| Bug #739 | Crash mysqld using CONCAT,RPAD,LENGTH | ||
|---|---|---|---|
| Submitted: | 27 Jun 2003 7:32 | Modified: | 3 Jul 2003 19:43 |
| Reporter: | [ name withheld ] | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S1 (Critical) |
| Version: | mysql-4.0.12 (Source distribution) | OS: | Linux (linux) |
| Assigned to: | Alexey Botchkov | CPU Architecture: | Any |
[27 Jun 2003 7:35]
[ name withheld ]
I can be reached at duncan.salada@titan.com if more information is necessary
[30 Jun 2003 16:54]
MySQL Verification Team
Thanks you for the bug report. I was able to repeat.
Back trace:
/usr/local/mysql/libexec/mysqld: ready for connections.
Version: '4.0.14-debug-log' socket: '/tmp/mysql.sock' port: 3306
[New Thread 163851 (LWP 5320)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 163851 (LWP 5320)]
0x40230fd5 in memcpy () from /lib/i686/libc.so.6
Current language: auto; currently c
(gdb) backtrace full
#0 0x40230fd5 in memcpy () from /lib/i686/libc.so.6
No symbol table info available.
#1 0x080de5b9 in Item_func_rpad::val_str(String*) (this=0xffffffe4, str=0x43c8be4c)
at item_strfunc.cc:1830
res_length = 144865300
length_pad = 144865072
to = 0xffffffe4 <Address 0xffffffe4 out of bounds>
ptr_pad = 0xffffffe4 <Address 0xffffffe4 out of bounds>
count = 1
res = (class String *) 0x8a16468
rpad = (class String *) 0x8a167a3
#2 0x080daf75 in Item_func_concat::val_str(String*) (this=0x8a277d0,
str=0x43c8be4c) at item_strfunc.cc:238
res = (class String *) 0x8a275b4
res2 = (class String *) 0x8a27aa8
use_as_buff = (class String *) 0x8a27814
i = 1
#3 0x080c18d0 in Item::send(THD*, String*) (this=0x1, thd=0x8a27730,
packet=0x8a22908) at item.cc:649
buff = "hd¡\bpg¡\b+\036¢\b£g¡\b\0\0\0\0#\0\0\0\002\0\0\0\0\0\0\0Xg¡\b¿\0\0\0@\0\0\0\020\0\0\0ð\0\0\0\0\0\0\0T¿ÈC\020\0\0\0ÿÿÿÿÿÿÿÿT¿ÈCcw0\bo\005\0\0ܾÈCà¾ÈCä¾ÈC|$¢\bP3<\bxa¡\b£g¡\b\0\0\0\0\001\0\0\0\001\0\0\0pap\0rs\0\0\016\0\0\0\0\0\0\0\020\0\0\0\003\03\001\0þ/\0Senate commi3\0\0\0#\0\0\04\0\0\0±5¢\bà\0\0\0\0\0\0\0ÿÿÿÿÿÿÿÿ\001\0\0\0"...
