Bug #18004 Connecting crashes server when default charset is UCS2
Submitted: 7 Mar 2006 0:22 Modified: 22 Mar 2006 17:20
Reporter: Peter Laursen (Basic Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.1 and 5.0/4.1BK OS:Microsoft Windows (WinXP/Suse Linux)
Assigned to: Alexander Barkov CPU Architecture:Any

[7 Mar 2006 0:22] Peter Laursen
Description:
Server crash when default charset is UCS2.

How to repeat:
Starts werver with UCS2 as default chrset. Connect with MySQL Administrator.  Click user management, and server crashes.

I post this in server category (and not Administrator category), as the crash also occurs with Third-party client SQLyog.

Suggested fix:
YES! :-)

There must be some issue with accessing the user tables when server is running UCS2.  Or could it be a INFORMATION_SCHEMA issue?
[7 Mar 2006 0:25] Peter Laursen
server crash with UCS2

Attachment: administrator.jpg (image/jpeg, text), 47.86 KiB.

[7 Mar 2006 0:49] Miguel Solorzano
I was unable to repeat this issue with server:

c:\mysql\bin>mysql -uroot
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3 to server version: 5.0.18-nt

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show variables like "%character_set_ser%";
+----------------------+-------+
| Variable_name        | Value |
+----------------------+-------+
| character_set_server | ucs2  |
+----------------------+-------+
1 row in set (0.03 sec)

mysql>

Also I tested against 5.0.19 Linux server built from source.

Is your installation an upgrade install over a prior version?

Thank you in advance.
[7 Mar 2006 0:52] Peter Laursen
I have no issue with command-line client either.
Please try MySQL Administrator as as described it!

yes - it is a completely fresh install!
[7 Mar 2006 1:05] Miguel Solorzano
I did with MySQL Administrator according your instructions, the output
from the command line I did just to show you the server version and
the character set. 

Could you please provide your my.ini file for to try again on my side?

Thanks in advance.
[7 Mar 2006 1:28] Peter Laursen
my.ini that causes server crash

Attachment: my.ini (application/octet-stream, text), 9.22 KiB.

[7 Mar 2006 1:33] Peter Laursen
Find it attached.

But I might have figured it out myself!  I saw that only [mysqld] section and not  section had ucs2.  Editing [client] seciton of the file manually removed the proplen with MA.  Not the problem with SQLyog client however.   But that of course is no MySQL issue!

Now ucs2 and latin1 are not even compatible for the ASCII subrange, so I guess that would explain!

If you can verify this as I just described, I think this should me moved to MA-category.  MA should alter both my.ini file sections!
[7 Mar 2006 1:35] Peter Laursen
what I meant (was still in my clpiboard!) was that not [client] section has ucs-setting.  It was still latin1 there!
[7 Mar 2006 1:47] Miguel Solorzano
Thank you for the feedback. If there is a server crash then the category
is correct, MA just issues a sequence of commands which provoke the
crash when connecting with a different character set. I will test it and
thanks again.
[7 Mar 2006 1:49] Peter Laursen
I just reproduced.  But one details.  You will need to restart MA to reproduce.  Looks like it caches information.
[7 Mar 2006 6:54] Peter Laursen
@Miguel

1)
Well, yes, a database server should not crash, but raise an error if some illegal/invalid request was received.  Thus you are are right - this crash is a server issue!

2) 
But isn't it a MA issue too? I mean MA should write charset and collation settings to both sections of the configuration file?
[7 Mar 2006 7:38] Peter Laursen
I can reproduce the crash when connecting with PHP (the connector-PHP distributed by MySQL) and this simple script:

<?php

echo "<h1>connecting </h1>";
$connct = mysql_connect("localhost","root","*****");

$myapache = apache_get_version();
echo "<h1>  -  Apache and PHP -versions are</h1>";
echo "<h1>$myapache<br></h1>";
echo "<h1><p>&nbsp;</p></h1>";

$database = "*****";
mysql_select_db($database);
echo "<h1>The database '";
echo $database;
echo "' is selected</h1>";

$tabel = "*****";
$showquery = "SELECT count(*) FROM $database.$tabel;";
echo "<h2>Query goes as: >>>><br>";
echo $showquery;

echo " >>>></h2>";
$result = mysql_query($showquery) or die (mysql_error());
echo "<h1>Query succesfull </h1>";

$row = mysql_fetch_array($result, MYSQL_NUM);
echo "<h1>Query result :<br>";

printf ("%s rows in - - - database: <i>$database</i> - - - table: <i>$tabel</i> ",$row[0]);
mysql_close();
?>
[7 Mar 2006 7:44] Peter Laursen
browsr response to script

Attachment: gone.jpg (image/jpeg, text), 38.68 KiB.

