Bug #10736 mysql_stmt_attr_set CURSOR_TYPE_READ_ONLY select within select
Submitted: 19 May 2005 11:26 Modified: 25 Jul 2005 20:13
Reporter: Berto van de Kraats Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:5.0.6-beta-nightly-20050515-debug OS:Linux (linux/windows)
Assigned to: Konstantin Osipov CPU Architecture:Any

[19 May 2005 11:26] Berto van de Kraats
Description:
if cursors are used the select within a select makes mysql crash.

How to repeat:
compile and run the simple c-program.

remark:
it the cursor enable statement

mysql_stmt_attr_set(stmt, STMT_ATTR_CURSOR_TYPE, (const void *) &type);

is deactived the program runs fine.
[19 May 2005 11:27] Berto van de Kraats
bug8.c

Attachment: bug8.c (application/octet-stream, text), 3.44 KiB.

[19 May 2005 13:17] Miguel Solorzano
Below call stack on Windows:

>	mysqld-debug.exe!_NMSG_WRITE(int rterrnum=10)  Line 221	C
 	mysqld-debug.exe!abort()  Line 44 + 0x7	C
 	mysqld-debug.exe!_assert(void * expr=0x00854010, void * filename=0x00853fe8, unsigned int lineno=1612)  Line 267	C
 	mysqld-debug.exe!Item_arena::set_n_backup_item_arena(Item_arena * set=0x02fed028, Item_arena * backup=0x03eef968)  Line 1612 + 0x1d	C++
 	mysqld-debug.exe!JOIN::optimize()  Line 592	C++
 	mysqld-debug.exe!subselect_single_select_engine::exec()  Line 1444 + 0xb	C++
 	mysqld-debug.exe!Item_subselect::exec()  Line 204 + 0x11	C++
 	mysqld-debug.exe!Item_singlerow_subselect::val_str(String * str=0x0300dd88)  Line 487 + 0xe	C++
 	mysqld-debug.exe!Arg_comparator::compare_string()  Line 368 + 0x22	C++
 	mysqld-debug.exe!Arg_comparator::compare()  Line 65 + 0x10	C++
 	mysqld-debug.exe!Item_func_eq::val_int()  Line 750 + 0xb	C++
 	mysqld-debug.exe!evaluate_join_record(JOIN * join=0x02fe4d58, st_join_table * join_tab=0x0300da80, int error=0, char * report_error=0x02feec80)  Line 9224 + 0x11	C++
 	mysqld-debug.exe!sub_select(JOIN * join=0x02fe4d58, st_join_table * join_tab=0x0300da80, int end_of_records=0)  Line 9177 + 0x15	C++
 	mysqld-debug.exe!Cursor::fetch(unsigned long num_rows=1)  Line 1845 + 0x12	C++
 	mysqld-debug.exe!mysql_stmt_fetch(THD * thd=0x02fee1f0, char * packet=0x02fff829, unsigned int packet_length=9)  Line 2234	C++
 	mysqld-debug.exe!dispatch_command(enum_server_command command=COM_FETCH, THD * thd=0x02fee1f0, char * packet=0x02fff829, unsigned int packet_length=9)  Line 1621 + 0x11	C++
 	mysqld-debug.exe!do_command(THD * thd=0x02fee1f0)  Line 1454 + 0x31	C++
 	mysqld-debug.exe!handle_one_connection(void * arg=0x02fee1f0)  Line 1114 + 0x9	C++
 	mysqld-debug.exe!pthread_start(void * param=0x02feaff0)  Line 63 + 0x7	C
 	mysqld-debug.exe!_threadstart(void * ptd=0x02ff3f78)  Line 173 + 0xd	C
 	kernel32.dll!77e702ed() 	
 	ntdll.dll!77f5180b() 	

Thank you for the bug report.
[27 Jun 2005 23:03] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/26463
[28 Jun 2005 17:08] Konstantin Osipov
Fixed in 5.0 tree, currently tagged 5.0.9
[25 Jul 2005 20:13] Mike Hillyer
Documented in 5.0.9 changelog:

<listitem><para>Combining cursors and subselects could cause server crash or memory leaks. (Bug #10736)</para></listitem>