convert = (class CONVERT *) 0x8a27730
s = {Ptr = 0x43c8be5c "hd¡\bpg¡\b+\036¢\b£g¡\b", str_length = 256,
Alloced_length = 256, alloced = false}
res = (class String *) 0x1
---Type <return> to continue, or q <return> to quit---
#4 0x080f76f0 in select_send::send_data(List<Item>&) (this=0x8a278f0,
items=@0x8a27730) at sql_class.cc:486
li = {<base_list_iterator> = {list = 0x8a2261c, el = 0x8a27830, prev = 0x0,
current = 0x0}, <No data fields>}
packet = (class String *) 0x8a22908
_db_func_ = 0x8a16500 "xa¡\b\be¡\b\n"
_db_file_ = 0x8a21e20 "þ/"
_db_level_ = 0
_db_framep_ = (char **) 0x1
item = (class Item *) 0x1
error = 8
#5 0x08137286 in end_send (join=0x43c8c0fc, join_tab=0x8a27bc4,
end_of_records=false) at sql_select.cc:5177
error = 144865072
_db_func_ = 0x8a21d88 "(\214<\b"
_db_file_ = 0x8a21e20 "þ/"
_db_level_ = 144864912
_db_framep_ = (char **) 0x8a276e8
#6 0x08136323 in sub_select (join=0x43c8c0fc, join_tab=0x8a27aa8,
end_of_records=true) at sql_select.cc:4601
not_exists_optimize = false
not_used_in_distinct = false
found_records = 0
info = (READ_RECORD *) 0x8a27acc
error = 0
found = true
on_expr = (COND *) 0x0
select_cond = (COND *) 0x0
---Type <return> to continue, or q <return> to quit---
#7 0x08136046 in do_select (join=0x43c8c0fc, fields=0x8a27aa8, table=0x0,
procedure=0x8a27730) at sql_select.cc:4490
error = 0
join_tab = (JOIN_TAB *) 0x8a27aa8
end_select = (int (*)(JOIN *, st_join_table *, bool)) 0x81371d2 <end_send>
_db_func_ = 0x8a22470 "\0303<\b í=\b¤í=\b\020.¢\b\b5¢\b\bU¢\b²5¢\b\b5¢\b\r"
_db_file_ = 0x8a278a0 ""
_db_level_ = 0
_db_framep_ = (char **) 0x0
#8 0x0812e1d4 in mysql_select(THD*, st_table_list*, List<Item>&, Item*, st_order*, st_order*, Item*, st_order*, unsigned long, select_result*) (thd=0x8a22470,
tables=0x0, fields=@0x8a2261c, conds=0x0, order=0x0, group=0x0, having=0x0,
proc_param=0x0, select_options=17339392, result=0x8a278f0) at sql_select.cc:979
tmp_table = (TABLE *) 0x0
error = -1
tmp_error = 0
need_tmp = false
hidden_group_fields = false
simple_order = true
simple_group = true
no_order = false
skip_sort_order = false
select_limit = 4294967295
cond_value = COND_TRUE
select = (class SQL_SELECT *) 0x0
keyuse = {buffer = 0x0, elements = 0, max_element = 0, alloc_increment = 0,
size_of_element = 0}
join = {join_tab = 0x8a27aa8, best_ref = 0x43c8bfac, map2table = 0x8a27a20,
---Type <return> to continue, or q <return> to quit---
table = 0x8a27aa0, all_tables = 0x8a27aa0, sort_by_table = 0x0, tables = 1,
const_tables = 0, send_group_parts = 0, sort_and_group = false,
first_record = false, full_join = false, group = false, no_field_update = false,
do_send_rows = true, const_table_map = 0, found_const_table_map = 0,
outer_join = 0, send_records = 4, found_records = 0, examined_rows = 5,
row_limit = 4294967295, positions = {{records_read = 10, table = 0x8a27900,
key = 0x0}, {records_read = 0, table = 0x65742f2e, key = 0x632f7473}, {
records_read = 7.5004355279422263e+247, table = 0x43c80074, key = 0x8a2261c},
{records_read = 3.5678784309999718e+18, table = 0x43c8c1d0, key = 0x43c8c3dd}, {
records_read = 3.5422398184253261e-269, table = 0xd1, key = 0x43c8c1bc}, {
records_read = 3.5678454456508416e+18, table = 0x43c8c69c, key = 0x4}, {
records_read = 6.9278540998799893e-314, table = 0x35, key = 0x43c8c1cf}, {
records_read = 3.5678630378368942e+18, table = 0x43c8c43c, key = 0x2}, {
records_read = 3.5680037753252864e+18, table = 0x43c8c6be, key = 0x43c8c6bc},
{records_read = 0, table = 0x0, key = 0x43c8c43c}, {
records_read = 2.1219957909850349e-312, table = 0x43c8c43c,
key = 0x43c8c69e}, {records_read = 0, table = 0x83b46b0, key = 0x8a27538}, {
