Bug #22086 Extra Slave Col: Char(5) on slave and Char(10) on master cause mysqld crash
Submitted: 7 Sep 2006 17:31 Modified: 14 Sep 2007 12:22
Reporter: Jonathan Miller Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Row Based Replication ( RBR ) Severity:S1 (Critical)
Version:5.1.12-new-rpl OS:Linux (Linux 32 Bit OS)
Assigned to: Chuck Bell CPU Architecture:Any

[7 Sep 2006 17:31] Jonathan Miller
Description:
#0  0x00b8d402 in __kernel_vsyscall ()
#1  0x00d2164f in pthread_kill () from /lib/libpthread.so.0
#2  0x0833a3dc in write_core (sig=11) at stacktrace.c:220
#3  0x081f0513 in handle_segfault (sig=11) at mysqld.cc:2178
#4  <signal handler called>
#5  0x00c17477 in memset () from /lib/libc.so.6
#6  0x081ca313 in Field_string::unpack (this=0x98624d8,
    to=0x98623e9 "Kyle, TEX", ' ' <repeats 191 times>...,
    from=0x9868801 ' ' <repeats 200 times>...) at field.cc:6295
#7  0x0827bb74 in unpack_row (rli=0x98280a4, table=0x9861478, colcnt=Variable "colcnt" is not available.
) at log_event.cc:5360
#8  0x0827c212 in Write_rows_log_event::do_prepare_row (this=0x9868778, thd=0x98650e0,
    rli=0x98280a4, table=0x9861478, row_start=0x98687f8 ' ' <repeats 200 times>...,
    row_end=0xb79fe3a4) at log_event.cc:6227
#9  0x08281249 in Rows_log_event::exec_event (this=0x9868778, rli=0x98280a4)
    at log_event.cc:5564
#10 0x0832eb7e in handle_slave_sql (arg=0x98272c0) at slave.cc:3151
#11 0x00d1ebd4 in start_thread () from /lib/libpthread.so.0
#12 0x00c764fe in clone () from /lib/libc.so.6

How to repeat:
--echo *** Create t2 on slave  ***
STOP SLAVE;
RESET SLAVE;
eval CREATE TABLE t2 (a INT, b INT PRIMARY KEY, c CHAR(5),
                      d FLOAT DEFAULT '2.00',
                      e CHAR(5) DEFAULT 'TEST2')
                      ENGINE=$engine_type;

--echo *** Create t2 on Master ***
connection master;
eval CREATE TABLE t2 (a INT PRIMARY KEY, b INT, c CHAR(10)
                       ) ENGINE=$engine_type;
RESET MASTER;

--echo *** Start Slave ***
connection slave;
START SLAVE;

--echo *** Master Data Insert ***
connection master;

INSERT INTO t2 () VALUES(1,2,'Kyle, TEX'),(2,1,'JOE AUSTIN'),(3,4,'QA TESTING');
SELECT * FROM t2 ORDER BY a;

--echo *** Select from slave ***
sync_slave_with_master;
SELECT * FROM t2 ORDER BY a;

--echo *** Drop t2  ***
connection master;
DROP TABLE t2;
sync_slave_with_master;
[11 Sep 2006 12:23] Jonathan Miller
A test case for this has been added and commented out in ./extra/rpl_tests/rpl_extraSlave_Col.test. If test cases are pushed before this bug is patched, then the developer will need to uncomment the test and run it with the patch before marking this bug as complete.
[17 May 2007 20:43] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/26930

ChangeSet@1.2579, 2007-05-17 16:47:08-04:00, cbell@suse.vabb.com +5 -0
  BUG#22086 : Extra Slave Col: Char(5) on slave and Char(10) on master cause mysqld crash
  
  This patch adds code to gracefully exit the slave thread whenever a 
  condition where the master column data exceeds the size of the client
  column for character fields.
  
