Bug #57735 BETWEEN in pushed condition cause garbage to be read in ::unpack_record()
Submitted: 26 Oct 2010 11:26 Modified: 10 Nov 2010 14:31
Reporter: Ole John Aske Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Cluster: Cluster (NDB) storage engine Severity:S2 (Serious)
Version:mysql-5.1-telco-7.1 OS:Any
Assigned to: Martin Skold
Tags: 5.1.51-ndb-7.1.9
Triage: Triaged: D3 (Medium) / R3 (Medium) / E3 (Medium)

[26 Oct 2010 11:26] Ole John Aske
Description:
Simple analysis after some debugging:

ha_ndbcluster::read_multi_range_first() will attempt to push the BETWEEN condition 'WHERE 4 BETWEEN 1+1 AND col' 

::generate_scan_filter() returns '!= 0' which indicates an error, without
the following ::getNdbError() being able to retrieve an error, 
ha_ndbcluster.cc line ~11823:

...............................
        if (m_cond && m_cond->generate_scan_filter(&code, &options))
          ERR_RETURN(code.getNdbError());  <-- RETURNS '0' !!!!
...............................

This cause the callee to assume that the MRR request was executed, and it continue reading / ::unpack_record() which only will contain garbage.

This cause either an assert, or sometimes, mysqld stuck with 100% CPU.

How to repeat:
create table t (pk int primary key, col int, key (col)) engine=ndb;
insert into t values (2,2);  # Actually obsolete, also crash w/ empty table

set engine_condition_pushdown=1;
SELECT pk FROM t WHERE 4 BETWEEN 1+1 AND col;
[8 Nov 2010 8:02] Ole John Aske
Changing the query to:

SELECT pk FROM t WHERE NOT 4 BETWEEN 1+1 AND col;

Cause mysqld to get stuck with 100% CPU consumption.
Thus bug is currently a serious showstopper for doing extensive RQG testing on the SPJ branch as we normally get stuck after a few thousand queries.

I suspect this to be a regression as we have easily completed > 1M queries before.
[9 Nov 2010 10:15] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123201

3134 Martin Skold	2010-11-09
      Bug#57735 BETWEEN in pushed condition cause garbage to be read in ::unpack_record(): disabled pushing conditions with functions to be evaluated during rewrite (of IN/BETWEEN)
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 10:28] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123207

3322 Martin Skold	2010-11-09 [merge]
      Merge
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 10:33] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123208

3892 Martin Skold	2010-11-09 [merge]
      Merge
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 10:38] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123211

3964 Martin Skold	2010-11-09 [merge]
      Merge
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 10:53] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123213

3973 Martin Skold	2010-11-09 [merge]
      Merge
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 11:02] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123214

3138 Martin Skold	2010-11-09 [merge]
      Merge
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 11:02] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123215

3336 Martin Skold	2010-11-09 [merge]
      Merge
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 13:52] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123260

3138 Martin Skold	2010-11-09
      Bug#57735 BETWEEN in pushed condition cause garbage to be read in ::unpack_record(): disabled pushing conditions with functions to be evaluated during rewrite (of IN/BETWEEN)
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 13:54] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123261

3336 Martin Skold	2010-11-09 [merge]
      Merge
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 13:55] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123263

3976 Martin Skold	2010-11-09 [merge]
      Merge
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 13:56] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123264

3966 Martin Skold	2010-11-09 [merge]
      Merge
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 18:38] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123321

3971 Martin Skold	2010-11-09 [merge]
      Merge
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 18:39] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123322

3987 Martin Skold	2010-11-09 [merge]
      Merge
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 18:39] Bugs System
Pushed into mysql-5.1-telco-7.0 5.1.51-ndb-7.0.21 (revid:martin.skold@mysql.com-20101109183858-5luh33jqpoo4jpxg) (version source revid:martin.skold@mysql.com-20101109183858-5luh33jqpoo4jpxg) (merge vers: 5.1.51-ndb-7.0.21) (pib:21)
[9 Nov 2010 18:40] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123323

3336 Martin Skold	2010-11-09 [merge]
      Merge
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 18:40] Bugs System
Pushed into mysql-5.1-telco-6.3 5.1.51-ndb-6.3.40 (revid:martin.skold@mysql.com-20101109183950-34qrzl7kg325e2wo) (version source revid:martin.skold@mysql.com-20101109183950-34qrzl7kg325e2wo) (merge vers: 5.1.51-ndb-6.3.40) (pib:21)
[9 Nov 2010 18:40] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/123325

3138 Martin Skold	2010-11-09 [merge]
      Merge
      modified:
        mysql-test/suite/ndb/r/ndb_condition_pushdown.result
        mysql-test/suite/ndb/t/ndb_condition_pushdown.test
        sql/ha_ndbcluster_cond.cc
[9 Nov 2010 18:41] Bugs System
Pushed into mysql-5.1-telco-6.2 5.1.51-ndb-6.2.19 (revid:martin.skold@mysql.com-20101109184036-83qsd1qjcrff0j1n) (version source revid:martin.skold@mysql.com-20101109184036-83qsd1qjcrff0j1n) (merge vers: 5.1.51-ndb-6.2.19) (pib:21)
[10 Nov 2010 14:31] Jon Stephens
Documented bugfix in the NDB-6.3.40, 7.0.21, and 7.1.10 changelogs, as follows:

        A query using BETWEEN as part of a pushed-down WHERE condition
        could cause mysqld to hang or crash.

Closed.