Bug #32158 Crash in open_table_from_share, on mysql_unpack_partition errors
Submitted: 7 Nov 2007 5:36 Modified: 14 Jan 2008 20:17
Reporter: Marc Alff Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: DDL Severity:S1 (Critical)
Version:5.1 OS:Any
Assigned to: Sergei Glukhov CPU Architecture:Any
Triage: D1 (Critical)

[7 Nov 2007 5:36] Marc Alff
Description:
In the function open_table_from_share(), the following happens:

[1] bzero((char*) outparam, sizeof(*outparam));
[2] tmp= mysql_unpack_partition(..., outparam, ...)
[3] outparam->part_info->is_auto_partitioned= ...

The problem is that, when mysql_unpack_partition fails,
the output parameter 'outparam' is not properly set,
so that 'outparam->part_info' is NULL, and using it causes a crash

The failure itself can not be reproduced easily: it was caused by an
unrelated bug, causing mysql_unpack_partition() to return an error.

How to repeat:
This report can be verified by code review

Suggested fix:
Check for the result of mysql_unpack_partition() before using outparam
[7 Nov 2007 17:52] Miguel Solorzano
Thank you for the bug report.
[13 Nov 2007 13:14] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/37666

ChangeSet@1.2611, 2007-11-13 17:08:46+04:00, gluh@mysql.com +1 -0
  Bug#32158 Crash in open_table_from_share, on mysql_unpack_partition errors
  added check for the result of mysql_unpack_partition()
[19 Nov 2007 8:47] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/38033

ChangeSet@1.2630, 2007-11-19 12:42:25+04:00, gluh@mysql.com +1 -0
  Bug#32158 Crash in open_table_from_share, on mysql_unpack_partition errors
  added check for the result of mysql_unpack_partition()
[14 Dec 2007 8:16] Bugs System
Pushed into 5.1.23-rc
[14 Dec 2007 8:20] Bugs System
Pushed into 6.0.5-alpha
[14 Jan 2008 20:17] Jon Stephens
Documented bugfix in 5.1.23 and 6.0.5 changelogs as follows:

        An error in the internal function
        mysql_unpack_partition() led to a fatal
        error in subsequent calls to
        open_table_from_share().