Bug #5691 Segment fault when performing like on mysql.user table
Submitted: 22 Sep 2004 6:37 Modified: 5 Oct 2004 9:35
Reporter: James Barwick Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: MyISAM storage engine Severity:S1 (Critical)
Version:4.1.4a-gamma OS:Linux (Linux (SuSE 9.1))
Assigned to: CPU Architecture:Any

[22 Sep 2004 6:37] James Barwick 
Description:
login to mysql server with mysql client (local socket connection):

mysql>select * from user where host like '%name%';

mysqld_safe segfaults

Note:  REGEXP function also segfaults on this server.
Note:  select * from mytable where name like '%abcd%' does not appear to segfault the server.  REGEXP ALWAYS fails and results in mysqld segfaulting

Default characterset is UTF-8
SuSE 9.1 
LC_TYPE=en_US.UTF-8
LANG=en_US.UTF-8

my.cnf
[mysqld]
port            = 3306
socket          = /var/lib/mysql/mysql.sock
skip-locking
key_buffer = 16M
max_allowed_packet = 1M
table_cache = 64
sort_buffer_size = 512K
net_buffer_length = 8K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
max_connections=10

./configure \
  --prefix=/var/lib/mysql \
  --exec-prefix=/usr \
  --bindir=/usr/bin \
  --sbindir=/usr/sbin \
  --libexecdir=/usr/libexec \
  --datadir=/usr/share \
  --sysconfdir=/etc \
  --sharedstatedir=/usr/com \
  --localstatedir=/var/lib/mysql \
  --libdir=/usr/lib \
  --includedir=/usr/include \
  --infodir=/usr/info \
  --mandir=/usr/man \
  --enable-thread-safe-client \
  --enable-local-infile \
  --with-unix-socket-path=/var/lib/mysql/mysql.sock \
  --with-tcp-port=3306 \
  --with-mysqld-user=mysql \
  --with-debug \
  --with-openssl \
  --with-charset=utf8 \
  --with-collation=utf8_general_ci \
  --with-extra-charsets=all \
  --with-isam \
  --with-pthreads \
  --without-readline \
  --without-libedit \
  --enable-assembler

Stack dump below:

0x8167d1f handle_segfault + 575
0xffffe420 _end + -140326960
0x86dd346 _end + 1095414
0x810d518 _ZN14Item_func_like7val_intEv + 216
0x81a9057 _Z10sub_selectP4JOINP13st_join_tableb + 311
0x81ab9af _Z9do_selectP4JOINP4ListI4ItemEP8st_tableP9Procedure + 207
0x81b65ee _ZN4JOIN4execEv + 4830
0x81b34d7 _Z12mysql_selectP3THDPPP4ItemP13st_table_listjR4ListIS1_ES2_jP8st_orderSB_S2_SB_mP13select_resultP18st_select_lex_unitP13st_sel + 151
0x81b76b6 _Z13handle_selectP3THDP6st_lexP13select_result + 182
0x818069b _Z21mysql_execute_commandP3THD + 13899
0x818478a _Z11mysql_parseP3THDPcj + 330
0x818627d _Z16dispatch_command19enum_server_commandP3THDPcj + 2381
0x8187719 handle_one_connection + 2377
0x4017a9dd _end + 934972813
0x4036a64a _end + 937003514

results occur with or without debug symbols
results occur with mit-threads or pthreads
results occur with or without enable-assembler 
results occur with or without readline and/or libedit

How to repeat:
just do the select statement
[22 Sep 2004 7:36] James Barwick 
disregard.  Problem goes away with 4.1.5a-gamma