Bug #28971 ALTER TABLE followed by UPDATE for a CSV table make server crash
Submitted: 8 Jun 2007 10:14 Modified: 7 Jul 2007 18:49
Reporter: Alexander Barkov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: CSV Severity:S3 (Non-critical)
Version:5.1.20 OS:Any
Assigned to: Sergey Vojtovich CPU Architecture:Any

[8 Jun 2007 10:14] Alexander Barkov
Description:
I get crash with a CSV table after ALTER TABLE followed by UPDATE.

How to repeat:
Run "mysql test" and execute these queries:

drop table if exists t1;
create table t1 (a blob) engine=csv;
insert into t1 values (0x2009090009090A200A200A20);
alter table t1 add b int;
update t1 set b=10;

Backtrace is:

Version: '5.1.20-beta-debug'  socket: '/tmp/mysql.sock'  port: 3307  Source distribution
[New Thread -1442907248 (LWP 31708)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1442907248 (LWP 31708)]
0x084866d3 in ha_tina::encode_quote (this=0x90dda80, buf=0x90d42b8 "")
    at ha_tina.cc:496
496             if (*ptr == '"')
(gdb) where
#0  0x084866d3 in ha_tina::encode_quote (this=0x90dda80, buf=0x90d42b8 "")
    at ha_tina.cc:496
#1  0x08486963 in ha_tina::update_row (this=0x90dda80, old_data=0x90d42c8 "",
    new_data=0x90d42b8 "") at ha_tina.cc:929
#2  0x083882f2 in handler::ha_update_row (this=0x90dda80,
    old_data=0x90d42c8 "", new_data=0x90d42b8 "") at handler.cc:3686
#3  0x0832097f in mysql_update (thd=0x90921d0, table_list=0x90d4918,
    fields=@0x90932c0, values=@0x90934d4, conds=0x0, order_num=0, order=0x0,
    limit=18446744073709551615, handle_duplicates=DUP_ERROR, ignore=false)
    at sql_update.cc:549
#4  0x0828cc62 in mysql_execute_command (thd=0x90921d0) at sql_parse.cc:2592
#5  0x08293274 in mysql_parse (thd=0x90921d0,
    inBuf=0x90d4898 "update t1 set b=10", length=18,
    found_semicolon=0xa9fef280) at sql_parse.cc:5381
#6  0x08293da5 in dispatch_command (command=COM_QUERY, thd=0x90921d0,
    packet=0x90cc839 "update t1 set b=10", packet_length=19)
    at sql_parse.cc:907
#7  0x08294f39 in do_command (thd=0x90921d0) at sql_parse.cc:669
#8  0x08282fec in handle_one_connection (arg=0x90921d0) at sql_connect.cc:1091
#9  0x007153db in start_thread () from /lib/libpthread.so.0
#10 0x0066f06e in clone () from /lib/libc.so.6
(gdb)
(gdb) print *ptr
Cannot access memory at address 0xa5a5a5a5

Suggested fix:
Fix CSV engine not to crash.
[8 Jun 2007 10:48] Sveta Smirnova
Thank you for the report.

Verified as described.
[14 Jun 2007 18:30] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/28796

ChangeSet@1.2551, 2007-06-15 03:22:40+05:00, svoj@mysql.com +3 -0
  BUG#28971 - ALTER TABLE followed by UPDATE for a CSV table
              make server crash
  
  UPDATE against CSV table may cause server crash or update a table with wrong
  values.
  
  CSV can write only a whole row at once. That means it must read all columns,
  that it is not going to update, and write them along with updated columns.
  But only limited set of columns was read, those that were needed for the
  UPDATE query.
  
  With this fix all columns are read in case we're performing an UPDATE.
[16 Jun 2007 15:15] Ingo Strüwing
Exchanged assignee and reviewer since I have a patch for Bug#26827 (table->read_set is set incorrectly, causing update of a different column), which should fix this bug too.
[18 Jun 2007 11:58] Ingo Strüwing
See Bug#26827 (table->read_set is set incorrectly, causing update of a different column) for the patch.
[21 Jun 2007 7:16] Ingo Strüwing
For Sergeis approval please see his email Re: bk commit - 6.0-falcon tree (istruewing:1.2563) BUG#26827.

I agree as mentioned in an earlier email (though I'd prefer a common solution over a fix per engine. But my vote stands against two).
[7 Jul 2007 16:34] Bugs System
Pushed into 5.1.21-beta
[7 Jul 2007 18:49] Paul DuBois
Noted in 5.1.21 changelog.

Updates to a CSV table could cause a server crash or update the
table with incorrect values.