Bug #24401 MySQL server crashes if you try to retrieve data from corrupted table
Submitted: 17 Nov 2006 16:53 Modified: 7 Feb 2007 19:05
Reporter: Victoria Reznichenko Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.0.30 OS:Any (any)
Assigned to: Sergey Vojtovich CPU Architecture:Any

[17 Nov 2006 16:53] Victoria Reznichenko
Description:
I have small corrupted MyISAM table t1 (I made it corrupted for testing).
If I do simple SELECT like:
select * from t1 order by id;

MySQL server crashes.

Backtrace:
(gdb) bt
#0  0x085bb25c in _mi_rec_unpack (info=0x8dee1d0, to=0x8deea38 '╔' <repeats 200 times>..., from=0x8def7a1 '╔' <repeats 200 times>..., found_length=10) at mi_dynrec.c:1062
#1  0x085bc89a in _mi_read_rnd_dynamic_record (info=0x8dee1d0, buf=0x8dedf38 "Ч\001", filepos=18446744073709551615, skip_deleted_blocks=0 '\0') at mi_dynrec.c:1599
#2  0x085b2bb2 in mi_scan (info=0x8dee1d0, buf=0x8dedf38 "Ч\001") at mi_scan.c:45
#3  0x0830e756 in ha_myisam::rnd_next (this=0x8dede48, buf=0x8dedf38 "Ч\001") at ha_myisam.cc:1277
#4  0x08303918 in find_all_keys (param=0xb4fe10d4, select=0x8de3640, sort_keys=0x8dddf38, buffpek_pointers=0xb4fe0f4c, tempfile=0xb4fe1010, indexfile=0x0)
    at filesort.cc:464
#5  0x08304493 in filesort (thd=0xb51260e0, table=0x8ded5f8, sortorder=0x8de3748, s_length=1, select=0x8de3640, max_rows=18446744073709551615, examined_rows=0xb4fe1208)
    at filesort.cc:225
#6  0x08287aad in create_sort_index (thd=0xb51260e0, join=0x8de21e0, order=0x8de2148, filesort_limit=18446744073709551615, select_limit=18446744073709551615)
    at sql_select.cc:12212
#7  0x08299856 in JOIN::exec (this=0x8de21e0) at sql_select.cc:1804
#8  0x08295caf in mysql_select (thd=0xb51260e0, rref_pointer_array=0xb51264dc, tables=0x8de1ed0, wild_num=1, fields=@0xb5126440, conds=0x0, og_num=1, order=0x8de2148,
    group=0x0, having=0x0, proc_param=0x0, select_options=2156153344, result=0x8de21d0, unit=0xb5126184, select_lex=0xb51263b4) at sql_select.cc:2017
#9  0x08299d74 in handle_select (thd=0xb51260e0, lex=0xb5126120, result=0x8de21d0, setup_tables_done_option=0) at sql_select.cc:257
#10 0x08233ca8 in mysql_execute_command (thd=0xb51260e0) at sql_parse.cc:2596
#11 0x0823c130 in mysql_parse (thd=0xb51260e0, inBuf=0x8de1db0 "select \n* from t1 order by id", length=29) at sql_parse.cc:5809
#12 0x0823eae0 in dispatch_command (command=COM_QUERY, thd=0xb51260e0, packet=0xb5157091 "select \n* from t1 order by id", packet_length=30) at sql_parse.cc:1773
#13 0x0824008f in do_command (thd=0xb51260e0) at sql_parse.cc:1557
#14 0x0824125d in handle_one_connection (arg=0xb51260e0) at sql_parse.cc:1188
#15 0xb7f4d34b in start_thread () from /lib/libpthread.so.0
#16 0xb7e7765e in clone () from /lib/libc.so.6

How to repeat:
I'll upload table files (.frm, .MYI, .MYD) to this issue.
Just run: select * from t1 order by id
[17 Nov 2006 16:56] Victoria Reznichenko
corrupted table

Attachment: t1.zip (application/zip, text), 696 bytes.

[19 Jan 2007 11:12] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/18429

ChangeSet@1.2594, 2007-01-19 15:14:00+04:00, svoj@mysql.com +1 -0
  BUG#24401 - MySQL server crashes if you try to retrieve data from
              corrupted table
  
  Accessing a table with corrupted column definition results in server
  crash.
  
  This is fixed by refusing to open such tables. Affects MyISAM only.
  No test case, since it requires crashed table.
[22 Jan 2007 12:33] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/18536

ChangeSet@1.2594, 2007-01-22 16:34:58+04:00, svoj@mysql.com +1 -0
  BUG#24401 - MySQL server crashes if you try to retrieve data from
              corrupted table
  
  Accessing a table with corrupted column definition results in server
  crash.
  
  This is fixed by refusing to open such tables. Affects MyISAM only.
  No test case, since it requires crashed table.
[25 Jan 2007 9:29] Sergey Vojtovich
Pushed to trees currently marked as 5.0.36 and 5.1.15.
[5 Feb 2007 11:42] Sergey Vojtovich
Pushed to tree currently marked as 4.1.23.
[7 Feb 2007 19:05] Paul Dubois
Noted in 4.1.23, 5.0.36, 5.1.15 changelogs.