Bug #44040 MySQL allows creating a MERGE table upon VIEWs but crashes when using it
Submitted: 2 Apr 2009 9:13 Modified: 7 Mar 2010 12:49
Reporter: Giorgio Calderone Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Merge storage engine Severity:S3 (Non-critical)
Version:5.1.30-log, 5.1.32, 6.0 OS:Linux (x86_64)
Assigned to: Anurag Shekhar CPU Architecture:Any
Tags: ENGINE=MERGE, regression, VIEW

[2 Apr 2009 9:13] Giorgio Calderone
Description:
MySQL allows creating a MERGE table upon VIEWs but crashes when you try to read from that table.

How to repeat:
#Create a test table
CREATE TABLE tmp (id int, c char(2));                                           

#Create two VIEWs upon it
CREATE VIEW v1 AS SELECT * FROM tmp;                                            
CREATE VIEW v2 AS SELECT * FROM tmp;                                            

#Finally create a MERGE table upon the VIEWs
CREATE TABLE merge (id int, c char(2))
ENGINE=MERGE UNION(v1, v2);

#Reading from the merge table lead to a crash
SELECT * FROM merge;

Suggested fix:
None.
[2 Apr 2009 9:23] Valeriy Kravchuk
Verified just as described. Stack trace is:

005B974E    mysqld.exe!mysql_make_view()[sql_view.cc:1399]
00523F97    mysqld.exe!open_new_frm()[sql_base.cc:8609]
00524C5C    mysqld.exe!open_unireg_entry()[sql_base.cc:3888]
0052819D    mysqld.exe!open_table()[sql_base.cc:2933]
00529122    mysqld.exe!open_tables()[sql_base.cc:4585]
0052967A    mysqld.exe!open_and_lock_tables_derived()[sql_base.cc:4988]
00552152    mysqld.exe!execute_sqlcom_select()[sql_parse.cc:4875]
005533D6    mysqld.exe!mysql_execute_command()[sql_parse.cc:2204]
00558873    mysqld.exe!mysql_parse()[sql_parse.cc:5814]
00559363    mysqld.exe!dispatch_command()[sql_parse.cc:1218]
0055A167    mysqld.exe!do_command()[sql_parse.cc:861]
005DCAE1    mysqld.exe!handle_one_connection()[sql_connect.cc:1115]
006427EB    mysqld.exe!pthread_start()[my_winthread.c:85]
007276A3    mysqld.exe!_callthreadstart()[thread.c:293]
FBA9E900
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 023AE018=SELECT * FROM merge
thd->thread_id=16
thd->killed=NOT_KILLED
[2 Apr 2009 9:25] Sveta Smirnova
Backtrace from bzr 6.0 on Linux:

#0  0x002ce402 in __kernel_vsyscall ()
#1  0x0046264f in pthread_kill () from /lib/libpthread.so.0
#2  0x0894076b in my_write_core (sig=11) at stacktrace.c:309
#3  0x08319b8a in handle_segfault (sig=11) at mysqld.cc:2693
#4  <signal handler called>
#5  0x0888e03e in myisammrg_attach_children_callback (callback_param=0xb1ff628) at ha_myisammrg.cc:513
#6  0x08891882 in myrg_attach_children (m_info=0xb19a7f8, handle_locking=2, callback=0x888df46 <myisammrg_attach_children_callback>, callback_param=0xb1ff628) at myrg_open.c:416
#7  0x0888f75f in ha_myisammrg::attach_children (this=0xb1ff628) at ha_myisammrg.cc:674
#8  0x0888fc28 in ha_myisammrg::extra (this=0xb1ff628, operation=HA_EXTRA_ATTACH_CHILDREN) at ha_myisammrg.cc:1150
#9  0x083896a9 in open_tables (thd=0xb27da58, start=0xad1ccc04, counter=0xad1ccbf0, flags=0) at sql_base.cc:3975
#10 0x083898eb in open_and_lock_tables_derived (thd=0xb27da58, tables=0xb1fd950, derived=true, flags=0) at sql_base.cc:4233
#11 0x0833b990 in open_and_lock_tables (thd=0xb27da58, tables=0xb1fd950) at ../../sql/mysql_priv.h:1574
#12 0x0832a14d in execute_sqlcom_select (thd=0xb27da58, all_tables=0xb1fd950) at sql_parse.cc:4859
#13 0x08330070 in mysql_execute_command (thd=0xb27da58) at sql_parse.cc:2156
#14 0x08338f21 in mysql_parse (thd=0xb27da58, inBuf=0xb1fd5f8 "SELECT * FROM merge", length=19, found_semicolon=0xad1cdf20) at sql_parse.cc:5909
#15 0x08339963 in dispatch_command (command=COM_QUERY, thd=0xb27da58, packet=0xb216971 "SELECT * FROM merge", packet_length=19) at sql_parse.cc:1049
#16 0x0833ad1d in do_command (thd=0xb27da58) at sql_parse.cc:731
#17 0x08327507 in handle_one_connection (arg=0xb27da58) at sql_connect.cc:1146
#18 0x0045fbd4 in start_thread () from /lib/libpthread.so.0
#19 0x003b74fe in clone () from /lib/libc.so.6

