Bug #47780 crash when comparing GIS items from subquery
Submitted: 2 Oct 2009 7:25 Modified: 18 Jun 2010 2:12
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S1 (Critical)
Version:5.0.85, 5.1.39, 5.0, 5.1, next bzr OS:Any
Assigned to: Georgi Kodinov CPU Architecture:Any
Tags: regression

[2 Oct 2009 7:25] Shane Bester
Description:
5.1.39 stack trace:

mysqld.exe!String::copy()[sql_string.cc:200]
mysqld.exe!Item_cache_str::store()[item.cc:7040]
mysqld.exe!select_singlerow_subselect::send_data()[sql_class.cc:2122]
mysqld.exe!end_send()[sql_select.cc:11997]
mysqld.exe!do_select()[sql_select.cc:10876]
mysqld.exe!JOIN::exec()[sql_select.cc:2200]
mysqld.exe!subselect_single_select_engine::exec()[item_subselect.cc:1961]
mysqld.exe!Item_subselect::exec()[item_subselect.cc:265]
mysqld.exe!Item_singlerow_subselect::val_real()[item_subselect.cc:552]
mysqld.exe!Arg_comparator::compare_real_fixed()[item_cmpfunc.cc:1233]
mysqld.exe!Item_func_ne::val_int()[item_cmpfunc.cc:1668]
mysqld.exe!make_join_select()[sql_select.cc:6069]
mysqld.exe!JOIN::optimize()[sql_select.cc:1045]
mysqld.exe!mysql_select()[sql_select.cc:2374]
mysqld.exe!handle_select()[sql_select.cc:268]
mysqld.exe!execute_sqlcom_select()[sql_parse.cc:5013]
mysqld.exe!mysql_execute_command()[sql_parse.cc:2207]
mysqld.exe!mysql_parse()[sql_parse.cc:5936]
mysqld.exe!dispatch_command()[sql_parse.cc:1215]
mysqld.exe!do_command()[sql_parse.cc:854]
mysqld.exe!handle_one_connection()[sql_connect.cc:1127]
mysqld.exe!pthread_start()[my_winthread.c:85]
mysqld.exe!_callthreadstart()[thread.c:295]
mysqld.exe!_threadstart()[thread.c:275]
kernel32.dll!BaseThreadStart()

How to repeat:
drop table if exists `t1`;
create table `t1`(`c0` bigint,`c3` multipolygon);
insert into `t1` values 
(0,geomfromtext('multipolygon(((1 2,3 4,5 6,7 8,9 8),(7 6,5 4,3 2,1 2,3 4)))'));
select 1 from `t1` where 
`c0` <>  (select geometrycollectionfromwkb(`c3`) from `t1`);
[2 Oct 2009 7:30] Sveta Smirnova
Thank you for the report.

Verified as described.
[2 Oct 2009 7:54] Sveta Smirnova
Not repeatable with version 5.1.33.
[20 Oct 2009 13:59] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/87482

3188 Georgi Kodinov	2009-10-20
      Bug #47780: crash when comparing GIS items from subquery
      
      If the first argument to GeomFromWKB function is a geometry
      field then the function just returns its value.
      However in doing so it's not preserving first argument's 
      null_value flag and this causes unexpected null value to
      be returned to the calling function.
      
      Fixed by updating the null_value of the GeomFromWKB function
      in such cases.
[21 Oct 2009 8:44] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/87591

2822 Georgi Kodinov	2009-10-21
      Bug #47780: crash when comparing GIS items from subquery
            
      If the first argument to GeomFromWKB function is a geometry
      field then the function just returns its value.
      However in doing so it's not preserving first argument's 
      null_value flag and this causes unexpected null value to
      be returned to the calling function.
            
      Fixed by updating the null_value of the GeomFromWKB function
      in such cases (and all other cases that return a NULL e.g.
      because of not enough memory for the return buffer).
[24 Oct 2009 6:54] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/88069

2824 Georgi Kodinov	2009-10-21
      Bug #47780: crash when comparing GIS items from subquery
            
      If the first argument to GeomFromWKB function is a geometry
      field then the function just returns its value.
      However in doing so it's not preserving first argument's 
      null_value flag and this causes unexpected null value to
      be returned to the calling function.
            
