Bug #13825 Triggers: crash if release savepoint
Submitted: 7 Oct 2005 1:08 Modified: 23 Nov 2005 13:01
Reporter: Peter Gulutzan Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0.15-rc-debug OS:Linux (SUSE 9.2)
Assigned to: Dmitry Lenev CPU Architecture:Any

[7 Oct 2005 1:08] Peter Gulutzan
Description:
If I activate a trigger that contains a RELEASE SAVEPOINT statement, crash.
I'd be perfectly happy if the statement wasn't allowed.

How to repeat:
mysql> create table tr (s1 int) engine=innodb;
Query OK, 0 rows affected (0.00 sec)

mysql> create trigger tr_bi before insert on tr for each row release savepoint x;
Query OK, 0 rows affected (0.00 sec)

mysql> start transaction;
Query OK, 0 rows affected (0.00 sec)

mysql> savepoint x;
Query OK, 0 rows affected (0.00 sec)

mysql> insert into tr values (0);
ERROR 2013 (HY000): Lost connection to MySQL server during query
[7 Oct 2005 1:44] Miguel Solorzano
miguel@hegel:~/dbs/5.0> bin/mysqladmin -uroot create dbc
miguel@hegel:~/dbs/5.0> bin/mysql -uroot dbc
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2 to server version: 5.0.15-rc-debug

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create table tr (s1 int) engine=innodb;
Query OK, 0 rows affected (0.07 sec)

mysql> create trigger tr_bi before insert on tr for each row release savepoint
    -> x;
Query OK, 0 rows affected (0.00 sec)

mysql> start transaction;
Query OK, 0 rows affected (0.00 sec)

mysql> savepoint x;
Query OK, 0 rows affected (0.00 sec)

mysql> insert into tr values (0);
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql> 

051006 22:37:59 [Note] /home/miguel/dbs/5.0/libexec/mysqld: ready for connections.
Version: '5.0.15-rc-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread 1132456880 (LWP 1262)]
[Thread 1132456880 (zombie) exited]
[New Thread 1132456880 (LWP 1306)]
mysqld: handler.cc:1220: int ha_release_savepoint(THD*, SAVEPOINT*): Assertion `thd->transaction.stmt.ht[0] == 0' failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread 1132456880 (LWP 1306)]
0xffffe410 in ?? ()
(gdb) bt full
#0  0xffffe410 in ?? ()
No symbol table info available.
#1  0x437fcc2c in ?? ()
No symbol table info available.
#2  0x00000006 in ?? ()
No symbol table info available.
#3  0x40214b75 in abort () from /lib/tls/libc.so.6
No symbol table info available.
#4  0x4020c903 in __assert_fail () from /lib/tls/libc.so.6
No symbol table info available.
#5  0x082a44e7 in ha_release_savepoint (thd=0x8e385a8, sv=0x8e20048) at handler.cc:1220
        error = 0
        ht = (handlerton **) 0x8e39670
        end_ht = (handlerton **) 0x81f30db
        _db_func_ = 0x437fd328 "HÓ\177C£\2123\b¨\205ã\b°ë\177CXÓ\177C\a?X\b"
        _db_file_ = 0x8e385a8 "\b\237]\b\f7{\b\0207{\b\034\237]\b"
        _db_level_ = 0
        _db_framep_ = (char **) 0x1
#6  0x081f310e in mysql_execute_command (thd=0x8e385a8) at sql_parse.cc:3975
        sv = (SAVEPOINT *) 0x8e20048
        res = false
        result = 0
        lex = (LEX *) 0x8e61d30
        select_lex = (SELECT_LEX *) 0x8e61f54
        slave_fake_lock = false
        fake_prev_lock = (MYSQL_LOCK *) 0x0
        first_table = (TABLE_LIST *) 0x0
        all_tables = (TABLE_LIST *) 0x0
        unit = (SELECT_LEX_UNIT *) 0x8e61d40
        _db_func_ = 0x437fd338 "XÓ\177C\a?X\b"
        _db_file_ = 0x8e385a8 "\b\237]\b\f7{\b\0207{\b\034\237]\b"
        _db_level_ = 141103957
        _db_framep_ = (char **) 0x8e69798
#7  0x08338aa3 in sp_instr_stmt::exec_core (this=0x8e6ba28, thd=0x8e385a8, nextp=0x437fd4b0) at sp_head.cc:1990
<cut>
[4 Nov 2005 9:37] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/31927
[19 Nov 2005 12:08] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/32430
[19 Nov 2005 17:49] Dmitry Lenev
Fixed in 5.0.17

Now when we invoke stored function or trigger we create new savepoint level. We destroy it at the end of function/trigger execution and return back to old savepoint level.
[23 Nov 2005 13:01] Jon Stephens
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

Documented in 5.0.17 changelog.