Version 5.0 returns error, but does not crash
[2 Apr 2009 9:26] Valeriy Kravchuk
Yes, 5.0 works more correct:

mysql> SELECT * FROM merge;
ERROR 1168 (HY000): Unable to open underlying table which is differently defined
 or of non-MyISAM type or doesn't exist
[16 Apr 2009 11:04] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/72252

2862 Anurag Shekhar	2009-04-16
      Bug#44040 MySQL allows creating a MERGE table upon VIEWs but crashes when 
                using it.
      The crash was due to a null pointer present for select_sex while 
      processing the view.
      Adding a check while opening the view to see if its a child of a 
      merge table fixed this problem.
     @ mysql-test/r/merge.result
        Updated result for the new test case.
     @ mysql-test/t/merge.test
        Added test case based on the bug description.
     @ sql/sql_base.cc
        Added a check to check if the view being opened is a child table of a
        merge table and return error if it is.
[16 Apr 2009 19:28] Ingo Strüwing
Approved. Please see minor comments/wishes in email.
[17 Apr 2009 5:52] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/72362

2862 Anurag Shekhar	2009-04-17
      Bug#44040 MySQL allows creating a MERGE table upon VIEWs but crashes when 
              using it.
      The crash was due to a null pointer present for select_lex while 
      processing the view.
      Adding a check while opening the view to see if its a child of a 
      merge table fixed this problem.
     @ mysql-test/r/merge.result
        Updated result for the new test case.
     @ mysql-test/t/merge.test
        Added test case based on the bug description.
     @ sql/sql_base.cc
        Added a check to check if the view being opened is a child table of a
        merge table and return error if it is.
[17 Apr 2009 10:00] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/72374

3216 Anurag Shekhar	2009-04-17 [merge]
      null merging bug#44040 with 5.1-bugteam tree.
[17 Apr 2009 10:11] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/72376

3217 Anurag Shekhar	2009-04-17
      Bug#44040 MySQL allows creating a MERGE table upon VIEWs but crashes when 
                using it.
      
      Due to changes in code base in 6.0 the fix for 5.1 is not valid in 6.0.
      To fix in 6.0 added a check in merge engine.
     @ mysql-test/r/merge.result
        Updated results for the new test case.
     @ mysql-test/t/merge.test
        Added new test case for this bug.
     @ storage/myisammrg/ha_myisammrg.cc
        Added a check in myisammrg_attach_children_callback to check
        if the child table is view. If the child table is a view 
        return error.
[17 Apr 2009 11:01] Ingo Strüwing
Ok to push by me. No comments.
[17 Apr 2009 11:45] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/72390

3218 Anurag Shekhar	2009-04-17
      Bug#44040 MySQL allows creating a MERGE table upon VIEWs but
                 crashes when using it.
      
      In 6.0 the crash occured in myisammrg_attach_children_callback
      while checking the table version for compatiblity.
      
      Due to code changes the fix in 6.0 is in method open_table but fix
      is same. A check isntroduced to check if view is a child table of
      a merge table and returned error if it is.
     @ mysql-test/r/merge.result
        Updated result for new test case.
     @ mysql-test/t/merge.test
        Added new test case for this bug.
     @ sql/sql_base.cc
        Added a check to check if parent_l attribute of a view 
        is set. A non null value for this attribute indicates that
        the view is a child table of a merge table, which is not 
        allowed.
[17 Apr 2009 11:50] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/72391

3218 Anurag Shekhar	2009-04-17
      Bug#44040 MySQL allows creating a MERGE table upon VIEWs but
           crashes when using it.
      
      In 6.0 the crash occured in myisammrg_attach_children_callback
      while checking the table version for compatiblity.
      
