Bug #20671 UNSIGNED int comparison to IN list with negative int crashes server
Submitted: 23 Jun 2006 22:35 Modified: 26 Jul 2006 12:12
Reporter: Sean Molloy Email Updates:
Status: No Feedback Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:5.0.22 Linux and 5.0.11 NT OS:Linux (Linux and NT)
Assigned to: Miguel Solorzano CPU Architecture:Any

[23 Jun 2006 22:35] Sean Molloy 
Description:
If you attempt to compare a colum defined as an INT UNSIGNED to a list with "IN" that contains a negative value (like "where myIntColumn IN (0,-1)"), the connection will be terminated instantly on linux and the ENTIRE SERVER PROCESS will terminate on Windows.

This error is very hard to identify because it is a query error, but represents itself as a network or connection error on Linux, and is basically impossible to find on windows without stepping your code because the server is terminated instantly and no log written.  Because of the immediate termination of the connection, the error often looks like: 

com.mysql.jdbc.CommunicationsException
MESSAGE: Communications link failure due to underlying exception: 

** BEGIN NESTED EXCEPTION ** 

java.io.EOFException

STACKTRACE:

java.io.EOFException
	at com.mysql.jdbc.MysqlIO.readFully(MysqlIO.java:1903)
	at com.mysql.jdbc.MysqlIO.reuseAndReadPacket(MysqlIO.java:2349)
	at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2860)
	at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1571)
	at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1666)
	at com.mysql.jdbc.Connection.execSQL(Connection.java:2972)
	at com.mysql.jdbc.Connection.execSQL(Connection.java:2902)
	at com.mysql.jdbc.Statement.executeQuery(Statement.java:822)
	

How to repeat:
1] Create a table with at least 1 INT UNSIGNED column in it, and add a row of data.
2] Run a query referencing that table and including a clause of "where myIntColum in (0,-1)"
3] You will either have your connection terminated instantly (Linux) or the MySQL Server Process will crash immediately (Windows).  No error message regarding the query will be returned.

Suggested fix:
Assure that all IN clauses contain only positive integers (but this is not always practical in systems where the IN clause is dynamically generated from other data) (this is what we're doing for now)

-or-

Assure all INT columns are SIGNED? (uses extra storage) (I have not tested this approach)
[24 Jun 2006 2:50] Miguel Solorzano 
Thank you for the bug report. Looks to me this is duplicate of bug:
http://bugs.mysql.com/bug.php?id=19618 which will be fixed in next
release 5.0.23. Could you please confirm.

Thanks in advance.
[25 Jun 2006 2:30] Sean Molloy 
This is a duplicate of http://bugs.mysql.com/bug.php?id=19618.  However, this bug affects the linux version by only dropping the connection and crashes the NT version.
[26 Jun 2006 12:12] Miguel Solorzano 
Thank you for the feedback. Please wait for the release of the version
5.0.23 or build it from the source and let us know if the issue continues
on your side.

Thanks in advance.
[26 Jul 2006 23:00] Bugs System 
No feedback was provided for this bug for over a month, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".