Bug #39021 SELECT REGEXP BINARY NULL never returns
Submitted: 25 Aug 2008 20:40 Modified: 17 Oct 2008 18:13
Reporter: Elan Ruusamäe (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S3 (Non-critical)
Version:5.0.67-log OS:Linux (Windows)
Assigned to: Ramil Kalimullin CPU Architecture:Any
Triage: D1 (Critical)

[25 Aug 2008 20:40] Elan Ruusamäe
Description:
mysql> select '' regexp binary null;

This statement never returns. from mysqladmin processlist the command invoked is not even seen as state is 'Sleep'.

this could be marked critical as if timeouts don't apply to this connection, one could occupy all connections up to max_connections.

strace doesn't show anything:
# strace -p 9408
Process 9408 attached - interrupt to quit
select(6, [4 5], NULL, NULL, NULL

lsof output:
mysqld  9408 mysql    4u  IPv4           25095751              TCP 192.168.1.2:3306 (LISTEN)
mysqld  9408 mysql    5u  unix 0xffff810015b98300         25095752 /var/lib/mysql/mysqldb/mysql.sock

however it returns when BINARY not used:
mysql> select '' regexp null;
+----------------+
| '' regexp null |
+----------------+
|           NULL |
+----------------+
1 row in set (0.02 sec)

How to repeat:
mysql> select '' regexp binary null;
mysql> select null regexp binary null;
[26 Aug 2008 0:04] Miguel Solorzano
Thank you for the bug report. Current source server hangs with 5.0.67 and a crash happens with 5.1/6.0 tree and 5.0.22 crashed too:

Server version: 5.0.70-nt-debug-log Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql 5.0 > use test
Database changed
mysql 5.0 > select '' regexp binary null;
Query aborted by Ctrl+C

Version: '5.1.28-nt-debug-log'  socket: ''  port: 3510  Source distribution
Assertion failed: 0, file .\protocol.cc, line 416
080825 20:58:17 - mysqld got exception 0x80000003 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=8388572
read_buffer_size=131072
max_used_connections=1
max_threads=151
threads_connected=1
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 337706 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0x1e9e050
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
009B9434    mysqld.exe!_NMSG_WRITE()[crt0msg.c:195]
009A79BA    mysqld.exe!abort()[abort.c:44]
009A5122    mysqld.exe!_assert()[assert.c:306]
0059D704    mysqld.exe!net_end_statement()[protocol.cc:416]
0066AA8E    mysqld.exe!dispatch_command()[sql_parse.cc:1503]
006695C7    mysqld.exe!do_command()[sql_parse.cc:794]
00778B64    mysqld.exe!handle_one_connection()[sql_connect.cc:1115]
0083E4B6    mysqld.exe!pthread_start()[my_winthread.c:85]
009AD567    mysqld.exe!_threadstart()[thread.c:196]
7C80B713    kernel32.dll!GetModuleFileNameA()
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 01EEE8A8=select '' regexp binary null
thd->thread_id=1
thd->killed=NOT_KILLED
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.
[26 Aug 2008 6:50] Elan Ruusamäe
seems the timeouts still apply, at some point i did get:

mysql> select '' regexp binary null;
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>
[29 Aug 2008 12:59] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/52904

2674 Ramil Kalimullin	2008-08-29
      Fix for bug #39021: SELECT REGEXP BINARY NULL never returns
      
      Problem: SELECT ... REGEXP BINARY NULL may lead to server crash/hang.
      
      Fix: properly handle NULL regular expressions.
[5 Sep 2008 8:30] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53300

2683 Ramil Kalimullin	2008-09-05
      Fix for bug #39021: SELECT REGEXP BINARY NULL never returns
      
      Problem: SELECT ... REGEXP BINARY NULL may lead to server crash/hang.
      
      Fix: properly handle NULL regular expressions.
[8 Sep 2008 11:00] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/53507

2683 Ramil Kalimullin	2008-09-05
      Fix for bug #39021: SELECT REGEXP BINARY NULL never returns
      
      Problem: SELECT ... REGEXP BINARY NULL may lead to server crash/hang.
      
      Fix: properly handle NULL regular expressions.
[15 Sep 2008 8:10] Bugs System
Pushed into 5.0.70  (revid:ramil@mysql.com-20080905083001-q378ky39otzvjowe) (version source revid:kgeorge@mysql.com-20080910094058-fygie2nur8py7y8j) (pib:3)
[15 Sep 2008 8:30] Bugs System
Pushed into 5.1.29  (revid:ramil@mysql.com-20080905083001-q378ky39otzvjowe) (version source revid:kgeorge@mysql.com-20080910094421-1i1kxv3n1bxskiqa) (pib:3)
[15 Sep 2008 18:59] Paul Dubois
Noted in 5.0.70, 5.1.29 changelogs.

Queries of the form SELECT ... REGEXP BINARY NULL could lead to a
hung or crashed server.

Setting report to NDI pending push into 6.0.x.
[1 Oct 2008 16:00] Bugs System
Pushed into 5.1.29  (revid:ramil@mysql.com-20080905083001-q378ky39otzvjowe) (version source revid:kgeorge@mysql.com-20080910094421-1i1kxv3n1bxskiqa) (pib:4)
[1 Oct 2008 17:17] Paul Dubois
Setting report to NDI pending push into 6.0.x.
[17 Oct 2008 16:42] Bugs System
Pushed into 6.0.8-alpha  (revid:ramil@mysql.com-20080905083001-q378ky39otzvjowe) (version source revid:kpettersson@mysql.com-20080911114255-81pt7q1uvl1fkojq) (pib:5)
[17 Oct 2008 18:13] Paul Dubois
Noted in 6.0.8 changelog.
[28 Oct 2008 21:03] Bugs System
Pushed into 5.1.29-ndb-6.2.17  (revid:ramil@mysql.com-20080905083001-q378ky39otzvjowe) (version source revid:tomas.ulin@sun.com-20081028140209-u4emkk1xphi5tkfb) (pib:5)
[28 Oct 2008 22:21] Bugs System
Pushed into 5.1.29-ndb-6.3.19  (revid:ramil@mysql.com-20080905083001-q378ky39otzvjowe) (version source revid:tomas.ulin@sun.com-20081028194045-0353yg8cvd2c7dd1) (pib:5)
[1 Nov 2008 9:47] Bugs System
Pushed into 5.1.29-ndb-6.4.0  (revid:ramil@mysql.com-20080905083001-q378ky39otzvjowe) (version source revid:jonas@mysql.com-20081101082305-qx5a1bj0z7i8ueys) (pib:5)