Bug #31249 Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, fiel
Submitted: 27 Sep 2007 16:38 Modified: 22 Oct 2007 23:55
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Data Types Severity:S1 (Critical)
Version:5.1 OS:Any
Assigned to: Ramil Kalimullin CPU Architecture:Any
Tags: assertion, crash

[27 Sep 2007 16:38] Shane Bester
Description:
Version: '5.1.23-beta-debug'  socket: '/tmp/mysql.sock'  port: 3306  yes
mysqld: field.cc:2635: virtual int Field_new_decimal::store_decimal(const my_decimal*): Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, field_index))' failed.
070927 18:17:41 - mysqld got signal 6;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=8388572
read_buffer_size=131072
max_used_connections=1
max_threads=151
threads_connected=1
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 337620 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0x8dbc7d8
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
Cannot determine thread, fp=0x42864b74, backtrace may not be correct.
Stack range sanity check OK, backtrace follows:
0x820147b handle_segfault + 541
0xffffe410 _end + -142171840
0x400edb75 _end + 932550821
0x400e5903 _end + 932517427
0x81d6bc3 Field_new_decimal::store_decimal(my_decimal const*) + 137
0x8169e35 Item_sum_sum::reset_field() + 103
0x827b050 init_tmptable_sum_functions(Item_sum**) + 32
0x8275320 end_update(JOIN*, st_join_table*, bool) + 642
0x8272e43 evaluate_join_record(JOIN*, st_join_table*, int, char*) + 445
0x8272c29 sub_select(JOIN*, st_join_table*, bool) + 209
0x8272770 do_select(JOIN*, List<Item>*, st_table*, Procedure*) + 756
0x82601b4 JOIN::exec() + 1826
0x8261b7e _Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select + 638
0x825c69d handle_select(THD*, st_lex*, select_result*, unsigned long) + 365
0x8215e54 execute_sqlcom_select(THD*, TABLE_LIST*) + 772
0x820eb35 mysql_execute_command(THD*) + 1701
0x82178b0 mysql_parse(THD*, char const*, unsigned int, char const**) + 372
0x820cf60 dispatch_command(enum_server_command, THD*, char*, unsigned int) + 2354
0x820c622 do_command(THD*) + 600
0x820b01d handle_one_connection + 255
0x40038aa7 _end + 931809239
0x4017ec2e _end + 933144926
New value of fp=(nil) failed sanity check, terminating stack trace!
Please read http://dev.mysql.com/doc/refman/5.1/en/resolve-stack-dump.html
and follow instructions on how to resolve the stack trace.
Resolved stack trace is much more helpful in diagnosing the
problem, so please do resolve it
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0x8deb9a8 = select sum(`c`) from t1 group by convert(`c`,datetime)
thd->thread_id=1

How to repeat:
debug binaries assert, release binaries crash.

drop table if exists t1;
create table `t1` (`c` tinyint)engine=myisam;
insert into t1 values (),(),();
select sum(`c`) from t1 group by convert(`c`,datetime);
[4 Oct 2007 16:22] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/34911

ChangeSet@1.2528, 2007-10-04 21:21:58+05:00, ramil@mysql.com +3 -0
  Fix for bug #31249: Assertion `!table || (!table->write_set || 
  bitmap_is_set(table->write_set, fiel
  
  Problem: creating a temporary table we allocate the group buffer if needed
  followed by table bitmaps (see create_tmp_table()). Reserving less memory for 
  the group buffer than actually needed (used) for values retrieval may lead 
  to overlapping with followed bitmaps in the memory pool that in turn leads 
  to unpredictable consequences.
  
  As we use Item->max_length sometimes to calculate group buffer size,
  it must be set to proper value. In this particular case 
  Item_datetime_typecast::max_length is too small.
  
  Fix: set Item_datetime_typecast::max_length properly.
[9 Oct 2007 9:37] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/35183

ChangeSet@1.2528, 2007-10-09 14:37:21+05:00, ramil@mysql.com +4 -0
  Fix for bug #31249: Assertion `!table || (!table->write_set || 
  bitmap_is_set(table->write_set, fiel
  
  Problem: creating a temporary table we allocate the group buffer if needed
  followed by table bitmaps (see create_tmp_table()). Reserving less memory for 
  the group buffer than actually needed (used) for values retrieval may lead 
  to overlapping with followed bitmaps in the memory pool that in turn leads 
  to unpredictable consequences.
  
  As we use Item->max_length sometimes to calculate group buffer size,
  it must be set to proper value. In this particular case 
  Item_datetime_typecast::max_length is too small.
  
  Another problem is that we use max_length to calculate the group buffer
  key length for items represented as DATE/TIME fields which is superfluous.
  
  Fix: set Item_datetime_typecast::max_length properly,
  accurately calculate the group buffer key length for items 
  represented as DATE/TIME fields in the buffer.
[9 Oct 2007 17:40] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/35215

ChangeSet@1.2530, 2007-10-09 22:40:22+05:00, ramil@mysql.com +2 -0
  metadata test of bug # 31249: problem with convert(..., datetime) removed 
  as PS protocol gives slightly different metadata.
[18 Oct 2007 21:35] Bugs System
Pushed into 5.1.23-beta
[18 Oct 2007 21:36] Bugs System
Pushed into 5.0.52
[22 Oct 2007 23:55] Paul Dubois
Noted in 5.0.52, 5.1.23 changelogs.

Allocation of an insufficiently large group-by buffer following
creation of a temporary table could lead to a server crash.