Bug #666 elt with null crashes deamon
Submitted: 18 Jun 2003 2:12 Modified: 24 Jun 2003 5:00
Reporter: Tomasz Dubinski Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:4.0.13/12 OS:Linux (linux, intel)
Assigned to: Alexey Botchkov CPU Architecture:Any

[18 Jun 2003 2:12] Tomasz Dubinski
Description:
Executin query with elt on with fields which contains NULLs leads to "Lost connection to MySQL server during query". In server log is stack trace:

0x80dda19 handle_segfault + 449
0x4012a75a _end + 936777810
0x80a5194 save_in_field__4ItemP5Fieldb + 176
0x80a78e0 save_in_result_field__17Item_result_fieldb + 32
0x81110e5 copy_funcs__FPP4Item + 37
0x810b917 end_write__FP4JOINP13st_join_tableb + 99
0x810ae77 flush_cached_records__FP4JOINP13st_join_tableb + 427
0x810a9d0 sub_select_cache__FP4JOINP13st_join_tableb + 36
0x810aac4 sub_select__FP4JOINP13st_join_tableb + 52
0x810a8bf do_select__FP4JOINPt4List1Z4ItemP8st_tableP9Procedure + 443
0x8103069 mysql_select__FP3THDP13st_table_listRt4List1Z4ItemP4ItemP8st_orderT4T3T4UlP13select_result + 4697
0x810fee3 handle_select__FP3THDP6st_lexP13select_result + 95
0x80e9448 mysql_execute_command__Fv + 940
0x80eccd5 mysql_parse__FP3THDPcUi + 565
0x80e85ab dispatch_command__F19enum_server_commandP3THDPcUi + 1527
0x80ee19d do_command__FP3THD + 153
0x80e77fe handle_one_connection + 630
0x40124d53 _end + 936754763
0x402ea477 _end + 938612079

I tested it on 4.0.13 and 4.0.12 both compiled from sources and downloaded from website, in every case it happens. OS: linux on few different intel machines, SMP and not SMP.

How to repeat:
This is not exactly query as i'm using in my app, but reproduces crash at every run and cointain as less data as needed.

create database tt_elt;
use tt_elt;

CREATE TABLE `users` (
  `uid` int(10) unsigned NOT NULL auto_increment,
  PRIMARY KEY  (`uid`),
);

CREATE TABLE `wnioski` (
  `wid` int(10) unsigned NOT NULL auto_increment,
  `user` int(10) unsigned NOT NULL default '0',
  `data_sporz` date NOT NULL default '0000-00-00',
  `data_podp` date default NULL,
  `data_zaak` date default NULL,
  `data_arch` date default NULL,
  `status_wnio` enum('nowy','podp','real','arch') NOT NULL default 'nowy',
  PRIMARY KEY  (`wid`),
);

CREATE TABLE `poz_wn` (
  `pwid` int(10) unsigned NOT NULL auto_increment,
  `wniosek` int(10) unsigned NOT NULL default '0',
  PRIMARY KEY  (`pwid`),
);

insert into users values (1);

INSERT INTO wnioski VALUES (8,1,'2003-06-16',NULL,NULL,NULL,'real');
INSERT INTO wnioski VALUES (9,1,'2003-06-16',NULL,NULL,NULL,'nowy');

INSERT INTO poz_wn VALUES (5,8);
INSERT INTO poz_wn VALUES (6,8);
INSERT INTO poz_wn VALUES (7,9);

SELECT elt(status_wnio,data_sporz,data_podp,data_zaak,data_arch) as data_stat
  FROM wnioski, users, poz_wn 
  WHERE wniosek = wid and user = uid
  GROUP BY wid;

If first insert into table 'wnioski' is changed to :
INSERT INTO wnioski VALUES (8,1,'2003-06-16',NULL,'2003-06-16',NULL,'real');
query is executed normally and give right result.
[18 Jun 2003 6:28] Alexander Keremidarski
Below is backtrace for this bug. 

(gdb) bt
#0  Item::save_in_field(Field*, bool) (this=0x8a5beb8, field=0x8a5d098, no_conversions=true) at sql_string.h:59
#1  0x080cc62a in Item_result_field::save_in_result_field(bool) (this=0x8a4aab9) at item.h:375
#2  0x0814ec03 in copy_funcs(Item**) (func_ptr=0x8a5ad50) at sql_select.cc:7240
#3  0x0814af6a in end_write (join=0x41ee8f18, join_tab=0x8a5cb68, end_of_records=false) at sql_select.cc:5319
#4  0x08149a4d in flush_cached_records (join=0x41ee8f18, join_tab=0x8a5ca40, skipp_last=false) at sql_select.cc:4677
#5  0x08149677 in sub_select_cache (join=0x41ee8f18, join_tab=0x8a5ca40, end_of_records=true) at sql_select.cc:4554
#6  0x081496d9 in sub_select (join=0x41ee8f18, join_tab=0x41ee8f18, end_of_records=185) at sql_select.cc:4566
#7  0x08149496 in do_select (join=0x41ee8f18, fields=0x8a5c918, table=0x8a5a958, procedure=0xfe) at sql_select.cc:4486
#8  0x081404b3 in mysql_select(THD*, st_table_list*, List<Item>&, Item*, st_order*, st_order*, Item*, st_order*, unsigned long, select_result*) (thd=0x8a495e0, tables=0x8a5bf48, fields=@0x8a49794, conds=0x8a5c278, order=0x0, group=0x8a5c328, having=0x0, proc_param=0xfe, select_options=17339392, result=0x8a5c348) at sql_select.cc:779
#9  0x0813e524 in handle_select(THD*, st_lex*, select_result*) (thd=0x8a495e0, lex=0x0, result=0x8a5c348) at sql_select.cc:183
#10 0x081220ae in mysql_execute_command() () at sql_parse.cc:1988
#11 0x0812493c in mysql_parse(THD*, char*, unsigned) (thd=0x8a495e0, inBuf=0x8a49710 "\001", length=153) at sql_parse.cc:2926
#12 0x0811f41c in dispatch_command(enum_server_command, THD*, char*, unsigned) (command=COM_QUERY, thd=0x8a495e0, packet=0x8a53be9 "SELECT elt(status_wnio,data_sporz,data_podp,data_zaak,data_arch) as data_stat FROM wnioski, users, poz_wn WHERE wniosek = wid and user = uid GROUP BY wid", packet_length=153) at sql_parse.cc:1056
#13 0x0811edc3 in do_command(THD*) (thd=0x8a495e0) at sql_parse.cc:931
#14 0x0811e339 in handle_one_connection (arg=0xfe) at sql_parse.cc:714
#15 0x40048332 in start_thread () from /lib/tls/libpthread.so.0
[24 Jun 2003 5:00] Alexey Botchkov
Thank you for your bug report. This issue has been fixed in the latest
development tree for that product. You can find more information about
accessing our development trees at 
    http://www.mysql.com/doc/en/Installing_source_tree.html