Bug #14270 Stored procedures: crash if load index
Submitted: 24 Oct 2005 18:24 Modified: 2 Feb 2006 13:14
Reporter: Peter Gulutzan Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Stored Routines Severity:S3 (Non-critical)
Version:5.0.16-debug OS:Linux (SUSE 9.2)
Assigned to: Bugs System CPU Architecture:Any

[24 Oct 2005 18:24] Peter Gulutzan
Description:
If I invoke a function which contains "load index into cache ...", crash.
The statement also causes trouble with triggers, though less severely.

How to repeat:
mysql> delimiter //
mysql> create table t1 (s1 int)//
Query OK, 0 rows affected (0.01 sec)

mysql> create function fq () returns int begin load index into cache t1; return 4; end//
Query OK, 0 rows affected (0.01 sec)

mysql> select fq()//
ERROR 2027 (HY000): Malformed packet

... and at this point, the server is gone.
[24 Oct 2005 19:03] Miguel Solorzano
Version: '5.0.16-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread 1132456880 (LWP 22026)]
mysqld: protocol.cc:837: virtual bool Protocol_simple::store_long(long long int): Assertion `field_types == 0 || field_types[field_pos] == MYSQL_TYPE_INT24 || field_types[field_pos] == MYSQL_TYPE_LONG' failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread 1132456880 (LWP 22026)]
0xffffe410 in ?? ()
(gdb) bt full
#0  0xffffe410 in ?? ()
No symbol table info available.
#1  0x437fd37c in ?? ()
No symbol table info available.
#2  0x00000006 in ?? ()
No symbol table info available.
#3  0x40214b75 in abort () from /lib/tls/libc.so.6
No symbol table info available.
#4  0x4020c903 in __assert_fail () from /lib/tls/libc.so.6
No symbol table info available.
#5  0x081d172a in Protocol_simple::store_long (this=0x8e3de5c, from=4) at protocol.cc:835
        buff = "\004", '\0' <repeats 11 times>, "\004\000\000\000\200´æ\b"
#6  0x08155681 in Item::send (this=0x8e69ac0, protocol=0x8e3de5c, buffer=0x437fd610) at item.cc:4321
        nr = 4
        result = false
        type = MYSQL_TYPE_LONG
#7  0x081c844c in select_send::send_data (this=0x8e6a4c8, items=@0x8e3d6dc) at sql_class.cc:920
        li = {<base_list_iterator> = {list = 0x8e3d6dc, el = 0x8e6a220, prev = 0x0, current = 0x0}, <No data fields>}
        protocol = (class Protocol *) 0x8e3de5c
        buff = "@³æ\bÖai\001hÖ\177CZ\n\033\b@³æ\b\000\000\000\000\v\000\000\000ô\232d\b\001\000\000\000\000\000\000\000(¢æ\b\210\233æ\b\000\000\000\001@³æ\b¨Ö\177C\200«\025\b@³æ\b\000\000\000\000\v\000\000\000ô\232d\b\001\000\000\000\000\000\000\000(¢æ\b\210\233æ\b", '\0' <repeats 12 times>, "\003\000\000\000@³æ\b\030\000\000\001\030×\177C¤\f\034\b@³æ\b\000\000\000\000\v\000\000\000ô\232d\b\001\000\000\000\000\000\000\000(¢æ\b\210\233æ\b\000\000\000\000\001\000\000\000\000×\177)\233Zæ\bÿÿÿÿ`ëz\b(×\177C\217]\035\bà(y\b ×\177C,¢"...
        buffer = {Ptr = 0x437fd630 "@³æ\bÖai\001hÖ\177CZ\n\033\b@³æ\b", str_length = 766, Alloced_length = 766, alloced = false, 
  str_charset = 0x87ae4c0}
