Bug #2349 mysqld server crashes on insert into with nested sub-selects
Submitted: 11 Jan 2004 17:29 Modified: 17 Jan 2004 6:05
Reporter: Craig James Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:4.1.1-alpha-standard, i68 OS:Linux (Linux 7.2 ( kernel 2.4.20-20.7 ))
Assigned to: Oleksandr Byelkin CPU Architecture:Any

[11 Jan 2004 17:29] Craig James 
Description:
A complex INSERT INTO ...(SELECT FROM (SELECT FROM ...)) causes the mysqld to crash with a segmentation violation.  Some times it crashes outright, sometimes it hangs indefinitely until another client connects, at which point it crashes.

I'm sorry I couldn't get a trace -- installing the Debug version of MySQL isn't an option just now.

How to repeat:
Please find a tarfile here:
   http://www.modgraph-usa.com/downloads/mysql_crash.tar.gz

The test case is rather large; I was not able to repeat it on a small dataset. The gzipped file is about 1.3 MB.

Unpack the tarfile (it will create a directory mysql_crash), then edit "run_crash.sh" and change the username and password to something suitable.  Then execute run_crash.sh.  It will build the tables, populate them with data, and finally will run a set of queries that cause the segmentation violation.

The SQL may hang, or it may finish (if it finishes, the result set will be wrong, too, but that's beyond what I can explain here.)  Try connecting to the server with another client; usually the mysqld will crash the next time you connect to it.

Suggested fix:
Unknown.
[12 Jan 2004 4:46] Alexander Keremidarski 
The URL you have provided doesn't work. Looks like your host has some routing problems.

Please upload test case by using Files URL http://bugs.mysql.com/bug.php?id=2349&files=1
[12 Jan 2004 14:31] Dean Ellis 
Verified against 4.1.2, although I could only reproduce a segfault if the subquery aliases were short (<= 3 characters).
[12 Jan 2004 21:34] Craig James 
> The URL you have provided doesn't work. Looks like 
> your host has some routing problems.

Sorry, Time-Warner's connection was down for about 4 hrs this morning. Please try again. 

> Please upload test case by using Files URL
> http://bugs.mysql.com/bug.php?id=2349&files=1

Try the URL again -- the file is too large to upload (200K limit).
[14 Jan 2004 5:18] Oleksandr Byelkin 
ChangeSet 
  1.1693 04/01/14 15:15:42 bell@sanja.is.com.ua +3 -0 
  assigned correct lex->current_select for derived tables (BUG#2349) 
  moved LIMIT initialialization, because it is need only for single select 
derived table
[17 Jan 2004 6:05] Oleksandr Byelkin 
thank you for bugreport. bug is now fixed in our source repository