Bug #10337 If we try to cast a NULL as decimal then the MySQL service crashes.
Submitted: 3 May 2005 14:20 Modified: 15 Jun 2005 14:22
Reporter: Disha Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.0.4 Beta/BK source OS:Windows (Windows 2003/Linux)
Assigned to: Alexey Botchkov CPU Architecture:Any

[3 May 2005 14:20] Disha
Description:
If we try to cast a NULL as decimal then the MySQL service crashes.

How to repeat:
1. Start the MySQL client and connect to the database server.
2. Set the delimiter to //
3. Run the following command:

select cast(NULL as decimal(6)) as t1//

Expected Results: 
1. Appropriate error should be displayed as casting can be done form anything to character type.

Actual Results: 
1. “Connection lost” error is displayed on the client.
2. MySQL service crashes..
[3 May 2005 14:25] MySQL Verification Team
Call stack on Windows:

 	mysqld-debug.exe!decimal_round(st_decimal_t * from=0x00000000, st_decimal_t * to=0x03eee388, int scale=2, int mode=2)  Line 1433 + 0x3	C
>	mysqld-debug.exe!my_decimal_round(unsigned int mask=30, const my_decimal * from=0x00000000, int scale=2, int truncate=0, my_decimal * to=0x03eee388)  Line 193 + 0x1e	C++
 	mysqld-debug.exe!Item_decimal_typecast::val_decimal(my_decimal * dec=0x03eee388)  Line 1019 + 0x1a	C++
 	mysqld-debug.exe!Item_decimal_typecast::val_str(String * str=0x03eee494)  Line 991 + 0x17	C++
 	mysqld-debug.exe!Item::send(Protocol * protocol=0x03000f58, String * buffer=0x03eee494)  Line 3581 + 0x15	C++
 	mysqld-debug.exe!select_send::send_data(List<Item> & items={...})  Line 872 + 0x19	C++
 	mysqld-debug.exe!JOIN::exec()  Line 1208 + 0x96	C++
 	mysqld-debug.exe!mysql_select(THD * thd=0x030004c0, Item * * * rref_pointer_array=0x03000830, st_table_list * tables=0x00000000, unsigned int wild_num=0, List<Item> & fields={...}, Item * conds=0x00000000, unsigned int og_num=0, st_order * order=0x00000000, st_order * group=0x00000000, Item * having=0x00000000, st_order * proc_param=0x00000000, unsigned long select_options=2156153344, select_result * result=0x02fe69c8, st_select_lex_unit * unit=0x03000520, st_select_lex * select_lex=0x03000728)  Line 2010	C++
 	mysqld-debug.exe!handle_select(THD * thd=0x030004c0, st_lex * lex=0x03000508, select_result * result=0x02fe69c8, unsigned long setup_tables_done_option=0)  Line 254 + 0x83	C++
 	mysqld-debug.exe!mysql_execute_command(THD * thd=0x030004c0)  Line 2393 + 0x13	C++
 	mysqld-debug.exe!mysql_parse(THD * thd=0x030004c0, char * inBuf=0x02fe6810, unsigned int length=37)  Line 5182 + 0x9	C++
 	mysqld-debug.exe!dispatch_command(enum_server_command command=COM_QUERY, THD * thd=0x030004c0, char * packet=0x02fe27a9, unsigned int packet_length=38)  Line 1651 + 0x1d	C++
 	mysqld-debug.exe!do_command(THD * thd=0x030004c0)  Line 1457 + 0x31	C++
 	mysqld-debug.exe!handle_one_connection(void * arg=0x030004c0)  Line 1114 + 0x9	C++
 	mysqld-debug.exe!pthread_start(void * param=0x00e4bc70)  Line 63 + 0x7	C
 	mysqld-debug.exe!_threadstart(void * ptd=0x02ff5918)  Line 173 + 0xd	C
 	kernel32.dll!7c80b50b() 	
 	kernel32.dll!7c8399f3()
[15 Jun 2005 14:11] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/26025
[15 Jun 2005 14:22] Alexey Botchkov
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html