Bug #57203 Assertion `field_length <= 255' failed.
Submitted: 3 Oct 2010 10:55 Modified: 11 Dec 2010 17:44
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Optimizer Severity:S1 (Critical)
Version:5.5.7-debug OS:Any
Assigned to: Tor Didriksen CPU Architecture:Any
Tags: regression

[3 Oct 2010 10:55] Shane Bester
Description:
5.5.6 stack:
Version: '5.5.6-rc-debug'  socket: ''  port: 3306  MySQL Community Server - Debug (GPL)
Assertion failed: field_length <= 255, file ..\..\mysql-5.5.6-rc\sql\field.cc, line 4515

my_sigabrt_handler()[my_thr_init.c:521]
raise()[winsig.c:597]
abort()[abort.c:78]
_wassert()[assert.c:163]
Field_double::val_str()[field.cc:4515]
Field::val_str()[field.h:159]
Protocol_text::store()[protocol.cc:1134]
Item_field::send()[item.cc:5979]
Protocol::send_result_set_row()[protocol.cc:866]
select_send::send_data()[sql_class.cc:1769]
end_send()[sql_select.cc:12537]
evaluate_join_record()[sql_select.cc:11754]
sub_select()[sql_select.cc:11630]
do_select()[sql_select.cc:11395]
JOIN::exec()[sql_select.cc:2347]
mysql_select()[sql_select.cc:2543]
handle_select()[sql_select.cc:296]
execute_sqlcom_select()[sql_parse.cc:4565]
mysql_execute_command()[sql_parse.cc:2175]
mysql_parse()[sql_parse.cc:5594]
dispatch_command()[sql_parse.cc:1142]
do_command()[sql_parse.cc:811]
do_handle_one_connection()[sql_connect.cc:1191]
handle_one_connection()[sql_connect.cc:1131]

How to repeat:
#in debug build:

drop table if exists `t1`;
create table `t1`(`a` text)engine=myisam;
insert into `t1` values (''),('');
select avg(distinct(`t1`.`a`)) from `t1`,`t1` `t2`
group by `t2`.`a` order by `t1`.`a`;
[3 Oct 2010 12:52] Valeriy Kravchuk
With current mysql-5.5 tree it is repeatable:

openxs@ubuntu:~/dbs/5.5$ bin/mysql --no-defaults -uroot --socket=/tmp/vk.sock test
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.5.7-rc-debug Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> drop table if exists `t1`;
Query OK, 0 rows affected, 1 warning (0.01 sec)

mysql> create table `t1`(`a` text)engine=myisam;
Query OK, 0 rows affected (0.03 sec)

mysql> insert into `t1` values (''),('');
Query OK, 2 rows affected (0.00 sec)
Records: 2  Duplicates: 0  Warnings: 0

mysql> select avg(distinct(`t1`.`a`)) from `t1`,`t1` `t2`
    -> group by `t2`.`a` order by `t1`.`a`;
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql> 101003 15:48:32 mysqld_safe Number of processes running now: 0
101003 15:48:32 mysqld_safe mysqld restarted

