MySQL Bugs: #26402: Server crashes with old-style named table

Bug #26402	Server crashes with old-style named table
Submitted:	15 Feb 2007 13:11	Modified:	18 Jun 2007 13:41
Reporter:	Andrey Hristov	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: Charsets	Severity:	S2 (Serious)
Version:	5.1.16	OS:	Linux (OpenSuSE 10.2)
Assigned to:	Alexander Barkov	CPU Architecture:	Any

Description:
Creating a table with 5.0 server, non-latin1 name, in this example Cyrillic and then trying to use it with 5.1 crashes the server - actually an assert.

mysql> select version();
+---------------------------+
| version()                 |
+---------------------------+
| 5.0.36-valgrind-max-debug |
+---------------------------+
1 row in set (0.00 sec)

mysql> create database if not exists test4;
Query OK, 1 row affected (0.04 sec)

mysql> use test4;
Database changed
mysql> set names utf8;
Query OK, 0 rows affected (0.00 sec)

mysql> create table табличка (a int);
Query OK, 0 rows affected (0.13 sec)

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.16-beta-valgrind-max-debug Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> select version();
+--------------------------------+
| version()                      |
+--------------------------------+
| 5.1.16-beta-valgrind-max-debug |
+--------------------------------+
1 row in set (0.00 sec)

mysql> use test4;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql.sock' (111)
ERROR:
Can't connect to the server

On the other konsole:070215 14:10:30 [ERROR] Invalid (old?) table or database name 'табличка'
mysqld: table.cc:306: int open_table_def(THD*, TABLE_SHARE*, uint): Assertion `length <= share->normalized_path.length' failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread -1256658032 (LWP 25214)]
0xb7fd1410 in ?? ()
(gdb) bt
#0  0xb7fd1410 in ?? ()
#1  0xb518c9e8 in ?? ()
#2  0x00000006 in ?? ()
#3  0x0000627e in ?? ()
#4  0xb7e0d060 in raise () from /lib/libc.so.6
#5  0xb7e0e801 in abort () from /lib/libc.so.6
#6  0xb7e067bb in __assert_fail () from /lib/libc.so.6
#7  0x08270d46 in open_table_def (thd=0x8e49ec8, share=0x8e87f20, db_flags=8192) at table.cc:306
#8  0x08263c4c in get_table_share (thd=0x8e49ec8, table_list=0xb518dfc0, key=0xb518da82 "test4", key_length=24, db_flags=8192, error=0xb518d188)
    at sql_base.cc:343
#9  0x08268e13 in open_unireg_entry (thd=0x8e49ec8, entry=0x8e895e0, table_list=0xb518dfc0, alias=0x8e87de8 "#mysql50#????????",
    cache_key=0xb518da82 "test4", cache_key_length=24, mem_root=0xb518db68, flags=0) at sql_base.cc:436
#10 0x0826afc3 in open_table (thd=0x8e49ec8, table_list=0xb518dfc0, mem_root=0xb518db68, refresh=0xb518db9b, flags=<value optimized out>)
    at sql_base.cc:2059
#11 0x0826b6b5 in open_tables (thd=0x8e49ec8, start=0xb518dc04, counter=0xb518dbf0, flags=0) at sql_base.cc:2922
#12 0x0826b9ab in open_normal_and_derived_tables (thd=0x8e49ec8, tables=0xb518dfc0, flags=0) at sql_base.cc:3254
#13 0x083610cf in mysqld_list_fields (thd=0x8e49ec8, table_list=0xb518dfc0, wild=0x8e89dd8 "") at sql_show.cc:783
#14 0x08242037 in dispatch_command (command=COM_FIELD_LIST, thd=0x8e49ec8, packet=0x8e7fc51 "#mysql50#????????", packet_length=19) at sql_parse.cc:1970
#15 0x08242389 in do_command (thd=0x8e49ec8) at sql_parse.cc:1638
#16 0x08243121 in handle_one_connection (arg=0x8e49ec8) at sql_parse.cc:1239
#17 0xb7f87112 in start_thread () from /lib/libpthread.so.0
#18 0xb7ea32ee in clone () from /lib/libc.so.6

How to repeat:
select version();
create database if not exists test4;
use test4;
set names utf8;
create table табличка (a int);

then stop 5.0 and start 5.1. Exit the mysql client, or you get immediate crash on reconnect.

select version();
use test4;
show tables;

Thank you for the report.

Verified as described.

Andrei, Sveta - I cannot repeat the problem with the current 5.1.17 bk sources.
Can you please help me?

