MySQL Bugs: #54041: MySQL 5.0.92 fails when tests from Connector/C suite run

Bug #54041	MySQL 5.0.92 fails when tests from Connector/C suite run
Submitted:	27 May 2010 19:32	Modified:	13 Nov 2010 16:43
Reporter:	Sveta Smirnova	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server	Severity:	S3 (Non-critical)
Version:	5.0.92, 5.1.47, 5.1.48, 5.6.99 bzr	OS:	Any
Assigned to:	Davi Arnaut	CPU Architecture:	Any

Description:
MySQL 5.0.92 and 5.1.48 crashes when tests from C/C suite run.

Backtrace for version 5.1:

(gdb) bt
#0  0x0000003429e0b002 in pthread_kill () from /lib64/libpthread.so.0
#1  0x0000000000b24ac1 in my_write_core (sig=11) at stacktrace.c:329
#2  0x00000000006965ba in handle_segfault (sig=11) at mysqld.cc:2571
#3  <signal handler called>
#4  0x0000000000691863 in String::numchars (this=0x75ea9d8) at sql_string.cc:550
#5  0x00000000005bcbbe in Item_param::convert_str_value (this=0x75ea9c8, thd=0x75e62f8) at item.cc:3159
#6  0x0000000000755b87 in insert_params (stmt=0x75d7808, null_array=0x7591912 "", read_pos=0x759191f "s", data_end=0x759191e "", expanded_query=0x45048490) at sql_prepare.cc:812
#7  0x000000000075b3fe in Prepared_statement::set_parameters (this=0x75d7808, expanded_query=0x45048490, packet=0x759191a "ç\003", packet_end=0x759191e "") at sql_prepare.cc:3170
#8  0x000000000075b49f in Prepared_statement::execute_loop (this=0x75d7808, expanded_query=0x45048490, open_cursor=false, packet=0x7591912 "", packet_end=0x759191e "") at sql_prepare.cc:3229
#9  0x00000000007592b9 in mysqld_stmt_execute (thd=0x75e62f8, packet_arg=0x7591909 "\002", packet_length=21) at sql_prepare.cc:2476
#10 0x00000000006a5fc9 in dispatch_command (command=COM_STMT_EXECUTE, thd=0x75e62f8, packet=0x7591909 "\002", packet_length=21) at sql_parse.cc:1188
#11 0x00000000006a519c in do_command (thd=0x75e62f8) at sql_parse.cc:874
#12 0x00000000006a349b in handle_one_connection (arg=0x75e62f8) at sql_connect.cc:1134
#13 0x0000003429e061b5 in start_thread () from /lib64/libpthread.so.0
#14 0x00000034292cd39d in clone () from /lib64/libc.so.6
#15 0x0000000000000000 in ?? ()

How to repeat:
Start current 5.0 server, then run tests from Connector/C

next-mr fails with:

(gdb) bt
#0  0x0000003429e0b002 in pthread_kill () from /lib64/libpthread.so.0
#1  0x00000000009fed9c in my_write_core (sig=11) at /users/ssmirnova/blade12/src/mysql-next-mr/mysys/stacktrace.c:326
#2  0x000000000051e788 in handle_segfault (sig=11) at /users/ssmirnova/blade12/src/mysql-next-mr/sql/mysqld.cc:2786
#3  <signal handler called>
#4  0x00000000007d112e in append_query_string (csinfo=0x8f8f8f8f8f8f8f8f, from=0x6c9f730, to=0x4826e160) at /users/ssmirnova/blade12/src/mysql-next-mr/sql/log_event.cc:587
#5  0x000000000072ee53 in Item_param::query_val_str (this=0x6c9f720, str=0x4826e160) at /users/ssmirnova/blade12/src/mysql-next-mr/sql/item.cc:3229
#6  0x00000000005ca1c9 in insert_params_with_log (stmt=0x6c66fe8, null_array=0x6ca5932 "", read_pos=0x6ca593f "s", data_end=0x6ca593e "", query=0x4826e2e0)
    at /users/ssmirnova/blade12/src/mysql-next-mr/sql/sql_prepare.cc:863
#7  0x00000000005cf3ee in Prepared_statement::set_parameters (this=0x6c66fe8, expanded_query=0x4826e2e0, packet=0x6ca593a "ç\003", packet_end=0x6ca593e "")
    at /users/ssmirnova/blade12/src/mysql-next-mr/sql/sql_prepare.cc:3321
#8  0x00000000005cf48f in Prepared_statement::execute_loop (this=0x6c66fe8, expanded_query=0x4826e2e0, open_cursor=false, packet=0x6ca5932 "", packet_end=0x6ca593e "")
    at /users/ssmirnova/blade12/src/mysql-next-mr/sql/sql_prepare.cc:3380
#9  0x00000000005cd2f5 in mysqld_stmt_execute (thd=0x6ca9ef8, packet_arg=0x6ca5929 "\002", packet_length=21) at /users/ssmirnova/blade12/src/mysql-next-mr/sql/sql_prepare.cc:2545
#10 0x00000000005aea13 in dispatch_command (command=COM_STMT_EXECUTE, thd=0x6ca9ef8, packet=0x6ca5929 "\002", packet_length=21) at /users/ssmirnova/blade12/src/mysql-next-mr/sql/sql_parse.cc:1042
#11 0x00000000005adeef in do_command (thd=0x6ca9ef8) at /users/ssmirnova/blade12/src/mysql-next-mr/sql/sql_parse.cc:774
#12 0x000000000068ebce in do_handle_one_connection (thd_arg=0x6ca9ef8) at /users/ssmirnova/blade12/src/mysql-next-mr/sql/sql_connect.cc:1188
#13 0x000000000068ea7a in handle_one_connection (arg=0x6ca9ef8) at /users/ssmirnova/blade12/src/mysql-next-mr/sql/sql_connect.cc:1127
#14 0x0000003429e061b5 in start_thread () from /lib64/libpthread.so.0
#15 0x00000034292cd39d in clone () from /lib64/libc.so.6
#16 0x0000000000000000 in ?? ()

