| Bug #7242 | The "insert_update" causes a server crash when using prepared statements | ||
|---|---|---|---|
| Submitted: | 13 Dec 2004 18:14 | Modified: | 11 Jan 2005 13:53 |
| Reporter: | Lenz Grimmer | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S3 (Non-critical) |
| Version: | 4.1.8-pre | OS: | Linux (Linux/x86) |
| Assigned to: | Konstantin Osipov | CPU Architecture: | Any |
[13 Dec 2004 20:00]
Sergey Petrunya
Happens with SQL Syntax prepared statements too: CREATE TABLE t1 (a INT, b INT, c INT, UNIQUE (A), UNIQUE(B)); INSERT t1 VALUES (1,2,10), (3,4,20); prepare X from 'INSERT t1 SELECT 5,6,30 FROM DUAL ON DUPLICATE KEY UPDATE c=c+100'; execute X; execute X;
[13 Dec 2004 20:00]
Sergey Petrunya
The problem is that an Item_func_plus object is used after ::cleanup call has been made on it
[14 Dec 2004 8:24]
Sergey Petrunya
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.
If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information
about accessing the source trees is available at
http://www.mysql.com/doc/en/Installing_source_tree.html
[11 Jan 2005 13:53]
Konstantin Osipov
This bug was re-fixed differently in 4.1.9
Description: When running the "insert_update" test against a current debug binary using the prepared statement protocol, the server segfaults: TEST RESULT ------------------------------------------------------- insert_update [ fail ] Errors are (from /home/lenz/my/mysql-4.1-build/mysql-test/var/log/mysqltest-time) : /home/lenz/my/mysql-4.1-build/client/.libs/mysqltest: At line 24: unable to execute statement 'INSERT t1 VALUES (2,1,11), (7,4,40) ON DUPLICATE KEY UPDATE c=c+VALUES(a)': Lost connection to MySQL server during query (mysql_stmt_errno=2013 returned=1) (the last lines may be the most important ones) In gdb, the following can be observed: Program received signal SIGSEGV, Segmentation fault. 0x08109e59 in Item_field::val_int (this=0x8bbbd08) at field.h:163 163 { return null_ptr ? (null_ptr[row_offset] & null_bit ? 1 : 0) : table->null_row; } (gdb) bt #0 0x08109e59 in Item_field::val_int (this=0x8bbbd08) at field.h:163 #1 0x08120e64 in Item_func_plus::val_int (this=0x8bbbd78) at item_func.cc:606 #2 0x0810f2a6 in Item::save_in_field (this=0x8bbbd78, field=0x8bb1048, no_conversions=false) at item.cc:1796 #3 0x081c4bda in fill_record (fields=@0x8bafeac, values=@0x8bafea0, ignore_errors=false) at sql_base.cc:2751 #4 0x081eac41 in write_record (table=0x8ba5f40, info=0x42e0fb80) at sql_insert.cc:558 #5 0x081ec67e in mysql_insert (thd=0x8bae840, table_list=0x8bbb910, fields=@0x8bafe94, values_list=@0x8bafeb8, update_fields=@0x8bafeac, update_values=@0x8bafea0, duplic=DUP_UPDATE) at sql_insert.cc:297 #6 0x081ac7e0 in mysql_execute_command (thd=0x8bae840) at sql_parse.cc:2719 #7 0x081eec7a in execute_stmt (thd=0x8bae840, stmt=0x8bafb90, expanded_query=0x42e10500, set_context=true) at sql_prepare.cc:1891 #8 0x081ef318 in mysql_stmt_execute (thd=0x8bae840, packet=0x8bb1832 "", packet_length=10240) at sql_prepare.cc:1795 #9 0x081b3cd4 in dispatch_command (command=COM_EXECUTE, thd=0x8bae840, packet=0x8bb1829 "\022", packet_length=10) at sql_parse.cc:1448 #10 0x081b5981 in handle_one_connection (arg=0x8bae840) at sql_parse.cc:1281 #11 0x401757f3 in start_thread () from /lib/tls/libpthread.so.0 #12 0x402a562a in clone () from /lib/tls/libc.so.6 How to repeat: Create a debug binary on Linux/x86 and run the following test: mysql-test-run --ps-protocol --gdb insert_update