Bug #739 | Crash mysqld using CONCAT,RPAD,LENGTH | ||
---|---|---|---|
Submitted: | 27 Jun 2003 7:32 | Modified: | 3 Jul 2003 19:43 |
Reporter: | [ name withheld ] | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server | Severity: | S1 (Critical) |
Version: | mysql-4.0.12 (Source distribution) | OS: | Linux (linux) |
Assigned to: | Alexey Botchkov | CPU Architecture: | Any |
[27 Jun 2003 7:32]
[ name withheld ]
[27 Jun 2003 7:35]
[ name withheld ]
I can be reached at duncan.salada@titan.com if more information is necessary
[30 Jun 2003 16:54]
MySQL Verification Team
Thanks you for the bug report. I was able to repeat. Back trace: /usr/local/mysql/libexec/mysqld: ready for connections. Version: '4.0.14-debug-log' socket: '/tmp/mysql.sock' port: 3306 [New Thread 163851 (LWP 5320)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 163851 (LWP 5320)] 0x40230fd5 in memcpy () from /lib/i686/libc.so.6 Current language: auto; currently c (gdb) backtrace full #0 0x40230fd5 in memcpy () from /lib/i686/libc.so.6 No symbol table info available. #1 0x080de5b9 in Item_func_rpad::val_str(String*) (this=0xffffffe4, str=0x43c8be4c) at item_strfunc.cc:1830 res_length = 144865300 length_pad = 144865072 to = 0xffffffe4 <Address 0xffffffe4 out of bounds> ptr_pad = 0xffffffe4 <Address 0xffffffe4 out of bounds> count = 1 res = (class String *) 0x8a16468 rpad = (class String *) 0x8a167a3 #2 0x080daf75 in Item_func_concat::val_str(String*) (this=0x8a277d0, str=0x43c8be4c) at item_strfunc.cc:238 res = (class String *) 0x8a275b4 res2 = (class String *) 0x8a27aa8 use_as_buff = (class String *) 0x8a27814 i = 1 #3 0x080c18d0 in Item::send(THD*, String*) (this=0x1, thd=0x8a27730, packet=0x8a22908) at item.cc:649 buff = "hd¡\bpg¡\b+\036¢\b£g¡\b\0\0\0\0#\0\0\0\002\0\0\0\0\0\0\0Xg¡\b¿\0\0\0@\0\0\0\020\0\0\0ð\0\0\0\0\0\0\0T¿ÈC\020\0\0\0ÿÿÿÿÿÿÿÿT¿ÈCcw0\bo\005\0\0ܾÈCà¾ÈCä¾ÈC|$¢\bP3<\bxa¡\b£g¡\b\0\0\0\0\001\0\0\0\001\0\0\0pap\0rs\0\0\016\0\0\0\0\0\0\0\020\0\0\0\003\03\001\0þ/\0Senate commi3\0\0\0#\0\0\04\0\0\0±5¢\bà\0\0\0\0\0\0\0ÿÿÿÿÿÿÿÿ\001\0\0\0"... convert = (class CONVERT *) 0x8a27730 s = {Ptr = 0x43c8be5c "hd¡\bpg¡\b+\036¢\b£g¡\b", str_length = 256, Alloced_length = 256, alloced = false} res = (class String *) 0x1 ---Type <return> to continue, or q <return> to quit--- #4 0x080f76f0 in select_send::send_data(List<Item>&) (this=0x8a278f0, items=@0x8a27730) at sql_class.cc:486 li = {<base_list_iterator> = {list = 0x8a2261c, el = 0x8a27830, prev = 0x0, current = 0x0}, <No data fields>} packet = (class String *) 0x8a22908 _db_func_ = 0x8a16500 "xa¡\b\be¡\b\n" _db_file_ = 0x8a21e20 "þ/" _db_level_ = 0 _db_framep_ = (char **) 0x1 item = (class Item *) 0x1 error = 8 #5 0x08137286 in end_send (join=0x43c8c0fc, join_tab=0x8a27bc4, end_of_records=false) at sql_select.cc:5177 error = 144865072 _db_func_ = 0x8a21d88 "(\214<\b" _db_file_ = 0x8a21e20 "þ/" _db_level_ = 144864912 _db_framep_ = (char **) 0x8a276e8 #6 0x08136323 in sub_select (join=0x43c8c0fc, join_tab=0x8a27aa8, end_of_records=true) at sql_select.cc:4601 not_exists_optimize = false not_used_in_distinct = false found_records = 0 info = (READ_RECORD *) 0x8a27acc error = 0 found = true on_expr = (COND *) 0x0 select_cond = (COND *) 0x0 ---Type <return> to continue, or q <return> to quit--- #7 0x08136046 in do_select (join=0x43c8c0fc, fields=0x8a27aa8, table=0x0, procedure=0x8a27730) at sql_select.cc:4490 error = 0 join_tab = (JOIN_TAB *) 0x8a27aa8 end_select = (int (*)(JOIN *, st_join_table *, bool)) 0x81371d2 <end_send> _db_func_ = 0x8a22470 "\0303<\b í=\b¤í=\b\020.