  A test was enabled to test for this condition. The test includes a step
  to correct the problem and replay the replication logs.
[17 May 2007 20:57] Chuck Bell
Patch created and sent to Mats to confirm the patch does not violate work underway for WL#3228.
[10 Jun 2007 22:45] Chuck Bell
The solution implements a portion of WL#3228. The Table_map_log_event was extended to write two arrays containing the width of each column and the number of bytes used for the length for each column. 

These arrays are written to the body of the data body portion of the event that follows the headers. These arrays are used in the table_def compatible_with() method to add checks for compatible field widths.

Compatible field widths are cases where the master's columns are shorter than the slave. Another check was added to check the number of bytes used in the fields. If the master has fields that are not using the same number of bytes for the length, the code in unpack() can fail. This check ensures the server (slave) stops gracefully if the length_bytes differ.

A check is made to ensure the arrays are read only if the length of the data body contains enough data to populate the arrays. If not, the arrays are emptied so that the error handlers in compatible_with() are ignored.

The solution allows replication in mixed version topologies. Older versions of 5.1 masters can replicate with 5.1 slaves that contain the solution. similarly, 5.1 masters that contain the solution can replicate with older version of 5.1 slaves.
[12 Jun 2007 19:14] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/28600

ChangeSet@1.2547, 2007-06-12 15:12:45-04:00, cbell@suse.vabb.com +8 -0
  BUG#22086 : Extra Slave Col: Char(5) on slave and Char(10) on master cause mysqld crash
    
  The solution implements a portion of WL#3228. The Table_map_log_event 
  was extended to write two arrays containing the width of each column 
  and the number of bytes used for the length for each column. 
    
  These arrays are written to the body of the data body portion of the 
  event that follows the headers. These arrays are used in the table_def 
  compatible_with() method to add checks for compatible field widths.
    
  Compatible field widths are cases where the master's columns are shorter
  than the slave. Another check was added to check the number of bytes 
  used in the fields. If the master has fields that are not using the same 
  number of bytes for the length, the code in unpack() can fail. This 
  check ensures the server (slave) stops gracefully if the length_bytes
  differ.
    
  A check is made to ensure the arrays are read only if the length of the 
  data body contains enough data to populate the arrays. If not, the 
  arrays are emptied so that the error handlers in compatible_with() are 
  ignored.
    
  The solution allows replication in mixed version topologies. Older 
  versions of 5.1 masters can replicate with 5.1 slaves that contain the 
  solution. similarly, 5.1 masters that contain the solution can replicate
  with older version of 5.1 slaves.
[6 Jul 2007 21:13] Chuck Bell
Much of the core changes to the replication code needed for this bug report will be satisfied by WL#3228. Currently waiting approval to implement WL#3228 solution which will be used as a basis for this bug report.
[14 Jul 2007 3:48] Chuck Bell
The dependent worklog WL#3228 has implemented modifications to all unpack methods to handle master sizes less than slave _except_ for BIT fields. This work requires more design and consultation with those familiar with the ways bit fields are encoded. This portion shall be implemented as part of this bug report.
[31 Jul 2007 19:25] Chuck Bell
Solution relies on patches for WL#3228.

Implementation of this patch uses the code from WL#3228 to get the field metadata for the fields from the master. A new method was added to table_def::compatible_with() to check the width of each column. If the column width on the master is greater than the slave, an error is issued. Otherwise, execution proceeds as normal.
[6 Aug 2007 13:27] Chuck Bell
Patch ready for review 3 August. Path to patch:

http://lists.mysql.com/commits/31925
[10 Aug 2007 18:22] Chuck Bell
Additional refactoring implemented for WL#3228 and WL#3915 changes. Large switch statements removed in favor of methods on field classes. Patch in review.
[18 Aug 2007 0:15] Bugs System
Pushed into 5.1.22-beta
[31 Aug 2007 17:04] Paul Dubois
This was pushed to 5.1.23, not 5.1.22.
[14 Sep 2007 12:22] MC Brown
A note has been added to the 5.1.23 changelog: 

Replicating from a master table to a slave table where the size of a CHAR or VARCHAR column was a different size would cause mysqld to crash. For more information on replicating with different column definitions, see Replication with Fewer Columns on the Slave.