5.1.47 affected as well.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/110345

2869 Davi Arnaut	2010-06-07
      Bug#54041: MySQL 5.0.92 fails when tests from Connector/C suite run
      
      The problem was that a user could supply supply data in chunks
      via the COM_STMT_SEND_LONG_DATA command to prepared statement
      parameter other than of type TEXT or BLOB. This posed a problem
      since other parameter types aren't setup to handle long data,
      which would lead to a crash when attempting to use the supplied
      data.
      
      Since the command COM_STMT_SEND_LONG_DATA does not return a
      command status, the solution is to check at execution time
      whether the parameter type is able to handle a data stream.
      If the the parameter type is not TEXT or BLOB, a error is
      returned.
     @ sql/sql_prepare.cc
        Before converting the parameter data stream, check the type
        compatibility.
     @ tests/mysql_client_test.c
        Add test case.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/112362

2876 Davi Arnaut	2010-06-28
      Bug#54041: MySQL 5.0.92 fails when tests from Connector/C suite run
      
      The problem was that a user could supply supply data in chunks
      via the COM_STMT_SEND_LONG_DATA command to prepared statement
      parameter other than of type TEXT or BLOB. This posed a problem
      since other parameter types aren't setup to handle long data,
      which would lead to a crash when attempting to use the supplied
      data.
      
      Given that long data can be supplied at any stage of a prepared
      statement, coupled with the fact that the type of a parameter
      marker might change between consecutive executions, the solution
      is to validate at execution time each parameter marker for which
      a data stream was provided. If the parameter type is not TEXT or
      BLOB (that is, if the type is not able to handle a data stream),
      a error is returned.
     @ sql/sql_prepare.cc
        Before converting the parameter data stream, check the type
        compatibility.
     @ tests/mysql_client_test.c
        Add test case.

Queued to 5.0-bugteam and up.

Pushed into 5.1.49 (revid:build@mysql.com-20100719143034-omcma40sblwmay3x) (version source revid:davi.arnaut@sun.com-20100628202919-tnsf96r32xxnkchb) (merge vers: 5.1.48) (pib:16)

Noted in 5.1.49 changelog.

A client could supply supply data in chunks to a prepared statement
parameter other than of type TEXT or BLOB using the
mysql_stmt_send_long_data() C API function (or
COM_STMT_SEND_LONG_DATA command). This led to a crash because other
data types are not valid for long data.

Setting report to Need Merge pending further pushes.

Pushed into mysql-trunk 5.5.6-m3 (revid:alik@sun.com-20100723121820-jryu2fuw3pc53q9w) (version source revid:vasil.dimov@oracle.com-20100531152341-x2d4hma644icamh1) (merge vers: 5.5.5-m3) (pib:18)

Pushed into mysql-next-mr (revid:alik@sun.com-20100723121929-90e9zemk3jkr2ocy) (version source revid:vasil.dimov@oracle.com-20100531152341-x2d4hma644icamh1) (pib:18)

Noted in 5.5.6 changelog.

