Bug #43833 Simple INSERT crashes the server
Submitted: 24 Mar 2009 14:47 Modified: 19 May 2009 0:37
Reporter: Andrey Hristov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Prepared statements Severity:S2 (Serious)
Version:5.0./5.1 OS:Any (Windows)
Assigned to: Sergey Glukhov CPU Architecture:Any
Triage: Triaged: D1 (Critical)

[24 Mar 2009 14:47] Andrey Hristov
Description:
andrey@winnie:~/dev/tmp$ gcc double_crash.c -o double_crash -I/usr/include/mysql -DBIG_JOINS=1 -fPIC -Wl,-Bsymbolic-functions -rdynamic -L/usr/lib/mysql -lmysqlclient_r
andrey@winnie:~/dev/tmp$ ./double_crash 172.16.78.128 root root test 3307
Can't connect
andrey@winnie:~/dev/tmp$ ./double_crash 172.16.78.128 root root test 3306
Server: 5.1.32-community
Done
andrey@winnie:~/dev/tmp$ ./double_crash 172.16.78.128 root root test 3307
Server: 5.0.77-community-nt
(2013) Lost connection to MySQL server during query

How to repeat:
#include <stdio.h>
#include <string.h>
#include <mysql.h>
#include <stdlib.h>

#define HOST "127.0.0.1"
#define USER "root"
#define PASS "root"
#define DB   "test"
#define PORT  3306
#define SOCKET "/tmp/mysql.sock"
#define PREP_SQL "INSERT INTO test(id) VALUES (?)"
#define CREATE_SQL "CREATE TABLE double_test(id VARCHAR(1))"

int main(int argc, char *argv[])
{
  MYSQL mysql;
  MYSQL_STMT * stmt = NULL;
  MYSQL_BIND param_bind;
  double value = 1.23;

  mysql_init(&mysql);
  if (!mysql_real_connect(&mysql,
        argc>1? argv[1]:HOST,
        argc>2? argv[2]:USER,
        argc>3? argv[3]:PASS,
        argc>4? argv[4]:DB,
        argc>5? atoi(argv[5]):PORT,
        argc>6? argv[6]:SOCKET,
        0)) {
    printf("Can't connect\n");
    exit(1);
  }
  printf("Server: %s\n", mysql_get_server_info(&mysql));
  if (mysql_query(&mysql,"DROP TABLE IF EXISTS double_test")){
    printf("(%d) %s\n", mysql_errno(&mysql),
      mysql_error(&mysql));
    exit(2);
  }
  if (mysql_query(&mysql, CREATE_SQL)) {
    printf("(%d) %s\n", mysql_errno(&mysql),
      mysql_error(&mysql));
    exit(3);
  }
  if (!(stmt = mysql_stmt_init(&mysql))) {
    printf("(%d) %s\n", mysql_errno(&mysql),
      mysql_error(&mysql));
    exit(4);
  }
  if (mysql_stmt_prepare(stmt, PREP_SQL, sizeof(PREP_SQL)-1)){
    printf("(%d) %s\n", mysql_stmt_errno(stmt),
      mysql_stmt_error(stmt));
    exit(5);  
  }
  memset(&param_bind, 0, sizeof(MYSQL_BIND));
  param_bind.buffer_type  = MYSQL_TYPE_DOUBLE;
  param_bind.buffer = &value;
  if (mysql_stmt_bind_param(stmt, &param_bind)) {
    printf("(%d) %s\n", mysql_stmt_errno(stmt),
      mysql_stmt_error(stmt));
    exit(6);  
  }
  if (mysql_stmt_execute(stmt)) {
    printf("(%d) %s\n", mysql_stmt_errno(stmt),
      mysql_stmt_error(stmt));
    exit(7);  
  }
  printf("Done\n");
  exit(0);
}
[24 Mar 2009 15:09] Ulf Wendel
The C-Code is derived from a Connector/C++ test. The corresponding Connector/C++ test also fails on our internal system loki46, which is a 64bit Windows machine. Currently we are testing against MySQL Version 5.1.31 on that system.
[24 Mar 2009 16:04] Miguel Solorzano
Callstack for 5.0:

