Description:
Running EXPLAIN on certain large queries with a debug build of windows version of mysql leads to a visual studio runtime warning about a stack over/under run.
The stack trace is always the same:
ntdll.dll!DbgBreakPoint()
mysqld.exe!failwithmessage
mysqld.exe!_RTC_StackFailure
mysqld.exe!_RTC_CheckStackVars
mysqld.exe!select_describe
mysqld.exe!JOIN::exec
mysqld.exe!st_select_lex_unit::exec
mysqld.exe!mysql_explain_union
mysqld.exe!execute_sqlcom_select
mysqld.exe!mysql_execute_command
mysqld.exe!mysql_parse
mysqld.exe!dispatch_command
mysqld.exe!do_command
mysqld.exe!handle_one_connection
mysqld.exe!pthread_start
mysqld.exe!_callthreadstart
mysqld.exe!_threadstart
Exact error message is this:
Debug Error!
Program: E:\builds\5.1.20-win-src\sql\debug\mysqld.exe
Module: E:\builds\5.1-20-win-src\sql\debug\mysqld.exe
File: E:\builds\5.1.20-win-src\sql\sql_select.cc
Line: 15568
Run-Time Check Failure #2 - Stack around the variable 'buf' was corrupted.
(Press Retry to debug the application)
[abort] [retry] [ignore]
How to repeat:
will upload a testcase later.
or, just read the code and determine if that 'buf' variable is big enough for all cases.
Suggested fix:
i don't know. This is how 'buf' is defined:
if (tab->use_quick == 2)
{
char buf[MAX_KEY/8+1];
extra.append(STRING_WITH_LEN("; Range checked for each "
"record (index map: 0x"));
extra.append(tab->keys.print(buf));
extra.append(')');
}
Is that variable big enough, even with huge queries and many tables/indexes?
It's probably just one byte over, which would hardly ever crash a release binary, because nothing critical is overwritten. But, the problem still exists.
Description: Running EXPLAIN on certain large queries with a debug build of windows version of mysql leads to a visual studio runtime warning about a stack over/under run. The stack trace is always the same: ntdll.dll!DbgBreakPoint() mysqld.exe!failwithmessage mysqld.exe!_RTC_StackFailure mysqld.exe!_RTC_CheckStackVars mysqld.exe!select_describe mysqld.exe!JOIN::exec mysqld.exe!st_select_lex_unit::exec mysqld.exe!mysql_explain_union mysqld.exe!execute_sqlcom_select mysqld.exe!mysql_execute_command mysqld.exe!mysql_parse mysqld.exe!dispatch_command mysqld.exe!do_command mysqld.exe!handle_one_connection mysqld.exe!pthread_start mysqld.exe!_callthreadstart mysqld.exe!_threadstart Exact error message is this: Debug Error! Program: E:\builds\5.1.20-win-src\sql\debug\mysqld.exe Module: E:\builds\5.1-20-win-src\sql\debug\mysqld.exe File: E:\builds\5.1.20-win-src\sql\sql_select.cc Line: 15568 Run-Time Check Failure #2 - Stack around the variable 'buf' was corrupted. (Press Retry to debug the application) [abort] [retry] [ignore] How to repeat: will upload a testcase later. or, just read the code and determine if that 'buf' variable is big enough for all cases. Suggested fix: i don't know. This is how 'buf' is defined: if (tab->use_quick == 2) { char buf[MAX_KEY/8+1]; extra.append(STRING_WITH_LEN("; Range checked for each " "record (index map: 0x")); extra.append(tab->keys.print(buf)); extra.append(')'); } Is that variable big enough, even with huge queries and many tables/indexes? It's probably just one byte over, which would hardly ever crash a release binary, because nothing critical is overwritten. But, the problem still exists.