mysql> exit
Bye
openxs@ubuntu:~/dbs/5.5$ tail -80 var/ubuntu.err 
101003 15:47:02 [Note] /home/openxs/dbs/5.5/libexec/mysqld: ready for connections.
Version: '5.5.7-rc-debug'  socket: '/tmp/vk.sock'  port: 9999  Source distribution
mysqld: field.cc:4515: virtual String* Field_double::val_str(String*, String*): Assertion `field_length <= 255' failed.
101003 15:48:32 - mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=8388608
read_buffer_size=131072
max_used_connections=1
max_threads=151
thread_count=1
connection_count=1
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 337925 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0xa87ec60
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0xa702835c thread_stack 0x30000
/home/openxs/dbs/5.5/libexec/mysqld(my_print_stacktrace+0x26)[0x863a838]
/home/openxs/dbs/5.5/libexec/mysqld(handle_segfault+0x2dd)[0x827be54]
[0xa8f400]
/lib/tls/i686/cmov/libc.so.6(abort+0x182)[0x13da82]
/lib/tls/i686/cmov/libc.so.6(__assert_fail+0xf8)[0x133718]
/home/openxs/dbs/5.5/libexec/mysqld(_ZN12Field_double7val_strEP6StringS1_+0x9b)[0x82487b1]
/home/openxs/dbs/5.5/libexec/mysqld(_ZN5Field7val_strEP6String+0x26)[0x81c3ef2]
/home/openxs/dbs/5.5/libexec/mysqld(_ZN13Protocol_text5storeEP5Field+0x115)[0x8271cc3]
/home/openxs/dbs/5.5/libexec/mysqld(_ZN10Item_field4sendEP8ProtocolP6String+0x22)[0x81bd020]
/home/openxs/dbs/5.5/libexec/mysqld(_ZN8Protocol19send_result_set_rowEP4ListI4ItemE+0xda)[0x8270f30]
/home/openxs/dbs/5.5/libexec/mysqld(_ZN11select_send9send_dataER4ListI4ItemE+0xc3)[0x8263093]
/home/openxs/dbs/5.5/libexec/mysqld[0x8319509]
/home/openxs/dbs/5.5/libexec/mysqld[0x8317899]
/home/openxs/dbs/5.5/libexec/mysqld(_Z10sub_selectP4JOINP13st_join_tableb+0xc0)[0x8317576]
/home/openxs/dbs/5.5/libexec/mysqld[0x831716c]
/home/openxs/dbs/5.5/libexec/mysqld(_ZN4JOIN4execEv+0x20bf)[0x830206d]
/home/openxs/dbs/5.5/libexec/mysqld(_Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x2fd)[0x8302704]
/home/openxs/dbs/5.5/libexec/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x1c2)[0x82fb6f8]
/home/openxs/dbs/5.5/libexec/mysqld[0x829501f]
/home/openxs/dbs/5.5/libexec/mysqld(_Z21mysql_execute_commandP3THD+0x9d0)[0x828d668]
/home/openxs/dbs/5.5/libexec/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x1d6)[0x8296ea5]
/home/openxs/dbs/5.5/libexec/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x9ce)[0x828b10f]
/home/openxs/dbs/5.5/libexec/mysqld(_Z10do_commandP3THD+0x242)[0x828a547]
/home/openxs/dbs/5.5/libexec/mysqld(_Z24do_handle_one_connectionP3THD+0x199)[0x82887b1]
/home/openxs/dbs/5.5/libexec/mysqld(handle_one_connection+0x28)[0x8288611]
/lib/tls/i686/cmov/libpthread.so.0(+0x596e)[0xae396e]
/lib/tls/i686/cmov/libc.so.6(clone+0x5e)[0x1dda4e]
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0xa890080 = select avg(distinct(`t1`.`a`)) from `t1`,`t1` `t2`
group by `t2`.`a` order by `t1`.`a`
thd->thread_id=1
thd->killed=NOT_KILLED
...

openxs@ubuntu:/home2/openxs/bzr2/mysql-5.5$ bzr log --show-ids -l1
------------------------------------------------------------
revno: 3088 [merge]
revision-id: alexander.nozdrin@oracle.com-20101002180831-590ka2tuit9qoxbb
parent: alik@sun.com-20100928153459-4nudf4zgzlou4s7q
parent: alik@sun.com-20100928154245-3nsrtpexiew6898r
committer: Alexander Nozdrin <alexander.nozdrin@oracle.com>
branch nick: mysql-5.5
timestamp: Sat 2010-10-02 22:08:31 +0400
message:
  Auto-merge from mysql-5.5-stage (used to be mysql-5.5-bugfixing).
------------------------------------------------------------

It can be even a recent regression (or bug that appears and disappears after random merges :)
[15 Oct 2010 15:22] Tor Didriksen
Introduced by the fix for
Bug #55077 Assertion failed: width > 0 && to != ((void *)0), file .\dtoa.c

Not specific to TEXT/BLOB, varchar(300) gives crash as well.
[18 Oct 2010 7:28] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/120933

3247 Tor Didriksen	2010-10-18
      Bug #57203 Assertion `field_length <= 255' failed.
      
      After the fix for
      Bug #55077 Assertion failed: width > 0 && to != ((void *)0), file .\dtoa.c
      we no longer try to allocate a string of length 'field_length'
      so the asserts can be removed.
     @ mysql-test/r/select.result
        Add test case for Bug#57203
     @ mysql-test/t/select.test
        Add test case for Bug#57203
     @ sql/field.cc
        Remove the DBUG_ASSERTS on field_length.
[18 Oct 2010 12:38] MySQL Verification Team
Hi Tor!

Here's a testcase without using any data/tables:

select  
coalesce((avg(distinct (-31872))),
((32767 in (62412,3388299906,91))),
(count(*)),
(avg(distinct (geomfromtext("point(25379 -22010)"))))) 
union all 
select coalesce((avg(distinct (-31872))),
((32767 in (62412,3388299906,91))),
(count(*)),
(avg(distinct (geomfromtext("point(25379 -22010)")))));
[18 Oct 2010 13:13] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/120972

3247 Tor Didriksen	2010-10-18
      Bug #57203 Assertion `field_length <= 255' failed.
      
      After the fix for
      Bug #55077 Assertion failed: width > 0 && to != ((void *)0), file .\dtoa.c
      we no longer try to allocate a string of length 'field_length'
      so the asserts can be removed.
     @ mysql-test/r/select.result
        Add test case for Bug#57203
     @ mysql-test/t/select.test
        Add test case for Bug#57203
     @ sql/field.cc
        Remove the DBUG_ASSERTS on field_length.
[18 Oct 2010 16:37] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/121006

3250 Tor Didriksen	2010-10-18
      Bug #57203 Assertion `field_length <= 255' failed.
      
      After the fix for
      Bug #55077 Assertion failed: width > 0 && to != ((void *)0), file .\dtoa.c
      we no longer try to allocate a string of length 'field_length'
      so the asserts are relevant only for ZEROFILL columns.
     @ mysql-test/r/select.result
        Add test case for Bug#57203
     @ mysql-test/t/select.test
        Add test case for Bug#57203
     @ sql/field.cc
        Rewrite the DBUG_ASSERTS on field_length.
[19 Oct 2010 6:46] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/121055

3251 Tor Didriksen	2010-10-19
      Bug #57203 Assertion `field_length <= 255' failed.
      
      After the fix for
      Bug #55077 Assertion failed: width > 0 && to != ((void *)0), file .\dtoa.c
      we no longer try to allocate a string of length 'field_length'
      so the asserts are relevant only for ZEROFILL columns.
     @ mysql-test/r/select.result
        Add test case for Bug#57203
     @ mysql-test/t/select.test
        Add test case for Bug#57203
     @ sql/field.cc
        Rewrite the DBUG_ASSERTS on field_length.
[19 Oct 2010 11:39] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/121113

3254 Tor Didriksen	2010-10-19
      Bug #57203 Assertion `field_length <= 255' failed.
      
      After the fix for
      Bug #55077 Assertion failed: width > 0 && to != ((void *)0), file .\dtoa.c
      we no longer try to allocate a string of length 'field_length'
      so the asserts are relevant only for ZEROFILL columns.
     @ mysql-test/r/select.result
        Add test case for Bug#57203
     @ mysql-test/t/select.test
        Add test case for Bug#57203
     @ sql/field.cc
        Rewrite the DBUG_ASSERTS on field_length.
[19 Oct 2010 11:55] Tor Didriksen
Pushed to
trunk-merge
5.5-bugteam
[13 Nov 2010 16:06] Bugs System
Pushed into mysql-trunk 5.6.99-m5 (revid:alexander.nozdrin@oracle.com-20101113155825-czmva9kg4n31anmu) (version source revid:alexander.nozdrin@oracle.com-20101113152450-2zzcm50e7i4j35v7) (merge vers: 5.6.1-m4) (pib:21)
[13 Nov 2010 16:33] Bugs System
Pushed into mysql-next-mr (revid:alexander.nozdrin@oracle.com-20101113160336-atmtmfb3mzm4pz4i) (version source revid:vasil.dimov@oracle.com-20100629074804-359l9m9gniauxr94) (pib:21)
[11 Dec 2010 17:44] Paul Dubois
Noted in 5.5.8 changelog.

In debug builds, an assertion could be raised during conversion of
strings to floating-point values.
[16 Dec 2010 22:28] Bugs System
Pushed into mysql-5.5 5.5.9 (revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (version source revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (merge vers: 5.5.9) (pib:24)