090324 12:58:13  InnoDB: Started; log sequence number 0 43655
090324 12:58:13 [Note] c:\dbs\5.0\bin\mysqld: ready for connections.
Version: '5.0.80-Win X64 revno 2773-log'  socket: ''  port: 3500  Source distribution
090324 13:03:00 - mysqld got exception 0xc0000005 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=8384512
read_buffer_size=131072
max_used_connections=2
max_connections=100
threads_connected=2
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 225787 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd=0000000002F872B0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
000000014000A1B1    mysqld.exe!Field_str::store()[field.cc:6023]
000000014011BF61    mysqld.exe!fill_record()[sql_base.cc:5815]
000000014011BFEE    mysqld.exe!fill_record_n_invoke_before_triggers()[sql_base.cc:5860]
0000000140138686    mysqld.exe!mysql_insert()[sql_insert.cc:764]
000000014014A4BB    mysqld.exe!mysql_execute_command()[sql_parse.cc:3721]
0000000140152622    mysqld.exe!Prepared_statement::execute()[sql_prepare.cc:3055]
0000000140153155    mysqld.exe!mysql_stmt_execute()[sql_prepare.cc:2322]
000000014014EB48    mysqld.exe!dispatch_command()[sql_parse.cc:1896]
000000014015029D    mysqld.exe!handle_one_connection()[sql_parse.cc:1234]
0000000140211545    mysqld.exe!pthread_start()
000000014036C447    mysqld.exe!_callthreadstart()[thread.c:295]
000000014036C515    mysqld.exe!_threadstart()[thread.c:275]
00000000772DC3BD    kernel32.dll!BaseThreadInitThunk()
0000000077424581    ntdll.dll!RtlUserThreadStart()
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0000000002F911F0=INSERT INTO double_test(id) VALUES (1.23)
thd->thread_id=4
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.
[24 Mar 2009 16:13] Miguel Solorzano
Callstack for 5.1 64-bit

Attachment: 51callstack.txt (text/plain), 2.81 KiB.

[24 Mar 2009 16:26] Miguel Solorzano
Thank you for the bug report. Verified in 5.0 and 5.1 64-bit Windows.

Changed the below line of code test case:

<< #define PREP_SQL "INSERT INTO test(id) VALUES (?)"

>> #define PREP_SQL "INSERT INTO double_test(id) VALUES (?)"

c:\build>bug43833
Server: 5.0.80-Win X64 revno 2773-log
(2013) Lost connection to MySQL server during query

c:\build>bug43833
Server: 5.1.34-Win X64 revno: 2772-log
(2013) Lost connection to MySQL server during query

c:\build>bug43833
Server: 6.0.11-alpha-Win X64 revno: 2749-log
Done
[3 Apr 2009 12:08] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/71312

2726 Sergey Glukhov	2009-04-03
      Bug#43833 Simple INSERT crashes the server
      The crash happens due to wrong 'digits' variable value(0),
      'digits' can not be 0, so the fix is use 1 as min allowed value.
     @ mysql-test/r/insert.result
        test case
     @ mysql-test/t/insert.test
        test case
     @ sql/field.cc
        Bug#43833 Simple INSERT crashes the server
        The crash happens due to wrong 'digits' variable value(0),
        'digits' can not be 0, so the fix is use 1 as min allowed value.
[9 Apr 2009 9:21] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/71746

