Bug #3752 mysqld-nt crashes with group_concat()
Submitted: 13 May 2004 23:52 Modified: 15 May 2004 10:31
Reporter: Edmund Mierzwa Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:4.1.2 OS:Any (all)
Assigned to: Oleksandr Byelkin

[13 May 2004 23:52] Edmund Mierzwa
Description:
It appears group_concat() crashes the server when an expression is used in the group_concat(expr) function with "order by" and a table join is being used.

Removing the "order by" or the expression calculation from the second group_concat() eliminates the problem.

Build from BitKeeper Source Distribution on or around 4/14/2004.

How to repeat:
drop table if exists a,b;
create table a (class char(10), human_years integer);
create table b (class char(10), name char(10), age integer, id_no integer AUTO_INCREMENT PRIMARY KEY);
insert into a (class, human_years) values('dog', 7),('cat', 12);
insert into b (class, name, age) values('dog','fido', 9),('dog','spot', 3),('cat','fluffy', 8);

/* this crashes the server */
select a.class
,group_concat(b.name order by b.id_no) as names
,group_concat(a.human_years*b.age order by b.id_no) as effective_age 
from a, b
where a.class=b.class
group by a.class;

/* this does not */
select a.class
,group_concat(b.name order by b.id_no) as names
,group_concat(a.human_years*b.age) as effective_age
from a, b
where a.class=b.class
group by a.class;

/* this does not */
select a.class
,group_concat(b.name order by b.id_no) as names
,group_concat(b.age order by b.id_no) as effective_age
from a, b
where a.class=b.class
group by a.class;

/* expected results with "order by" */
+--------+-----------+---------------+
| class  | names     | effective_age |
+--------+-----------+---------------+
| cat    | fluffy    | 96            |
| dog    | fido,spot | 63,21         |
+--------+-----------+---------------+
[14 May 2004 0:52] Dean Ellis
Verified against 4.1.2 (occurs in Linux also).  Thank you for the report!

CREATE TABLE t1 ( a int );
CREATE TABLE t2 ( a int );
INSERT INTO t1 VALUES (1), (2);
INSERT INTO t2 VALUES (1), (2);
SELECT GROUP_CONCAT(t1.a*t2.a ORDER BY t1.a) FROM t1, t2 GROUP BY t1.a;
DROP TABLE t1, t2;
[14 May 2004 0:56] Miguel Solorzano
Thank you for the bug report I was able to repeat with server
built with BK tree 2004-05-12:

/ctype-utf8.c
--1971--

static int my_strcasecmp_utf8(CHARSET_INFO *cs, const char *s, const char *t)
{
  uint s_len=strlen(s);
  uint t_len=strlen(t);
^^^^^^^^^^^^^^^^^^^^^^^^^^

CALL STACK:

 	mysqld.exe!strlen()  Line 78	Asm
>	mysqld.exe!my_strcasecmp_utf8(charset_info_st * cs=0x007c8f18, const char * s=0x00000000, const char * t=0x00e5fc8c)  Line 1973 + 0x9	C
 	mysqld.exe!find_item_in_list(Item * find=0x02f0b358, List<Item> & items={...}, unsigned int * counter=0x03e0f044, find_item_error_report_type report_error=IGNORE_ERRORS)  Line 2099 + 0x21	C++
 	mysqld.exe!find_order_in_list(THD * thd=0x00e5b7f8, Item * * ref_pointer_array=0x00e55220, st_table_list * tables=0x00e55280, st_order * order=0x00e54fb0, List<Item> & fields={...}, List<Item> & all_fields={...})  Line 7984 + 0x13	C++
 	mysqld.exe!setup_group(THD * thd=0x00e5b7f8, Item * * ref_pointer_array=0x00e55220, st_table_list * tables=0x00e55280, List<Item> & fields={...}, List<Item> & all_fields={...}, st_order * order=0x00e54fb0, int * hidden_group_fields=0x03e0f0ec)  Line 8075 + 0x1d	C++
 	mysqld.exe!Item_func_group_concat::setup(THD * thd=0x00e5b7f8)  Line 2006 + 0x32	C++
 	mysqld.exe!JOIN::make_sum_func_list(List<Item> & field_list={...}, List<Item> & send_fields={...}, int before_group_by=0)  Line 8603 + 0x18	C++
 	mysqld.exe!JOIN::optimize()  Line 955 + 0x1d	C++
 	mysqld.exe!mysql_select(THD * thd=0x00e5b7f8, Item * * * rref_pointer_array=0x00e5ba00, st_table_list * tables=0x00e55280, unsigned int wild_num=0, List<Item> & fields={...}, Item * conds=0x00e55478, unsigned int og_num=1, st_order * order=0x00000000, st_order * group=0x00e555a8, Item * having=0x00000000, st_order * proc_param=0x00000000, unsigned long select_options=42224128, select_result * result=0x00e555e0, st_select_lex_unit * unit=0x00e5b81c, st_select_lex * select_lex=0x00e5b914)  Line 1621 + 0x8	C++
 	mysqld.exe!handle_select(THD * thd=0x00e5b7f8, st_lex * lex=0x00e5b810, select_result * result=0x00e555e0)  Line 192 + 0x87	C++
 	mysqld.exe!mysql_execute_command(THD * thd=0x00e5b7f8)  Line 1969 + 0x11	C++
 	mysqld.exe!mysql_parse(THD * thd=0x00e5b7f8, char * inBuf=0x00e548b8, unsigned int length=181)  Line 3887 + 0x9	C++
 	mysqld.exe!dispatch_command(enum_server_command command=COM_QUERY, THD * thd=0x00e5b7f8, char * packet=0x00e50851, unsigned int packet_length=182)  Line 1457 + 0x1d	C++
 	mysqld.exe!do_command(THD * thd=0x00e5b7f8)  Line 1272 + 0x31	C++
 	mysqld.exe!handle_one_connection(void * arg=0x00e5b7f8)  Line 1016 + 0x9	C++
 	mysqld.exe!pthread_start(void * param=0x00e5d6f8)  Line 63 + 0x7	C
 	mysqld.exe!_threadstart(void * ptd=0x00e4fe78)  Line 173 + 0xd	C
 	kernel32.dll!77e6d33b()
[14 May 2004 17:56] Oleksandr Byelkin
ChangeSet 
  1.1855 04/05/14 18:55:24 bell@sanja.is.com.ua +3 -0 
  check of item name presence in find_item_in_list (Bug #3752)
[15 May 2004 10:31] Oleksandr Byelkin
Thank you for bugreport. Bug is fixed and patch for this bug is sent to our 
internal repository. It will be present in next server release.