      Fixed by updating the null_value of the GeomFromWKB function
      in such cases (and all other cases that return a NULL e.g.
      because of not enough memory for the return buffer).
[4 Nov 2009 9:16] Bugs System
Pushed into 5.0.88 (revid:joro@sun.com-20091104091355-hpz6dwgkrfmokj3k) (version source revid:joro@sun.com-20091021084345-iki6z0uceieoupey) (merge vers: 5.0.88) (pib:13)
[4 Nov 2009 9:26] Bugs System
Pushed into 5.1.41 (revid:joro@sun.com-20091104092152-qz96bzlf2o1japwc) (version source revid:kristofer.pettersson@sun.com-20091103162305-08l4gkeuif2ozsoj) (merge vers: 5.1.41) (pib:13)
[11 Nov 2009 6:54] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20091110093407-rw5g8dys2baqkt67) (version source revid:alik@sun.com-20091109080109-7dxapd5y5pxlu08w) (merge vers: 6.0.14-alpha) (pib:13)
[11 Nov 2009 7:02] Bugs System
Pushed into 5.5.0-beta (revid:alik@sun.com-20091109115615-nuohp02h8mdrz8m2) (version source revid:alik@sun.com-20091105092041-sp6eyod7sdlfuj3b) (merge vers: 5.5.0-beta) (pib:13)
[11 Nov 2009 16:28] Paul DuBois
Noted in 5.0.88, 5.1.41, 5.5.0, 6.0.14 changelogs.

