Description:
Server crashes on multitable delete query if non-first table in the query has rowid length len such that
len > sizeof(void*) and len is divisible by sizeof(void*).
(a value of 24 is used in the example below)
The cause problem is a bug in Unique class implementation in sql/uniques.cc.
How to repeat:
Run the following:
create table tpk1
(
c char(8) not null,
b char(8) not null,
a char(8) not null,
d char(8) not null,
primary key (a,b,c)
) type = innodb;
insert into tpk1 values('c0000', 'b0000', 'a0000', 'd0000');
insert into tpk1 values('c0001', 'b0001', 'a0001', 'd0001');
insert into tpk1 values('c0002', 'b0002', 'a0002', 'd0002');
insert into tpk1 values('c0003', 'b0003', 'a0003', 'd0003');
insert into tpk1 values('c0004', 'b0004', 'a0004', 'd0004');
insert into tpk1 values('c0005', 'b0005', 'a0005', 'd0005');
insert into tpk1 values('c0006', 'b0006', 'a0006', 'd0006');
insert into tpk1 values('c0007', 'b0007', 'a0007', 'd0007');
insert into tpk1 values('c0008', 'b0008', 'a0008', 'd0008');
insert into tpk1 values('c0009', 'b0009', 'a0009', 'd0009');
insert into tpk1 values('c0010', 'b0010', 'a0010', 'd0010');
insert into tpk1 values('c0011', 'b0011', 'a0011', 'd0011');
insert into tpk1 values('c0012', 'b0012', 'a0012', 'd0012');
insert into tpk1 values('c0013', 'b0013', 'a0013', 'd0013');
insert into tpk1 values('c0014', 'b0014', 'a0014', 'd0014');
insert into tpk1 values('c0015', 'b0015', 'a0015', 'd0015');
insert into tpk1 values('c0016', 'b0016', 'a0016', 'd0016');
create table tpk2 like tpk1;
insert into tpk2 select * from tpk1;
delete tpk1,tpk2 from tpk2,tpk1 where tpk1.a<'a0010' and tpk2.b=tpk1.b;
the last query will cause a crash.
Suggested fix:
Fix Unique class implementation.
Description: Server crashes on multitable delete query if non-first table in the query has rowid length len such that len > sizeof(void*) and len is divisible by sizeof(void*). (a value of 24 is used in the example below) The cause problem is a bug in Unique class implementation in sql/uniques.cc. How to repeat: Run the following: create table tpk1 ( c char(8) not null, b char(8) not null, a char(8) not null, d char(8) not null, primary key (a,b,c) ) type = innodb; insert into tpk1 values('c0000', 'b0000', 'a0000', 'd0000'); insert into tpk1 values('c0001', 'b0001', 'a0001', 'd0001'); insert into tpk1 values('c0002', 'b0002', 'a0002', 'd0002'); insert into tpk1 values('c0003', 'b0003', 'a0003', 'd0003'); insert into tpk1 values('c0004', 'b0004', 'a0004', 'd0004'); insert into tpk1 values('c0005', 'b0005', 'a0005', 'd0005'); insert into tpk1 values('c0006', 'b0006', 'a0006', 'd0006'); insert into tpk1 values('c0007', 'b0007', 'a0007', 'd0007'); insert into tpk1 values('c0008', 'b0008', 'a0008', 'd0008'); insert into tpk1 values('c0009', 'b0009', 'a0009', 'd0009'); insert into tpk1 values('c0010', 'b0010', 'a0010', 'd0010'); insert into tpk1 values('c0011', 'b0011', 'a0011', 'd0011'); insert into tpk1 values('c0012', 'b0012', 'a0012', 'd0012'); insert into tpk1 values('c0013', 'b0013', 'a0013', 'd0013'); insert into tpk1 values('c0014', 'b0014', 'a0014', 'd0014'); insert into tpk1 values('c0015', 'b0015', 'a0015', 'd0015'); insert into tpk1 values('c0016', 'b0016', 'a0016', 'd0016'); create table tpk2 like tpk1; insert into tpk2 select * from tpk1; delete tpk1,tpk2 from tpk2,tpk1 where tpk1.a<'a0010' and tpk2.b=tpk1.b; the last query will cause a crash. Suggested fix: Fix Unique class implementation.