Bug #8125 reexecution of prepared statement crashes server
Submitted: 25 Jan 2005 6:56 Modified: 4 Feb 2005 20:27
Reporter: Georg Richter Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S1 (Critical)
Version:4.1.9 + 5.0.3 OS:Linux (Linux)
Assigned to: Oleksandr Byelkin CPU Architecture:Any

[25 Jan 2005 6:56] Georg Richter
Description:
see how to repeat.
Maybe related to #8115, but Konstantin's patch/workaround didn't help here.

Stacktrace:
0x81819b1 handle_segfault + 459
0x4004696c _end + 933863036
(nil)
0x81dc59f end_send(JOIN*, st_join_table*, bool) + 211
0x81daf9d sub_select(JOIN*, st_join_table*, bool) + 515
0x81da991 do_select(JOIN*, List<Item>*, st_table*, Procedure*) + 959
0x81cbc9d JOIN::exec() + 6287
0x8154720 subselect_single_select_engine::exec() + 402
0x8150c2a Item_subselect::exec() + 34
0x8151801 Item_singlerow_subselect::val_int() + 63
0x812156b Arg_comparator::compare_int_signed() + 57
0x812215f Item_func_le::val_int() + 95
0x81184c1 Item_int_func::val_real() + 59
0x81209d1 Item_func_not_all::val_int() + 65
0x823361d find_all_keys(st_sort_param*, SQL_SELECT*, unsigned char**, st_io_cache*, st_io_cache*, st_io_cache*) + 1511
0x8232944 filesort(THD*, st_table*, st_sort_field*, unsigned int, SQL_SELECT*, unsigned long, unsigned long*) + 1040
0x81de8ef create_sort_index(THD*, JOIN*, st_order*, unsigned long, unsigned long) + 625
0x81cbac8 JOIN::exec() + 5818
0x81cca7d _Z12mysql_selectP3THDPPP4ItemP13st_table_listjR4ListIS1_ES2_jP8st_orderSB_S2_SB_mP13select_resultP18st_select_lex_unitP13st_sel + 575
0x81c7cf4 handle_select(THD*, st_lex*, select_result*, unsigned long) + 276
0x8198af1 mysql_execute_command(THD*) + 1463
0x81efa84 execute_stmt(THD*, Prepared_statement*, String*) + 226
0x81ef936 mysql_sql_stmt_execute(THD*, st_lex_string*) + 460
0x8198f96 mysql_execute_command(THD*) + 2652
0x819f951 mysql_parse(THD*, char*, unsigned int) + 309
0x8197034 dispatch_command(enum_server_command, THD*, char*, unsigned int) + 1796
0x8196924 do_command(THD*) + 556
0x8195cbe handle_one_connection + 732
0x40040f60 _end + 933839984
0x401d6327 _end + 935499831

How to repeat:
Create Table: CREATE TABLE `t1` (
  `a` char(3) NOT NULL default '',
  `b` char(3) NOT NULL default '',
  `c` char(3) NOT NULL default '',
  PRIMARY KEY  (`a`,`b`,`c`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

CREATE TABLE t2 LIKE t1;

INSERT INTO t1 VALUES (1,1,1);
INSERT INTO t2 VALUES (1,1,1);

PREPARE my_stmt FROM "SELECT t1.b, count(*) FROM t1 group by t1.b having count(*) > ALL (SELECT COUNT(*) FROM t2 WHERE t2.a=1 GROUP By t2.b)";

EXECUTE my_stmt;

# crash -boom!
EXECUTE my_stmt;
[26 Jan 2005 13:29] Oleksandr Byelkin
ChangeSet
  1.2167 05/01/26 15:27:45 bell@sanja.is.com.ua +5 -0
  fixed cleanup of result object of subqueries. (BUG#8125)
[1 Feb 2005 12:06] Oleksandr Byelkin
Thank you for bugreport. Bugfix is pushed into 4.1.10 (5.0.3) source repository
[4 Feb 2005 20:27] Paul DuBois
Mentioned in 4.1.10 and 5.0.3 change notes.