Bug #50390 mysqld crashes when trying to access specific myisam table
Submitted: 16 Jan 2010 5:55 Modified: 29 Mar 2012 12:34
Reporter: Donna Harmon Email Updates:
Status: Won't fix Impact on me:
None 
Category:MySQL Server: MyISAM storage engine Severity:S1 (Critical)
Version:4.1.25, 5.0.92, 5.1.51, 5.5.8 OS:Any (solaris, linux)
Assigned to: CPU Architecture:Any

[16 Jan 2010 5:55] Donna Harmon
Description:
Tested on Solaris 10 U6 Versions tested in: 5.0.89, 5.1.42
Tested on Mac OS X 10.5  Versions tested in: 5.1.42

On Solaris:

A particular table, .MYD is zero file size, crashes mysqld when accessing SHOW TABLES; also unable to mysqldump table which also crashes the server as well as mysql_upgrade which fails with:

mysqlcheck: Got error: 2013: Lost connection to MySQL server during query when executing 'CHECK TABLE ...  FOR UPGRADE'.  

Appears to crash in openfrm

 --- called from signal handler with signal 11 (SIGSEGV) ---
 00000000006e5041 __1cHopenfrm6FpnDTHD_pkc3IIIpnIst_table__i_ () + 1b41

On Mac OS X 10.5 the server does *not* crash

SHOW TABLES will show the table but:

mysql> SELECT * FROM table_name;
ERROR 1033 (HY000): Incorrect information in file: './database_name/table_name.frm'

mysqlcheck shows same
Error    : Incorrect information in file: './database_name/table_name.frm'
error    : Corrupt

mysqldump basically the same:
mysqldump: Got error: 1033: Incorrect information in file: './database_name/table_name.frm' when using LOCK TABLES

How to repeat:
Using corrupt table:
SHOW TABLES; OR SELECT * FROM table_name;

I've uploaded the pstack output and .frm, .MYI, .MYD files in the private section.

Suggested fix:
Whatever will not crash the server when hitting corrupt data.
[23 Oct 2010 12:09] MySQL Verification Team
All, the incorrect MYI, MYD, .frm was uploaded the bug.  I will upload the proper one shortly.  This is why I didn't find a problem as per last comment.

5.5.8 on linux crashes with the following [cut] stack trace when opening it.

(gdb) bt
#0   open_binary_frm                ./sql/table.cc:1496
#1   open_table_def                 ./sql/table.cc:701
#2   get_table_share                ./sql/sql_base.cc:545
#3   get_table_share_with_discover  ./sql/sql_base.cc:617
#4   open_table                     ./sql/sql_base.cc:2867
#5   open_and_process_table         ./sql/sql_base.cc:4333
#6   open_tables                    ./sql/sql_base.cc:4764
#7   open_normal_and_derived_tables ./sql/sql_base.cc:5413
#8   get_all_tables                 ./sql/sql_show.cc:3630
#9   get_schema_tables_result       ./sql/sql_show.cc:6678
#10  JOIN::exec                     ./sql/sql_select.cc:1895
#11  mysql_select                   ./sql/sql_select.cc:2558
#12  handle_select                  ./sql/sql_select.cc:296
#13  execute_sqlcom_select          ./sql/sql_parse.cc:4463
#14  mysql_execute_command          ./sql/sql_parse.cc:2065
#15  mysql_parse                    ./sql/sql_parse.cc:5499
#16  dispatch_command               ./sql/sql_parse.cc:1029
#17  do_command                     ./sql/sql_parse.cc:769
#18  do_handle_one_connection       ./sql/sql_connect.cc:745
#19  handle_one_connection          ./sql/sql_connect.cc:684
#20  start_thread  
#21  clone 
Full gdb.txt file will be in the .zip which I am attaching with the table files.
[23 Oct 2010 12:12] MySQL Verification Team
some details....

Attachment: bug50390_5.5.8-debug_gdb_outputs.txt (text/plain), 11.73 KiB.

[23 Oct 2010 12:22] MySQL Verification Team
full outputs from valgrind...

Attachment: bug50390_5.0.92-debug_valgrind_outputs.txt (text/plain), 3.56 KiB.

[23 Oct 2010 13:35] MySQL Verification Team
This particular table crashes all versions from 4.0, 4.1, 5.0, 5.1, and 5.5.
Therefore the table wasn't crashing as a result of a binary upgrade done improperly.

I think the scope of the bugfix could be to include a little more error checking for invalid code paths taken opening a corrupted table definition.