Bug #47837 Crash CREATE'ing a RANGE COLUMN_LIST table using the same column more than once
Submitted: 5 Oct 2009 16:14 Modified: 12 Nov 2009 12:04
Reporter: Patrick Crews Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Partitions Severity:S3 (Non-critical)
Version:5.5 WL#3352 OS:Any
Assigned to: Mikael Ronström CPU Architecture:Any
Tags: crashing bug, partitioning, RANGE COLUMN_LIST
Triage: Triaged: D1 (Critical)

[5 Oct 2009 16:14] Patrick Crews
Description:
The server will crash if you attempt to create a partitioned table using RANGE COLUMN_LIST and use the same column twice.  

While this is an admittedly weird setup, the server still shouldn't crash.

This DDL:
CREATE TABLE `PP_B` (
`varchar_5_key` varchar(5),
`varchar_10` varchar(10),
`date` date,
`datetime_key` datetime,
`date_key` date,
pk integer auto_increment,
`varchar_5` varchar(5),
`int_signed_key` int signed,
`int_signed` int signed,
`datetime` datetime,
`varchar_10_key` varchar(10),
        key (`varchar_5_key` ),
key (`datetime_key` ),
key (`date_key` ),
primary key (pk),
key (`int_signed_key` ),
key (`varchar_10_key` )) ENGINE=myisam /*!50100 PARTITION BY range column_list(pk,pk)
                          ( partition p0 values less than (column_list(100, 100)),
                          partition p1 values less than (column_list(100000, 1000 ))) */;

Results in this crash output:
Thread 1 (process 7876):
#0  0xb8037430 in __kernel_vsyscall ()
#1  0xb801a1c8 in pthread_kill () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x08729e29 in my_write_core (sig=6) at stacktrace.c:310
#3  0x082a9e63 in handle_segfault (sig=6) at mysqld.cc:2569
#4  <signal handler called>
#5  0xb8037430 in __kernel_vsyscall ()
#6  0xb7e616d0 in raise () from /lib/tls/i686/cmov/libc.so.6
#7  0xb7e63098 in abort () from /lib/tls/i686/cmov/libc.so.6
#8  0xb7e5a5ce in __assert_fail () from /lib/tls/i686/cmov/libc.so.6
#9  0x081d69ff in set_up_field_array (table=0xb750d004, is_sub_part=false) at sql_partition.cc:510
#10 0x081d721a in handle_list_of_fields (it=
        {<base_list_iterator> = {list = 0xa57395c, el = 0x8a3b900, prev = 0xa572fd8, current = 0x8a3b900}, <No data fields>}, table=0xb750d004, 
    part_info=0xa573940, is_sub_part=false) at sql_partition.cc:855
#11 0x081d76be in fix_partition_func (thd=0xa519b00, table=0xb750d004, is_create_table_ind=true) at sql_partition.cc:1682
#12 0x08319523 in open_table_from_share (thd=0xa519b00, share=0xb750d6c0, alias=0x887e412 "", db_stat=0, prgflag=1, ha_open_flags=0, 
    outparam=0xb750d004, is_create_table=true) at table.cc:1844
#13 0x083ea0ea in ha_create_table (thd=0xa519b00, path=0xb750de7f "./test/PP_B", db=0xa572490 "test", table_name=0xa572288 "PP_B", 
    create_info=0xb750e360, update_create_info=false) at handler.cc:3570
#14 0x0839a8e2 in rea_create_table (thd=0xa519b00, path=0xb750de7f "./test/PP_B", db=0xa572490 "test", table_name=0xa572288 "PP_B", 
    create_info=0xb750e360, create_fields=@0xb750e674, keys=6, key_info=0xa56e160, file=0xa56dd58) at unireg.cc:417
#15 0x0840c6b0 in mysql_create_table_no_lock (thd=0xa519b00, db=0xa572490 "test", table_name=0xa572288 "PP_B", create_info=0xb750e360, 
    alter_info=0xb750e650, internal_tmp_table=false, select_field_count=0) at sql_table.cc:3881
#16 0x0840caf2 in mysql_create_table (thd=0xa519b00, db=0xa572490 "test", table_name=0xa572288 "PP_B", create_info=0xb750e360, alter_info=0xb750e650, 
    internal_tmp_table=false, select_field_count=0) at sql_table.cc:3979
#17 0x082bd727 in mysql_execute_command (thd=0xa519b00) at sql_parse.cc:2724
#18 0x082c5ce9 in mysql_parse (thd=0xa519b00, 
    inBuf=0xa571d80 "CREATE TABLE `PP_B` (\n`varchar_5_key` varchar(5),\n`varchar_10` varchar(10),\n`date` date,\n`datetime_key` datetime,\n`date_key` date,\npk integer auto_increment,\n`varchar_5` varchar(5),\n`int_signed_key` i"..., length=601, found_semicolon=0xb750f084) at sql_parse.cc:6002
#19 0x082c6aac in dispatch_command (command=COM_QUERY, thd=0xa519b00, 
    packet=0xa55ee61 "CREATE TABLE `PP_B` (\n`varchar_5_key` varchar(5),\n`varchar_10` varchar(10),\n`date` date,\n`datetime_key` datetime,\n`date_key` date,\npk integer auto_increment,\n`varchar_5` varchar(5),\n`int_signed_key` i"..., packet_length=601) at sql_parse.cc:1222
#20 0x082c7f21 in do_command (thd=0xa519b00) at sql_parse.cc:855
#21 0x082b386a in handle_one_connection (arg=0xa519b00) at sql_connect.cc:1131
#22 0xb80154ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#23 0xb7f1a49e in clone () from /lib/tls/i686/cmov/libc.so.6