records_read = 2.9643938750474793e-323, table = 0x0, key = 0x0}, {
records_read = 5.1630523201215067e-269, table = 0x8a27538, key = 0x6}, {
records_read = 2.1291530923111249e-313, table = 0x4, key = 0x0}, {
records_read = 0, table = 0x8a2753f, key = 0x0}, {
records_read = 5.155889308838075e-269, table = 0x8a27570, key = 0x4}, {
records_read = 2.1935688281389487e-314, table = 0x6, key = 0x8a27880}, {
records_read = 8.4879831688017457e-314, table = 0x0, key = 0x1}, {
records_read = 4.4722182386046282e-267, table = 0x1, key = 0x6}, {
records_read = 4.4722220603402469e-267, table = 0x4, key = 0x8a27551}, {
records_read = 8.4879831643551549e-314, table = 0x8a275e8, key = 0x0}, {
records_read = 4.4722478149092806e-267, table = 0x1, key = 0x4}, {
---Type <return> to continue, or q <return> to quit---
records_read = 2.1935686107500645e-314, table = 0x4, key = 0x8a27569}, {
records_read = 2.3505382537841801, table = 0x8a27738, key = 0x1}, {
records_read = 4.4723402408613266e-267, table = 0x1, key = 0x6}, {
records_read = 3.5735360097449907e+18, table = 0x6, key = 0x8a27650}, {
records_read = 2.1219957934356005e-314, table = 0x8a27567, key = 0x1}, {
records_read = 2.3964080810546902, table = 0x0, key = 0x8a21a00}, {
records_read = 3.5828920309964861e-269, table = 0x8a21a00, key = 0x43c8c334},
{records_read = 2.3964080810546879, table = 0x83deec0, key = 0x83deec0}, {
records_read = 2.3964085579736554, table = 0x83deec0, key = 0x37b}},
best_positions = {{records_read = 10, table = 0x8a27900, key = 0x0}, {
records_read = 3.6866495918724236e-269, table = 0x83deec0, key = 0x2800b}, {
records_read = 3.6860047337458858e-269, table = 0x8a278a0, key = 0x8a22470}, {
records_read = 4.3858120434677386e-267, table = 0x8a22470, key = 0x8a22470}, {
records_read = 8.6905686762225864e-270, table = 0x397, key = 0x43c8c3bc}, {
records_read = 3.5689713455579464e+18, table = 0x0, key = 0x0}, {
records_read = 0, table = 0x0, key = 0x0}, {
records_read = 3.3951932655444357e-313, table = 0x0, key = 0x0}, {
records_read = 0, table = 0x74736574, key = 0x61726300}, {
records_read = 1.8201786658646231e-306, table = 0x0, key = 0x43c8c69c}, {
records_read = 3.5445100308724137e-269, table = 0x43c8c69c,
key = 0x43c8c43c}, {records_read = 1.4853970789224451e-313,
table = 0x8a0e038, key = 0x7}, {records_read = 3.5434355791803078e-269,
table = 0x43c8c69c, key = 0x43c8c43c}, {
records_read = 3.5692176361626255e+18, table = 0x0, key = 0x0}, {
records_read = 0, table = 0x0, key = 0x0}, {
records_read = 5.3057883716811932e-315, table = 0x9, key = 0x8a23508}, {
records_read = 1.9659828885196875e-313, table = 0x8a23508, key = 0x8a22e10}, {
records_read = 3.4544871535813825e-269, table = 0x6d, key = 0x43c8c478}, {
---Type <return> to continue, or q <return> to quit---
records_read = 3.5693847619300864e+18, table = 0xae, key = 0x43c8c480}, {
records_read = 2.350538758816187, table = 0x8a2247c, key = 0x0}, {
records_read = 1.9659828940532227e-313, table = 0x0, key = 0x8a16178}, {
records_read = 2.3505387588162581, table = 0x8a16178, key = 0xe}, {
records_read = 2.6838626286201494e-314, table = 0x29, key = 0x43c8c4cc}, {
records_read = 3.5735365178366116e+18, table = 0x0, key = 0x0}, {
records_read = 2.1219957909652723e-314, table = 0x0, key = 0x0}, {
records_read = 2.3964085579731811, table = 0x0, key = 0x8a163e0}, {
records_read = 2.3964080810546875, table = 0x8a163e0, key = 0xd3}, {
records_read = 2.3964085579731811, table = 0x8a16368, key = 0x8a16368}, {
records_read = 2.3964085579736554, table = 0x8a16368, key = 0x250}, {
records_read = 2.3275075240750471, table = 0x8a16378, key = 0x0}, {
records_read = 3.6866495918727356e-269, table = 0x8a16368, key = 0x2800b}, {
