Bug #59632 | Assertion failed: arg_length > length | ||
---|---|---|---|
Submitted: | 20 Jan 2011 13:16 | Modified: | 2 Mar 2011 15:33 |
Reporter: | Shane Bester (Platinum Quality Contributor) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Optimizer | Severity: | S1 (Critical) |
Version: | 5.5.8, 5.5.10, 5.6.1 | OS: | Any |
Assigned to: | Tor Didriksen | CPU Architecture: | Any |
Tags: | regression |
[20 Jan 2011 13:16]
Shane Bester
[20 Jan 2011 14:32]
Valeriy Kravchuk
Verified with current mysql-5.5 tree on 32-bit Ubuntu: openxs@ubuntu:/home2/openxs/dbs/5.5$ bin/mysql --no-defaults -uroot test Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 6206 Server version: 5.5.10-debug Source distribution Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> drop table if exists t1; Query OK, 0 rows affected (0.02 sec) mysql> create table t1(a int)engine=innodb; Query OK, 0 rows affected (0.13 sec) mysql> insert into t1 values (1); Query OK, 1 row affected (0.01 sec) mysql> select distinct convert((select des_decrypt(2,1) as a from t1 where @a:=1 having -> a),signed) as d -> from t1 group by 1; ERROR 2013 (HY000): Lost connection to MySQL server during query mysql> exit Bye openxs@ubuntu:/home2/openxs/dbs/5.5$ tail -100 data/ubuntu.err ... mysqld: /home2/openxs/bzr2/mysql-5.5/sql/sql_string.cc:37: bool String::real_alloc(uint32): Assertion `arg_length > length' failed. 110120 16:29:24 - mysqld got signal 6 ; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. key_buffer_size=8388608 read_buffer_size=131072 max_used_connections=4 max_threads=151 thread_count=1 connection_count=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 337966 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. Thread pointer: 0xac26b70 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0xa90ce348 thread_stack 0x30000 /home2/openxs/dbs/5.5/bin/mysqld(my_print_stacktrace+0x33)[0x84f4f48] /home2/openxs/dbs/5.5/bin/mysqld(handle_segfault+0x34c)[0x8172e47] [0xeb8400] /lib/tls/i686/cmov/libc.so.6(abort+0x182)[0x13da82] /lib/tls/i686/cmov/libc.so.6(__assert_fail+0xf8)[0x133718] /home2/openxs/dbs/5.5/bin/mysqld(_ZN6String10real_allocEj+0x51)[0x8289939] /home2/openxs/dbs/5.5/bin/mysqld(_ZN6String5allocEj+0x37)[0x8187419] /home2/openxs/dbs/5.5/bin/mysqld(_ZN14Field_longlong7val_strEP6StringS1_+0x58)[0x83571f2] /home2/openxs/dbs/5.5/bin/mysqld(_ZN5Field7val_strEP6String+0x26)[0x818785c] /home2/openxs/dbs/5.5/bin/mysqld(_ZN13Protocol_text5storeEP5Field+0x124)[0x8186142] /home2/openxs/dbs/5.5/bin/mysqld(_ZN10Item_field4sendEP8ProtocolP6String+0x22)[0x8392226] /home2/openxs/dbs/5.5/bin/mysqld(_ZN8Protocol19send_result_set_rowEP4ListI4ItemE+0xed)[0x818526d] /home2/openxs/dbs/5.5/bin/mysqld(_ZN11select_send9send_dataER4ListI4ItemE+0xd4)[0x81e367e] /home2/openxs/dbs/5.5/bin/mysqld[0x825e264] /home2/openxs/dbs/5.5/bin/mysqld[0x825c439] /home2/openxs/dbs/5.5/bin/mysqld(_Z10sub_selectP4JOINP13st_join_tableb+0xcd)[0x825c0fd] /home2/openxs/dbs/5.5/bin/mysqld[0x825bcc4] /home2/openxs/dbs/5.5/bin/mysqld(_ZN4JOIN4execEv+0x21af)[0x824624d] /home2/openxs/dbs/5.5/bin/mysqld(_Z12mysql_selectP3THDPPP4ItemP10TABLE_LISTjR4ListIS1_ES2_jP8st_orderSB_S2_SB_yP13select_resultP18st_select_lex_unitP13st_select_lex+0x384)[0x82469bf] /home2/openxs/dbs/5.5/bin/mysqld(_Z13handle_selectP3THDP3LEXP13select_resultm+0x204)[0x823f58b] /home2/openxs/dbs/5.5/bin/mysqld[0x821bac1] /home2/openxs/dbs/5.5/bin/mysqld(_Z21mysql_execute_commandP3THD+0x945)[0x8213d38] /home2/openxs/dbs/5.5/bin/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x1ff)[0x821db35] /home2/openxs/dbs/5.5/bin/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0xa56)[0x82116ee] /home2/openxs/dbs/5.5/bin/mysqld(_Z10do_commandP3THD+0x292)[0x8210a7f] /home2/openxs/dbs/5.5/bin/mysqld(_Z24do_handle_one_connectionP3THD+0x3f7)[0x82ed932] /home2/openxs/dbs/5.5/bin/mysqld(handle_one_connection+0x35)[0x82ed530] /lib/tls/i686/cmov/libpthread.so.0(+0x596e)[0x8c696e] /lib/tls/i686/cmov/libc.so.6(clone+0x5e)[0x1dda4e] ...
