Bug #34337 Server crash when Altering a view using a table name
Submitted: 6 Feb 2008 1:37 Modified: 15 Mar 2008 9:18
Reporter: Omer Barnir (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Views Severity:S3 (Non-critical)
Version:5.1.23 OS:Any
Assigned to: Alexander Nozdrin CPU Architecture:Any
Triage: D1 (Critical)

[6 Feb 2008 1:37] Omer Barnir
Description:
If trying to use alter view but specifying an object that is a table, the server crashes

Example:

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.23-rc-advanced-gpl-log MySQL Advanced Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database omer1;
Query OK, 1 row affected (0.00 sec)

mysql> use omer1
Database changed

mysql> create table ttt (i int);
Query OK, 0 rows affected (0.01 sec)

mysql> ALTER ALGORITHM=TEMPTABLE SQL SECURITY INVOKER VIEW ttt (d) AS SELECT (1);
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>                                                                  

The problem is not observed in 5.1.22 where an error:
ERROR 1347 (HY000): 'omer1.ttt' is not VIEW
is returned as expected

How to repeat:
Follow the above

Suggested fix:
Return the error as in 5.1.22
[15 Feb 2008 9:01] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/42331

ChangeSet@1.2552, 2008-02-15 12:01:11+03:00, anozdrin@quad. +3 -0
  Fix for Bug#34337: Server crash when Altering a view using
  a table name.
  
  The problem was that in some cases lex->definer->user and
  lex->definer->host are NULL, but they were still passed
  to strcmp-functions.
  
  The fix is to check for NULL before passing strings.
[20 Feb 2008 11:59] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/42636

ChangeSet@1.2561, 2008-02-20 15:00:07+03:00, anozdrin@quad. +3 -0
  Fix for Bug#34337: Server crash when Altering a view using
  a table name.
  
  The problem was that fill_defined_view_parts() did not return
  an error if a table is going to be altered. That happened if
  the table was already in the table cache. In that case,
  open_table() returned non-NULL value (valid TABLE-instance from
  the cache).
  
  The fix is to ensure that an error is thrown even if the table
  is in the cache.
[20 Feb 2008 18:55] Konstantin Osipov
Second review sent by mail.
[20 Feb 2008 19:23] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/42688

ChangeSet@1.2561, 2008-02-20 22:23:39+03:00, anozdrin@quad. +3 -0
  Fix for Bug#34337: Server crash when Altering a view using
  a table name.
  
  The problem was that fill_defined_view_parts() did not return
  an error if a table is going to be altered. That happened if
  the table was already in the table cache. In that case,
  open_table() returned non-NULL value (valid TABLE-instance from
  the cache).
  
  The fix is to ensure that an error is thrown even if the table
  is in the cache.
[21 Feb 2008 9:23] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/42735

ChangeSet@1.2582, 2008-02-21 12:17:32+03:00, anozdrin@quad. +5 -0
  Fix for Bug#34337: Server crash when Altering a view using
  a table name.
    
  The problem was that fill_defined_view_parts() did not return
  an error if a table is going to be altered. That happened if
  the table was already in the table cache. In that case,
  open_table() returned non-NULL value (valid TABLE-instance from
  the cache).
    
  The fix is to ensure that an error is thrown even if the table
  is in the cache.
  
  (This is a backport of the original patch for 5.1)
[21 Feb 2008 9:54] Alexander Nozdrin
Pushed into 5.0-runtime.
[3 Mar 2008 18:14] Bugs System
Pushed into 5.0.58
[3 Mar 2008 18:19] Bugs System
Pushed into 5.1.24-rc
[3 Mar 2008 18:20] Bugs System
Pushed into 6.0.5-alpha
[15 Mar 2008 9:18] Jon Stephens
Documented bugfix in the 5.0.58, 5.1.24, and 6.0.5 changelogs as follows:

        Executing an ALTER VIEW statement on a table crashed the server.
[2 Apr 2008 19:43] Jon Stephens
Also noted in the 5.1.23-ndb-6.3.11 changelog.