_var.cc:3594
#11 0x00000000006bbf4b in sql_set_variables (thd=0xe71b078, var_list=0xe71d438) at
set_var.cc:3443
#12 0x00000000006aa949 in mysql_execute_command (thd=0xe71b078) at sql_parse.cc:3450
#13 0x00000000006b1f9c in mysql_parse (thd=0xe71b078, inBuf=0xe783188 "set
@buff=buffer(@geom,100)", length=27, found_semicolon=0x40a81ed0) at sql_parse.cc:5929
#14 0x00000000006a48f0 in dispatch_command (command=COM_QUERY, thd=0xe71b078,
packet=0xe78c099 "set @buff=buffer(@geom,100)", packet_length=27) at sql_parse.cc:1216
#15 0x00000000006a3976 in do_command (thd=0xe71b078) at sql_parse.cc:857
#16 0x00000000006a1de2 in handle_one_connection (arg=0xe71b078) at sql_connect.cc:1115
#17 0x0000003429e061b5 in start_thread () from /lib64/libpthread.so.0
#18 0x00000034292cd39d in clone () from /lib64/libc.so.6
#19 0x0000000000000000 in ?? ()
Description: For some polygons, buffer function crashes mysqld, with a mysql server has gone away error message. The polygon below is from a real data set and has 1123 points. I have generalized it to 200 points and the buffer then works, without crashing the server. The polygon's points were too big for the bug report. Will attach once filed. How to repeat: set @geom=geomfromtext('POLYGON((458515.0 526624.0,....,458515.0 526624.0))')); set @buff=buffer(@geom,100); mysqld crashes