Bug #7111 server crashes when regexp is used
Submitted: 8 Dec 2004 17:39 Modified: 9 Dec 2004 12:00
Reporter: Lenar Lõhmus Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: MyISAM storage engine Severity:S1 (Critical)
Version:4.1.7 OS:Linux (Debian/Linux)
Assigned to: Alexander Barkov CPU Architecture:Any

[8 Dec 2004 17:39] Lenar Lõhmus
Description:
Server crashes when table has collation utf8_estonian_ci (utf8_bin works) and
SELECT with regexp is issued using varchar column from that table

regexp pattern involving latin characters seems to be the culprit, '[0]' as pattern for example works like a charm.

How to repeat:
mysql> set names utf8;
Query OK, 0 rows affected (0.00 sec)

mysql> create table test (field varchar(1)) character set 'utf8' collate 'utf8_estonian_ci';
Query OK, 0 rows affected (0.00 sec)

mysql> select field regexp '[a]' from test;
ERROR 2013 (HY000): Lost connection to MySQL server during query
[8 Dec 2004 17:45] MySQL Verification Team
Verified with 4.1.8-debug-log

Back trace:
(gdb) bt
#0  0x083fc56c in othercase (charset=0x864e000, ch=97) at regcomp.c:867
#1  0x083fbfc5 in p_bracket (p=0xbe5fed48) at regcomp.c:642
#2  0x083fb5df in p_ere_exp (p=0xbe5fed48) at regcomp.c:326
#3  0x083fb38e in p_ere (p=0xbe5fed48, stop=128) at regcomp.c:225
#4  0x083fb297 in regcomp (preg=0x8cc4a38, pattern=0x8cc4980 "[a]", cflags=7, charset=0x864e000)
    at regcomp.c:177
#5  0x0811b9be in Item_func_regex::fix_fields (this=0x8cc49d0, thd=0x8cbd528, tables=0x8cc4ac8,
    ref=0x8cc4a80) at item_cmpfunc.cc:2372
#6  0x0818b507 in setup_fields (thd=0x8cbd528, ref_pointer_array=0x8cc5540, tables=0x8cc4ac8,
    fields=@0x8cbd6c0, set_query_id=true, sum_func_list=0x8cc5488, allow_sum_func=true)
    at sql_base.cc:2386
#7  0x08190584 in JOIN::prepare (this=0x8cc4b40, rref_pointer_array=0x8cbd75c,
    tables_init=0x8cc4ac8, wild_num=0, conds_init=0x0, og_num=0, order_init=0x0, group_init=0x0,
    having_init=0x0, proc_param_init=0x0, select_lex_arg=0x8cbd658, unit_arg=0x8cbd570)
    at sql_select.cc:278
#8  0x08193c53 in mysql_select (thd=0x8cbd528, rref_pointer_array=0x8cbd75c, tables=0x8cc4ac8,
    wild_num=0, fields=@0x8cbd6c0, conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0,
    proc_param=0x0, select_options=8669696, result=0x8cc4b30, unit=0x8cbd570,
    select_lex=0x8cbd658) at sql_select.cc:1564
#9  0x0819039c in handle_select (thd=0x8cbd528, lex=0x8cbd564, result=0x8cc4b30)
    at sql_select.cc:193
#10 0x0816df9f in mysql_execute_command (thd=0x8cbd528) at sql_parse.cc:2009
#11 0x08172b11 in mysql_parse (thd=0x8cbd528,
    inBuf=0x8cc48c0 "select field regexp '[a]' from test", length=35) at sql_parse.cc:4074
#12 0x0816cc72 in dispatch_command (command=COM_QUERY, thd=0x8cbd528,
    packet=0x8cc1731 "select field regexp '[a]' from test", packet_length=36) at sql_parse.cc:1494
#13 0x0816c592 in do_command (thd=0x8cbd528) at sql_parse.cc:1280
#14 0x0816bb6b in handle_one_connection (arg=0x8cbd528) at sql_parse.cc:1024
#15 0xb7e4614b in pthread_start_thread () from /lib/libpthread.so.0
#16 0xb7e461df in pthread_start_thread_event () from /lib/libpthread.so.0
#17 0xb7d7950a in clone () from /lib/libc.so.6
[9 Dec 2004 12:00] Alexander Barkov
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.

If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information 
about accessing the source trees is available at
    http://www.mysql.com/doc/en/Installing_source_tree.html

Additional info:

Fixed in 4.1.8