2721 Sergey Glukhov	2009-04-09
      Bug#43833 Simple INSERT crashes the server
      The crash happens due to wrong 'digits' variable value(0),
      'digits' can not be 0, so the fix is use 1 as min allowed value.
     @ mysql-test/r/insert.result
        test result
     @ mysql-test/t/insert.test
        test case
     @ sql/field.cc
        The crash happens due to wrong 'digits' variable value(0),
        'digits' can not be 0, so the fix is use 1 as min allowed value.
[5 May 2009 18:52] Bugs System
Pushed into 5.0.82 (revid:davi.arnaut@sun.com-20090505184158-dvmedh8n472y8np5) (version source revid:davi.arnaut@sun.com-20090505184158-dvmedh8n472y8np5) (merge vers: 5.0.82) (pib:6)
[5 May 2009 19:40] Bugs System
Pushed into 5.1.35 (revid:davi.arnaut@sun.com-20090505190206-9xmh7dlc6kom8exp) (version source revid:davi.arnaut@sun.com-20090505190206-9xmh7dlc6kom8exp) (merge vers: 5.1.35) (pib:6)
[6 May 2009 14:12] Bugs System
Pushed into 6.0.12-alpha (revid:svoj@sun.com-20090506125450-yokcmvqf2g7jhujq) (version source revid:sergey.glukhov@sun.com-20090409095150-l5fy7wz2iwvts1ps) (merge vers: 6.0.11-alpha) (pib:6)
[15 May 2009 23:46] Paul Dubois
Could you provide a description of the bug for the changelog entry? I don't understand from this bug report what the problem is. Thanks.
[19 May 2009 0:37] Paul Dubois
Noted in 5.0.82, 5.1.35, 6.0.12 changelogs.

On Windows, a server crash occurred for attempts to insert a
floating-point value into a CHAR column with a maximum length less
than the converted floating-point value length.
[15 Jun 2009 8:26] Bugs System
Pushed into 5.1.35-ndb-6.3.26 (revid:jonas@mysql.com-20090615074202-0r5r2jmi83tww6sf) (version source revid:jonas@mysql.com-20090615070837-9pccutgc7repvb4d) (merge vers: 5.1.35-ndb-6.3.26) (pib:6)
[15 Jun 2009 9:06] Bugs System
Pushed into 5.1.35-ndb-7.0.7 (revid:jonas@mysql.com-20090615074335-9hcltksp5cu5fucn) (version source revid:jonas@mysql.com-20090615072714-rmfkvrbbipd9r32c) (merge vers: 5.1.35-ndb-7.0.7) (pib:6)
[15 Jun 2009 9:46] Bugs System
Pushed into 5.1.35-ndb-6.2.19 (revid:jonas@mysql.com-20090615061520-sq7ds4yw299ggugm) (version source revid:jonas@mysql.com-20090615054654-ebgpz7elwu1xj36j) (merge vers: 5.1.35-ndb-6.2.19) (pib:6)
[10 Jul 2009 23:19] Bugs System
Pushed into 5.1.37 (revid:build@mysql.com-20090710231213-9guqdu0avc0uwdkp) (version source revid:build@mysql.com-20090710231213-9guqdu0avc0uwdkp) (merge vers: 5.1.37) (pib:11)
[23 Jul 2009 10:24] Bugs System
Pushed into 5.4.4-alpha (revid:alik@sun.com-20090723102221-ps4uaphwbxzj8p0q) (version source revid:joerg@mysql.com-20090721145751-rqqnhv0kage18wfi) (merge vers: 5.4.4-alpha) (pib:11)
[26 Aug 2009 13:46] Bugs System
Pushed into 5.1.37-ndb-7.0.8 (revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers: 5.1.37-ndb-7.0.8) (pib:11)
[26 Aug 2009 13:46] Bugs System
Pushed into 5.1.37-ndb-6.3.27 (revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (version source revid:jonas@mysql.com-20090826105955-bkj027t47gfbamnc) (merge vers: 5.1.37-ndb-6.3.27) (pib:11)
[26 Aug 2009 13:48] Bugs System
Pushed into 5.1.37-ndb-6.2.19 (revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (version source revid:jonas@mysql.com-20090825194404-37rtosk049t9koc4) (merge vers: 5.1.37-ndb-6.2.19) (pib:11)
[27 Aug 2009 16:33] Bugs System
Pushed into 5.1.35-ndb-7.1.0 (revid:magnus.blaudd@sun.com-20090827163030-6o3kk6r2oua159hr) (version source revid:jonas@mysql.com-20090826132541-yablppc59e3yb54l) (merge vers: 5.1.37-ndb-7.0.8) (pib:11)