[7 Mar 2006 14:59] Miguel Solorzano
I was able to repeat the crash on Windows with 5.0.19 BK source
server. Below call stack:

/sql/table.cpp
--1600--

  while (*name)
  {
#if defined(USE_MB) && defined(USE_MB_IDENT)
    last_char_is_space= my_isspace(default_charset_info, *name);
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    if (use_mb(system_charset_info))
    {
      int len=my_ismbchar(system_charset_info, name, 
                          name+system_charset_info->mbmaxlen);
      if (len)
      {
        name += len;
        continue;
      }
    }
#else^

>	mysqld-debug.exe!check_db_name(char * name=0x02e988c0)  Line 1600 + 0xf	C++
 	mysqld-debug.exe!mysql_change_db(THD * thd=0x02e94e78, const char * name=0x0469feb4, int no_access_check=0)  Line 1129 + 0xc	C++
 	mysqld-debug.exe!check_user(THD * thd=0x02e94e78, enum_server_command command=COM_CONNECT, const char * passwd=0x02e9ffe6, unsigned int passwd_len=0, const char * db=0x0469feb4, int check_count=1)  Line 450 + 0xf	C++
 	mysqld-debug.exe!check_connection(THD * thd=0x02e94e78)  Line 1029 + 0x19	C++
 	mysqld-debug.exe!handle_one_connection(void * arg=0x02e94e78)  Line 1119 + 0x9	C++
 	mysqld-debug.exe!pthread_start(void * param=0x02e71738)  Line 63 + 0x7	C
 	mysqld-debug.exe!_threadstart(void * ptd=0x00fdf818)  Line 196 + 0xd	C
 	kernel32.dll!7c80b50b() 	
 	kernel32.dll!7c8399f3() 	

General Log:

mysqld-debug.exe, Version: 5.0.19-debug-log. started with:
Tcp port: 3306  Unix socket: (null)
Time                 Id Command    Argument
060307 11:53:21	      1 Connect     root@localhost on 
		      1 Query       SET SESSION interactive_timeout=1000000
		      1 Query       SELECT @@sql_mode
		      1 Query       SET SESSION sql_mode='STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'
		      1 Query       SET NAMES utf8
		      2 Connect     root@localhost on mysql
[7 Mar 2006 15:17] Miguel Solorzano
Thank you for the bug report.
Also happens on Linux, start the server as showed below and connect with
MA:

(gdb) run --default-character-set=ucs2 --default-collation=ucs2_danish_ci
Starting program: /home/miguel/dbs/5.0/libexec/mysqld --default-character-set=ucs2 --default-collation=ucs2_danish_ci
[Thread debugging using libthread_db enabled]
[New Thread 1076976416 (LWP 14837)]
[New Thread 1090698160 (LWP 14840)]
[New Thread 1092799408 (LWP 14841)]
[New Thread 1094900656 (LWP 14842)]
[New Thread 1097001904 (LWP 14843)]
[New Thread 1099103152 (LWP 14844)]
[New Thread 1103879088 (LWP 14845)]
[New Thread 1105980336 (LWP 14846)]
[Thread 1099103152 (zombie) exited]
[New Thread 1108081584 (LWP 14847)]
060307 12:35:37  InnoDB: Started; log sequence number 0 59427
[New Thread 1099422640 (LWP 14848)]
[New Thread 1099623344 (LWP 14849)]
060307 12:35:37 [Note] /home/miguel/dbs/5.0/libexec/mysqld: ready for connections.
Version: '5.0.19-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
[New Thread 1131862960 (LWP 14850)]
[Thread 1131862960 (zombie) exited]
[New Thread 1131862960 (LWP 14851)]
[New Thread 1132280752 (LWP 14852)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1132280752 (LWP 14852)]
0x08236e84 in check_db_name (name=0x8e84818 "mysql") at table.cc:1600
1600        last_char_is_space= my_isspace(default_charset_info, *name);
(gdb)
[7 Mar 2006 16:06] Peter Laursen
thanks!

Before this is closed I would VERY MUCH like to know which MySQL versions are affected.  Only 5.x or 4.1 too?  Was it always the case with 5.x or is it a bug introduced at some stage.
[7 Mar 2006 16:21] Miguel Solorzano
Hi,

4.1.XX is also affected.

miguel@hegel:~/dbs/4.1> libexec/mysqld --default-character-set=ucs2 --default-collation=ucs2_danish_ci
060307 13:37:25  InnoDB: Started; log sequence number 0 100010
libexec/mysqld: ready for connections.
Version: '4.1.19-debug-log'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
mysqld got signal 11;
[7 Mar 2006 18:01] Peter Laursen
Sorry, but we had to publish this
http://www.webyog.com/faq/34_98_en.html
[20 Mar 2006 10:50] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/3971
[20 Mar 2006 12:02] Sergey Glukhov
ok to push
[22 Mar 2006 10:19] Alexander Barkov
Pushed into 4.1.19 and 5.0.20.
Waiting to merge into 5.1.x.
[22 Mar 2006 12:30] Alexander Barkov
Pushed into 5.1.18
[22 Mar 2006 12:41] Peter Laursen
pushed into 5.1.18 ...
nice to meet some guys that care for the future :-)
Wow .. when 5.1 gets 18 ...

ehrrrr ... do you really mean that?
[22 Mar 2006 17:20] Mike Hillyer
Documented 5.0.20, 5.1.8, 4.1.19 changelogs:

     <listitem>
        <para>
          Connecting to a server with a UCS2 default character set with
          a client using a non-UCS2 character set crashed the server.
          (Bug #18004)
        </para>
      </listitem>