| Bug #5003 | Embedded mysql crashing on special query | ||
|---|---|---|---|
| Submitted: | 11 Aug 2004 21:10 | Modified: | 24 Aug 2004 12:14 |
| Reporter: | Georg Mackenbrock | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S3 (Non-critical) |
| Version: | 4.1.3/4.1.4 | OS: | Windows (Windows XP/Slackware) |
| Assigned to: | Alexey Botchkov | CPU Architecture: | Any |
[12 Aug 2004 0:15]
Matthew Lord
Hi, What error output do you get from the crash? An assertion failure etc.? Thanks
[12 Aug 2004 8:58]
Georg Mackenbrock
Hi, I get a null pointer reference Exception. (I use the embedded server with .NET). Somtimes I get "Writing to the first 64k is illegal."
[17 Aug 2004 3:48]
Matthew Lord
Hi, Are you accessing the embedded server directly using the C/api, the .NET odbc implementation, the MyODBC driver or the ByteFX .NET driver? I'm trying to narrow this down as much as possible. I couldn't repeat the problem using a simiple c app on solaris with the embedded server. Best Regards
[17 Aug 2004 21:41]
MySQL Verification Team
Below call stack:
> libmysqld.dll!key_cmp(st_key_part_info * key_part=0x45524f46, const unsigned char * key=0x00981830, unsigned int key_length=23) Line 331 + 0x5 C++
libmysqld.dll!handler::compare_key(st_key_range * range=0x009771cc) Line 1480 + 0x19 C++
libmysqld.dll!handler::read_range_first(const st_key_range * start_key=0x0012f020, const st_key_range * end_key=0x0012f014, int eq_range_arg=0, int sorted=0) Line 1419 + 0x28 C++
libmysqld.dll!QUICK_SELECT::get_next() Line 2650 + 0x5c C++
libmysqld.dll!rr_quick(st_read_record * info=0x0097dc1c) Line 156 + 0x17 C++
libmysqld.dll!join_init_read_record(st_join_table * tab=0x0097dbf8) Line 6218 + 0xf C++
libmysqld.dll!sub_select(JOIN * join=0x0097c388, st_join_table * join_tab=0x0097dbf8, int end_of_records=0) Line 5783 + 0xc C++
libmysqld.dll!do_select(JOIN * join=0x0097c388, List<Item> * fields=0x0097cd28, st_table * table=0x00000000, Procedure * procedure=0x00000000) Line 5691 + 0xf C++
libmysqld.dll!JOIN::exec() Line 1504 + 0x2d C++
libmysqld.dll!subselect_single_select_engine::exec() Line 1217 C++
libmysqld.dll!Item_subselect::exec() Line 193 + 0x13 C++
libmysqld.dll!Item_in_subselect::val_int() Line 596 + 0x8 C++
libmysqld.dll!Item::val_int_result() Line 194 + 0x1c C++
libmysqld.dll!Item_in_optimizer::val_int() Line 550 + 0x19 C++
libmysqld.dll!Item_cond_and::val_int() Line 1966 + 0xd C++
libmysqld.dll!sub_select(JOIN * join=0x00975810, st_join_table * join_tab=0x0097d348, int end_of_records=0) Line 5805 + 0x13 C++
libmysqld.dll!do_select(JOIN * join=0x00975810, List<Item> * fields=0x0096848c, st_table * table=0x00000000, Procedure * procedure=0x00000000) Line 5691 + 0xf C++
libmysqld.dll!JOIN::exec() Line 1504 + 0x2d C++
libmysqld.dll!mysql_select(THD * thd=0x00968300, Item * * * rref_pointer_array=0x0096850c, st_table_list * tables=0x009745b8, unsigned int wild_num=0, List<Item> & fields={...}, Item * conds=0x00975688, unsigned int og_num=0, st_order * order=0x00000000, st_order * group=0x00000000, Item * having=0x00000000, st_order * proc_param=0x00000000, unsigned long select_options=8669184, select_result * result=0x00975800, st_select_lex_unit * unit=0x00968324, st_select_lex * select_lex=0x00968420) Line 1626 C++
libmysqld.dll!handle_select(THD * thd=0x00968300, st_lex * lex=0x00968318, select_result * result=0x00975800) Line 193 + 0x87 C++
libmysqld.dll!mysql_execute_command(THD * thd=0x00968300) Line 1994 + 0x11 C++
libmysqld.dll!mysql_parse(THD * thd=0x00968300, char * inBuf=0x00974350, unsigned int length=284) Line 4034 + 0x9 C++
libmysqld.dll!dispatch_command(enum_server_command command=COM_QUERY, THD * thd=0x00968300, char * packet=0x00423058, unsigned int packet_length=286) Line 1457 + 0x1d C++
libmysqld.dll!emb_advanced_command(st_mysql * mysql=0x00973940, enum_server_command command=COM_QUERY, const char * header=0x00000000, unsigned long header_length=0, const char * arg=0x00423058, unsigned long arg_length=285, char skip_check='') Line 105 + 0x18 C++
libmysqld.dll!mysql_send_query(st_mysql * mysql=0x00973940, const char * query=0x00423058, unsigned long length=285) Line 2399 + 0x3b C
libmysqld.dll!mysql_real_query(st_mysql * mysql=0x00973940, const char * query=0x00423058, unsigned long length=285) Line 2410 + 0x11 C
libmysqld.dll!mysql_query(st_mysql * mysql=0x00973940, const char * query=0x00423058) Line 1021 C
bug5003.exe!db_do_query(st_mysql * db=0x00973940, const char * query=0x00423058) Line 129 + 0xd C++
bug5003.exe!main(int argc=1, char * * argv=0x00880ff0) Line 78 + 0xd C++
bug5003.exe!mainCRTStartup() Line 206 + 0x19 C
kernel32.dll!77e714c7()
ntdll.dll!77f944a8()
[17 Aug 2004 23:11]
MySQL Verification Team
On Linux:
Program received signal SIGSEGV, Segmentation fault.
