Bug #37719 Crash if rename Archive table to same name with different case and then select
Submitted: 28 Jun 2008 11:49 Modified: 11 Nov 2008 21:31
Reporter: Mattias Jonsson Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Archive storage engine Severity:S3 (Non-critical)
Version:5.1 OS:Linux
Assigned to: Mattias Jonsson CPU Architecture:Any

[28 Jun 2008 11:49] Mattias Jonsson
Description:
When having a case sensitive file system and lower_case_table_names = 0 (as default on Unix/Linux, accept for Mac OS X), it is possible to crash the server when having two tables with the same name but different name cases, if one first renames and then select (see below).

How to repeat:
--source include/have_archive.inc
SHOW VARIABLES LIKE '%case%';
CREATE TABLE TABLEA (a INT) ENGINE = 'Archive';
INSERT INTO TABLEA VALUES (1), (2), (7), (8), (9), (10);
CREATE TABLE tablea (a INT) ENGINE = 'Archive';
INSERT INTO tablea VALUES (1), (2), (7), (8), (9), (10);
SHOW TABLES;
RENAME TABLE TABLEA to tableA;
--echo # with this execution order, it will crash in the following statement:
SELECT * FROM tablea;

Result:
mysqltest: At line 10: query 'SELECT * FROM tablea' failed: 2013: Lost connection to MySQL server during query

The result from queries just before the failure was:
SHOW VARIABLES LIKE '%case%';
Variable_name	Value
lower_case_file_system	OFF
lower_case_table_names	0
CREATE TABLE TABLEA (a INT) ENGINE = 'Archive';
INSERT INTO TABLEA VALUES (1), (2), (7), (8), (9), (10);
CREATE TABLE tablea (a INT) ENGINE = 'Archive';
INSERT INTO tablea VALUES (1), (2), (7), (8), (9), (10);
SHOW TABLES;
Tables_in_test
TABLEA
tablea
RENAME TABLE TABLEA to tableA;
# with this execution order, it will crash in the following statement:
SELECT * FROM tablea;

Suggested fix:
Have not investigated it further, fix the bug :)
[28 Jun 2008 12:13] Sveta Smirnova
Thank you for the report.

Verified as described.
[31 Jul 2008 7:20] Giuseppe Maxia
Can't repeat the crash with latest 5.1.26-rc binaries on Ubuntu 8.04.

The given test does not crash she server, but it marks "tablea" as corrupt.
It only affects the archive engine. 
Changed the description to reflect this fact.

drop table if exists TABLEA
Query OK, 0 rows affected, 1 warning

drop table if exists tablea
Query OK, 0 rows affected

drop table if exists tableA
Query OK, 0 rows affected

SHOW VARIABLES LIKE '%case%'
+------------------------+-------+
| Variable_name          | Value |
+------------------------+-------+
| lower_case_file_system | OFF   | 
| lower_case_table_names | 0     | 
+------------------------+-------+
2 rows in set

CREATE TABLE TABLEA (a INT) ENGINE = 'Archive'
Query OK, 0 rows affected

INSERT INTO TABLEA VALUES (1), (2), (7), (8), (9), (10)
Query OK, 6 rows affected
Records: 6  Duplicates: 0  Warnings: 0

CREATE TABLE tablea (a INT) ENGINE = 'Archive'
Query OK, 0 rows affected

INSERT INTO tablea VALUES (1), (2), (7), (8), (9), (10)
Query OK, 6 rows affected
Records: 6  Duplicates: 0  Warnings: 0

SHOW TABLES
+----------------+
| Tables_in_test |
+----------------+
| TABLEA         | 
| tablea         | 
+----------------+
2 rows in set

RENAME TABLE TABLEA to tableA
Query OK, 0 rows affected

SELECT * FROM tablea
ERROR 1194 (HY000) at line 13: Table 'tablea' is marked as crashed and should be repaired
[3 Oct 2008 12:30] Mattias Jonsson
Here is another test on the same theme:
CREATE TABLE TableA (a INT) ENGINE = 'Archive';
INSERT INTO TableA VALUES (1), (2), (7), (8), (9), (10);
INSERT INTO TableA VALUES (3), (4), (5), (6), (11), (12);
CREATE TABLE tablea (a INT) ENGINE = 'Archive';
INSERT INTO tablea VALUES (1), (2), (7), (8), (9), (10);
SELECT * FROM tablea;
a
1
2
7
8
9
10
3
4
5
6
11
12
1
2
7
8
9
10

