Bug #5748 Prepared statement with BETWEEN and bigint values crashes mysqld
Submitted: 26 Sep 2004 8:37 Modified: 7 Oct 2004 22:26
Reporter: Dean Ellis Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:4.1.6 OS:
Assigned to: Konstantin Osipov CPU Architecture:Any

[26 Sep 2004 8:37] Dean Ellis 
Description:
Prepared statement with BETWEEN and BIGINT values crashes mysqld on second execution.  Tested against Linux 4.1.6 (1.2037).

How to repeat:
DROP TABLE IF EXISTS t1;
CREATE TABLE t1 ( a BIGINT );
PREPARE s FROM 'SELECT a FROM t1 WHERE a BETWEEN ? AND ?';
SET @a=1;
EXECUTE s USING @a, @a;
EXECUTE s USING @a, @a;

Suggested fix:
n/a
[26 Sep 2004 8:47] Dean Ellis 
0x816c7ad handle_segfault + 647
0xffffe420 _end + -139954288
(nil)
0x4024c453 _end + 936204227
0x4024c486 _end + 936204278
0x4024c91f _end + 936205455
0x8101447 Item::save_in_field(Field*, bool) + 381
0x811ef93 Item_func_between::fix_length_and_dec() + 473
0x810fa93 Item_func::fix_fields(THD*, st_table_list*, Item**) + 349
0x81a1004 setup_conds(THD*, st_table_list*, Item**) + 128
0x81a5608 JOIN::prepare(Item***, st_table_list*, unsigned int, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, st_select_lex + 424
0x81a8a71 mysql_select(THD*, Item***, st_table_list*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_ord + 679
0x81a545a handle_select(THD*, st_lex*, select_result*) + 246
0x817f222 mysql_execute_command(THD*) + 884
0x81bf59a execute_stmt(THD*, Prepared_statement*, String*, bool) + 78
0x81bf4e2 mysql_sql_stmt_execute(THD*, st_lex_string*) + 296
0x8183bbe mysql_execute_command(THD*) + 19728
0x8184bbb mysql_parse(THD*, char*, unsigned int) + 197
0x817dcf9 dispatch_command(enum_server_command, THD*, char*, unsigned int) + 1033
0x817d8a3 do_command(THD*) + 147
0x817d05b handle_one_connection + 851
0x40175a1b _end + 935325067
0x4034c27a _end + 937252330
[6 Oct 2004 15:50] Konstantin Osipov 
Subject: bk commit - 4.1 tree (konstantin:1.2062) BUG#5748

ChangeSet
  1.2062 04/10/06 19:49:31 konstantin@mysql.com +10 -0
  A fix for Bug#5748 "Prepared statement with BETWEEN and bigint values
  crashes mysqld": implementation for a generic item tree modifications
  registry. Every item tree modification which should be rolled back for
  subsequent execution of a prepared statement or stored procedure should
  be saved in the registry. All such modifications are rolled back at once
  during cleanup stage of PS.
  Actual fix for the bug just adds a call to register modifications to
  convert_constant_item.
[7 Oct 2004 22:24] Konstantin Osipov 
Fixed in 4.1.6