Bug #31226 Group by function crashes mysql
Submitted: 27 Sep 2007 9:21 Modified: 28 Sep 2007 9:32
Reporter: Kim Carlsen Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:5.0.42 and up, 5.1 OS:Other (FreeBSD, Linux)
Assigned to: CPU Architecture:Any
Tags: crash, FUNCTION, GROUP BY

[27 Sep 2007 9:21] Kim Carlsen
Description:
Im not sure if this is related to Bug #30587, which is the closest match I have found in the bug forum.

When group by argument is a function it seems to crash mysql. 

Only crashes with innodb storage engine. 

This dont crashes on mysql version 5.0.37 and 5.0.38.

How to repeat:
CREATE TABLE sysnow_test (
 id INT
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

DELIMITER $$
CREATE FUNCTION sysnow() RETURNS DATETIME
NOT DETERMINISTIC NO SQL
BEGIN
 RETURN NOW();
END
$$
DELIMITER ;

SELECT SYSNOW() from sysnow_test group by 1;
[27 Sep 2007 11:32] Hartmut Holzgraefe
first version to show the problem is 5.0.42
[27 Sep 2007 12:57] Hartmut Holzgraefe
This doesn't seem to be the same as Bug #30587 as it shows a completely different gbd backtrace:

#0  0xffffe410 in __kernel_vsyscall ()
#1  0x4005b8b8 in pthread_kill () from /lib/tls/libpthread.so.0
#2  0x083a3b77 in write_core (sig=11) at stacktrace.c:253
#3  0x0822092b in handle_segfault (sig=11) at mysqld.cc:2194
#4  <signal handler called>
#5  0x081f2c6e in Field::offset (this=0x0) at field.cc:1316
#6  0x082900ba in create_tmp_table (thd=0x8d60df8, param=0x8d9af88, fields=@0x8d9b048, 
    group=0x8d9a138, distinct=false, save_sum_fields=false, select_options=2158250496, 
    rows_limit=18446744073709551615, table_alias=0x86ad323 "") at sql_select.cc:9700
#7  0x082a1e7d in JOIN::optimize (this=0x8d9a308) at sql_select.cc:1385
#8  0x082a66e9 in mysql_select (thd=0x8d60df8, rref_pointer_array=0x8d61ec0, tables=0x8d99f28, 
    wild_num=0, fields=@0x8d61e30, conds=0x0, og_num=1, order=0x0, group=0x8d9a138, having=0x0, 
    proc_param=0x0, select_options=2158250496, result=0x8d9a2f8, unit=0x8d61b64, 
    select_lex=0x8d61d9c) at sql_select.cc:2265
#9  0x082a6a94 in handle_select (thd=0x8d60df8, lex=0x8d61b0c, result=0x8d9a2f8, 
    setup_tables_done_option=0) at sql_select.cc:256
#10 0x0823e636 in mysql_execute_command (thd=0x8d60df8) at sql_parse.cc:2666
#11 0x082469a4 in mysql_parse (thd=0x8d60df8, 
    inBuf=0x8d99580 "SELECT SYSNOW() from sysnow_test group by 1", length=43, 
    found_semicolon=0x4176f260) at sql_parse.cc:6094
#12 0x08247488 in dispatch_command (command=COM_QUERY, thd=0x8d60df8, 
    packet=0x8d91521 "SELECT SYSNOW() from sysnow_test group by 1", packet_length=44)
    at sql_parse.cc:1812
#13 0x08248999 in do_command (thd=0x8d60df8) at sql_parse.cc:1586
#14 0x08248e86 in handle_one_connection (arg=0x8d60df8) at sql_parse.cc:1197
#15 0x40058297 in start_thread () from /lib/tls/libpthread.so.0
#16 0x4019337e in clone () from /lib/tls/libc.so.6
#17 0x4176fbb0 in ?? ()
[27 Sep 2007 13:17] Hartmut Holzgraefe
mysqltest test case

Attachment: bug31226.tgz (application/x-gtar, text), 859 bytes.

[28 Sep 2007 9:32] Hartmut Holzgraefe
Duplicate of Bug #31035