| Bug #8915 | Server crash during query (decimal arithmetic) | ||
|---|---|---|---|
| Submitted: | 3 Mar 2005 8:30 | Modified: | 6 May 2005 12:34 |
| Reporter: | Vadim Tkachenko | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S1 (Critical) |
| Version: | 5.0.5-bk | OS: | Linux (RedHat AS 3.0, Suse 9.2 Pro) |
| Assigned to: | Alexey Botchkov | CPU Architecture: | Any |
[3 Mar 2005 8:44]
Vadim Tkachenko
CREATE TABLE `customer` ( `c_id` int(11) NOT NULL default '0', `c_d_id` int(11) NOT NULL default '0', `c_w_id` int(11) NOT NULL default '0', `c_first` char(16) default NULL, `c_middle` char(2) default NULL, `c_last` char(16) default NULL, `c_street_1` char(20) default NULL, `c_street_2` char(20) default NULL, `c_city` char(20) default NULL, `c_state` char(2) default NULL, `c_zip` char(9) default NULL, `c_phone` char(16) default NULL, `c_since` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP, `c_credit` char(2) default NULL, `c_credit_lim` decimal(24,12) default NULL, `c_discount` double default NULL, `c_balance` decimal(24,12) default NULL, `c_ytd_payment` decimal(24,12) default NULL, `c_payment_cnt` double default NULL, `c_delivery_cnt` double default NULL, `c_data` text, PRIMARY KEY (`c_w_id`,`c_d_id`,`c_id`), KEY `c_w_id` (`c_w_id`,`c_d_id`,`c_last`,`c_first`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
[3 Mar 2005 8:45]
Vadim Tkachenko
change Synopsis
[3 Mar 2005 9:03]
Vadim Tkachenko
dump with table and data
Attachment: cust1.sql (text/plain), 2.91 KiB.
[4 Mar 2005 13:00]
Alexey Botchkov
Tried this on my Linux and on quadxeon machine. Do i need some specific charset-related settings to get that effect?
[24 Apr 2005 10:19]
Vadim Tkachenko
I can repeat it now and have test case. stack trace: 0x80f098a handle_segfault + 682 0x83f352d __pthread_sighandler + 173 0x83dfe15 decimal_optimize_fraction + 213 0x821f53e _Z17my_decimal2binaryjPK10my_decimalPcii + 62 0x80cdb2a _ZN17Field_new_decimal11store_valueEPK10my_decimal + 106 0x80cdd58 _ZN17Field_new_decimal13store_decimalEPK10my_decimal + 24 0x8055b4f _ZN4Item13save_in_fieldEP5Fieldb + 607 0x812f86a _Z11fill_recordP3THDR4ListI4ItemES4_b + 90 0x816a5de _Z12mysql_updateP3THDP13st_table_listR4ListI4ItemES6_PS4_jP8st_ordery15enum_duplicatesb + 2622 0x810dfc8 _Z21mysql_execute_commandP3THD + 18504 0x81152a4 _Z11mysql_parseP3THDPcj + 692 0x81178a4 _Z16dispatch_command19enum_server_commandP3THDPcj + 3156 0x8118cf1 handle_one_connection + 1921 0x83ee411 pthread_start_thread + 225 0x842145a clone + 106 How to repeat 1. unpack table cust1 from test.tar.gz 2. connect test; 3. UPDATE cust1 SET c_balance = c_balance - 106.269997, c_ytd_payment = c_ytd_payment + 1; ERROR 2013 (HY000): Lost connection to MySQL server during query
[24 Apr 2005 10:20]
Vadim Tkachenko
File with cust1 table
Attachment: test.tar.gz (application/x-gzip-compressed, text), 1.38 KiB.
[24 Apr 2005 10:32]
Vadim Tkachenko
tested with new version
[24 Apr 2005 12:52]
Vadim Tkachenko
Problem in next loop:
for (i= DIG_PER_DEC1 - ((frac - 1) % DIG_PER_DEC1);
*buf0 % powers10[i++] == 0;
frac--)
powers10 has size = 10 , and with i=10,
array is overflowed.
[6 May 2005 12:34]
Alexey Botchkov
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.
If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information
about accessing the source trees is available at
http://www.mysql.com/doc/en/Installing_source_tree.html
Additional info:
Bug was closed with the 'big' PM-relate patch 'bk commit - 5.0 tree (hf:1.1829)'
Description: table customer: +----------------+----------------+------+-----+-------------------+-------+ | Field | Type | Null | Key | Default | Extra | +----------------+----------------+------+-----+-------------------+-------+ | c_id | int(11) | NO | PRI | 0 | | | c_d_id | int(11) | NO | PRI | 0 | | | c_w_id | int(11) | NO | PRI | 0 | | | c_first | char(16) | YES | | NULL | | | c_middle | char(2) | YES | | NULL | | | c_last | char(16) | YES | | NULL | | | c_street_1 | char(20) | YES | | NULL | | | c_street_2 | char(20) | YES | | NULL | | | c_city | char(20) | YES | | NULL | | | c_state | char(2) | YES | | NULL | | | c_zip | char(9) | YES | | NULL | | | c_phone | char(16) | YES | | NULL | | | c_since | timestamp | YES | | CURRENT_TIMESTAMP | | | c_credit | char(2) | YES | | NULL | | | c_credit_lim | decimal(24,12) | YES | | NULL | | | c_discount | double | YES | | NULL | | | c_balance | decimal(24,12) | YES | | NULL | | | c_ytd_payment | decimal(24,12) | YES | | NULL | | | c_payment_cnt | double | YES | | NULL | | | c_delivery_cnt | double | YES | | NULL | | | c_data | text | YES | | NULL | | +----------------+----------------+------+-----+-------------------+-------+ query: UPDATE customer SET c_balance = c_balance - 2010.430054, c_ytd_payment = c_ytd_payment + 1 WHERE c_id = 1228 AND c_w_id = 2 AND c_d_id = 2 Server crashes with this query: mysqld got signal 8; stack trace: 0x8179c9b handle_segfault + 523 0x20dd28 (?) 0xc4653600 _end + -1140184176 0x815897d _ZN17Field_new_decimal11store_valueEPK10my_decimal + 61 0x8158db3 _ZN17Field_new_decimal13store_decimalEPK10my_decimal + 19 0x80f7990 _ZN4Item13save_in_fieldEP5Fieldb + 544 0x81b1981 _Z11fill_recordP3THDR4ListI4ItemES4_b + 129 0x81da6cd _Z12mysql_updateP3THDP13st_table_listR4ListI4ItemES6_PS4_jP8st_orderm15enum_duplicatesb + 1757 0x8190c88 _Z21mysql_execute_commandP3THD + 8792 0x8194df0 _Z11mysql_parseP3THDPcj + 400 0x818dd6f _Z16dispatch_command19enum_server_commandP3THDPcj + 2527 0x818d082 _Z10do_commandP3THD + 162 0x818c605 handle_one_connection + 533 0x207dec (?) 0x4afe8a (?) How to repeat: contact me, I have test case on quadxeon box.