records_read = 4.2129533309162942e-267, table = 0x8a221bc, key = 0x1}},
best_read = 3, fields = 0x8a2261c,
group_fields = {<base_list> = {<Sql_alloc> = {<No data fields>},
first = 0x83dd9c0, last = 0x43c8c550, elements = 0}, <No data fields>},
tmp_table = 0x0, thd = 0x8a22470, sum_funcs = 0x0, procedure = 0x0, having = 0x0,
select_options = 17339392, result = 0x8a278f0,
tmp_table_param = {<Sql_alloc> = {<No data fields>},
copy_funcs = {<base_list> = {<Sql_alloc> = {<No data fields>},
first = 0x83dd9c0, last = 0x43c8c57c, elements = 0}, <No data fields>},
copy_funcs_it = {<base_list_iterator> = {list = 0x43c8c57c, el = 0x43c8c57c,
prev = 0x0, current = 0x0}, <No data fields>}, copy_field = 0x0,
copy_field_end = 0x376, group_buff = 0x43c8c5b8 "", items_to_copy = 0x43c8c5bc,
recinfo = 0x43c8c5c0, start_recinfo = 0x8a221a8, keyinfo = 0x1,
end_write_records = 4294967295, field_count = 0, sum_func_count = 0,
func_count = 1, hidden_field_count = 0, group_parts = 0, group_length = 0,
---Type <return> to continue, or q <return> to quit---
group_null_parts = 0, quick_group = 1, using_indirect_summary_function = 49},
lock = 0x8a221a8}
procedure = (class Procedure *) 0x0
all_fields = {<base_list> = {<Sql_alloc> = {<No data fields>},
first = 0x8a27830, last = 0x8a27830, elements = 1}, <No data fields>}
select_distinct = false
cur_sel = (SELECT_LEX *) 0x8a225ac
_db_func_ = 0x8a22470 "\0303<\b í=\b¤í=\b\020.¢\b\b5¢\b\bU¢\b²5¢\b\b5¢\b\r"
_db_file_ = 0x8a22470 "\0303<\b í=\b¤í=\b\020.¢\b\b5¢\b\bU¢\b²5¢\b\b5¢\b\r"
_db_level_ = 1137230708
_db_framep_ = (char **) 0x43c8c15c
#9 0x0812bdd5 in handle_select(THD*, st_lex*, select_result*) (thd=0x8a22470,
lex=0x0, result=0x8a278f0) at sql_select.cc:183
res = 144843888
select_lex = (SELECT_LEX *) 0x1
#10 0x08111106 in mysql_execute_command() () at sql_parse.cc:1993
table = (TABLE_LIST *) 0x8a278f0
res = 0
thd = (class THD *) 0x8a22470
lex = (LEX *) 0x8a225a0
tables = (TABLE_LIST *) 0x8a278a0
select_lex = (SELECT_LEX *) 0x8a225ac
_db_func_ = 0x406 <Address 0x406 out of bounds>
_db_file_ = 0x43c8c72c ""
_db_level_ = 1137231664
_db_framep_ = (char **) 0x43c8c734
#11 0x08113367 in mysql_parse(THD*, char*, unsigned) (thd=0x8a22470,
inBuf=0x8a225a0 "\001", length=71) at sql_parse.cc:2931
---Type <return> to continue, or q <return> to quit---
lex = (LEX *) 0x8a225a0
_db_func_ = 0x2000 <Address 0x2000 out of bounds>
_db_file_ = 0x47 <Address 0x47 out of bounds>
_db_level_ = 144843888
_db_framep_ = (char **) 0x43c8c994
#12 0x0810eb35 in dispatch_command(enum_server_command, THD*, char*, unsigned) (
command=COM_QUERY, thd=0x8a22470, packet=0x8a23509 "", packet_length=71)
at sql_parse.cc:1061
pos = 0x0
net = (NET *) 0x8a2247c
error = false
slow_command = false
_db_func_ = 0x2 <Address 0x2 out of bounds>
_db_file_ = 0x43c8c86c "\aP\b\200"
_db_level_ = 0
_db_framep_ = (char **) 0x1032bd8
start_of_query = 8192
#13 0x0810e581 in do_command(THD*) (thd=0x8a22470) at sql_parse.cc:936
packet = 0x8a23508 "\001"
old_timeout = 30
packet_length = 72
net = (NET *) 0x8a2247c
command = COM_QUERY
_db_func_ = 0x80e7b18 "ÇC\034Èz\016\b\203Ä\020\213]ü\211ì]Ã\220U\211å\203ì\024ÿ5,î=\bèáVýÿ\203Ä\bÿu\bPèc\e$"
_db_file_ = 0x8a22b9c "è\t¢\b"
_db_level_ = 4096
_db_framep_ = (char **) 0x1000
---Type <return> to continue, or q <return> to quit---
#14 0x0810dc4a in handle_one_connection (arg=0x8a27730) at sql_parse.cc:719
error = 1
net = (NET *) 0x8a2247c
thd = (class THD *) 0x8a22470
launch_time = 144865072
set = {__val = {0 <repeats 32 times>}}
#15 0x40029811 in pthread_start_thread () from /lib/i686/libpthread.so.0
No symbol table info available.