key_cmp (key_part=0xa5a5a5a5, key=0x8689770 "", key_length=23) at key.cc:331
331 store_length= key_part->store_length;
Current language: auto; currently c++
(gdb) backtrace full
#0 key_cmp (key_part=0xa5a5a5a5, key=0x8689770 "", key_length=23) at key.cc:331
cmp = 141072263
end = (const byte *) 0x8689787 "? ?V\bH\227h\b"
store_length = 3221219632
#1 0x0811d690 in handler::compare_key (this=0x8684260, range=0x86842bc) at handler.cc:1485
cmp = 141072263
#2 0x0811d535 in handler::read_range_first (this=0x8684260, start_key=0xbfffe940, end_key=0xbfffe930)
at handler.cc:1424
eq_range_arg = Cannot access memory at address 0x0
(gdb)
[20 Aug 2004 18:52]
Alexey Botchkov
Actually it's not embedded-library specific bug. That kind of query crashes the standalone server on my Linux as well.
[20 Aug 2004 23:29]
MySQL Verification Team
You are right HF. I also verified it.
[21 Aug 2004 20:51]
Alexey Botchkov
Sorry, didn't notice the bug was reassigned still here is proposed patch by me: bk commit - 4.1 tree (hf:1.1997) BUG#5003
[24 Aug 2004 12:14]
Alexey Botchkov
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.
If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information
about accessing the source trees is available at
http://www.mysql.com/doc/en/Installing_source_tree.html
Description: select on a table with subquery in where clause is crashing under special conditions: 1. The where clause in the subquery contains a like. 2. An index is used. 3. The subselect selects the minimum of an indexed column. This error does not occur in the server. How to repeat: DROP TABLE izaVorgang CASCADE; CREATE TABLE `IZAVORGANG`(`IZAVORGANG_ID` VARCHAR(11) CHARACTER SET latin1 COLLATE latin1_bin,`KUERZEL` VARCHAR(10) CHARACTER SET latin1 COLLATE latin1_bin,`IZAANALYSEART_ID` VARCHAR(11) CHARACTER SET latin1 COLLATE latin1_bin,`IZAPMKZ_ID` VARCHAR(11) CHARACTER SET latin1 COLLATE latin1_bin) engine=InnoDB; ALTER TABLE izaVorgang ADD CONSTRAINT PKIZAVORGANG PRIMARY KEY(izaVorgang_id); CREATE INDEX AK01izaVorgang ON izaVorgang(izaAnalyseart_id,Kuerzel); INSERT INTO `IZAVORGANG`(`IZAVORGANG_ID`,`KUERZEL`,`IZAANALYSEART_ID`,`IZAPMKZ_ID`)VALUES('D0000000001','601','D0000000001','I0000000001'); INSERT INTO `IZAVORGANG`(`IZAVORGANG_ID`,`KUERZEL`,`IZAANALYSEART_ID`,`IZAPMKZ_ID`)VALUES('D0000000002','602','D0000000001','I0000000001'); INSERT INTO `IZAVORGANG`(`IZAVORGANG_ID`,`KUERZEL`,`IZAANALYSEART_ID`,`IZAPMKZ_ID`)VALUES('D0000000003','603','D0000000001','I0000000001'); INSERT INTO `IZAVORGANG`(`IZAVORGANG_ID`,`KUERZEL`,`IZAANALYSEART_ID`,`IZAPMKZ_ID`)VALUES('D0000000004','101','D0000000001','I0000000001'); SELECT `IZAVORGANG_ID` `izaVorgang_id` FROM izaVorgang WHERE `KUERZEL` IN(SELECT MIN(`KUERZEL`)`Feld1` FROM izaVorgang WHERE `KUERZEL` LIKE'601%'And((`IZAANALYSEART_ID`='D0000000001'And `IZAPMKZ_ID`='I0000000001')))And((`IZAANALYSEART_ID`='D0000000001'And `IZAPMKZ_ID`='I0000000001'));