If the first argument to GeomFromWKB() function was a geometry value,
the function just returned its value. However, it failed to preserve
the argument's null_value flag, which caused an unexpected NULL value
to be returned to the caller, resulting in a server crash.
[7 Dec 2009 16:42] Paul DuBois
Noted in 5.1.40sp1 changelog.
[8 Dec 2009 9:29] Bugs System
Pushed into 5.1.43 (revid:build@mysql.com-20091208092611-pbno5awyb0v38hs7) (version source revid:build@mysql.com-20091208092611-pbno5awyb0v38hs7) (merge vers: 5.1.43) (pib:13)
[16 Dec 2009 8:38] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20091216083311-xorsasf5kopjxshf) (version source revid:alik@sun.com-20091215065750-5m04ogppd5l0pol5) (merge vers: 6.0.14-alpha) (pib:14)
[16 Dec 2009 8:45] Bugs System
Pushed into 5.5.0-beta (revid:alik@sun.com-20091216082430-s0gtzibcgkv4pqul) (version source revid:alik@sun.com-20091211070127-kl8uvlrv9cr11kva) (merge vers: 5.5.0-beta) (pib:14)
[16 Dec 2009 8:51] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20091216083231-rp8ecpnvkkbhtb27) (version source revid:alik@sun.com-20091212203859-fx4rx5uab47wwuzd) (merge vers: 5.6.0-beta) (pib:14)
[18 Dec 2009 10:28] Bugs System
Pushed into 5.1.41-ndb-7.1.0 (revid:jonas@mysql.com-20091218102229-64tk47xonu3dv6r6) (version source revid:jonas@mysql.com-20091218095730-26gwjidfsdw45dto) (merge vers: 5.1.41-ndb-7.1.0) (pib:15)
[18 Dec 2009 10:44] Bugs System
Pushed into 5.1.41-ndb-6.2.19 (revid:jonas@mysql.com-20091218100224-vtzr0fahhsuhjsmt) (version source revid:jonas@mysql.com-20091217101452-qwzyaig50w74xmye) (merge vers: 5.1.41-ndb-6.2.19) (pib:15)
[18 Dec 2009 10:59] Bugs System
Pushed into 5.1.41-ndb-6.3.31 (revid:jonas@mysql.com-20091218100616-75d9tek96o6ob6k0) (version source revid:jonas@mysql.com-20091217154335-290no45qdins5bwo) (merge vers: 5.1.41-ndb-6.3.31) (pib:15)
[18 Dec 2009 11:13] Bugs System
Pushed into 5.1.41-ndb-7.0.11 (revid:jonas@mysql.com-20091218101303-ga32mrnr15jsa606) (version source revid:jonas@mysql.com-20091218064304-ezreonykd9f4kelk) (merge vers: 5.1.41-ndb-7.0.11) (pib:15)
[17 Feb 2010 16:19] Paul DuBois
Noted in 5.0.87sp1 changelog.
[20 Feb 2010 17:10] Bugs System
Pushed into 5.0.91 (revid:build@mysql.com-20100220170835-5kr6ztsg25va7qzz) (version source revid:build@mysql.com-20100220170835-5kr6ztsg25va7qzz) (merge vers: 5.0.91) (pib:16)
[1 Mar 2010 8:43] Bugs System
Pushed into 5.1.45 (revid:joro@sun.com-20100301083827-xnimmrjg6bh33o1o) (version source revid:joro@sun.com-20100226131646-kpvzk740hxbtaexn) (merge vers: 5.1.45) (pib:16)
[2 Mar 2010 14:34] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100302142746-u1gxdf5yk2bjrq3e) (version source revid:alik@sun.com-20100301095421-4cz64ibem1h2quve) (merge vers: 6.0.14-alpha) (pib:16)
[2 Mar 2010 14:39] Bugs System
Pushed into 5.5.3-m2 (revid:alik@sun.com-20100302072233-t3uqgjzdukt1pyhe) (version source revid:alik@sun.com-20100301090215-63o2w2y16go8n53p) (merge vers: 5.5.3-m2) (pib:16)
[2 Mar 2010 14:44] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100302072432-k8xvfkgcggkwgi94) (version source revid:alik@sun.com-20100301094536-2zc4uqyy3os8san7) (pib:16)
[12 Mar 2010 14:11] Bugs System
Pushed into 5.1.44-ndb-7.0.14 (revid:jonas@mysql.com-20100312135944-t0z8s1da2orvl66x) (version source revid:jonas@mysql.com-20100312115609-woou0te4a6s4ae9y) (merge vers: 5.1.44-ndb-7.0.14) (pib:16)
[12 Mar 2010 14:27] Bugs System
Pushed into 5.1.44-ndb-6.2.19 (revid:jonas@mysql.com-20100312134846-tuqhd9w3tv4xgl3d) (version source revid:jonas@mysql.com-20100312060623-mx6407w2vx76h3by) (merge vers: 5.1.44-ndb-6.2.19) (pib:16)
[12 Mar 2010 14:43] Bugs System
Pushed into 5.1.44-ndb-6.3.33 (revid:jonas@mysql.com-20100312135724-xcw8vw2lu3mijrhn) (version source revid:jonas@mysql.com-20100312103652-snkltsd197l7q2yg) (merge vers: 5.1.44-ndb-6.3.33) (pib:16)
[17 Jun 2010 12:16] Bugs System
Pushed into 5.1.47-ndb-7.0.16 (revid:martin.skold@mysql.com-20100617114014-bva0dy24yyd67697) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)
[17 Jun 2010 13:03] Bugs System
Pushed into 5.1.47-ndb-6.2.19 (revid:martin.skold@mysql.com-20100617115448-idrbic6gbki37h1c) (version source revid:martin.skold@mysql.com-20100609140708-52rvuyq4q500sxkq) (merge vers: 5.1.45-ndb-6.2.19) (pib:16)
[17 Jun 2010 13:43] Bugs System
Pushed into 5.1.47-ndb-6.3.35 (revid:martin.skold@mysql.com-20100617114611-61aqbb52j752y116) (version source revid:vasil.dimov@oracle.com-20100331130613-8ja7n0vh36a80457) (merge vers: 5.1.46) (pib:16)