| Bug #3184 | Crash when subquery is ran using math function in subquery with only 1 result | ||
|---|---|---|---|
| Submitted: | 15 Mar 2004 23:06 | Modified: | 11 May 2004 6:53 |
| Reporter: | Aaron Murgatroyd | Email Updates: | |
| Status: | Can't repeat | Impact on me: | |
| Category: | MySQL Server | Severity: | S2 (Serious) |
| Version: | Up to 5.0.0 | OS: | Windows (Microsoft Windows 2000) |
| Assigned to: | Alexey Botchkov | CPU Architecture: | Any |
[15 Mar 2004 23:07]
Aaron Murgatroyd
Run this script file to cause the bug in question
Attachment: crash.SQL (text/plain), 1.22 KiB.
[16 Mar 2004 6:27]
MySQL Verification Team
Thank you for the bug report I was able to repeat with 4.1.2 BK tree 2
days older.
/item_func.cc
^--923--
double Item_func_round::val()
{
double value=args[0]->val();
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-----------------------------------------------------------------------------
CALL STACK:
00000003()
> mysqld.exe!Item_func_round::val() Line 925 + 0x15 C++
mysqld.exe!Item::save_in_field(Field * field=0x02ef12c8, int no_conversions=0) Line 1199 + 0x11 C++
mysqld.exe!fill_record(Field * * ptr=0x02ee978c, List<Item> & values={...}, int ignore_errors=1) Line 2448 + 0x11 C++
mysqld.exe!select_union::send_data(List<Item> & values={...}) Line 73 + 0x15 C++
mysqld.exe!end_send_group(JOIN * join=0x02ef07b0, st_join_table * join_tab=0x02ef1780, int end_of_records=1) Line 6397 + 0x21 C++
mysqld.exe!sub_select(JOIN * join=0x02ef07b0, st_join_table * join_tab=0x02ef1628, int end_of_records=1) Line 5722 + 0x17 C++
mysqld.exe!do_select(JOIN * join=0x02ef07b0, List<Item> * fields=0x02ef1150, st_table * table=0x00000000, Procedure * procedure=0x00000000) Line 5640 + 0xf C++
mysqld.exe!JOIN::exec() Line 1488 + 0x2d C++
mysqld.exe!mysql_select(THD * thd=0x02eeee60, Item * * * rref_pointer_array=0x02ef0268, st_table_list * tables=0x02ef0530, unsigned int wild_num=0, List<Item> & fields={...}, Item * conds=0x00000000, unsigned int og_num=0, st_order * order=0x00000000, st_order * group=0x00000000, Item * having=0x00000000, st_order * proc_param=0x00000000, unsigned long select_options=310659584, select_result * result=0x02ef0700, st_select_lex_unit * unit=0x02ef0298, st_select_lex * select_lex=0x02ef0180) Line 1610 C++
mysqld.exe!mysql_derived(THD * thd=0x02eeee60, st_lex * lex=0x02eeee78, st_select_lex_unit * unit=0x02ef0298, st_table_list * org_table_list=0x02ef05c0) Line 177 + 0x7d C++
mysqld.exe!mysql_handle_derived(st_lex * lex=0x02eeee78) Line 60 + 0x27 C++
mysqld.exe!open_and_lock_tables(THD * thd=0x02eeee60, st_table_list * tables=0x02ef0690) Line 1634 + 0x28 C++
mysqld.exe!mysql_execute_command(THD * thd=0x02eeee60) Line 1908 + 0xd C++
mysqld.exe!mysql_parse(THD * thd=0x02eeee60, char * inBuf=0x02ef00c8, unsigned int length=62) Line 3935 + 0x9 C++
mysqld.exe!dispatch_command(enum_server_command command=COM_QUERY, THD * thd=0x02eeee60, char * packet=0x02ef4021, unsigned int packet_length=63) Line 1437 + 0x1d C++
mysqld.exe!do_command(THD * thd=0x02eeee60) Line 1253 + 0x31 C++
mysqld.exe!handle_one_connection(void * arg=0x02eeee60) Line 1003 + 0x9 C++
mysqld.exe!pthread_start(void * param=0x00e3ccb0) Line 63 + 0x7 C
mysqld.exe!_threadstart(void * ptd=0x02eec420) Line 173 + 0xd C
kernel32.dll!77e6d33b()
[10 May 2004 16:57]
Alexey Botchkov
Tested with the 4.1.2 tree mysqld-nt.exe and mysqld.exe
[11 May 2004 6:53]
MySQL Verification Team
Yes also I can confirm that with latest 4.1.2 (2004-05-10) the crash I found before not happens anymore.
Description: When executing the script under (how to repeat) the MySQL service will crash, this seems only to occurr with queries that are very similar to the one in the script where the subquery contains a mathematical function. The error is as follows: * The instruction at "0x00000003" referenced memory at "0x00000003". The memory could not be "read". Queries like this can be very handy because one may need to perform CASE WHEN statemens on the outside query, if you can use a subquery of this form it saves the database from calculating it multiple times, eg. Select CASE WHEN C > 5 THEN 9 ELSE CASE WHEN C < 2 THEN 1 ELSE 10 END FROM (select truncate(sum(a*a), 0) as c from data) as p; is a lot faster for the database than: Select CASE WHEN truncate(sum(a*a), 0) > 5 THEN 9 ELSE CASE WHEN truncate(sum(a*a), 0) < 2 THEN 1 ELSE 10 END FROM DATA How to repeat: SELECT 'This script will cause the following error:' As Information UNION ALL SELECT '------------------------------------------------------' UNION ALL SELECT 'mysqld-nt.exe - Application Error' UNION ALL SELECT '------------------------------------------------------' UNION ALL SELECT 'The instruction at "0x00000003" referenced ' UNION ALL SELECT 'memory at "0x00000003". The memory could not be "read".'; use mysql; drop database Crash; create database Crash; use Crash; SELECT 'Creating table data'; CREATE TABLE data ( A float8, B float8 ); INSERT INTO data(A, B) VALUES ('0.8', '0.9'); INSERT INTO data(A, B) VALUES ('0.8', '1.8'); INSERT INTO data(A, B) VALUES ('0.8', '2.7'); INSERT INTO data(A, B) VALUES ('0.8', '3.6'); INSERT INTO data(A, B) VALUES ('1.6', '0.9'); INSERT INTO data(A, B) VALUES ('1.6', '1.8'); INSERT INTO data(A, B) VALUES ('1.6', '2.7'); INSERT INTO data(A, B) VALUES ('1.6', '3.6'); SELECT 'EXECUTING CRASH QUERY.. MYSQL will crash here!' As Information; SELECT 'select C from (select truncate(sum(a), 0) as c from data) as p;' As Information; select C from (select truncate(sum(a), 0) as c from data) as p; Suggested fix: No Suggestions.