Bug #570 | Crash using an UPDATE with ORDER BY | ||
---|---|---|---|
Submitted: | 2 Jun 2003 14:25 | Modified: | 3 Jul 2003 6:46 |
Reporter: | [ name withheld ] | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server | Severity: | S1 (Critical) |
Version: | 4.0.13 | OS: | Windows (Windows 2000 / Linux) |
Assigned to: | Alexey Botchkov | CPU Architecture: | Any |
[2 Jun 2003 14:25]
[ name withheld ]
[2 Jun 2003 14:54]
Heikki Tuuri
Hi! I was able to repeat this in Linux in 4.0.14. It is not a multi-table update, but an ordinary update. Looks like the db_name field in an 'Item' struct is NULL. (gdb) print *item $2 = {<Item_ident> = {<Item> = {str_value = {Ptr = 0x0, str_length = 0, Alloced_length = 0, alloced = false}, name = 0x887f728 "vornr", next = 0x887f6a8, max_length = 0, marker = 0 '\000', decimals = 0 '\000', maybe_null = 0 '\000', null_value = 0 '\000', binary = 0 '\000', unsigned_flag = 0 '\000', with_sum_func = 0 '\000', _vptr.Item = 0x834cc00}, db_name = 0x0, table_name = 0x887f720 "afv", field_name = 0x887f728 "vornr"}, field = 0x0, result_field = 0x0} (gdb) bt #0 strcmp (p1=0x0, p2=0x887f720 "afv") at ../sysdeps/generic/strcmp.c:38 #1 0x08093333 in find_field_in_tables (thd=0x8879e60, item=0x887f730, tables=0xbe7ff654) at sql_base.cc:1718 #2 0x0804af31 in Item_field::fix_fields (this=0x887f730, thd=0x8879e60, tables=0xbe7ff654) at item.cc:333 #3 0x080a5c12 in find_order_in_list (thd=0x8879e60, tables=0xbe7ff654, order=0x887f770, fields=@0xbe7ff644, all_fields=@0xbe7ff644) at sql_select.cc:6607 #4 0x080a5cbb in setup_order (thd=0x8879e60, tables=0xbe7ff654, fields=@0xbe7ff644, all_fields=@0xbe7ff644, order=0x887f770) at sql_select.cc:6626 #5 0x080ac3e8 in mysql_update (thd=0x8879e60, table_list=0x887f158, fields=@0x887a014, values=@0x887a158, conds=0x887f6a8, order=0x887f770, limit=1, handle_duplicates=DUP_ERROR) at sql_update.cc:93 #6 0x0807f477 in mysql_execute_command () at sql_parse.cc:1887 #7 0x08081d7c in mysql_parse (thd=0x8879e60, inBuf=0x887f078 "UPDATE afv SET afv.xstatus_vor = Greatest(afv.xstatus_vor,1 ) WHERE\nafv.aufnr = \"40004712\" AND afv.plnfl = \"000001\" AND afv.vornr > \"0 010\"\nORDER BY afv.vornr ASC LIMIT 1", length=168) at sql_parse.cc:2899 #8 0x0807cf40 in dispatch_command (command=COM_QUERY, thd=0x8879e60, packet=0x88929d1 "UPDATE afv SET afv.xstatus_vor = Greatest(afv.xstatus_vor, 1) WHERE\nafv.aufnr = \"40004712\" AND afv.plnfl = \"000001\" AND afv.vornr > \" 0010\"\nORDER BY afv.vornr ASC LIMIT 1", packet_length=169) at sql_parse.cc:1049 #9 0x0807c9a5 in do_command (thd=0x8879e60) at sql_parse.cc:924 #10 0x0807c05e in handle_one_connection (arg=0x8879e60) at sql_parse.cc:714 #11 0x0820284a in pthread_start_thread (arg=0xbe7ffc00) at manager.c:291 #12 0x08202885 in pthread_start_thread_event () at manager.c:315 (gdb) Regards, Heikki
[2 Jun 2003 15:31]
MySQL Verification Team
I verify on Windows 4.0.13, the crash occurs at: /sql/sql_base.cpp --1715-- for (; tables ; tables=tables->next) { if (!strcmp(tables->alias,table_name) && (!db || !strcmp(db,tables->db))) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ back trace on windows: mysqld.exe!strcmp() Line 77 Asm > mysqld.exe!find_field_in_tables(THD * thd=0x01138040, Item_field * item=0x01133078, st_table_list * tables=0x0641f76c) Line 1718 + 0x10 C++ mysqld.exe!Item_field::fix_fields(THD * thd=0x01138040, st_table_list * tables=0x0641f76c) Line 333 + 0x11 C++ mysqld.exe!find_order_in_list(THD * thd=0x01138040, st_table_list * tables=0x0641f76c, st_order * order=0x011330b8, List<Item> & fields={...}, List<Item> & all_fields={...}) Line 6607 + 0x1f C++ mysqld.exe!setup_order(THD * thd=0x01138040, st_table_list * tables=0x0641f76c, List<Item> & fields={...}, List<Item> & all_fields={...}, st_order * order=0x011330b8) Line 6626 + 0x19 C++ mysqld.exe!mysql_update(THD * thd=0x01138040, st_table_list * table_list=0x01132af8, List<Item> & fields={...}, List<Item> & values={...}, Item * conds=0x01133000, st_order * order=0x011330b8, unsigned long limit=1, enum_duplicates handle_duplicates=DUP_ERROR) Line 93 + 0x4a C++ mysqld.exe!mysql_execute_command() Line 1875 + 0x3d C++ mysqld.exe!mysql_parse(THD * thd=0x01138040, char * inBuf=0x01132a20, unsigned int length=168) Line 2888 C++ mysqld.exe!dispatch_command(enum_server_command command=COM_QUERY, THD * thd=0x01138040, char * packet=0x01143051, unsigned int packet_length=168) Line 1049 + 0x17 C++ mysqld.exe!do_command(THD * thd=0x01138040) Line 924 + 0x37 C++ mysqld.exe!handle_one_connection(void * arg=0x01138040) Line 714 + 0x9 C++ mysqld.exe!pthread_start(void * param=0x01145c28) Line 63 + 0x7 C mysqld.exe!_threadstart(void * ptd=0x01145e50) Line 173 + 0xd C KERNEL32.DLL!77e8b2d8()
[5 Jun 2003 10:26]
[ name withheld ]
removed "multi-table" (Seems I was kind of absentminded while reporting this) and "Windows" from subject, since someone already verified this bug using Linux.
[3 Jul 2003 6:46]
Alexey Botchkov
Thank you for your bug report. This issue has been fixed in the latest development tree for that product. You can find more information about accessing our development trees at http://www.mysql.com/doc/en/Installing_source_tree.html