Description:
Given the following schema:
mysql> create table t1 (a bigint, b bigint, primary key (a, b));
mysql> create table t2 (c bigint, d bigint, primary key (c, d));
The queries below crash mysqld.
GDB backtrace looks like this:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1147533664 (LWP 21806)]
0x0000000000727125 in my_strtoll10 ()
(gdb) bt
#0 0x0000000000727125 in my_strtoll10 ()
#1 0x00000000004aaf91 in Item_int::Item_int ()
#2 0x00000000004b3bbb in Item_int_with_ref::new_item ()
#3 0x0000000000551d2b in JOIN::join_free ()
#4 0x0000000000551f92 in JOIN::join_free ()
#5 0x00000000005521ba in JOIN::join_free ()
#6 0x0000000000552264 in JOIN::join_free ()
#7 0x000000000055234b in JOIN::join_free ()
#8 0x00000000005499d6 in JOIN::optimize ()
#9 0x000000000054c0ce in mysql_select ()
#10 0x000000000055d42a in mysql_explain_union ()
#11 0x000000000052bde9 in mysql_execute_command ()
#12 0x000000000052fb48 in mysql_parse ()
#13 0x000000000052ab00 in dispatch_command ()
#14 0x000000000052a7ec in do_command ()
#15 0x000000000052a0d4 in handle_one_connection ()
#16 0x00000034dd9057fb in start_thread () from /lib64/tls/libpthread.so.0
#17 0x00000034dc8ba703 in thread_start () from /lib64/tls/libc.so.6
#18 0x0000000000000000 in ?? ()
This bug is _only_ in 4.1.11 for us, it's not in 4.1.10 (didn't check 4.1.10a, though, hmm.)
How to repeat:
Given the schema above, the following query is able to crash mysqld on at least two instances (all Linux, all x86_64, all 4.1.11):
mysql> select * from t1 join t2 on t1.b = t2.d where t1.b = -100;
This looks to be an optimizer bug, because this also crashes the server:
mysql> explain select * from t1 join t2 on t1.b = t2.d where t1.b = -100;
The crash _doesn't_ happen with this query (note the sign on the const in the where clause):
mysql> select * from t1 join t2 on t1.b = t2.d where t1.b = 100;