Indeed, a typo.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/114726

3462 Davi Arnaut	2010-07-30
      Bug#54041: MySQL 5.0.92 fails when tests from Connector/C suite run
      
      Fix a regression (due to a typo) which caused spurious incorrect
      argument errors for long data stream parameters if all forms of
      logging were disabled (binary, general and slow logs).
     @ mysql-test/t/mysql_client_test.test
        Save the status of the slow_log.
     @ sql/sql_prepare.cc
        Add a missing logical NOT operator.
     @ tests/mysql_client_test.c
        Disable all query logs when running C tests. Fixes a omission
        when, slow log should have been disabled too.
        
        Run test case for Bug#54041 with query logs enabled and disabled.

Queued to mysql-5.0-bugteam and up.

Thanks, Paul.

Pushed into 5.0.92 (revid:georgi.kodinov@oracle.com-20100802074824-5201e4ppst9t3yqt) (version source revid:georgi.kodinov@oracle.com-20100802074543-gk97pnteys3wjvha) (merge vers: 5.0.92) (pib:18)

Noted in 5.0.92 changelog.

Moved 5.1 changelog entry from 5.1.49 to 5.1.50 since the 5.1.49 patch was subject to the typo.

Pushed into mysql-trunk 5.6.1-m4 (revid:alik@sun.com-20100818071819-2lu46b0mm3cs34rf) (version source revid:alik@sun.com-20100818071732-g682fg1v0nnrrutx) (merge vers: 5.6.1-m4) (pib:20)

Pushed into mysql-next-mr (revid:alik@sun.com-20100818071923-4ounwbhiium2met1) (version source revid:alik@sun.com-20100818071743-lrzordai06i2crty) (pib:20)

Pushed into mysql-5.5 5.5.6-m3 (revid:alik@sun.com-20100818071719-dktnkvt8zvidj0sy) (version source revid:alik@sun.com-20100818071719-dktnkvt8zvidj0sy) (merge vers: 5.5.6-m3) (pib:20)

Noted in 5.6.1 changelog.

Pushed into mysql-5.1 5.1.51 (revid:build@mysql.com-20100819151858-muaaor6jojb5ouzj) (version source revid:build@mysql.com-20100819151858-muaaor6jojb5ouzj) (merge vers: 5.1.51) (pib:20)

Already fixed in 5.1.x.

Pushed into mysql-5.1 5.1.53 (revid:sunanda.menon@sun.com-20101007194409-vrqmi1f7iched4zr) (version source revid:sunanda.menon@sun.com-20101007194409-vrqmi1f7iched4zr) (merge vers: 5.1.53) (pib:21)

Noted in 5.1.49sp1 changelog.

Pushed into mysql-5.1-telco-7.0 5.1.51-ndb-7.0.20 (revid:martin.skold@mysql.com-20101014082627-jrmy9xbfbtrebw3c) (version source revid:martin.skold@mysql.com-20101014082627-jrmy9xbfbtrebw3c) (merge vers: 5.1.51-ndb-7.0.20) (pib:21)

Pushed into mysql-5.1-telco-6.3 5.1.51-ndb-6.3.39 (revid:martin.skold@mysql.com-20101014083757-5qo48b86d69zjvzj) (version source revid:martin.skold@mysql.com-20101014083757-5qo48b86d69zjvzj) (merge vers: 5.1.51-ndb-6.3.39) (pib:21)

Pushed into mysql-5.1-telco-6.2 5.1.51-ndb-6.2.19 (revid:martin.skold@mysql.com-20101014084420-y54ecj85j5we27oa) (version source revid:martin.skold@mysql.com-20101014084420-y54ecj85j5we27oa) (merge vers: 5.1.51-ndb-6.2.19) (pib:21)

Already documented in the 5.1.50 changelog; no new changelog entries required. Setting back to Closed state.

Pushed into mysql-trunk 5.6.99-m5 (revid:alexander.nozdrin@oracle.com-20101113155825-czmva9kg4n31anmu) (version source revid:alexander.nozdrin@oracle.com-20101113152450-2zzcm50e7i4j35v7) (merge vers: 5.6.1-m4) (pib:21)

Pushed into mysql-next-mr (revid:alexander.nozdrin@oracle.com-20101113160336-atmtmfb3mzm4pz4i) (version source revid:alexander.nozdrin@oracle.com-20101113152540-gxro4g0v29l27f5x) (pib:21)

Pushed into mysql-5.5 5.5.9 (revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (version source revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (merge vers: 5.5.9) (pib:24)