Bug #12468 SP crashes the server when executing CREATE VIEW statement
Submitted: 9 Aug 2005 17:09 Modified: 26 Aug 2005 19:31
Reporter: Andrey Hristov Email Updates:
Status: Closed Impact on me:
Category:MySQL Server Severity:S1 (Critical)
Version:5.0.12-20050809 OS:Linux (Linux)
Assigned to: Oleksandr Byelkin CPU Architecture:Any

[9 Aug 2005 17:09] Andrey Hristov
A CREATE VIEW statement in a SP crashes the server if the underlying table has been deleted. See the repro case.

Program received signal SIGSEGV, Segmentation fault.
setup_tables (thd=0x860f630, context=0x862e5f0, tables=0x0, conds=0x862a0fc, leaves=0x0, select_insert=false) at mysql_priv.h:1447
1447        table - TABLE structure pointer (which should be setup)
(gdb) bt
#0  setup_tables (thd=0x860f630, context=0x862e5f0, tables=0x0, conds=0x862a0fc, leaves=0x0, select_insert=false) at mysql_priv.h:1447
#1  0x08120e6a in JOIN::prepare (this=0x8629368, rref_pointer_array=0x862e6e0, tables_init=0x862e5f0, wild_num=140699120, conds_init=0x862e5f0,
    og_num=140699120, order_init=0x862e5f0, group_init=0x862e5f0, having_init=0x862e5f0, proc_param_init=0x862e5f0, select_lex_arg=0x862e5c4,
    unit_arg=0x862e3e8) at sql_select.cc:340
#2  0x081eae0e in st_select_lex_unit::prepare (this=0x862e3e8, thd_arg=0x860f630, sel_result=0x0, additional_options=0, tmp_table_alias=0x862e5f0 "")
    at sql_union.cc:220
#3  0x081f43c0 in mysql_create_view (thd=0x860f630, mode=VIEW_CREATE_NEW) at sql_view.cc:281
#4  0x080f20c2 in mysql_execute_command (thd=0x860f630) at sql_parse.cc:4467
#5  0x082058f9 in sp_instr_stmt::exec_core (this=0x0, thd=0x862e5f0, nextp=0x0) at sp_head.cc:1604
#6  0x08205667 in sp_lex_keeper::reset_lex_and_exec_core (this=0x862c9b8, thd=0x860f630, nextp=0x862e5f0, open_tables=false, instr=0x862c990)
    at sp_head.cc:1510
#7  0x0820584a in sp_instr_stmt::execute (this=0x862c990, thd=0x860f630, nextp=0xbfffe374) at sp_head.cc:1581
#8  0x08202fe4 in sp_head::execute (this=0x862c3d0, thd=0x860f630) at sp_head.cc:670
#9  0x08203d2c in sp_head::execute_procedure (this=0x862c3d0, thd=0x860f630, args=0x860fa98) at sp_head.cc:950
#10 0x080f1318 in mysql_execute_command (thd=0x860f630) at sql_parse.cc:4199
#11 0x080f4349 in mysql_parse (thd=0x860f630, inBuf=0x8624790 "call sp_crash()", length=140572272) at sql_parse.cc:5390
#12 0x080e9f51 in dispatch_command (command=COM_QUERY, thd=0x860f630, packet=0x8611509 "call sp_crash()", packet_length=16) at sql_parse.cc:1657
#13 0x080e9809 in do_command (thd=0x860f630) at sql_parse.cc:1460
#14 0x080e8995 in handle_one_connection (arg=0x862e5f0) at sql_parse.cc:1113
#15 0x080d7326 in create_new_thread (thd=0x860f630) at mysqld.cc:3642
#16 0x080d79eb in handle_connections_sockets (arg=0x0) at mysqld.cc:3914
#17 0x080d6dad in main (argc=140699120, argv=0xbffff274) at mysqld.cc:3313

How to repeat:
mysql> delimiter |
mysql> create table non_existing_table(a int)|
Query OK, 0 rows affected (0.04 sec)

mysql> create procedure sp_crash() create view sp_view_crash as select * from non_existing_table;|
Query OK, 0 rows affected (0.00 sec)

mysql> call sp_crash()|
Query OK, 0 rows affected (0.00 sec)

mysql> drop table non_existing_table|
Query OK, 0 rows affected (0.00 sec)

mysql> call sp_crash()|
ERROR 1146 (42S02): Table 'test.non_existing_table' doesn't exist
mysql> call sp_crash()|
[10 Aug 2005 15:06] Aleksey Kishkin
verified against mysql 5.0.12-beta on suse 9.3 linux
[17 Aug 2005 19:43] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

[23 Aug 2005 21:42] Konstantin Osipov
Approved by email.
[26 Aug 2005 6:11] Oleksandr Byelkin
pushed to 5.0.13
[26 Aug 2005 19:31] Paul DuBois
Noted in 5.0.13 changelog.