How to repeat:
MTR test case:
--disable_warnings
DROP TABLE IF EXISTS PP_B;
--enable_warnings

CREATE TABLE `PP_B` (
`varchar_5_key` varchar(5),
`varchar_10` varchar(10),
`date` date,
`datetime_key` datetime,
`date_key` date,
pk integer auto_increment,
`varchar_5` varchar(5),
`int_signed_key` int signed,
`int_signed` int signed,
`datetime` datetime,
`varchar_10_key` varchar(10),
        key (`varchar_5_key` ),
key (`datetime_key` ),
key (`date_key` ),
primary key (pk),
key (`int_signed_key` ),
key (`varchar_10_key` )) ENGINE=myisam /*!50100 PARTITION BY range column_list(pk,pk)
                          ( partition p0 values less than (column_list(100, 100)),
                          partition p1 values less than (column_list(100000, 1000 ))) */;

SHOW CREATE TABLE PP_B;
DROP TABLE PP_B;

Suggested fix:
Ensure crash-free query processing.
[6 Oct 2009 15:03] Mikael Ronström
Added check to ensure duplicate field names aren't allowed in
column list processing and also not in key partitioning.
Key partitioning affects also 5.1 and thus this bug fix
should be backported to 5.1
[6 Oct 2009 15:04] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/85928

2887 Mikael Ronstrom	2009-10-06
      BUG#47837, Duplicate field names were allowed in both column list partitioning and key partitioning, added check to give error in this case
      modified:
        mysql-test/r/partition_column.result
        mysql-test/t/partition_column.test
        sql/partition_info.cc
        sql/partition_info.h
        sql/share/errmsg.txt
[5 Nov 2009 6:51] Bugs System
Pushed into 6.0.14-alpha (revid:mikael@mysql.com-20091104090210-om5lq1v39ppduu0e) (version source revid:mikael@mysql.com-20091030163450-387z4yevx0lrj3fb) (merge vers: 6.0.14-alpha) (pib:13)
[5 Nov 2009 17:38] Jon Stephens
Discussed with Mikael; he confirmed that this fix was pushed together with main push for WL#3352; closed without further action.
[12 Nov 2009 8:17] Bugs System
Pushed into 5.5.0-beta (revid:alik@sun.com-20091110093229-0bh5hix780cyeicl) (version source revid:mikael@mysql.com-20091028172236-0v5j962mh2opxpkj) (merge vers: 5.5.0-beta) (pib:13)
[12 Nov 2009 12:04] Jon Stephens
Re-closed; see previous comments.