Bug #29353 inserting a negative value to a csv table leads to the table corruption
Submitted: 26 Jun 2007 7:11 Modified: 10 Jul 2007 22:41
Reporter: Ramil Kalimullin Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: CSV Severity:S1 (Critical)
Version:5.1 source OS:Any
Assigned to: Ramil Kalimullin CPU Architecture:Any

[26 Jun 2007 7:11] Ramil Kalimullin 
Description:
mysql> create table t1(a int)engine=csv;
Query OK, 0 rows affected (0.01 sec)

mysql> insert into t1 values(-1);
Query OK, 1 row affected (0.00 sec)

mysql> select * from t1;
ERROR 1194 (HY000): Table 't1' is marked as crashed and should be repaired

mysql> check table t1;
+---------+-------+----------+----------+
| Table   | Op    | Msg_type | Msg_text |
+---------+-------+----------+----------+
| test.t1 | check | error    | Corrupt  | 
+---------+-------+----------+----------+
1 row in set (0.00 sec)

How to repeat:
create table t1(a int)engine=csv;
insert into t1 values(-1);
select * from t1; // Table 't1' is marked as crashed
[26 Jun 2007 12:05] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/29588

ChangeSet@1.2510, 2007-06-26 16:26:32+05:00, ramil@mysql.com +3 -0
  Fix for bug #29353: inserting a negative value to a csv table leads to the table corruption
  
  Problem: we believe a number cannot start with '-' ['+'] sign reading rows.
  
  Fix: properly handle starting '-' and '+' signs that may occur before numbers.
[26 Jun 2007 13:38] Alexander Barkov 
The patch looks ok.

I also suggest to simplify the code starting from

    else if (my_isdigit(system_charset_info,
                        file_buff->get_value(curr_offset)))
    {

to scan everything until comma or until end-of-line,
without checking digits or dots.
It will allow to open csv files with numbers written
in full scientific notation, e.g.:

.10 
1e+5

and so on.

Field->store() will accept all correct formats,
or will return error for unknown formats.
[27 Jun 2007 11:20] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/29692

ChangeSet@1.2522, 2007-06-27 16:20:00+05:00, ramil@mysql.com +3 -0
  Fix for bug #29353: inserting a negative value to a csv table leads to the table corruption
  
  Problem: we believe a number cannot start with '-' ['+'] sign reading rows.
  
  Fix: let field->store() check given values.
[27 Jun 2007 14:55] Alexey Botchkov 
ok to push
[28 Jun 2007 8:44] Alexander Barkov 
Ok to push.
[3 Jul 2007 12:40] Ramil Kalimullin 
http://lists.mysql.com/commits/30165

ChangeSet@1.2534, 2007-07-03 17:17:58+05:00, ramil@mysql.com +8 -0
  Complementary fix for bug #29353: inserting a negative value to a csv table 
  leads to the table corruption
  
  New Field::store() method implemented to explicitly set thd->count_cuted_fields
  before value storing, instead of (incorrectly) setting it in the CSV storage engine.
  Thread row counter now properly incremented during check and repair in the CSV engine.
[3 Jul 2007 23:25] Bugs System 
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/30165

ChangeSet@1.2534, 2007-07-03 17:17:58+05:00, ramil@mysql.com +8 -0
  Complementary fix for bug #29353: inserting a negative value to a csv table 
  leads to the table corruption
  
  New Field::store() method implemented to explicitly set thd->count_cuted_fields
  before value storing, instead of (incorrectly) setting it in the CSV storage engine.
  Thread row counter now properly incremented during check and repair in the CSV engine.
[10 Jul 2007 13:27] Bugs System 
Pushed into 5.1.21-beta
[10 Jul 2007 22:41] Paul DuBois 
Noted in 5.1.21 changelog.

Inserting a negative number into a CSV table could corrupt it.