Bug #3398 create table ... select case crash of server
Submitted: 6 Apr 2004 9:06 Modified: 18 Apr 2004 9:25
Reporter: Oleksandr Byelkin Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:4.1 OS:Any (all)
Assigned to: Oleksandr Byelkin CPU Architecture:Any

[6 Apr 2004 9:06] Oleksandr Byelkin
Description:
create table ... select case crash of server  

How to repeat:
static void test_create_drop() 
{ 
  MYSQL_STMT *stmt_create, *stmt_drop, *stmt_select, *stmt_create_select; 
  char *query; 
  int rc, i; 
  myheader("test_table_manipulation"); 
   
  rc = mysql_query(mysql, "DROP TABLE IF EXISTS t1,t2"); 
  myquery(rc); 
 
  rc= mysql_query(mysql,"create table t2 (a int);"); 
  myquery(rc); 
 
  rc= mysql_query(mysql,"create table t1 (a int);"); 
  myquery(rc); 
 
  rc= mysql_query(mysql, "insert into t2 values (3), (2), (1);"); 
  myquery(rc); 
   
  query= (char*)"create table t1 (a int)"; 
  stmt_create= mysql_prepare(mysql, query, strlen(query)); 
  mystmt_init(stmt_create); 
 
  query= (char*)"drop table t1"; 
  stmt_drop= mysql_prepare(mysql, query, strlen(query)); 
  mystmt_init(stmt_drop); 
 
  query= (char*)"select a in (select a from t2) from t1"; 
  stmt_select= mysql_prepare(mysql, query, strlen(query)); 
  mystmt_init(stmt_select); 
   
  rc= mysql_query(mysql, "DROP TABLE t1"); 
  myquery(rc); 
 
 
  query= (char*)"create table t1 select a from t2"; 
  stmt_create_select= mysql_prepare(mysql, query, strlen(query)); 
  mystmt_init(stmt_create_select); 
 
  for (i= 0; i < 3; i++) 
  { 
    rc= mysql_execute(stmt_create); 
    mystmt(stmt_create, rc); 
    fprintf(stdout, "created %i\n", i); 
 
    rc= mysql_execute(stmt_select); 
    mystmt(stmt_select, rc); 
    assert(0 == my_process_stmt_result(stmt_select)); 
 
    rc= mysql_execute(stmt_drop); 
    mystmt(stmt_drop, rc); 
    fprintf(stdout, "droped %i\n", i); 
 
    rc= mysql_execute(stmt_create_select); 
    mystmt(stmt_create, rc); 
    fprintf(stdout, "created select %i\n", i); 
 
    rc= mysql_execute(stmt_select); 
    mystmt(stmt_select, rc); 
    assert(3 == my_process_stmt_result(stmt_select)); 
 
    rc= mysql_execute(stmt_drop); 
    mystmt(stmt_drop, rc); 
    fprintf(stdout, "droped %i\n", i); 
  } 
   
  mysql_stmt_close(stmt_create); 
  mysql_stmt_close(stmt_drop); 
  mysql_stmt_close(stmt_select); 
  mysql_stmt_close(stmt_create_select); 
 
  rc= mysql_query(mysql, "DROP TABLE t2"); 
  myquery(rc); 
} 
 

Suggested fix:
[7 Apr 2004 14:24] Oleksandr Byelkin
ChangeSet 
  1.1773 04/04/08 00:16:17 bell@sanja.is.com.ua +39 -0 
  new error for unsupported command in PS 
  fixed IN subselect with basic constant left expression 
  SQLCOM_CREATE_TABLE, SQLCOM_UPDATE_MULTI, SQLCOM_REPLACE_SELECT, 
SQLCOM_INSERT_SELECT, QLCOM_DELETE_MULTI fixed to be compatible with PS 
(BUG#3398, BUG#3406) 
  fixed multiupdate privelege check (BUG#3408) 
  fixed multiupdate tables check (BUG#3411) 
  unchecked commands now is rejected by PS protocol to avoid serever crash 
  fixed cleunup procedure to be compatible sith DO/SET (BUG#3393)
[18 Apr 2004 9:25] Oleksandr Byelkin
pushed