Bug #58005 utf8 + get_format causes failed assertion: `!str || str != Ptr'
Submitted: 5 Nov 2010 6:32 Modified: 17 Dec 2010 3:42
Reporter: Shane Bester (Platinum Quality Contributor) Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Charsets Severity:S1 (Critical)
Version:5.1.53-debug, 5.5.8-debug OS:Any
Assigned to: Alexander Barkov CPU Architecture:Any
Tags: get_format, regression

[5 Nov 2010 6:32] Shane Bester
5.5.8-debug stack trace:

(gdb) bt
#0  in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  in abort () at abort.c:92
#2  in __assert_fail (assertion=0xb4a129 "!str || str != Ptr", file=<value optimized out>, line=274, function=<value optimized out>) at assert.c:81
#3  in String::copy at ./sql/sql_string.cc:274
#4  in Item_char_typecast::val_str at ./sql/item_timefunc.cc:2529
#5  in Item_func_min_max::val_str at ./sql/item_func.cc:2650
#6  in Item::send at ./sql/item.cc:5830
#7  in Protocol::send_result_set_row at ./sql/protocol.cc:848
#8  in select_send::send_data at ./sql/sql_class.cc:1789
#9  in JOIN::exec at ./sql/sql_select.cc:1857
#10 in mysql_select at ./sql/sql_select.cc:2568
#11 in handle_select at ./sql/sql_select.cc:296
#12 in execute_sqlcom_select at ./sql/sql_parse.cc:4469
#13 in mysql_execute_command at ./sql/sql_parse.cc:2065
#14 in mysql_parse  at ./sql/sql_parse.cc:5512
#15 in dispatch_command at .sql/sql_parse.cc:1029
#16 in do_command at ./sql/sql_parse.cc:769
#17 in do_handle_one_connection at ./sql/sql_connect.cc:745
#18 in handle_one_connection at ./sql/sql_connect.cc:684
#19 in start_thread at pthread_create.c:301
#20 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115

How to repeat:
set names utf8;
select least('%',get_format(datetime,'eur'),(cast(get_format(datetime,'eur') as char(65535))));
[5 Nov 2010 6:45] MySQL Verification Team
5.0.91-debug did not crash.
[5 Nov 2010 10:04] Valeriy Kravchuk
Verified on Ubuntu:

openxs@ubuntu:/home2/openxs/dbs/5.1$ bin/mysql --no-defaults -uroot test
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.53-debug Source distribution

Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> set names utf8;
Query OK, 0 rows affected (0.00 sec)

mysql> select least('%',get_format(datetime,'eur'),(cast(get_format(datetime,'eur') as
    -> char(65535))));
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql> 101105 12:02:07 mysqld_safe Number of processes running now: 0
101105 12:02:07 mysqld_safe mysqld restarted

mysql> exit
openxs@ubuntu:/home2/openxs/dbs/5.1$ tail -80 var/ubuntu.err
101105 12:01:56 mysqld_safe Starting mysqld daemon with databases from /home2/openxs/dbs/5.1/var
101105 12:01:58 [Note] Plugin 'FEDERATED' is disabled.
101105 12:01:59  InnoDB: Started; log sequence number 0 84687012
101105 12:01:59 [Note] Event Scheduler: Loaded 0 events
101105 12:01:59 [Note] /home2/openxs/dbs/5.1/libexec/mysqld: ready for connections.
Version: '5.1.53-debug'  socket: '/tmp/mysql.sock'  port: 3306  Source distribution
mysqld: sql_string.cc:342: bool String::copy(const char*, uint32, CHARSET_INFO*, CHARSET_INFO*, uint*): Assertion `!str || str != Ptr' failed.
101105 12:02:07 - mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 337740 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0xa812c38
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0xb44ca38c thread_stack 0x30000
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0xa83f6f0 = select least('%',get_format(datetime,'eur'),(cast(get_format(datetime,'eur') as
[11 Nov 2010 13:36] Alexander Barkov

Attachment: b58005.diff (text/x-patch), 2.92 KiB.

[12 Nov 2010 9:21] MySQL Verification Team
another testcase for 5.1.54-debug:

do format((-1.7976931348623157E+307),(0xa8))
[12 Nov 2010 9:38] Alexander Barkov
Improved version, with Alik's review suggestions addressed

Attachment: b58005.diff (text/x-patch), 3.20 KiB.

[12 Nov 2010 9:44] Alexander Nozdrin
The patch is Ok to push.

Could you please add to the test latest case from Shane? Thanks.
[13 Nov 2010 2:07] Paul DuBois
Noted in 5.1.54, 5.5.8 changelogs.

Under some circumstances, CAST(GET_FORMAT(datetime, ...) AS CHAR)
could cause a server crash.
[14 Nov 2010 14:09] MySQL Verification Team
hi bar, this is not fixed in mysql-trunk, aka 5.6.99-m5.
any plans to push it there too ?
[15 Dec 2010 5:52] Bugs System
Pushed into mysql-5.1 5.1.55 (revid:sunanda.menon@oracle.com-20101215054055-vgwki317xg1wphhh) (version source revid:sunanda.menon@oracle.com-20101215054055-vgwki317xg1wphhh) (merge vers: 5.1.55) (pib:23)
[16 Dec 2010 21:47] Bugs System
Pushed into mysql-trunk 5.6.1 (revid:alexander.nozdrin@oracle.com-20101216181820-7afubgk2fmuv9qsb) (version source revid:alexander.nozdrin@oracle.com-20101216173826-ze3y5h450sksotrh) (merge vers: 5.6.1) (pib:23)
[16 Dec 2010 22:28] Bugs System
Pushed into mysql-5.5 5.5.9 (revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (version source revid:jonathan.perkin@oracle.com-20101216101358-fyzr1epq95a3yett) (merge vers: 5.5.9) (pib:24)
[13 Jan 2011 14:36] Alexander Barkov
Bug#58376 has been marked as a duplicate for this one.