[27 Jan 2011 12:37]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/129757 3280 Tor Didriksen 2011-01-27 Bug #59632 Assertion failed: arg_length > length The problem was overflow in max_length when we tried to des_decrypt() something which is not the output of des_encrypt() @ mysql-test/t/bug59632.test New test case. @ sql/item_strfunc.h In unsigned arithmetic, (1-9) becomes a very large number.
[3 Feb 2011 8:10]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/130301 3300 Tor Didriksen 2011-02-03 Bug #59632 Assertion failed: arg_length > length The problem was overflow in max_length when we tried to des_decrypt() something which is not the output of des_encrypt() @ mysql-test/r/bug59632.result New test case. @ mysql-test/t/bug59632.test New test case. @ sql/item_strfunc.h Do not subtract the encrypt overhead (9U) if args[0] has length < 9 (In unsigned arithmetic, (1-9) becomes a very large number)
[3 Feb 2011 9:37]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/130306 3596 Tor Didriksen 2011-02-03 [merge] Merge Bug #59632 from 5.5, add unit test
[3 Feb 2011 14:46]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/130324 3300 Tor Didriksen 2011-02-03 Bug #59632 Assertion failed: arg_length > length The problem was overflow in max_length when we tried to des_decrypt() something which is not the output of des_encrypt() @ mysql-test/r/ssl_and_innodb.result New test case. @ mysql-test/t/ssl_and_innodb.test New test case. @ sql/item_strfunc.h Do not subtract the encrypt overhead (9U) if args[0] has length < 9 (In unsigned arithmetic, (1-9) becomes a very large number)
[3 Feb 2011 14:49]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/130326 3596 Tor Didriksen 2011-02-03 [merge] Merge Bug #59632 from 5.5, add unit test
[7 Feb 2011 10:18]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/130536 3307 Tor Didriksen 2011-02-07 Bug #59632 Assertion failed: arg_length > length The problem was overflow in max_length when we tried to des_decrypt() something which is not the output of des_encrypt() @ mysql-test/r/ssl_and_innodb.result New test case. @ mysql-test/t/ssl_and_innodb.test New test case. @ sql/item_strfunc.h Do not subtract the encrypt overhead (9U) if args[0] has length < 9 (In unsigned arithmetic, (1-9) becomes a very large number)
[7 Feb 2011 10:19]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/130538 3602 Tor Didriksen 2011-02-07 [merge] Merge Bug #59632 from 5.5, add unit test
[7 Feb 2011 10:19]
Bugs System
Pushed into mysql-trunk 5.6.2 (revid:tor.didriksen@oracle.com-20110207101821-2q7lj2rnb1w9fmc0) (version source revid:tor.didriksen@oracle.com-20110207101821-2q7lj2rnb1w9fmc0) (merge vers: 5.6.2) (pib:24)
[7 Feb 2011 10:19]
Bugs System
Pushed into mysql-5.5 5.5.10 (revid:tor.didriksen@oracle.com-20110207101746-gdtl07a1puu743yf) (version source revid:tor.didriksen@oracle.com-20110207101746-gdtl07a1puu743yf) (merge vers: 5.5.10) (pib:24)
[7 Feb 2011 13:04]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/130568 3604 Tor Didriksen 2011-02-07 Bug #59632, post-push fix for unit test. thd->thread_stack must point to the stack, not free-store. Also: add an extra 'mysys' to the link command for SERVER_TESTS. (it failed to link on debian)
[7 Feb 2011 13:04]
Bugs System
Pushed into mysql-trunk 5.6.2 (revid:tor.didriksen@oracle.com-20110207130347-lmjksir7xpbf3sth) (version source revid:tor.didriksen@oracle.com-20110207130347-lmjksir7xpbf3sth) (merge vers: 5.6.2) (pib:24)
[7 Feb 2011 23:55]
Bugs System
Pushed into mysql-trunk 5.6.2 (revid:bjorn.munch@oracle.com-20110207235423-p72c50ae0vgdjbdl) (version source revid:bjorn.munch@oracle.com-20110207235423-p72c50ae0vgdjbdl) (merge vers: 5.6.2) (pib:24)
[2 Mar 2011 15:33]
Paul DuBois
Noted in 5.5.10, 5.6.2 changelogs. DES_DECRYPT() could crash if the argument was not produced by DES_ENCRYPT(). CHANGESET - http://lists.mysql.com/commits/130568