I inactivate the parts.partition_mgm_lc0_archive because of that. Please test and enable it when pushing.
[3 Oct 2008 14:25] Mattias Jonsson
I found the problem: it uses the system_charset, which is not case sensitive, for comparing archive_share's

The fix is simple:
=== modified file 'storage/archive/ha_archive.cc'
--- storage/archive/ha_archive.cc	2008-07-23 08:52:08 +0000
+++ storage/archive/ha_archive.cc	2008-10-03 14:11:17 +0000
@@ -177,7 +177,7 @@
 
   if (pthread_mutex_init(&archive_mutex, MY_MUTEX_INIT_FAST))
     goto error;
-  if (hash_init(&archive_open_tables, system_charset_info, 32, 0, 0,
+  if (hash_init(&archive_open_tables, &my_charset_bin, 32, 0, 0,
                 (hash_get_key) archive_get_key, 0, 0))
   {
     pthread_mutex_destroy(&archive_mutex);
[3 Oct 2008 17:25] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/55281

2689 Mattias Jonsson	2008-10-03
      Bug#37719: Crash if rename Archive table to same name with different
      case and then select
      
      Problem was that the archive share was using a case insensitive
      charset when comparing table names
      
      Solution was to use a case sensitive char set when the table
      names are case sensitive
      12345678901234567890123456789012345678901234567890123456789012345678901234567890
[3 Oct 2008 17:26] Mattias Jonsson
Assigning myself, since I had a patch...
[3 Oct 2008 18:09] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/55283

2689 Mattias Jonsson	2008-10-03
      Bug#37719: Crash if rename Archive table to same name with different
      case and then select
      
      Problem was that the archive share was using a case insensitive
      charset when comparing table names
      
      Solution was to use a case sensitive char set when the table
      names are case sensitive
[7 Oct 2008 9:48] Mattias Jonsson
closed bug#38055 as a duplicate of this
[5 Nov 2008 21:27] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/57949

2697 Mattias Jonsson	2008-11-05 [merge]
      merge and pre push fix for test of bug#37719
[6 Nov 2008 10:08] Mattias Jonsson
pushed into mysql-5.1-bugteam and mysql-6.0-bugteam
[10 Nov 2008 10:52] Bugs System
Pushed into 6.0.8-alpha  (revid:mattias.jonsson@sun.com-20081105212639-hbh6mjexr896gy6m) (version source revid:mattias.jonsson@sun.com-20081106061815-rub56lesg18z5ens) (pib:5)
[10 Nov 2008 11:36] Bugs System
Pushed into 5.1.30  (revid:mattias.jonsson@sun.com-20081105212639-hbh6mjexr896gy6m) (version source revid:mattias.jonsson@sun.com-20081106062907-gkpe2vr84le6c7wm) (pib:5)
[11 Nov 2008 16:05] Paul Dubois
The versions are actually 5.1.31, 6.0.9.
[11 Nov 2008 21:31] Paul Dubois
Noted in 5.1.31, 6.0.9 changelogs.

Renaming an ARCHIVE table to the same name with different lettercase
and then selecting from it could cause a server crash.
[19 Jan 2009 11:26] Bugs System
Pushed into 5.1.31-ndb-6.2.17 (revid:tomas.ulin@sun.com-20090119095303-uwwvxiibtr38djii) (version source revid:tomas.ulin@sun.com-20090108105244-8opp3i85jw0uj5ib) (merge vers: 5.1.31-ndb-6.2.17) (pib:6)
[19 Jan 2009 13:03] Bugs System
Pushed into 5.1.31-ndb-6.3.21 (revid:tomas.ulin@sun.com-20090119104956-guxz190n2kh31fxl) (version source revid:tomas.ulin@sun.com-20090119104956-guxz190n2kh31fxl) (merge vers: 5.1.31-ndb-6.3.21) (pib:6)
[19 Jan 2009 16:09] Bugs System
Pushed into 5.1.31-ndb-6.4.1 (revid:tomas.ulin@sun.com-20090119144033-4aylstx5czzz88i5) (version source revid:tomas.ulin@sun.com-20090119144033-4aylstx5czzz88i5) (merge vers: 5.1.31-ndb-6.4.1) (pib:6)