Bug #5893 Triggers with dropped functions cause crashes
Submitted: 5 Oct 2004 1:10 Modified: 29 Jun 2005 20:20
Reporter: Peter Gulutzan Email Updates:
Status: Closed Impact on me:
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0.2-alpha-debug OS:Linux (SuSE 8.2)
Assigned to: Dmitry Lenev CPU Architecture:Any

[5 Oct 2004 1:10] Peter Gulutzan
Server crashes if there is a trigger with a dropped function. 

How to repeat:
mysql> create table x13 (col1 int, col2 int); 
    -> // 
Query OK, 0 rows affected (0.45 sec) 
mysql> create function f13 () returns int return 5;// 
Query OK, 0 rows affected (0.30 sec) 
mysql> create trigger t13 before update on x13 for each row set new.col1 = f13();// 
Query OK, 0 rows affected (0.26 sec) 
mysql> insert into x13 values (1,2);// 
Query OK, 1 row affected (0.00 sec) 
mysql> drop function f13;// 
Query OK, 0 rows affected (0.00 sec) 
mysql> update x13 set col2 = 4;// 
ERROR 2013 (HY000): Lost connection to MySQL server during query
[5 Oct 2004 7:35] Victoria Reznichenko
Verified with 5.0.2-alpha-debug-log.

Back trace:
(gdb) bt
#0  0x40254a21 in kill () from /lib/libc.so.6
#1  0x40177051 in pthread_kill () from /lib/libpthread.so.0
#2  0x4017742b in raise () from /lib/libpthread.so.0
#3  0x402547b4 in raise () from /lib/libc.so.6
#4  0x40255c7d in abort () from /lib/libc.so.6
#5  0x4024ddef in __assert_fail () from /lib/libc.so.6
#6  0x0819467a in open_ltable (thd=0x879c9a8, table_list=0xbe5febac, lock_type=TL_READ)
    at sql_base.cc:1770
#7  0x082614a9 in db_find_routine_aux (thd=0x879c9a8, type=1, name=0x87b9738, ltype=TL_READ,
    tablep=0xbe5fedc8, opened=0xbe5fedcf) at sp.cc:114
#8  0x08261648 in db_find_routine (thd=0x879c9a8, type=1, name=0x87b9738, sphp=0xbe5fef18)
    at sp.cc:158
#9  0x082633da in sp_find_function (thd=0x879c9a8, name=0x87b9738) at sp.cc:805
#10 0x081130f8 in Item_func_sp::fix_length_and_dec (this=0x87b9780) at item_func.cc:3433
#11 0x0810b8fa in Item_func::fix_fields (this=0x87b9780, thd=0x879c9a8, tables=0x0,
    ref=0x87b989c) at item_func.cc:242
#12 0x0825dc56 in sp_instr_set_trigger_field::execute (this=0x87b9808, thd=0x879c9a8,
    nextp=0xbe5ff050) at sp_head.cc:1299
#13 0x0825b670 in sp_head::execute (this=0x87b9568, thd=0x879c9a8) at sp_head.cc:480
#14 0x0825b9ff in sp_head::execute_function (this=0x87b9568, thd=0x879c9a8, argp=0x0,
    argcount=0, resp=0x0) at sp_head.cc:587
#15 0x081bffd0 in mysql_update (thd=0x879c9a8, table_list=0x87a98b0, fields=@0x879cbfc,
    values=@0x879cdf0, conds=0x0, order_num=0, order=0x0, limit=4294967295,
    handle_duplicates=DUP_ERROR) at sql_trigger.h:52
#16 0x081736b4 in mysql_execute_command (thd=0x879c9a8) at sql_parse.cc:2756
#17 0x08177759 in mysql_parse (thd=0x879c9a8, inBuf=0x87a9850 "update x13 set col2 = 4",
    length=23) at sql_parse.cc:4551
#18 0x08170842 in dispatch_command (command=COM_QUERY, thd=0x879c9a8,
    packet=0x8794489 "update x13 set col2 = 4", packet_length=24) at sql_parse.cc:1517
#19 0x08170127 in do_command (thd=0x879c9a8) at sql_parse.cc:1297
#20 0x0816f68c in handle_one_connection (arg=0x879c9a8) at sql_parse.cc:1033
#21 0x4017414b in pthread_start_thread () from /lib/libpthread.so.0
#22 0x401741df in pthread_start_thread_event () from /lib/libpthread.so.0
#23 0x402df50a in clone () from /lib/libc.so.6
[29 Jun 2005 6:54] Dmitry Lenev
Hi, Peter!

I can't repeat this crash with current 5.0 snapshot.

After some investigation I think that crash was fixed in version 5.0.3. And starting from version 5.0.7 such trigger will fail with proper error and thus whole statement invoking trigger will fail with this error, so server behavior will be totally correct in this case.

I am marking this bug as fixed in 5.0.7.
[29 Jun 2005 20:20] Mike Hillyer
Documented in 5.0.7 changelog.