Bug #41015 The client program with CURSOR_TYPE_READ_ONLY can make mysqld crash.
Submitted: 25 Nov 2008 14:10 Modified: 2 Dec 2008 23:16
Reporter: Masahiro Tomita Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.0.67 OS:Linux (Ubuntu 8.10)
Assigned to: CPU Architecture:Any

[25 Nov 2008 14:10] Masahiro Tomita 
Description:
The client program with CURSOR_TYPE_READ_ONLY can make mysqld crash.

error log:

081125 22:46:20 - mysqld got signal 11 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=8384512
read_buffer_size=131072
max_used_connections=1
max_connections=100
threads_connected=1
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 225787 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd=0x990bb58
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
Cannot determine thread, fp=0xb52508b8, backtrace may not be correct.
Stack range sanity check OK, backtrace follows:
0x81bcacf
0x82c6d02
0x8226413
0x82251af
0x81d1ec8
0x81dc809
0x81d02a4
0xb808c50f
0xb7f987ee
New value of fp=(nil) failed sanity check, terminating stack trace!
Please read http://dev.mysql.com/doc/mysql/en/using-stack-trace.html and follow instructions on how to resolve the stack trace. Resolved
stack trace is much more helpful in diagnosing the problem, so please do
resolve it
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0x9946de0 = set names utf8
thd->thread_id=15
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.

How to repeat:
Run this program several times:

#include <mysql/mysql.h>
#include <stdlib.h>
#include <string.h>

int main(int argc, char *argv[])
{
    MYSQL *my;
    MYSQL_STMT *st;
    MYSQL_BIND param[5];
    MYSQL_RES *res;

    my = mysql_init(NULL);
    if (mysql_real_connect(my, "localhost", "tommy", NULL, "test", 0, NULL, 0) == NULL)
        goto error;
    if (mysql_query(my, "create temporary table t (i1 tinyint unsigned, i2 smallint unsigned, i3 mediumint unsigned, i4 int unsigned, i8 bigint unsigned)") != 0)
        goto error;
    if ((st = mysql_stmt_init(my)) == NULL)
        goto error;
    if (mysql_stmt_prepare(st, "set names utf8", 14) != 0)                // To crash mysqld the query must be with no result set.
        goto stmt_error;
    unsigned long flag = CURSOR_TYPE_READ_ONLY;
    if (mysql_stmt_attr_set(st, STMT_ATTR_CURSOR_TYPE, &flag) != 0)       // If this line is removed, mysqld does not crash.
        goto stmt_error;                                                  //
    if (mysql_stmt_execute(st) != 0)
        goto stmt_error;
    if (mysql_query(my, "select * from t") != 0)
        goto error;
    if ((res = mysql_store_result(my)) == NULL)
        goto error;

    return 0;

  error:
    perror(mysql_error(my));
    exit(1);

  stmt_error:
    perror(mysql_stmt_error(st));
    exit(1);
}
[2 Dec 2008 23:16] MySQL Verification Team 
Thank you for the bug report. I couldn't repeat this issue running on Ubuntu 8.10 64-bit against current source server.