| Bug #36084 | name_const with negative, subquery, group by causes crash | ||
|---|---|---|---|
| Submitted: | 15 Apr 2008 8:34 | Modified: | 15 Apr 2008 8:54 |
| Reporter: | Shane Bester (Platinum Quality Contributor) | Email Updates: | |
| Status: | Duplicate | Impact on me: | |
| Category: | MySQL Server: DML | Severity: | S3 (Non-critical) |
| Version: | 5.0.58 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | name_const | ||
[15 Apr 2008 8:40]
Valeriy Kravchuk
Verified with 5.0.58 on 32-bit Windows. Stack trace is:
mysqld-nt.exe!change_to_use_tmp_fields(THD * thd=0x01a82ff0, Item * * ref_pointer_array=0x044ef3b0, List<Item> & res_selected_fields={...}, List<Item> & res_all_fields={...}, unsigned int elements=1, List<Item> & all_fields={...}) Line 14420 + 0x2d bytes C++
mysqld-nt.exe!JOIN::exec() Line 1754 + 0x2a bytes C++
mysqld-nt.exe!mysql_select(THD * thd=0x01a82ff0, Item * * * rref_pointer_array=0x01a84070, TABLE_LIST * tables=0x01aadc68, unsigned int wild_num=0, List<Item> & fields={...}, Item * conds=0x00000000, unsigned int og_num=1, st_order * order=0x00000000, st_order * group=0x01aadee8, Item * having=0x00000000, st_order * proc_param=0x00000000, unsigned __int64 select_options=2156153344, select_result * result=0x01aaeea0, st_select_lex_unit * unit=0x01a83cb0, st_select_lex * select_lex=0x01a83f40) Line 2298 C++
mysqld-nt.exe!handle_select(THD * thd=0x01a82ff0, st_lex * lex=0x01a83c50, select_result * result=0x01aaeea0, unsigned long setup_tables_done_option=0) Line 257 + 0x79 bytes C++
mysqld-nt.exe!mysql_execute_command(THD * thd=0x01a82ff0) Line 2720 + 0xa bytes C++
mysqld-nt.exe!mysql_parse(THD * thd=0x01a82ff0, const char * inBuf=0x01aacee0, unsigned int length=73, const char * * found_semicolon=0x055bfb64) Line 6159 C++
mysqld-nt.exe!dispatch_command(enum_server_command command=COM_QUERY, THD * thd=0x01a82ff0, char * packet=0x044e9ef1, unsigned int packet_length=74) Line 1876 C++
mysqld-nt.exe!do_command(THD * thd=0x00000000) Line 1580 + 0xe bytes C++
mysqld-nt.exe!handle_one_connection(void * arg=0x01a82ff0) Line 1186 + 0x9 bytes C++
mysqld-nt.exe!pthread_start(void * param=0x0472cce8) Line 85 + 0x3 bytes C
> mysqld-nt.exe!_threadstart(void * ptd=0x0473f048) Line 196 + 0x6 bytes C
kernel32.dll!7c80b683()
[15 Apr 2008 8:51]
Valeriy Kravchuk
Bug is NOT repeatable with recent 5.0.60-BK on Linux though:
openxs@suse:~/dbs/5.0> bin/mysql -uroot test
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.0.60 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> drop table if exists t1;
Query OK, 0 rows affected (0.06 sec)
mysql> create table t1(id int)engine=myisam;
Query OK, 0 rows affected (0.00 sec)
mysql> insert into t1 values (0),(1);
Query OK, 2 rows affected (0.00 sec)
Records: 2 Duplicates: 0 Warnings: 0
mysql> select name_const('b',-1) from (select 1 as a from t1) tbl group by tbl.a;
+------+
| b |
+------+
| -1 |
+------+
1 row in set (0.02 sec)
So, looks like this problem is fixed somehow in current sources.
[15 Apr 2008 8:54]
Valeriy Kravchuk
Actually, looks like a duplicate of http://bugs.mysql.com/bug.php?id=34749.
Description: server crashes when issueing a query with name_const, subquery and group by a field in the derived table. 00000000() mysqld-debug.exe!change_to_use_tmp_fields mysqld-debug.exe!JOIN::exec mysqld-debug.exe!mysql_select mysqld-debug.exe!handle_select mysqld-debug.exe!mysql_execute_command mysqld-debug.exe!mysql_parse mysqld-debug.exe!dispatch_command mysqld-debug.exe!do_command mysqld-debug.exe!handle_one_connection mysqld-debug.exe!pthread_start mysqld-debug.exe!_threadstart kernel32.dll!FlsSetValue How to repeat: drop table if exists t1; create table t1(id int)engine=myisam; insert into t1 values (0),(1); select name_const('b',-1) from (select 1 as a from t1) tbl group by tbl.a;