Bug #34774 key prefix on text field in federated tables can cause server to crash!
Submitted: 23 Feb 2008 10:44 Modified: 8 Dec 2008 16:49
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Federated storage engine Severity:S1 (Critical)
Version:5.0.56, 5.0.56-debug OS:Any
Assigned to: Ramil Kalimullin CPU Architecture:Any

[23 Feb 2008 10:44] Shane Bester
Description:
key prefix on text field in federated tables can cause server to crash!

mysqld-debug.exe!memcpy
mysqld-debug.exe!store_record_in_cache
mysqld-debug.exe!sub_select_cache
mysqld-debug.exe!evaluate_join_record
mysqld-debug.exe!sub_select
mysqld-debug.exe!do_select
mysqld-debug.exe!JOIN::exec
mysqld-debug.exe!mysql_select
mysqld-debug.exe!handle_select
mysqld-debug.exe!mysql_execute_command
mysqld-debug.exe!mysql_parse
mysqld-debug.exe!dispatch_command
mysqld-debug.exe!do_command
mysqld-debug.exe!handle_one_connection
mysqld-debug.exe!pthread_start
mysqld-debug.exe!_threadstart

How to repeat:
this is a memory corruption. therefore, if it doesn't crash on first run, restart server and execute the query few hundred times.  if still not crashing, run under valgrind.  windows debug binaries crashed with 95% chance on first attempt.

create database if not exists `realdb`;
create database if not exists `test`;
drop table if exists `test`.`t0`;
drop table if exists `realdb`.`t0`;
create table `realdb`.`t0`(`a` text,`b` text,key (`b`(1)))engine=myisam;
insert into `realdb`.`t0` values (null,null);
insert into `realdb`.`t0` values (null,null);
insert into `realdb`.`t0` values (null,null);
insert into `realdb`.`t0` values (null,null);
create table `test`.`t0`(`a` text,`b` text,key (`b`(1)))engine=federated connection='mysql://root@127.0.0.1:3306/realdb/t0';
select `t0`.`a` from `test`.t0   as `t0`,`test`.t0 as `t1` where `t1`.`b` not like `t0`.`b`;
[23 Feb 2008 10:55] MySQL Verification Team
according to http://dev.mysql.com/doc/refman/5.0/en/federated-limitations.html key prefixes should not be allowed.
[26 Feb 2008 10:45] Valeriy Kravchuk
Thank you for a bug report. 5.0.56 non-debug binaries also crash, with the same stack trace.
[5 May 2008 4:49] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/46343

ChangeSet@1.2613, 2008-05-05 09:49:39+05:00, ramil@mysql.com +2 -0
  Test case for bug #34774: key prefix on text field in federated 
  tables can cause server to crash!
  
  The bug will be fixed by patch for #34779: "crash in checksum table
  on federated tables with blobs containing nulls"
  
  Only a test case commited.
[26 Aug 2008 12:00] Alexey Botchkov
Ok to push the testcase
[14 Nov 2008 7:42] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/58720

2715 Ramil Kalimullin	2008-11-14
      Test case for bug #34774: key prefix on text field in federated 
      tables can cause server to crash!
      
      The bug will be fixed by patch for #34779: "crash in checksum table
      on federated tables with blobs containing nulls"
      
      Only a test case commited.
[2 Dec 2008 13:00] Bugs System
Pushed into 5.0.74  (revid:ramil@mysql.com-20081114074229-vj4fvfrpmz8jfub9) (version source revid:ramil@mysql.com-20081114074229-vj4fvfrpmz8jfub9) (pib:5)
[2 Dec 2008 21:19] Paul DuBois
The patch for this bug report affects a test case only. No changelog entry needed.

Setting report to NDI pending push into 5.1.x, 6.0.x.
[8 Dec 2008 10:19] Bugs System
Pushed into 5.1.31  (revid:ramil@mysql.com-20081114074229-vj4fvfrpmz8jfub9) (version source revid:ramil@mysql.com-20081114094801-0jsu52xk59fb4n0g) (pib:5)
[8 Dec 2008 11:30] Bugs System
Pushed into 6.0.9-alpha  (revid:ramil@mysql.com-20081114074229-vj4fvfrpmz8jfub9) (version source revid:ingo.struewing@sun.com-20081121151447-dtf2ofz2ys0zqed1) (pib:5)
[8 Dec 2008 16:49] Paul DuBois
Test case changes only. No changelog entry needed.
[19 Jan 2009 11:27] Bugs System
Pushed into 5.1.31-ndb-6.2.17 (revid:tomas.ulin@sun.com-20090119095303-uwwvxiibtr38djii) (version source revid:tomas.ulin@sun.com-20090108105244-8opp3i85jw0uj5ib) (merge vers: 5.1.31-ndb-6.2.17) (pib:6)
[19 Jan 2009 13:05] Bugs System
Pushed into 5.1.31-ndb-6.3.21 (revid:tomas.ulin@sun.com-20090119104956-guxz190n2kh31fxl) (version source revid:tomas.ulin@sun.com-20090119104956-guxz190n2kh31fxl) (merge vers: 5.1.31-ndb-6.3.21) (pib:6)
[19 Jan 2009 16:11] Bugs System
Pushed into 5.1.31-ndb-6.4.1 (revid:tomas.ulin@sun.com-20090119144033-4aylstx5czzz88i5) (version source revid:tomas.ulin@sun.com-20090119144033-4aylstx5czzz88i5) (merge vers: 5.1.31-ndb-6.4.1) (pib:6)