Bug #28553 mysqld crash in "purge master log before(select time from information_schema)"
Submitted: 21 May 2007 9:09 Modified: 14 Jun 2007 19:34
Reporter: Magnus Blåudd Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Information schema Severity:S2 (Serious)
Version:5.0.42, 4.1, 5.1 OS:Any
Assigned to: Sergey Glukhov CPU Architecture:Any

[21 May 2007 9:09] Magnus Blåudd
Description:
mysqld crash when using an information schema table to get a time for the "purge master logs before" command.

Core was generated by `/home/msvensson/mysql/bug27438/my50-bug27438/sql/mysqld --no-defaults --console'.
Program terminated with signal 11, Segmentation fault.
#0  0x0000003b26c0b0a2 in pthread_kill () from /lib64/libpthread.so.0
(gdb) where
#0  0x0000003b26c0b0a2 in pthread_kill () from /lib64/libpthread.so.0
#1  0x00000000007107d0 in write_core (sig=11) at stacktrace.c:244
#2  0x00000000005a03a5 in handle_segfault (sig=11) at mysqld.cc:2166
#3  <signal handler called>
#4  0x00000000005ed019 in setup_tables (thd=0xd9da98, context=0xddd130, 
    from_clause=0xddd288, tables=0xddd920, conds=0xdda298, leaves=0x4007f680, 
    select_insert=false) at sql_base.cc:5154
#5  0x00000000005ed3fc in setup_tables_and_check_access (thd=0xd9da98, 
    context=0xddd130, from_clause=0xddd288, tables=0xddd920, conds=0xdda298, 
    leaves=0xddd2b0, select_insert=false, want_access_first=1, want_access=1)
    at sql_base.cc:5252
#6  0x000000000062516a in JOIN::prepare (this=0xdd8fb8, 
    rref_pointer_array=0xddd308, tables_init=0xddd920, wild_num=0, 
    conds_init=0xdde1f8, og_num=0, order_init=0x0, group_init=0x0, 
    having_init=0x0, proc_param_init=0x0, select_lex_arg=0xddd0e0, 
    unit_arg=0xddd3c8) at sql_select.cc:455
#7  0x000000000056093b in subselect_single_select_engine::prepare (
    this=0xdde410) at item_subselect.cc:1646
#8  0x0000000000564ab9 in Item_subselect::fix_fields (this=0xdde320, 
    thd_param=0xd9da98, ref=0x40080290) at item_subselect.cc:154
#9  0x00000000005b963d in mysql_execute_command (thd=0xd9da98)
    at sql_parse.cc:2712
#10 0x00000000005c1399 in mysql_parse (thd=0xd9da98, 
    inBuf=0xddcff8 "purge master logs before (select UPDATE_TIME from information_schema.tables\nwhere TABLE_SCHEMA=\"test\" and TABLE_NAME=\"t2\")", 
    length=122, found_semicolon=0x40080e50) at sql_parse.cc:6055
#11 0x00000000005c3e3b in dispatch_command (command=COM_QUERY, thd=0xd9da98, 
    packet=0xdd4f69 "purge master logs before (select UPDATE_TIME from information_schema.tables\nwhere TABLE_SCHEMA=\"test\" and TABLE_NAME=\"t2\")", 
    packet_length=123) at sql_parse.cc:1805
#12 0x00000000005c55cf in do_command (thd=0xd9da98) at sql_parse.cc:1582
#13 0x00000000005c67b3 in handle_one_connection (arg=0xd9da98)
    at sql_parse.cc:1193
#14 0x0000003b26c06305 in start_thread () from /lib64/libpthread.so.0
#15 0x0000003b25ccd50d in clone () from /lib64/libc.so.6
#16 0x0000000000000000 in ?? ()
(gdb) q

How to repeat:
create table t2(a int);
purge master logs before (select UPDATE_TIME from information_schema.tables
where TABLE_SCHEMA="test" and TABLE_NAME="t2");
[21 May 2007 9:30] Sveta Smirnova
Thank you for the report.

Verified as described.
[21 May 2007 13:16] Shane Bester
don't think it's I_S related if 4.1 crashes? Looks subquery related to me.

testcase:

drop table if exists t1;
create table t1(a datetime)engine=myisam;
purge master logs before (select a from t1);
[29 May 2007 9:06] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/27541

ChangeSet@1.2660, 2007-05-29 14:02:48+05:00, gluh@mysql.com +3 -0
  Bug#28553 mysqld crash in "purge master log before(select time from information_schema)"
  forbid use of subselect in PURGE LOGS BEFORE command
[1 Jun 2007 10:34] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/27898

ChangeSet@1.2660, 2007-06-01 15:32:25+05:00, gluh@mysql.com +3 -0
  Bug#28553 mysqld crash in "purge master log before(select time from information_schema)"(2nd version)
  forbid use of subselect in PURGE LOGS BEFORE command
[6 Jun 2007 13:37] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/28203

ChangeSet@1.2660, 2007-06-06 18:29:15+05:00, gluh@mysql.com +3 -0
  Bug#28553 mysqld crash in "purge master log before(select time from information_schema)"
  forbid the use of subselect in PURGE LOGS BEFORE command
[14 Jun 2007 19:00] Bugs System
Pushed into 5.1.20-beta
[14 Jun 2007 19:00] Bugs System
Pushed into 5.0.44
[14 Jun 2007 19:01] Bugs System
Pushed into 4.1.24
[14 Jun 2007 19:34] Paul Dubois
Noted in 4.1.24, 5.0.44, 5.1.20 changelogs.

PURGE MASTER LOGS BEFORE (subquery) caused a server crash. Subqueries
are forbidden in the BEFORE clause now.