Bug #14410 Crash in Enum or Set type in CREATE TABLE and PS/SP
Submitted: 27 Oct 2005 21:18 Modified: 30 Nov 2005 17:26
Reporter: Jonathan Foo Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Stored Routines Severity:S1 (Critical)
Version:4.1 OS:Linux (Linux)
Assigned to: Konstantin Osipov CPU Architecture:Any

[27 Oct 2005 21:18] Jonathan Foo
Description:

I have a simple Stored Procedure that needs to create a table including an enum column.  This enum column is the only column in the table.  After I create the SP, I can call it twice with no apparent problems.  The third time I call it, it drops the server connection with:

    ERROR 2013 (HY000): Lost connection to MySQL server during query

This happens when the column is either 'enum' or 'set'.  Changing the column to any other type removes this problem.  

Other types specifically tested include:
  char(1)
  varchar(32)
  int
  datetime
  timestamp

How to repeat:

- Create this procedure:

create procedure test.bad()
BEGIN
  DROP TABLE IF EXISTS `tmp_enum_test`;
  CREATE TEMPORARY TABLE `tmp_enum_test` (
    `LETTER` enum('','A','B','C') NOT NULL
  );
END

- Call it three times - the third time drops connection

mysql> call bad(); 
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> call bad();
Query OK, 0 rows affected (0.00 sec)

mysql> call bad();
ERROR 2013 (HY000): Lost connection to MySQL server during query

- The warning indicated after the first "call bad()" is simply a note about the table not previously existing:
+-------+------+-------------------------------+
| Level | Code | Message                       |
+-------+------+-------------------------------+
| Note  | 1051 | Unknown table 'tmp_enum_test' |
+-------+------+-------------------------------+
[27 Oct 2005 21:24] Jonathan Foo
test cases, stack trace

Attachment: enum_tests.txt (text/plain), 3.03 KiB.

[27 Oct 2005 21:26] Jonathan Foo
Added "(binary)" to version info
[27 Oct 2005 21:32] Miguel Solorzano
Thank you for the bug report.

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 5.0.16-debug

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> delimiter //
mysql> create procedure test.bad()
    -> BEGIN
    ->   DROP TABLE IF EXISTS `tmp_enum_test`;
    ->   CREATE TEMPORARY TABLE `tmp_enum_test` (
    ->     `LETTER` enum('','A','B','C') NOT NULL
    ->   );
    -> END
    -> //
Query OK, 0 rows affected (0.00 sec)

mysql> call bad()//
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> call bad()//
ERROR 2013 (HY000): Lost connection to MySQL server during query

051027 19:29:55 [Note] /home/miguel/dbs/5.0/libexec/mysqld: ready for connections.
Version: '5.0.16-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread 1129679792 (LWP 15346)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1129679792 (LWP 15346)]
0x08594208 in my_strnncoll_simple (cs=0x87af4c0, s=0xc0000000 <Address 0xc0000000 out of bounds>, slen=3221225472, 
    t=0x2840016c <Address 0x2840016c out of bounds>, tlen=675283308, t_is_prefix=0 '\0') at ctype-simple.c:107
107         if (map[*s++] != map[*t++])
Current language:  auto; currently c
(gdb) bt full
#0  0x08594208 in my_strnncoll_simple (cs=0x87af4c0, s=0xc0000000 <Address 0xc0000000 out of bounds>, slen=3221225472, 
    t=0x2840016c <Address 0x2840016c out of bounds>, tlen=675283308, t_is_prefix=0 '\0') at ctype-simple.c:107
        len = 675283307
        map = (uchar *) 0x87ae840 ""
#1  0x081c4764 in find_type2 (typelib=0x43554db0, x=0xc0000000 <Address 0xc0000000 out of bounds>, length=3221225472, cs=0x87af4c0)
    at strfunc.cc:163
        pos = 0
        j = 0x2840016c <Address 0x2840016c out of bounds>
        _db_func_ = 0x0
        _db_file_ = 0x0
        _db_level_ = 0
        _db_framep_ = (char **) 0x0
<cut>
[21 Nov 2005 22:18] Konstantin Osipov
Alik, please investigate ASAP.
If this problem is not related to your patch, unassign back.
[22 Nov 2005 12:37] Alexander Nozdrin
No, it seems, that it does not related with my patch.

On my version, it crashes during the second invocation.

I did some investigation: the problem seems to be in
sql_table::calculate_interval_lengths(): interval used there
is not valid after the first use.
[24 Nov 2005 11:34] Konstantin Osipov
4.1 test case:
mysql> prepare stmt from "CREATE TEMPORARY TABLE tmp_enum_test (LETTER enum('','A','B','C') NOT NULL)";
Query OK, 0 rows affected (0.00 sec)
Statement prepared
mysql> execute stmt;
Query OK, 0 rows affected (0.00 sec)
mysql> drop table tmp_enum_test;
Query OK, 0 rows affected (0.00 sec)
mysql> execute stmt;
ERROR 2013 (HY000): Lost connection to MySQL server during query
[24 Nov 2005 15:33] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/internals/32682
[25 Nov 2005 6:08] Alexander Barkov
The fix seems fine to me. Ok to push.
[25 Nov 2005 10:36] Konstantin Osipov
Fixed in MySQL 4.1, currently tagged 4.1.16.
Merged to MySQL 5.0.17
[30 Nov 2005 17:26] Paul Dubois
Noted in 4.1.16, 5.0.17 changelogs.