MySQL Bugs: #194: Crash with UNION

Bug #194	Crash with UNION
Submitted:	26 Mar 2003 12:04	Modified:	29 Mar 2003 6:50
Reporter:	jocelyn fournier (Silver Quality Contributor)	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: MyISAM storage engine	Severity:	S1 (Critical)
Version:	4.1	OS:	Any (ALL)
Assigned to:		CPU Architecture:	Any

Description:
an UNION query crash the mysql server during the temporary table creation.

How to repeat:
Get the table on :

ftp://support.mysql.com/pub/mysql/secret/unioncrash.tar.gz

Then execute :

SELECT * FROM inscrit UNION SELECT * FROM inscrit LIMIT 1;

Stack trace :

0x80ad141 handle_segfault + 481
0x82ac498 pthread_sighandler + 176
0x80e2719 create_myisam_tmp_table(st_table*, TMP_TABLE_PARAM*, unsigned long) + 489
0x80def56 create_myisam_from_heap(THD*, st_table*, TMP_TABLE_PARAM*, int, bool) + 214
0x81513b1 select_union::send_data(List<Item>&) + 161
0x80e8598 end_send(JOIN*, st_join_table*, bool) + 344
0x80e75c5 sub_select(JOIN*, st_join_table*, bool) + 245
0x80e2a95 do_select(JOIN*, List<Item>*, st_table*, Procedure*) + 261
0x80dc23e JOIN::exec() + 1678
0x8151df3 st_select_lex_unit::exec() + 227
0x815118f mysql_union(THD*, st_lex*, select_result*, st_select_lex_unit*, bool) + 79
0x80da131 handle_select(THD*, st_lex*, select_result*) + 113
0x80bb3b4 mysql_execute_command(THD*) + 644
0x80c0368 mysql_parse(THD*, char*, unsigned) + 232
0x80b9f13 dispatch_command(enum_server_command, THD*, char*, unsigned) + 867
0x80b9b65 do_command(THD*) + 133
0x80b93f9 handle_one_connection + 857
0x82a9eba pthread_start_thread + 218
0x82de40a thread_start + 4

A query ran for 13 hours and finished quite fine with returning all results as expected.

It hampered my work today, due to high CPU usage.

If you could send my your my.cnf, may be I could repeat a crash .

Hi,

Sorry about this, I should have said it crashes for me nearly immediately.
I'll send you my my.cnf ASAP.

Hi,

I just want to add I'm unable to reproduce the crash in debug mode, but in production mode it crashes immediately.

Repeated it, and it is truly a very hard bug.

This is a fix:

===== /mnt/work/mysql-4.1/sql/sql_union.cc 1.69 vs edited =====
*** /tmp/sql_union.cc-1.69-14304        Thu Mar 27 16:10:57 2003
--- edited//mnt/work/mysql-4.1/sql/sql_union.cc Sat Mar 29 16:08:52 2003
***************
*** 118,124 ****
    prepared= 1;
    res= 0;
    found_rows_for_union= 0;
!   TMP_TABLE_PARAM tmp_table_param;
    this->result= result;
    t_and_f= tables_and_fields_initied;
    SELECT_LEX_NODE *lex_select_save= thd->lex.current_select;
--- 118,124 ----
    prepared= 1;
    res= 0;
    found_rows_for_union= 0;
!   TMP_TABLE_PARAM *tmp_table_param= (TMP_TABLE_PARAM *)sql_calloc(sizeof(TMP_TABLE_PARAM));
    this->result= result;
    t_and_f= tables_and_fields_initied;
    SELECT_LEX_NODE *lex_select_save= thd->lex.current_select;
***************
*** 162,170 ****
      t_and_f= 1;
    }
  
!   bzero((char*) &tmp_table_param,sizeof(tmp_table_param));
!   tmp_table_param.field_count=item_list.elements;
!   if (!(table= create_tmp_table(thd, &tmp_table_param, item_list,
                                (ORDER*) 0, !union_option,
                                1, (select_cursor->options | thd->options |
                                    TMP_TABLE_ALL_COLUMNS),
--- 162,169 ----
      t_and_f= 1;
    }
  
!   tmp_table_param->field_count=item_list.elements;
!   if (!(table= create_tmp_table(thd, tmp_table_param, item_list,
                                (ORDER*) 0, !union_option,
                                1, (select_cursor->options | thd->options |
                                    TMP_TABLE_ALL_COLUMNS),
***************
*** 181,187 ****
      goto err;
  
    union_result->not_describe=1;
!   union_result->tmp_table_param=&tmp_table_param;
  
  /* 
     the following piece of code is placed here solely for the purpose of 
--- 180,186 ----
      goto err;
  
    union_result->not_describe=1;
!   union_result->tmp_table_param=tmp_table_param;
  
  /* 
     the following piece of code is placed here solely for the purpose of