MySQL Bugs: #738: status query on killed mysql connection results in segmentation fault

Bug #738	status query on killed mysql connection results in segmentation fault
Submitted:	27 Jun 2003 5:39	Modified:	3 Jul 2003 16:58
Reporter:	[ name withheld ]	Email Updates:
Status:	Closed	Impact on me:	None
Category:	MySQL Server: Command-line Clients	Severity:	S2 (Serious)
Version:	4.0.13	OS:	Linux (linux 2.4.21 gcc 3.2)
Assigned to:	Michael Widenius	CPU Architecture:	Any

Description:
 % mysql
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 612 to server version: 4.0.13-log

 Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

 mysql> status
 --------------
 mysql  Ver 12.20 Distrib 4.0.13, for pc-linux-gnu (i686)

 Connection id:          612
 zsh: 9697 segmentation fault  mysql

How to repeat:
1. start mysql client
2. mysqladmin kill <connect id>, with <connect id> being the connection
   id of the mysql command line client (612 in the description, above)
3. enter '\s' or 'status' in the command line client

Thanks you for the bug report, I was able to repeat.

Below back trace:

Starting program: /usr/local/mysql/bin/mysql -uroot
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5 to server version: 4.0.14-debug-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> \s
--------------
/usr/local/mysql/bin/mysql  Ver 12.21 Distrib 4.0.14, for pc-linux (i686)

Connection id:          5

Program received signal SIGPIPE, Broken pipe.
0x402c0e08 in write () from /lib/i686/libc.so.6
Current language:  auto; currently c
(gdb) backtrace full
#0  0x402c0e08 in write () from /lib/i686/libc.so.6
No symbol table info available.
#1  0x0000001d in ?? ()
No symbol table info available.
#2  0x080848df in net_real_write (net=0x80a5f00, packet=0x80a9078 "\031", len=29)
    at net.c:437
        length = 5
        pos = 0x80a9078 "\031"
        end = 0x80a7c78 "\005"
        alarmed = 0 '\0'
        retry_count = 0
        net_blocking = 1 '\001'
        _db_func_ = 0x808dc78 "net_flush"
        _db_file_ = 0x808dc3c "net.c"
        _db_level_ = 4
        _db_framep_ = (char **) 0xbffff2dc
#3  0x080842ea in net_flush (net=0x80a5f00) at net.c:199
        error = 0
        _db_func_ = 0x808a10a "mysql_real_query"
        _db_file_ = 0x8089d2a "libmysql.c"
        _db_level_ = 3
        _db_framep_ = (char **) 0xbffff3fc
#4  0x08084608 in net_write_command (net=0x80a5f00, command=3 '\003',
    packet=0x8086a6b "select DATABASE(),USER()", len=24) at net.c:291
        length = 0
        buff = "\031\0\0\0\003"
        header_size = 5
        _db_func_ = 0x808a10a "mysql_real_query"
---Type <return> to continue, or q <return> to quit---
        _db_file_ = 0x8089d2a "libmysql.c"
        _db_level_ = 3
        _db_framep_ = (char **) 0xbffff3fc
#5  0x0806dfe6 in simple_command (mysql=0x80a5f00, command=COM_QUERY,
    arg=0x8086a6b "select DATABASE(),USER()", length=24, skipp_check=1 '\001')
    at libmysql.c:492
        net = (NET *) 0x80a5f00
        result = -1
        old_signal_handler = 0
#6  0x0807202b in mysql_send_query (mysql=0x80a5f00,
    query=0x8086a6b "select DATABASE(),USER()", length=24) at libmysql.c:2286
        _db_func_ = 0x808a10a "mysql_real_query"
        _db_file_ = 0x8089d2a "libmysql.c"
        _db_level_ = 3
        _db_framep_ = (char **) 0xbffff3fc
#7  0x08072362 in mysql_real_query (mysql=0x80a5f00,
    query=0x8086a6b "select DATABASE(),USER()", length=4294967264)
    at libmysql.c:2351
        _db_func_ = 0x8086482 "main"
        _db_file_ = 0x8086479 "mysql.cc"
        _db_level_ = 2
        _db_framep_ = (char **) 0xbffff58c
#8  0x08071c80 in mysql_query (mysql=0xffffffe0,
    query=0x1d <Address 0x1d out of bounds>) at libmysql.c:2195
No locals.
#9  0x08059489 in com_status (buffer=0x80a6130, line=0x80b57d0 "\\s")
    at mysql.cc:2323
        result = (MYSQL_RES *) 0x80b57d0
---Type <return> to continue, or q <return> to quit---
        status = 0x80b57d0 "\\s"
#10 0x080564cd in add_line (buffer=@0x80a6130, line=0x80b57d0 "\\s",
    in_string=0xbffff54f "") at mysql.cc:962
        tmp = {Ptr = 0x80b57d0 "\\s", str_length = 0, Alloced_length = 0,
  alloced = false}
        l = 29
        inchar = 115 's'
        buff = "\224/\001@ ]\n\b}\002\0\0\vó\004\bÈz\037@ÐW\v\b\0\0\0\0|þÿ¿8õÿ¿`b\t\bg\0\0\0ÐW\v\b\023\0\0\0|\001\0\08õÿ¿\"c\005\bÐW\v\b×j\b\b\002\0\0\0}Ð\005\b"
        pos = 0x8086a84 "Current database:\t%s\n"
        out = 0x80b57d0 "\\s"
        com = (COMMANDS *) 0x808f440
        in_comment = 0 '\0'
        strend = 0x80b57d2 ""
#11 0x08056187 in read_lines (execute_commands=true) at mysql.cc:857
        line = 0x80b57d0 "\\s"
        in_string = 0 '\0'
        line_number = 0
        com = (COMMANDS *) 0xffffffe0
#12 0x08055647 in main (argc=5, argv=0x80a7dd8) at mysql.cc:391
        buff = "Type 'help;' or '\\h' for help. Type '\\c' to clear the buffer.\n\0\bð«\0@4öÿ¿èõÿ¿\\a\b\b"
        _db_func_ = 0x808d0a5 "?func"
        _db_file_ = 0x808d0ab "?file"
        _db_level_ = 1
        _db_framep_ = (char **) 0x0
#13 0x402057f7 in __libc_start_main () from /lib/i686/libc.so.6

I could not repeat it with 4.0.14 server and client.

Jani & Miguel, can you re-check it with latest pulls ???

Here is what I get :

mysql> show tables;
Empty set (0.00 sec)

mysql>
mysql>
mysql> show tables;
ERROR 2006: MySQL server has gone away
No connection. Trying to reconnect...
Connection id:    5
Current database: bug

Empty set (0.02 sec)

mysql> quit
Bye

Thank you for your bug report. This issue has been fixed in the latest
development tree for that product. You can find more information about
accessing our development trees at 
    http://www.mysql.com/doc/en/Installing_source_tree.html

This was a bug in the mysql command client code
The fix will be in 4.0.14