      Due to code changes the fix in 6.0 is in method open_table but fix
      is same. A check isntroduced to check if view is a child table of
      a merge table and returned error if it is.
     @ mysql-test/r/merge.result
        Updated result for the new test case.
     @ mysql-test/t/merge.test
        Added test case based on the bug description.
     @ sql/sql_base.cc
        Added a check to check if the view being opened is a child
        table of a merge table and return error if it is.
[22 Apr 2009 10:02] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/72650

3224 Anurag Shekhar	2009-04-22
      Bug#44040 MySQL allows creating a MERGE table upon VIEWs but
               crashes when using it.
      
      In 6.0 the crash occurred in myisammrg_attach_children_callback
      while checking the table version for compatibility.
      
      Due to code changes the fix in 6.0 is in method open_table but fix
      is same. A check introduced to check if view is a child table of
      a merge table and returned error if it is.
     @ mysql-test/r/merge.result
        Updated result for new test case.
     @ mysql-test/t/merge.test
        Added new test case for this bug.
     @ sql/sql_base.cc
        Added a check to check if parent_l attribute of a view 
        is set. A non null value for this attribute indicates that
        the view is a child table of a merge table, which is not 
        allowed.
[5 May 2009 19:42] Bugs System
Pushed into 5.1.35 (revid:davi.arnaut@sun.com-20090505190206-9xmh7dlc6kom8exp) (version source revid:davi.arnaut@sun.com-20090505190206-9xmh7dlc6kom8exp) (merge vers: 5.1.35) (pib:6)
[6 May 2009 14:07] Bugs System
Pushed into 6.0.12-alpha (revid:svoj@sun.com-20090506125450-yokcmvqf2g7jhujq) (version source revid:anurag.shekhar@sun.com-20090422100228-rxedsl621podvkvo) (merge vers: 6.0.11-alpha) (pib:6)
[15 Jun 2009 8:29] Bugs System
Pushed into 5.1.35-ndb-6.3.26 (revid:jonas@mysql.com-20090615074202-0r5r2jmi83tww6sf) (version source revid:jonas@mysql.com-20090615070837-9pccutgc7repvb4d) (merge vers: 5.1.35-ndb-6.3.26) (pib:6)
[15 Jun 2009 9:08] Bugs System
Pushed into 5.1.35-ndb-7.0.7 (revid:jonas@mysql.com-20090615074335-9hcltksp5cu5fucn) (version source revid:jonas@mysql.com-20090615072714-rmfkvrbbipd9r32c) (merge vers: 5.1.35-ndb-7.0.7) (pib:6)
[15 Jun 2009 9:49] Bugs System
Pushed into 5.1.35-ndb-6.2.19 (revid:jonas@mysql.com-20090615061520-sq7ds4yw299ggugm) (version source revid:jonas@mysql.com-20090615054654-ebgpz7elwu1xj36j) (merge vers: 5.1.35-ndb-6.2.19) (pib:6)
[16 Jul 2009 14:28] Tony Bedford
Entries were added to the 5.1.35 and 6.0.12 changelogs:

MySQL allowed the creation of a merge table based on views but crashed when attempts were made to read from that table. The following example demonstrates this:

#Create a test table
CREATE TABLE tmp (id int, c char(2));                                           

#Create two VIEWs upon it
CREATE VIEW v1 AS SELECT * FROM tmp;                                            
CREATE VIEW v2 AS SELECT * FROM tmp;                                            

#Finally create a MERGE table upon the VIEWs
CREATE TABLE merge (id int, c char(2))
ENGINE=MERGE UNION(v1, v2);

#Reading from the merge table lead to a crash
SELECT * FROM merge;

The final line of the code generated the crash.
[16 Feb 2010 16:45] Bugs System
Pushed into 6.0.14-alpha (revid:alik@sun.com-20100216101445-2ofzkh48aq2e0e8o) (version source revid:kostja@sun.com-20091211154405-c9yhiewr9o5d20rq) (merge vers: 6.0.14-alpha) (pib:16)
[16 Feb 2010 16:55] Bugs System
Pushed into mysql-next-mr (revid:alik@sun.com-20100216101208-33qkfwdr0tep3pf2) (version source revid:kostja@sun.com-20091202230922-3nozxrsr35ifjtg6) (pib:16)
[17 Feb 2010 0:44] Paul Dubois
Setting report to Need Merge pending push of Celosia into release tree.
[6 Mar 2010 10:54] Bugs System
Pushed into 5.5.3-m3 (revid:alik@sun.com-20100306103849-hha31z2enhh7jwt3) (version source revid:vvaintroub@mysql.com-20100216221947-luyhph0txl2c5tc8) (merge vers: 5.5.99-m3) (pib:16)
[7 Mar 2010 12:49] Paul Dubois
Noted in 5.5.3 changelog.