Bug #5313 Fetching a zero length string makes mysqld crash
Submitted: 31 Aug 2004 11:57 Modified: 14 Jan 2005 18:03
Reporter: NOT_FOUND NOT_FOUND Email Updates:
Status: Closed Impact on me:
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0.1-alpha-max-log OS:SunOS 5.8
Assigned to: Bugs System CPU Architecture:Any

[31 Aug 2004 11:57] NOT_FOUND NOT_FOUND
When a cursor, within a stored procedure, fetches a zero length string, mysqld crashes.

Looks the same as bug #4941, but the crash is caused by the fetch, not on the open statement.

How to repeat:
use mysql;

drop    table if exists myTable;

create  table myTable(
        msg     varchar(255)    not null);

insert  into    myTable values("");

drop    procedure if exists myProc;

delimiter //

create  procedure myProc()
sql security invoker

declare w_msg   varchar(255);

declare myCursor cursor for
        select  msg
                from    myTable;

open    myCursor;

while   1 = 1 do
        fetch   myCursor
                into    w_msg;
end while;


delimiter ;

call myProc();
[31 Aug 2004 12:55] MySQL Verification Team
Verified on 5.0.2-alpha-debug-log

#0  0x0825543b in sp_cursor::fetch (this=0x879a690, thd=0x878b520, vars=0x87a2b1c) at sp_rcontext.cc:240
#1  0x0825360e in sp_instr_cfetch::execute (this=0x87a2b00, thd=0x878b520, nextp=0xbe5ff1c0) at sp_head.cc:1650
#2  0x08250151 in sp_head::execute (this=0x87a2490, thd=0x878b520) at sp_head.cc:464
#3  0x082508c9 in sp_head::execute_procedure (this=0x87a2490, thd=0x878b520, args=0x878b94c) at sp_head.cc:677
#4  0x0816f740 in mysql_execute_command (thd=0x878b520) at sql_parse.cc:3667
#5  0x08171009 in mysql_parse (thd=0x878b520, inBuf=0x879a3e0 "call myProc()", length=13) at sql_parse.cc:4432
#6  0x0816a492 in dispatch_command (command=COM_QUERY, thd=0x878b520, packet=0x8796381 "call myProc()",
    packet_length=14) at sql_parse.cc:1514
#7  0x08169d9c in do_command (thd=0x878b520) at sql_parse.cc:1296
#8  0x0816930c in handle_one_connection (arg=0x878b520) at sql_parse.cc:1032
#9  0x4016314b in pthread_start_thread () from /lib/libpthread.so.0
#10 0x401631df in pthread_start_thread_event () from /lib/libpthread.so.0
#11 0x402df50a in clone () from /lib/libc.so.6
[14 Jan 2005 18:03] Per-Erik Martin
This is no longer repeatable with the current 5.0.
(The given test case results in "ERROR 1329 (02000): No data to FETCH", as expected.)