Bug #13558 Server crash on CREATE FUNCTION with no database selected
Submitted: 28 Sep 2005 9:48 Modified: 28 Sep 2005 13:01
Reporter: Beat Vontobel (Silver Quality Contributor) (OCA) Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.0.13-rc-standard-log OS:Linux (Linux 2.4.21 (SuSE Professional))
Assigned to: CPU Architecture:Any

[28 Sep 2005 9:48] Beat Vontobel 
Description:
Use of a CREATE FUNCTION statement if no default database is selected crashes the server. I used 5.0.13-rc-standard-log (precompiled static version) default install with my-small.cnf on x86 Linux 2.4.21 (SuSE Professional) to test this.

How to repeat:
Setup default installation with my-small.cnf and start mysql client without any options (do login as default user without password and with no database selected). Then create a new function:

-----
mysql4:~ # mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 5.0.13-rc-standard

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> CREATE FUNCTION dummy () RETURNS INT RETURN 0;
ERROR 2013 (HY000): Lost connection to MySQL server during query
-----

The server crashed and I got the following output in the error.log (stack trace resolved):

-----
050928 21:21:03  mysqld started
InnoDB: The first specified data file ./ibdata1 did not exist:
InnoDB: a new database to be created!
050928 21:21:03  InnoDB: Setting file ./ibdata1 size to 10 MB
InnoDB: Database physically writes the file full: wait...
050928 21:21:03  InnoDB: Log file ./ib_logfile0 did not exist: new to be created
InnoDB: Setting log file ./ib_logfile0 size to 5 MB
InnoDB: Database physically writes the file full: wait...
050928 21:21:03  InnoDB: Log file ./ib_logfile1 did not exist: new to be created
InnoDB: Setting log file ./ib_logfile1 size to 5 MB
InnoDB: Database physically writes the file full: wait...
InnoDB: Doublewrite buffer not found: creating new
InnoDB: Doublewrite buffer created
InnoDB: Creating foreign key constraint system tables
InnoDB: Foreign key constraint system tables created
050928 21:21:04  InnoDB: Started; log sequence number 0 0
050928 21:21:04 [Note] /usr/local/mysql/bin/mysqld: ready for connections.
Version: '5.0.13-rc-standard'  socket: '/tmp/mysql.sock'  port: 3306  MySQL Community Edition - Standard (GPL)
mysqld got signal 11;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=16384
read_buffer_size=258048
max_used_connections=1
max_connections=100
threads_connected=1
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 31615 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd=0x896e670
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
Cannot determine thread, fp=0xbfe7ef38, backtrace may not be correct.
Stack range sanity check OK, backtrace follows:
0x809d242 handle_segfault + 430
0x82d5b18 pthread_sighandler + 184
0x82bf1a8 my_strcasecmp_utf8 + 244
0x80b1fd1 mysql_execute_command__FP3THD + 15885
0x80b4dca mysql_parse__FP3THDPcUi + 286
0x80acc90 dispatch_command__F19enum_server_commandP3THDPcUi + 1760
0x80ac5a3 do_command__FP3THD + 203
0x80abb06 handle_one_connection + 766
0x82d32cc pthread_start_thread + 220
0x82fcd0a thread_start + 4
New value of fp=(nil) failed sanity check, terminating stack trace!
Please read http://dev.mysql.com/doc/mysql/en/Using_stack_trace.html and follow instructions on how to resolve the stack trace. Resolved
stack trace is much more helpful in diagnosing the problem, so please do 
resolve it
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0x89910a8 = CREATE FUNCTION dummy () RETURNS INT RETURN 0
thd->thread_id=1
The manual page at http://www.mysql.com/doc/en/Crashing.html contains
information that should help you find out what is causing the crash.

Number of processes running now: 0
-----

Suggested fix:
Workaround: Make sure you never ever accidentally execute a CREATE FUNCTION if you didn't select a default database before.

Fix: CREATE FUNCTION with no selected database should return an error and not crash the server.
[28 Sep 2005 13:01] MySQL Verification Team 
Duplicate of bug:

http://bugs.mysql.com/bug.php?id=13514

Back trace shows same source.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1132456880 (LWP 6753)]
0x0859de3c in my_strcasecmp_utf8 (cs=0x878d900, s=0x8639773 "information_schema", t=0x0) at ctype-utf8.c:2347
2347      while (s[0] && t[0])
Current language:  auto; currently c
(gdb) bt full
#0  0x0859de3c in my_strcasecmp_utf8 (cs=0x878d900, s=0x8639773 "information_schema", t=0x0) at ctype-utf8.c:2347
        uni_plane = (MY_UNICASE_INFO **) 0x878c720
#1  0x081f2ecc in mysql_execute_command (thd=0x8e38248) at sql_parse.cc:4049
        namelen = 0
        name = 0x0
        db = 0x0
        result = 1132453808
        res = false
        result = 0
        lex = (LEX *) 0x8e38288
        select_lex = (SELECT_LEX *) 0x8e384ac
        slave_fake_lock = false
        fake_prev_lock = (MYSQL_LOCK *) 0x0
        first_table = (TABLE_LIST *) 0x0
        all_tables = (TABLE_LIST *) 0x0
        unit = (SELECT_LEX_UNIT *) 0x8e38298
        _db_func_ = 0x437fdfe8 "\030à\177C\215h\037\bH\202ã\bH\202ã\bÐ7æ\b-"
        _db_file_ = 0x8e637c0 ""
        _db_level_ = 149127784
        _db_framep_ = (char **) 0x437fdfac
#2  0x081f688d in mysql_parse (thd=0x8e38248, inBuf=0x8e637d0 "CREATE FUNCTION dummy () RETURNS INT RETURN 0", length=45)
    at sql_parse.cc:5507
050928  9:57:17 [Note] /home/miguel/dbs/5.0/libexec/mysqld: ready for connections.
Version: '5.0.14-rc-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread 1132456880 (LWP 6769)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1132456880 (LWP 6769)]
0x0859de3c in my_strcasecmp_utf8 (cs=0x878d900, s=0x8639773 "information_schema", t=0x0) at ctype-utf8.c:2347
2347      while (s[0] && t[0])
Current language:  auto; currently c
(gdb) bt full
#0  0x0859de3c in my_strcasecmp_utf8 (cs=0x878d900, s=0x8639773 "information_schema", t=0x0) at ctype-utf8.c:2347
        uni_plane = (MY_UNICASE_INFO **) 0x878c720
#1  0x081f2ecc in mysql_execute_command (thd=0x8e38248) at sql_parse.cc:4049
        namelen = 0
        name = 0x0
        db = 0x0
        result = 1132453808
        res = false
        result = 0
        lex = (LEX *) 0x8e38288
        select_lex = (SELECT_LEX *) 0x8e384ac
        slave_fake_lock = false
        fake_prev_lock = (MYSQL_LOCK *) 0x0
        first_table = (TABLE_LIST *) 0x0
        all_tables = (TABLE_LIST *) 0x0
        unit = (SELECT_LEX_UNIT *) 0x8e38298
        _db_func_ = 0x437fdfe8 "\030à\177C\215h\037\bH\202ã\bH\202ã\bÐ7æ\b^"
        _db_file_ = 0x8e637c0 ""
        _db_level_ = 149127784
        _db_framep_ = (char **) 0x437fdfac
#2  0x081f688d in mysql_parse (thd=0x8e38248, 
    inBuf=0x8e637d0 "CREATE PROCEDURE simpleproc (OUT param1 INT)\nBEGIN\nSELECT COUNT(*) INTO param1 FROM test1;\nEND", length=94)