Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-15729

Server crashes in Field::make_field upon HANDLER READ executed with PS protocol

    XMLWordPrintable

    Details

      Description

      5.5 ddc5c65333a4ad

      #3  <signal handler called>
      #4  0x0000000000786511 in Field::make_field (this=0x7efd41cdfb98, field=0x7efd6cbcbe40) at /data/src/5.5/sql/field.cc:1581
      #5  0x0000000000786aa9 in Field_num::make_field (this=0x7efd41cdfb98, field=0x7efd6cbcbe40) at /data/src/5.5/sql/field.cc:1713
      #6  0x00000000007cc346 in Item_field::make_field (this=0x7efd41ce0078, tmp_field=0x7efd6cbcbe40) at /data/src/5.5/sql/item.cc:6039
      #7  0x0000000000565da1 in Protocol::send_result_set_metadata (this=0x7efd48e87660, list=0x7efd41cf8368, flags=4) at /data/src/5.5/sql/protocol.cc:755
      #8  0x00000000005c885b in select_send::send_result_set_metadata (this=0x7efd41cf6b00, list=..., flags=4) at /data/src/5.5/sql/sql_class.cc:2326
      #9  0x000000000061d453 in mysql_test_handler_read (stmt=0x7efd41d2f460, tables=0x7efd41cf6530) at /data/src/5.5/sql/sql_prepare.cc:2014
      #10 0x000000000061d84c in check_prepared_statement (stmt=0x7efd41d2f460) at /data/src/5.5/sql/sql_prepare.cc:2142
      #11 0x0000000000620486 in Prepared_statement::prepare (this=0x7efd41d2f460, packet=0x7efd4f372061 "", packet_len=20) at /data/src/5.5/sql/sql_prepare.cc:3390
      #12 0x000000000061dbae in mysqld_stmt_prepare (thd=0x7efd48e87060, packet=0x7efd4f372061 "", packet_length=20) at /data/src/5.5/sql/sql_prepare.cc:2292
      #13 0x00000000005fde52 in dispatch_command (command=COM_STMT_PREPARE, thd=0x7efd48e87060, packet=0x7efd4f372061 "", packet_length=20) at /data/src/5.5/sql/sql_parse.cc:1035
      #14 0x00000000005fd217 in do_command (thd=0x7efd48e87060) at /data/src/5.5/sql/sql_parse.cc:793
      #15 0x0000000000700373 in do_handle_one_connection (thd_arg=0x7efd48e87060) at /data/src/5.5/sql/sql_connect.cc:1268
      #16 0x0000000000700100 in handle_one_connection (arg=0x7efd48e87060) at /data/src/5.5/sql/sql_connect.cc:1184
      #17 0x00007efd6c81d494 in start_thread (arg=0x7efd6cbcd700) at pthread_create.c:333
      #18 0x00007efd6b23393f in clone () from /lib/x86_64-linux-gnu/libc.so.6
      

      Note: the test cannot be run in MTR without modifying the code, because mysqltest.cc artificially restricts the set of statements which can be run via PS protocol. With the following addition it can be possible:

      diff --git a/client/mysqltest.cc b/client/mysqltest.cc
      index efc25f3..9e69ea8 100644
      --- a/client/mysqltest.cc
      +++ b/client/mysqltest.cc
      @@ -8776,6 +8776,7 @@ void init_re(void)
           "[[:space:]]*SELECT[[:space:]]|"
           "[[:space:]]*CREATE[[:space:]]+TABLE[[:space:]]|"
           "[[:space:]]*DO[[:space:]]|"
      +    ".*READ[[:space:]]|"
           "[[:space:]]*SET[[:space:]]+OPTION[[:space:]]|"
           "[[:space:]]*DELETE[[:space:]]+MULTI[[:space:]]|"
           "[[:space:]]*UPDATE[[:space:]]+MULTI[[:space:]]|"
      

      # Run with --ps-protocol
       
      CREATE TABLE `t1` (`i` INT) ;
      HANDLER test.t1 OPEN handler_a ; 	
      HANDLER handler_a READ FIRST;
      

      Alternatively, here is a crude C test:

      #include <my_global.h>
      #include <mysql.h>
       
      int main(int argc, char **argv)
      {  
        MYSQL *con = mysql_init(NULL);
        MYSQL_STMT *stmt = mysql_stmt_init(con);
       
        if (con == NULL) 
          goto err;
       
        if (mysql_real_connect(con, "127.0.0.1", "root", "", "test", 0, NULL, 0) == NULL) 
          goto err;
       
        if (mysql_query(con, "DROP TABLE IF EXISTS t1"))
          goto err;
       
        if (mysql_query(con, "CREATE TABLE t1 (i INT)"))
          goto err;
       
        if (mysql_query(con,"HANDLER t1 OPEN h"))
          goto err;
       
        if (mysql_stmt_prepare(stmt, "HANDLER h READ FIRST",20))
          goto err;
       
        if (mysql_stmt_execute(stmt))
          goto err;
       
        mysql_close(con);
        exit(0);
       
      err:
        fprintf(stderr, "%s\n", mysql_error(con));
        if (con)
          mysql_close(con);
      }
      

      Same result can be achieved with perl's DBD::mysql by using mysql_server_prepare=1.

      Not reproducible with PREPARE / EXECUTE.
      Not reproducible with MySQL 5.5-5.7, they return "This command is not supported in the prepared statement protocol yet" instead.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                serg Sergei Golubchik
                Reporter:
                elenst Elena Stepanova
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: