Bug #8915 | Server crash during query (decimal arithmetic) | ||
---|---|---|---|
Submitted: | 3 Mar 2005 8:30 | Modified: | 6 May 2005 12:34 |
Reporter: | Vadim Tkachenko | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server | Severity: | S1 (Critical) |
Version: | 5.0.5-bk | OS: | Linux (RedHat AS 3.0, Suse 9.2 Pro) |
Assigned to: | Alexey Botchkov | CPU Architecture: | Any |
[3 Mar 2005 8:30]
Vadim Tkachenko
[3 Mar 2005 8:44]
Vadim Tkachenko
CREATE TABLE `customer` ( `c_id` int(11) NOT NULL default '0', `c_d_id` int(11) NOT NULL default '0', `c_w_id` int(11) NOT NULL default '0', `c_first` char(16) default NULL, `c_middle` char(2) default NULL, `c_last` char(16) default NULL, `c_street_1` char(20) default NULL, `c_street_2` char(20) default NULL, `c_city` char(20) default NULL, `c_state` char(2) default NULL, `c_zip` char(9) default NULL, `c_phone` char(16) default NULL, `c_since` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, `c_credit` char(2) default NULL, `c_credit_lim` decimal(24,12) default NULL, `c_discount` double default NULL, `c_balance` decimal(24,12) default NULL, `c_ytd_payment` decimal(24,12) default NULL, `c_payment_cnt` double default NULL, `c_delivery_cnt` double default NULL, `c_data` text, PRIMARY KEY (`c_w_id`,`c_d_id`,`c_id`), KEY `c_w_id` (`c_w_id`,`c_d_id`,`c_last`,`c_first`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
[3 Mar 2005 8:45]
Vadim Tkachenko
change Synopsis
[3 Mar 2005 9:03]
Vadim Tkachenko
dump with table and data
Attachment: cust1.sql (text/plain), 2.91 KiB.
[4 Mar 2005 13:00]
Alexey Botchkov
Tried this on my Linux and on quadxeon machine. Do i need some specific charset-related settings to get that effect?
[24 Apr 2005 10:19]
Vadim Tkachenko
I can repeat it now and have test case. stack trace: 0x80f098a handle_segfault + 682 0x83f352d __pthread_sighandler + 173 0x83dfe15 decimal_optimize_fraction + 213 0x821f53e _Z17my_decimal2binaryjPK10my_decimalPcii + 62 0x80cdb2a _ZN17Field_new_decimal11store_valueEPK10my_decimal + 106 0x80cdd58 _ZN17Field_new_decimal13store_decimalEPK10my_decimal + 24 0x8055b4f _ZN4Item13save_in_fieldEP5Fieldb + 607 0x812f86a _Z11fill_recordP3THDR4ListI4ItemES4_b + 90 0x816a5de _Z12mysql_updateP3THDP13st_table_listR4ListI4ItemES6_PS4_jP8st_ordery15enum_duplicatesb + 2622 0x810dfc8 _Z21mysql_execute_commandP3THD + 18504 0x81152a4 _Z11mysql_parseP3THDPcj + 692 0x81178a4 _Z16dispatch_command19enum_server_commandP3THDPcj + 3156 0x8118cf1 handle_one_connection + 1921 0x83ee411 pthread_start_thread + 225 0x842145a clone + 106 How to repeat 1. unpack table cust1 from test.tar.gz 2. connect test; 3. UPDATE cust1 SET c_balance = c_balance - 106.269997, c_ytd_payment = c_ytd_payment + 1; ERROR 2013 (HY000): Lost connection to MySQL server during query
[24 Apr 2005 10:20]
Vadim Tkachenko
File with cust1 table
Attachment: test.tar.gz (application/x-gzip-compressed, text), 1.38 KiB.
[24 Apr 2005 10:32]
Vadim Tkachenko
tested with new version
[24 Apr 2005 12:52]
Vadim Tkachenko
Problem in next loop: for (i= DIG_PER_DEC1 - ((frac - 1) % DIG_PER_DEC1); *buf0 % powers10[i++] == 0; frac--) powers10 has size = 10 , and with i=10, array is overflowed.
[6 May 2005 12:34]
Alexey Botchkov
Thank you for your bug report. This issue has been committed to our source repository of that product and will be incorporated into the next release. If necessary, you can access the source repository and build the latest available version, including the bugfix, yourself. More information about accessing the source trees is available at http://www.mysql.com/doc/en/Installing_source_tree.html Additional info: Bug was closed with the 'big' PM-relate patch 'bk commit - 5.0 tree (hf:1.1829)'