Bug #47429 Intersection function crashed mysqld
Submitted: 18 Sep 10:10 Modified: 19 Sep 12:11
Reporter: John Powell
Status: Verified
Category:Server: GIS Severity:S2 (Serious)
Version:5.1 WL#1326 OS:Linux (Centos 5.2)
Assigned to: Target Version:
Tags: intersection, gis
Triage: Triaged: D1 (Critical)

[18 Sep 10:10] John Powell 
Description:
Running an intersection query of one polygon against a table containing many polygons
crashes mysql, with the following dump.

stack_bottom = 0x469500d8 thread_stack 0x40000
/usr/local/mysql-5.1-gis/libexec/mysqld(my_print_stacktrace+0x29) [0x89b139]
/usr/local/mysql-5.1-gis/libexec/mysqld(handle_segfault+0x23e) [0x5b0f50]
/lib64/libpthread.so.0 [0x329340de70]
/usr/local/mysql-5.1-gis/libexec/mysqld(gcalc_scan_iterator::intersection_scan()+0x1e0)
[0x753ab6]
/usr/local/mysql-5.1-gis/libexec/mysqld(gcalc_scan_iterator::handle_intersections()+0x84)
[0x75414e]
/usr/local/mysql-5.1-gis/libexec/mysqld(gcalc_scan_iterator::normal_scan()+0x2de)
[0x754714]
/usr/local/mysql-5.1-gis/libexec/mysqld(gcalc_function::find_function(gcalc_scan_iterator&)+0x2e)
[0x755d50]
/usr/local/mysql-5.1-gis/libexec/mysqld(Item_func_spatial_rel::val_int()+0x251)
[0x56f59f]
/usr/local/mysql-5.1-gis/libexec/mysqld [0x613684]
/usr/local/mysql-5.1-gis/libexec/mysqld(sub_select(JOIN*, st_join_table*, bool)+0xcc)
[0x6198e2]
/usr/local/mysql-5.1-gis/libexec/mysqld [0x62f1b1]
/usr/local/mysql-5.1-gis/libexec/mysqld(JOIN::exec()+0x1eb2) [0x63442e]
/usr/local/mysql-5.1-gis/libexec/mysqld(mysql_select(THD*, Item***, TABLE_LIST*, unsigned
int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned
long long, select_result*, st_select_lex_unit*, st_select_lex*)+0x68b) [0x6350b3]
/usr/local/mysql-5.1-gis/libexec/mysqld(handle_select(THD*, st_lex*, select_result*,
unsigned long)+0x1b8) [0x6355e4]
/usr/local/mysql-5.1-gis/libexec/mysqld [0x5ba1d7]
/usr/local/mysql-5.1-gis/libexec/mysqld(mysql_execute_command(THD*)+0x6281) [0x5c335f]
/usr/local/mysql-5.1-gis/libexec/mysqld(mysql_parse(THD*, char const*, unsigned int, char
const**)+0x194) [0x5c4068]
/usr/local/mysql-5.1-gis/libexec/mysqld(dispatch_command(enum_server_command, THD*,
char*, unsigned int)+0xbb4) [0x5c527a]
/usr/local/mysql-5.1-gis/libexec/mysqld(do_command(THD*)+0x226) [0x5c621e]
/usr/local/mysql-5.1-gis/libexec/mysqld(handle_one_connection+0xb0b) [0x5b6029]
/lib64/libpthread.so.0 [0x32934062f7]
/lib64/libc.so.6(clone+0x6d) [0x3292cd1e3d]

How to repeat:
create the containing geometry

mysql>select geom into @geom from country;

try and find all tiles inside this geometry;

mysql> select tile_name from grid where intersects(@geom, geom);

ERROR 2013 (HY000): Lost connection to MySQL server during query

sql file to create these two tables to be attached below.
[18 Sep 10:15] John Powell 
Have ftp'd sql file to recreate tables as bug-data-47429.zip
[19 Sep 12:11] Sveta Smirnova 
Thank you for the report.

Verified memory errors, although in my case server doesn't crash, but just prints into
error log file:

...
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at
'gcalc_slicescan.cc:36'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at
'gcalc_slicescan.cc:60'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at
'gcalc_slicescan.cc:60'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at
'my_alloc.c:201'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at
'sql_select.cc:6631'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at
'mf_iocache.c:1826'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at
'array.c:309'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at
'sql_string.h:193'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at
'sql_string.h:193'
Error: Memory allocated at gcalc_slicescan.cc:36 was overrun, discovered at
'gcalc_slicescan.cc:60'