I can repeat it again with table created by MySQL 5.0.40 and MySQL 5.1.18:

$mysql50;
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 627
Server version: 5.0.40-debug Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> select version();
+--------------+
| version()    |
+--------------+
| 5.0.40-debug | 
+--------------+
1 row in set (0.00 sec)

mysql> create database if not exists test4;
Query OK, 1 row affected (0.01 sec)

mysql> use test4;
Database changed
mysql> set names utf8;
Query OK, 0 rows affected (0.00 sec)

mysql> create table табличка (a int);
Query OK, 0 rows affected (0.11 sec)

mysql> \q
Bye

$boot_manager stop

$cd 

$mv build/mysql-5.0/data/test4/ build/mysql-5.1/data
mv: cannot overwrite directory `build/mysql-5.1/data/test4'

$rm -rf build/mysql-5.1/data/test4

$mv build/mysql-5.0/data/test4/ build/mysql-5.1/data

$boot_manager start
[10888/3086583488] [07/03/29 10:08:19] [INFO] Loading config file '/users/ssmirnova/.my.cnf'...

$mysql51
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.18-beta-debug Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> select version();
+-------------------+
| version()         |
+-------------------+
| 5.1.18-beta-debug | 
+-------------------+
1 row in set (0.00 sec)

mysql> use test4;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id:    1
Current database: test4

ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/tmp/mysql_ssmirnova51.sock' (111)
ERROR: 
Can't connect to the server

mysql> \q
Bye

Crash happens when mysql rehashes table and column names,
when executing mysql_list_fields() API function.

Another way to reproduce the same crash without automatic rehashing is:

mysql --no-auto-rehash test4
mysql> show tables;
+-------------------+
| Tables_in_test4   |
+-------------------+
| #mysql50#???????? | - ??? are fine - cannot display Russian name in Latin1
+-------------------+
1 row in set (0.01 sec)

mysql> show fields from `#mysql50#????????`;
ERROR 2013 (HY000): Lost connection to MySQL server during query

An easier way to reproduce the same crash is just to execute this query:

show columns from `#mysql50#????????`;

without creating any tables.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/28715

ChangeSet@1.2544, 2007-06-14 11:50:09+05:00, bar@mysql.com +5 -0
  Bug#26402 Server crashes with old-style named table
  Problem: crash on attempt to open a table
  having "#mysql50#" prefix in db or table name.
  Fix: This prefix is reserved for "mysql_upgrade"
  to access 5.0 tables  whose file names are not encoded
  according to "5.1 tablename to filename encoded".
  Don't try open tables whose db name or table name
  has this prefix.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/28738

ChangeSet@1.2549, 2007-06-14 16:18:47+05:00, bar@mysql.com +5 -0
  Bug#26402 Server crashes with old-style named table
    Problem: crash on attempt to open a table
    having "#mysql50#" prefix in db or table name.
    Fix: This prefix is reserved for "mysql_upgrade"
    to access 5.0 tables  whose file names are not encoded
    according to "5.1 tablename to filename encoded".
    Don't try open tables whose db name or table name
    has this prefix.

A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/28740

ChangeSet@1.2549, 2007-06-14 16:28:33+05:00, bar@mysql.com +5 -0
  Bug#26402 Server crashes with old-style named table
    Problem: crash on attempt to open a table
    having "#mysql50#" prefix in db or table name.
    Fix: This prefix is reserved for "mysql_upgrade"
    to access 5.0 tables  whose file names are not encoded
    according to "5.1 tablename to filename encoded".
    Don't try open tables whose db name or table name
    has this prefix.

Pushed into 5.1.20-engines

Pushed into 5.1.20-beta

Noted in 5.1.20 changelog.

Pushed into 6.0.10-alpha (revid:luis.soares@sun.com-20090129165607-wiskabxm948yx463) (version source revid:luis.soares@sun.com-20090129163120-e2ntks4wgpqde6zt) (merge vers: 6.0.10-alpha) (pib:6)

Pushed into 5.1.32 (revid:luis.soares@sun.com-20090129165946-d6jnnfqfokuzr09y) (version source revid:sp1r-msvensson@pilot.mysql.com-20080424112628-62493) (merge vers: 5.1.25-rc) (pib:6)

Pushed into 5.1.32-ndb-6.3.23 (revid:tomas.ulin@sun.com-20090217131017-6u8qz1edkjfiobef) (version source revid:tomas.ulin@sun.com-20090203133556-9rclp06ol19bmzs4) (merge vers: 5.1.32-ndb-6.3.22) (pib:6)

Pushed into 5.1.32-ndb-6.4.3 (revid:tomas.ulin@sun.com-20090217134419-5ha6xg4dpedrbmau) (version source revid:tomas.ulin@sun.com-20090203133556-9rclp06ol19bmzs4) (merge vers: 5.1.32-ndb-6.3.22) (pib:6)

Pushed into 5.1.32-ndb-6.2.17 (revid:tomas.ulin@sun.com-20090217134216-5699eq74ws4oxa0j) (version source revid:tomas.ulin@sun.com-20090201210519-vehobc4sy3g9s38e) (merge vers: 5.1.32-ndb-6.2.17) (pib:6)