¢\b\b5¢\b\bU¢\b²5¢\b\b5¢\b\r" _db_file_ = 0x8a278a0 "" _db_level_ = 0 _db_framep_ = (char **) 0x0 #8 0x0812e1d4 in mysql_select(THD*, st_table_list*, List<Item>&, Item*, st_order*, st_order*, Item*, st_order*, unsigned long, select_result*) (thd=0x8a22470, tables=0x0, fields=@0x8a2261c, conds=0x0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=17339392, result=0x8a278f0) at sql_select.cc:979 tmp_table = (TABLE *) 0x0 error = -1 tmp_error = 0 need_tmp = false hidden_group_fields = false simple_order = true simple_group = true no_order = false skip_sort_order = false select_limit = 4294967295 cond_value = COND_TRUE select = (class SQL_SELECT *) 0x0 keyuse = {buffer = 0x0, elements = 0, max_element = 0, alloc_increment = 0, size_of_element = 0} join = {join_tab = 0x8a27aa8, best_ref = 0x43c8bfac, map2table = 0x8a27a20, ---Type <return> to continue, or q <return> to quit--- table = 0x8a27aa0, all_tables = 0x8a27aa0, sort_by_table = 0x0, tables = 1, const_tables = 0, send_group_parts = 0, sort_and_group = false, first_record = false, full_join = false, group = false, no_field_update = false, do_send_rows = true, const_table_map = 0, found_const_table_map = 0, outer_join = 0, send_records = 4, found_records = 0, examined_rows = 5, row_limit = 4294967295, positions = {{records_read = 10, table = 0x8a27900, key = 0x0}, {records_read = 0, table = 0x65742f2e, key = 0x632f7473}, { records_read = 7.5004355279422263e+247, table = 0x43c80074, key = 0x8a2261c}, {records_read = 3.5678784309999718e+18, table = 0x43c8c1d0, key = 0x43c8c3dd}, { records_read = 3.5422398184253261e-269, table = 0xd1, key = 0x43c8c1bc}, { records_read = 3.5678454456508416e+18, table = 0x43c8c69c, key = 0x4}, { records_read = 6.9278540998799893e-314, table = 0x35, key = 0x43c8c1cf}, { records_read = 3.5678630378368942e+18, table = 0x43c8c43c, key = 0x2}, { records_read = 3.5680037753252864e+18, table = 0x43c8c6be, key = 0x43c8c6bc}, {records_read = 0, table = 0x0, key = 0x43c8c43c}, { records_read = 2.1219957909850349e-312, table = 0x43c8c43c, key = 0x43c8c69e}, {records_read = 0, table = 0x83b46b0, key = 0x8a27538}, { records_read = 2.9643938750474793e-323, table = 0x0, key = 0x0}, { records_read = 5.1630523201215067e-269, table = 0x8a27538, key = 0x6}, { records_read = 2.1291530923111249e-313, table = 0x4, key = 0x0}, { records_read = 0, table = 0x8a2753f, key = 0x0}, { records_read = 5.155889308838075e-269, table = 0x8a27570, key = 0x4}, { records_read = 2.1935688281389487e-314, table = 0x6, key = 0x8a27880}, { records_read = 8.4879831688017457e-314, table = 0x0, key = 0x1}, { records_read = 4.4722182386046282e-267, table = 0x1, key = 0x6}, { records_read = 4.4722220603402469e-267, table = 0x4, key = 0x8a27551}, { records_read = 8.4879831643551549e-314, table = 0x8a275e8, key = 0x0}, { records_read = 4.4722478149092806e-267, table = 0x1, key = 0x4}, { ---Type <return> to continue, or q <return> to quit--- records_read = 2.1935686107500645e-314, table = 0x4, key = 0x8a27569}, { records_read = 2.3505382537841801, table = 0x8a27738, key = 0x1}, { records_read = 4.4723402408613266e-267, table = 0x1, key = 0x6}, { records_read = 3.5735360097449907e+18, table = 0x6, key = 0x8a27650}, { records_read = 2.1219957934356005e-314, table = 0x8a27567, key = 0x1}, { records_read = 2.3964080810546902, table = 0x0, key = 0x8a21a00}, { records_read = 3.5828920309964861e-269, table = 0x8a21a00, key = 0x43c8c334}, {records_read = 2.3964080810546879, table = 0x83deec0, key = 0x83deec0}, { records_read = 2.3964085579736554, table = 0x83deec0, key = 0x37b}}, best_positions = {{records_read = 10, table = 0x8a27900, key = 0x0}, { records_read = 3.6866495918724236e-269, table = 0x83deec0, key = 0x2800b}, { records_read = 3.6860047337458858e-269, table = 0x8a278a0, key = 0x8a22470}, { records_read = 4.3858120434677386e-267, table = 0x8a22470, key = 0x8a22470}, { records_read = 8.6905686762225864e-270, table = 0x397, key = 0x43c8c3bc}, { records_read = 3.5689713455579464e+18, table = 0x0, key = 0x0}, { records_read = 0, table = 0x0, key = 0x0}, { records_read = 3.3951932655444357e-313, table = 0x0, key = 0x0}, { records_read = 0, table = 0x74736574, key = 0x61726300}, { records_read = 1.8201786658646231e-306, table = 0x0, key = 0x43c8c69c}, { records_read = 3.5445100308724137e-269, table = 0x43c8c69c, key = 0x43c8c43c}, {records_read = 1.4853970789224451e-313, table = 0x8a0e038, key = 0x7}, {records_read = 3.5434355791803078e-269, table = 0x43c8c69c, key = 0x43c8c43c}, { records_read = 3.5692176361626255e+18, table = 0x0, key = 0x0}, { records_read = 0, table = 0x0, key = 0x0}, { records_read = 5.3057883716811932e-315, table = 0x9, key = 0x8a23508}, { records_read = 1.9659828885196875e-313, table = 0x8a23508, key = 0x8a22e10}, { records_read = 3.4544871535813825e-269, table = 0x6d, key = 0x43c8c478}, { ---Type <return> to continue, or q <return> to quit--- records_read = 3.5693847619300864e+18, table = 0xae, key = 0x43c8c480}, { records_read = 2.350538758816187, table = 0x8a2247c, key = 0x0}, { records_read = 1.9659828940532227e-313, table = 0x0, key = 0x8a16178}, { records_read = 2.3505387588162581, table = 0x8a16178, key = 0xe}, { records_read = 2.6838626286201494e-314, table = 0x29, key = 0x43c8c4cc}, { records_read = 3.5735365178366116e+18, table = 0x0, key = 0x0}, { records_read = 2.1219957909652723e-314, table = 0x0, key = 0x0}, { records_read = 2.3964085579731811, table = 0x0, key = 0x8a163e0}, { records_read = 2.3964080810546875, table = 0x8a163e0, key = 0xd3}, { records_read = 2.3964085579731811, table = 0x8a16368, key = 0x8a16368}, { records_read = 2.3964085579736554, table = 0x8a16368, key = 0x250}, { records_read = 2.3275075240750471, table = 0x8a16378, key = 0x0}, { records_read = 3.6866495918727356e-269, table = 0x8a16368, key = 0x2800b}, { records_read = 4.2129533309162942e-267, table = 0x8a221bc, key = 0x1}}, best_read = 3, fields = 0x8a2261c, group_fields = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x83dd9c0, last = 0x43c8c550, elements = 0}, <No data fields>}, tmp_table = 0x0, thd = 0x8a22470, sum_funcs = 0x0, procedure = 0x0, having = 0x0, select_options = 17339392, result = 0x8a278f0, tmp_table_param = {<Sql_alloc> = {<No data fields>}, copy_funcs = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x83dd9c0, last = 0x43c8c57c, elements = 0}, <No data fields>}, copy_funcs_it = {<base_list_iterator> = {list = 0x43c8c57c, el = 0x43c8c57c, prev = 0x0, current = 0x0}, <No data fields>}, copy_field = 0x0, copy_field_end = 0x376, group_buff = 0x43c8c5b8 "", items_to_copy = 0x43c8c5bc, recinfo = 0x43c8c5c0, start_recinfo = 0x8a221a8, keyinfo = 0x1, end_write_records = 4294967295, field_count = 0, sum_func_count = 0, func_count = 1, hidden_field_count = 0, group_parts = 0, group_length = 0, ---Type <return> to continue, or q <return> to quit--- group_null_parts = 0, quick_group = 1, using_indirect_summary_function = 49}, lock = 0x8a221a8} procedure = (class Procedure *) 0x0 all_fields = {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x8a27830, last = 0x8a27830, elements = 1}, <No data fields>} select_distinct = false cur_sel = (SELECT_LEX *) 0x8a225ac _db_func_ = 0x8a22470 "\0303<\b í=\b¤í=\b\020.¢\b\b5¢\b\bU¢\b²5¢\b\b5¢\b\r" _db_file_ = 0x8a22470 "\0303<\b í=\b¤í=\b\020.¢\b\b5¢\b\bU¢\b²5¢\b\b5¢\b\r" _db_level_ = 1137230708 _db_framep_ = (char **) 0x43c8c15c #9 0x0812bdd5 in handle_select(THD*, st_lex*, select_result*) (thd=0x8a22470, lex=0x0, result=0x8a278f0) at sql_select.cc:183 res = 144843888 select_lex = (SELECT_LEX *) 0x1 #10 0x08111106 in mysql_execute_command() () at sql_parse.cc:1993 table = (TABLE_LIST *) 0x8a278f0 res = 0 thd = (class THD *) 0x8a22470 lex = (LEX *) 0x8a225a0 tables = (TABLE_LIST *) 0x8a278a0 select_lex = (SELECT_LEX *) 0x8a225ac _db_func_ = 0x406 <Address 0x406 out of bounds> _db_file_ = 0x43c8c72c "" _db_level_ = 1137231664 _db_framep_ = (char **) 0x43c8c734 #11 0x08113367 in mysql_parse(THD*, char*, unsigned) (thd=0x8a22470, inBuf=0x8a225a0 "\001", length=71) at sql_parse.cc:2931 ---Type <return> to continue, or q <return> to quit--- lex = (LEX *) 0x8a225a0 _db_func_ = 0x2000 <Address 0x2000 out of bounds> _db_file_ = 0x47 <Address 0x47 out of bounds> _db_level_ = 144843888 _db_framep_ = (char **) 0x43c8c994 #12 0x0810eb35 in dispatch_command(enum_server_command, THD*, char*, unsigned) ( command=COM_QUERY, thd=0x8a22470, packet=0x8a23509 "", packet_length=71) at sql_parse.cc:1061 pos = 0x0 net = (NET *) 0x8a2247c error = false slow_command = false _db_func_ = 0x2 <Address 0x2 out of bounds> _db_file_ = 0x43c8c86c "\aP\b\200" _db_level_ = 0 _db_framep_ = (char **) 0x1032bd8 start_of_query = 8192 #13 0x0810e581 in do_command(THD*) (thd=0x8a22470) at sql_parse.cc:936 packet = 0x8a23508 "\001" old_timeout = 30 packet_length = 72 net = (NET *) 0x8a2247c command = COM_QUERY _db_func_ = 0x80e7b18 "ÇC\034Èz\016\b\203Ä\020\213]ü\211ì]Ã\220U\211å\203ì\024ÿ5,î=\bèáVýÿ\203Ä\bÿu\bPèc\e$" _db_file_ = 0x8a22b9c "è\t¢\b" _db_level_ = 4096 _db_framep_ = (char **) 0x1000 ---Type <return> to continue, or q <return> to quit--- #14 0x0810dc4a in handle_one_connection (arg=0x8a27730) at sql_parse.cc:719 error = 1 net = (NET *) 0x8a2247c thd = (class THD *) 0x8a22470 launch_time = 144865072 set = {__val = {0 <repeats 32 times>}} #15 0x40029811 in pthread_start_thread () from /lib/i686/libpthread.so.0 No symbol table info available. #16 0x40029915 in pthread_start_thread_event () from /lib/i686/libpthread.so.0 No symbol table info available. (gdb)
[3 Jul 2003 9:37]
Alexey Botchkov
changeset 1.1484 (03.07.03)
[3 Jul 2003 19:43]
Alexey Botchkov
Thank you for your bug report. This issue has been fixed in the latest development tree for that product. You can find more information about accessing our development trees at http://www.mysql.com/doc/en/Installing_source_tree.html