#16 0x40029915 in pthread_start_thread_event () from /lib/i686/libpthread.so.0
No symbol table info available.
(gdb)
[3 Jul 2003 9:37]
Alexey Botchkov
changeset 1.1484 (03.07.03)
[3 Jul 2003 19:43]
Alexey Botchkov
Thank you for your bug report. This issue has been fixed in the latest
development tree for that product. You can find more information about
accessing our development trees at
http://www.mysql.com/doc/en/Installing_source_tree.html
Description: Accidently discovered that I could crash mysqld using a fairly simple query on a column of type text. It involves using CONCAT,RPAD, and LENGTH in conjunction with one another. mysql> SELECT CONCAT("</a>",RPAD("",(55 - LENGTH(title)),".")) from crash_test; ERROR 2013: Lost connection to MySQL server during query I also found that by eliminating the CONCAT function for the statement the query would return an out of memory error. mysql> SELECT RPAD("",(55 - LENGTH(title)),".") from crash_test; ERROR 5: Out of memory (Needed 4294967280 bytes) Stuff from mysqlbug >C compiler: 2.95.3 >C++ compiler: 2.95.3 >Environment: System: Linux val114-050 2.2.19 #93 Thu Jun 21 01:09:03 PDT 2001 i686 unknown Architecture: i686 Some paths: /usr/bin/perl /usr/bin/make /usr/bin/gmake /usr/bin/gcc /usr/bin/cc GCC: Reading specs from /usr/lib/gcc-lib/i386-slackware-linux/2.95.3/specs gcc version 2.95.3 20010315 (release) Compilation info: CC='gcc' CFLAGS='-O3' CXX='gcc' CXXFLAGS='-O3 -felide-constructors -fno-exceptions -fno-rtti' LDFLAGS='' ASFLAGS='' LIBC: lrwxrwxrwx 1 root root 13 Jan 2 2002 /lib/libc.so.6 -> libc-2.2.3.so -rwxr-xr-x 1 root root 4783716 May 25 2001 /lib/libc-2.2.3.so -rw-r--r-- 1 root root 24721042 May 25 2001 /usr/lib/libc.a -rw-r--r-- 1 root root 178 May 25 2001 /usr/lib/libc.so Configure command: ./configure '--prefix=/usr/local/mysql-4.0.12' '--enable-assembler' '--with-mysqld-ldflags=-all-static' 'CFLAGS=-O3' 'CXXFLAGS=-O3 -felide-constructors -fno-exceptions -fno-rtti' 'CXX=gcc' How to repeat: CREATE TABLE crash_test ( title text ) TYPE=MyISAM; INSERT INTO crash_test VALUES ('Newspapers'); INSERT INTO crash_test VALUES ('Pre-release program receives state United Way award'); INSERT INTO crash_test VALUES ('Center for applied linguistics home page'); INSERT INTO crash_test VALUES ('Literacy proficiencies of GED examinees: Results from the GED-NALS Comparison Study'); INSERT INTO crash_test VALUES ('Senate committee considers adult education bill'); INSERT INTO crash_test VALUES ('Senate committee passes adult education legislation'); INSERT INTO crash_test VALUES ('House subcommittee protects most literacy funding'); INSERT INTO crash_test VALUES ('Senate provides $25 million more than the House for literacy'); INSERT INTO crash_test VALUES ('Congress reconvenes in September to debate welfare and adult education'); INSERT INTO crash_test VALUES ('House passes the CAREERS bill'); mysql> SELECT RPAD("",(55 - LENGTH(title)),".") from crash_test; ERROR 5: Out of memory (Needed 4294967280 bytes) mysql> SELECT CONCAT("</a>",RPAD("",(55 - LENGTH(title)),".")) from crash_test; ERROR 2013: Lost connection to MySQL server during query ======== ERROR LOG DUMP ======================================= mysqld got signal 11; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. key_buffer_size=16777216 read_buffer_size=131072 sort_buffer_size=524280 max_used_connections=1 max_connections=100 threads_connected=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 80383 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. thd=0x86ff518 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... Cannot determine thread, fp=0xbe7fed08, backtrace may not be correct. Stack range sanity check OK, backtrace follows: 0x8070939 0x8270e28 0x829dc13 0x805930e 0x8057674 0x804a517 0x806a0d3 0x809ccd4 0x809c396 0x809c0a6 0x8095090 0x80a16e3 0x807aff8 0x807e885 0x807a13b 0x807fd4d 0x807938e 0x826e8b8 0x82a462a New value of fp=(nil) failed sanity check, terminating stack trace! Please read http://www.mysql.com/doc/en/Using_stack_trace.html and follow instructions on how to resolve the stack trace. Resolved stack trace is much more helpful in diagnosing the problem, so please do resolve it Trying to get some variables. Some pointers may be invalid and cause the dump to abort... thd->query at 0x872b2a0 = SELECT CONCAT("</a>",RPAD("",(55 - LENGTH(title)),".")) from crash_test thd->thread_id=38 Successfully dumped variables, if you ran with --log, take a look at the details of what thread 38 did to cause the crash. In some cases of really bad corruption, the values shown above may be invalid. The manual page at http://www.mysql.com/doc/C/r/Crashing.html contains information that should help you find out what is causing the crash. Number of processes running now: 0 030627 08:12:19 mysqld restarted 030627 8:12:20 InnoDB: Database was not shut down normally. InnoDB: Starting recovery from log files... InnoDB: Starting log scan based on checkpoint at InnoDB: log sequence number 0 43902 InnoDB: Doing recovery: scanned up to log sequence number 0 43902 030627 8:12:20 InnoDB: Flushing modified pages from the buffer pool... 030627 8:12:20 InnoDB: Started /usr/local/mysql-4.0.12/libexec/mysqld: ready for connections. Version: '4.0.12' socket: '/tmp/mysql.sock' port: 3306 ======== END ERROR LOG DUMP =================================== dsalada@val114-050:/usr/local/mysql> resolve_stack_dump -s /tmp/mysqld.sym -n /tmp/mysqld.stack 0x8070939 handle_segfault + 449 0x8270e28 pthread_sighandler + 176 0x829dc13 memcpy + 51 0x805930e val_str__14Item_func_rpadP6String + 394 0x8057674 val_str__16Item_func_concatP6String + 172 0x804a517 send__4ItemP3THDP6String + 75 0x806a0d3 send_data__11select_sendRt4List1Z4Item + 123 0x809ccd4 end_send__FP4JOINP13st_join_tableb + 120 0x809c396 sub_select__FP4JOINP13st_join_tableb + 262 0x809c0a6 do_select__FP4JOINPt4List1Z4ItemP8st_tableP9Procedure + 418 0x8095090 mysql_select__FP3THDP13st_table_listRt4List1Z4ItemP4ItemP8st_orderT4T3T4UlP13select_result + 6768 0x80a16e3 handle_select__FP3THDP6st_lexP13select_result + 95 0x807aff8 mysql_execute_command__Fv + 940 0x807e885 mysql_parse__FP3THDPcUi + 565 0x807a13b dispatch_command__F19enum_server_commandP3THDPcUi + 1527 0x807fd4d do_command__FP3THD + 153 0x807938e handle_one_connection + 638 0x826e8b8 pthread_start_thread + 204 0x82a462a thread_start + 4