        _db_func_ = 0x81b0f4f "\203Ä\020\213U\b\213E\034\211BD\213U\b\213E\020\211BH\213U\b\212Eÿ\210BR\213U\b\213E\b\203x\b"
        _db_file_ = 0x437fd638 "hÖ\177CZ\n\033\b@³æ\b"
        _db_level_ = 0
        _db_framep_ = (char **) 0x1
        item = (class Item *) 0x8e69ac0
#8  0x0822b55c in JOIN::exec (this=0x8e6a4d8) at sql_select.cc:1207
        tmp_error = 0
        _db_func_ = 0x0
        _db_file_ = 0x8e3d778 "°²æ\b\001"
        _db_level_ = 149333208
        _db_framep_ = (char **) 0x8e3d65c
        curr_join = (JOIN *) 0x0
        curr_all_fields = (List<Item> *) 0x8e6a4d8
        curr_fields_list = (List<Item> *) 0x0
---Type <return> to continue, or q <return> to quit---
        curr_tmp_table = (TABLE *) 0x80a44a00
#9  0x0822d17d in mysql_select (thd=0x8e3d3f8, rref_pointer_array=0x8e3d778, tables=0x0, wild_num=0, fields=@0x8e3d6dc, conds=0x0, og_num=0, 
    order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2158250496, result=0x8e6a4c8, unit=0x8e3d448, select_lex=0x8e3d65c)
    at sql_select.cc:1833
        err = false
        free_join = true
        _db_func_ = 0x8147bea "\203Ä\020\211Eð\211Uôë\016ÇEðÿÿÿÿÇEôÿÿÿÿ\213Eð\213Uô\211Eø\211Uü\213U\b\211Uì\213E\f\203¸\030\001"
        _db_file_ = 0x437fda68 ""
        _db_level_ = 140768847
        _db_framep_ = (char **) 0x863f91d
        join = (JOIN *) 0x8e6a4d8
#10 0x0822847d in handle_select (thd=0x8e3d3f8, lex=0x8e3d438, result=0x8e6a4c8, setup_tables_done_option=0) at sql_select.cc:234
        unit = (SELECT_LEX_UNIT *) 0x8e3d448
        res = false
        select_lex = (SELECT_LEX *) 0x8e3d65c
        _db_func_ = 0xe3d3f8 <Address 0xe3d3f8 out of bounds>
        _db_file_ = 0x81f03c3 "\203Ä \210Eç\200}ç"
        _db_level_ = 1132453864
        _db_framep_ = (char **) 0xc8
#11 0x081f05a3 in mysql_execute_command (thd=0x8e3d3f8) at sql_parse.cc:2484
        result = (class select_result *) 0x8e6a4c8
        res = false
        result = 0
        lex = (LEX *) 0x8e3d438
        select_lex = (SELECT_LEX *) 0x8e3d65c
        first_table = (TABLE_LIST *) 0x0
        all_tables = (TABLE_LIST *) 0x0
        unit = (SELECT_LEX_UNIT *) 0x8e3d448
        _db_func_ = 0x0
        _db_file_ = 0x8e3d438 "\230\"[\b\001"
        _db_level_ = 1132453864
        _db_framep_ = (char **) 0x8e69a18
#12 0x081f813d in mysql_parse (thd=0x8e3d3f8, inBuf=0x8e69a28 "select fq()", length=11) at sql_parse.cc:5558

<cut>
[31 Jan 2006 13:35] Per-Erik Martin
This was fixed by a patch on 2005-12-03:
"this has nothing to do with the bug 13012.
  it's about mysql_admin_commands not being reexecution-safe
  (and CHECK still isn't)"

where LOAD INDEX, OPTIMIZE, CACHE INDEX and CHECK were disallowed in functions.
[31 Jan 2006 15:28] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/1950
[1 Feb 2006 14:56] Per-Erik Martin
Pushed to bk 5.0.19
[2 Feb 2006 13:14] Jon Stephens
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

Documented in 5.0.19 changelog. Noted that we do not support using LOAD INDEX in a stored routine. Closed bug.