Bug #7394 set var = select in stored procedure causes crash on second execution
Submitted: 17 Dec 2004 20:49 Modified: 17 Dec 2004 22:16
Reporter: Sergey Petrunya Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.0-bk OS:
Assigned to: CPU Architecture:Any

[17 Dec 2004 20:49] Sergey Petrunya 
Description:
Running the following causes server to crash:
create table t45 (s1 int);
create procedure p45 (pout int) set pout = (select s1 from t45);
set @a=3;
call p45(@a);
call p45(@a);

Server compiled with compile-pentium-debug, last cset is
ChangeSet@1.1755.1.4, 2004-12-17 20:22:13+03:00, konstantin@mysql.com

How to repeat:
see above 

Suggested fix:
One thing I've spotted: handler::handler is called 2 times while handler::~handler is not called.
[17 Dec 2004 20:55] Sergey Petrunya 
Here is the stack trace:
#0  0x08236dbf in ha_myisam::rnd_next(char*) (this=0x8ba99d0, buf=0x0) at ha_myisam.cc:1192
#1  0x08230838 in handler::read_first_row(char*, unsigned) (this=0x8ba99d0, buf=0x8ba9a88 "�", primary_key=146446800) at handler.cc:988
#2  0x081d8320 in join_read_system (tab=0x0) at sql_select.cc:9190
#3  0x081d810f in join_read_const_table (tab=0x8bab5a0, pos=0x8baa7d8) at sql_select.cc:9139
#4  0x081c99bf in make_join_statistics (join=0x8baa778, tables=0x0, conds=0x0, keyuse_array=0x8bab47c) at sql_select.cc:2245
#5  0x081c4f03 in JOIN::optimize() (this=0x8baa778) at sql_select.cc:625
#6  0x0815099b in subselect_single_select_engine::exec() (this=0x8bb2090) at item_subselect.cc:1219
#7  0x0814d01e in Item_subselect::exec() (this=0x8bb2000) at item_subselect.cc:200
#8  0x0814dbcc in Item_singlerow_subselect::val_int() (this=0x8bb2000) at item_subselect.cc:462
#9  0x08295eef in sp_eval_func_item(THD*, Item*, enum_field_types) (thd=0x8b8cb70, it=0x8bb2000, type=MYSQL_TYPE_LONG) at sp_head.cc:121
#10 0x082997bc in sp_instr_set::execute(THD*, unsigned*) (this=0x8bb20b0, thd=0x8b8cb70, nextp=0x0) at sp_head.cc:1238
#11 0x08297402 in sp_head::execute(THD*) (this=0x8bb1958, thd=0x8b8cb70) at sp_head.cc:485
#12 0x08297cad in sp_head::execute_procedure(THD*, List<Item>*) (this=0x8bb1958, thd=0x8b8cb70, args=0x8b8cf9c) at sp_head.cc:702
#13 0x0819825f in mysql_execute_command(THD*) (thd=0x8b8cb70) at sql_parse.cc:3807
#14 0x0819a047 in mysql_parse(THD*, char*, unsigned) (thd=0x8b8cb70, inBuf=0x8baa540 "call p45(@a)", length=146328496) at sql_parse.cc:4668
#15 0x08191b1e in dispatch_command(enum_server_command, THD*, char*, unsigned) (command=146328432, thd=0x8b8cb70, packet=0x8ba24e1 "call p45(@a)", 
    packet_length=13) at sql_parse.cc:1512
[17 Dec 2004 20:56] Sergey Petrunya 
Fix for BUG#6797 is blocking on this bug.
[17 Dec 2004 22:10] Sergey Petrunya 
Probably this is a duplicate of BUG#5963 "Stored procedure crash if variable = subquery"