Bug #12849 Stored Procedure: Crash on procedure call with CHAR type 'INOUT' parameter
Submitted: 29 Aug 2005 17:07 Modified: 8 Sep 2005 19:54
Reporter: Shuichi Tamagawa Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.0.13-bk Aug 25 OS:Linux (SuSE linux 9.2)
Assigned to: Petr Chardin CPU Architecture:Any

[29 Aug 2005 17:07] Shuichi Tamagawa
Description:
Server crashes when a stored procedure is called with CHAR type 'INOUT' parameter. It was fine on mysql-5.0.12 Aug 17 build.

How to repeat:
--
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 5.0.13-beta-debug

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create procedure sp1(inout x char) select x into x;
Query OK, 0 rows affected (0.00 sec)

mysql> set @var='a';
Query OK, 0 rows affected (0.00 sec)

mysql> call sp1(@var);
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>
Number of processes running now: 0
050826 17:44:19 mysqld restarted

On mysql-5.0.12 bk Aug 17, it is fine.

--
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 5.0.12-beta

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> CREATE PROCEDURE sp1(INOUT x char(1)) SELECT x INTO x;
Query OK, 0 rows affected (0.00 sec)

mysql> set @var='a';
Query OK, 0 rows affected (0.00 sec)

mysql> call sp1(@var);
Query OK, 0 rows affected (0.01 sec)

mysql> select @var;
+------+
| @var |
+------+
| a |
+------+
1 row in set (0.00 sec)

Suggested fix:
N/A
[29 Aug 2005 17:09] Shuichi Tamagawa
Error Log

Attachment: linux.err (application/octet-stream, text), 2.54 KiB.

[29 Aug 2005 17:09] Shuichi Tamagawa
Stack trace output

Attachment: stacktrace.result (application/octet-stream, text), 61 bytes.

[29 Aug 2005 17:09] Shuichi Tamagawa
mysqlbug

Attachment: mysqlbug (application/octet-stream, text), 10.98 KiB.

[29 Aug 2005 17:10] Shuichi Tamagawa
Error log, output from stack trace, and mysqlbug file are attached.
[29 Aug 2005 18:51] Miguel Solorzano
I was able to repeat with latest BK source:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1132559280 (LWP 17684)]
0x081cf61b in String::numchars (this=0x8e3b670) at sql_string.cc:547
547       return str_charset->cset->numchars(str_charset, Ptr, Ptr+str_length);
(gdb)
[2 Sep 2005 13:33] Matthias Leich
I have some other testcases which bring me to the 
following conclusions:
1. The INOUT parameter is not needed. I could be replaced by
    a variable declared within the procedure.
2. This variable must be of data type VARCHAR.
    Note: the data type INTEGER is harmless
3. Any statement, where this VARCHAR variable is source of data and 
   target of assignment seems to produce wrong variable content.
   Example: SET foo = foo;
                  or 
                  SELECT CONCAT(foo,'abc') INTO foo;
4. It looks like Bug#12939 suffers from the same problem.
Please have a look into the attached file ml004.test with testcases.
[2 Sep 2005 13:35] Matthias Leich
testcases

Attachment: ml004.test (application/test, text), 3.33 KiB.

[8 Sep 2005 16:25] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/29511
[8 Sep 2005 17:33] Petr Chardin
pushed into 5.0.13
[8 Sep 2005 19:54] Paul Dubois
Noted in 5.0.13 changelog.