Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-3609

LP:875797 - Using 'innodb_sys_indexes' causes core dump

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Fixed
    • None
    • None
    • None

    Description

      Using 'innodb_sys_indexes' causes core dump with MariaDB 5.2 with XtraDB.
      MySQL doesn't have the bug as MySQL doesn't expose innodb_sys_indexe

      Here is a test case:

      • Start with a clean setup (no ib* files and no tables in the test database)

      Execute the included script with:

      mysql test < /tmp/query2

      You get a core dump with the following stack trace:

      x0000000000ad37de in mach_read_from_2 (b=0x2a <Address 0x2a out of bounds>) at ./include/mach0data.ic:84
      (gdb) back
      #0 0x0000000000ad37de in mach_read_from_2 (b=0x2a <Address 0x2a out of bounds>) at ./include/mach0data.ic:84
      #1 0x0000000000ae27f1 in page_header_get_field (page=0x0, field=4) at ./include/page0page.ic:119
      #2 0x0000000000ae298a in page_is_comp (page=0x0) at ./include/page0page.ic:237
      #3 0x0000000000ae29b1 in page_rec_is_comp (rec=0x0) at ./include/page0page.ic:250
      #4 0x0000000000ae3096 in page_rec_get_next (rec=0x0) at ./include/page0page.ic:739
      #5 0x0000000000adf2e9 in page_cur_move_to_next (cur=0x7ffff7f86508) at ./include/page0cur.ic:185
      #6 0x0000000000b49a09 in btr_pcur_move_to_next_on_page (cursor=0x7ffff7f86500) at ./include/btr0pcur.ic:288
      #7 0x0000000000b49b00 in btr_pcur_move_to_next_user_rec (cursor=0x7ffff7f86500, mtr=0x7ffff7f86060) at ./include/btr0pcur.ic:352
      #8 0x0000000000abe895 in i_s_innodb_schema_table_fill (thd=0x2483d40, tables=0x2499d68, cond=0x0) at handler/i_s.cc:4338
      #9 0x0000000000846024 in get_schema_tables_result (join=0x249cf08, executed_place=PROCESSED_BY_JOIN_EXEC) at sql_show.cc:6682
      #10 0x00000000007286f3 in JOIN::exec (this=0x249cf08) at sql_select.cc:1858
      #11 0x000000000072ae3a in mysql_select (thd=0x2483d40, rref_pointer_array=0x2486778, tables=0x2499d68, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2684635648, result=0x2493d38, unit=0x2486120, select_lex=0x2486580) at sql_select.cc:2565
      #12 0x0000000000722b35 in handle_select (thd=0x2483d40, lex=0x2486080, result=0x2493d38, setup_tables_done_option=0) at sql_select.cc:280
      #13 0x00000000006be089 in execute_sqlcom_select (thd=0x2483d40, all_tables=0x2499d68) at sql_parse.cc:5157
      #14 0x00000000006b51c9 in mysql_execute_command (thd=0x2483d40) at sql_parse.cc:2301
      #15 0x00000000006c099d in mysql_parse (thd=0x2483d40, rawbuf=0x2494868 "SELECT COUNT FROM `information_schema`.`INNODB_SYS_INDEXES`", length=62, found_semicolon=0x7ffff7f87cb8) at sql_parse.cc:6156
      #16 0x00000000006b2a8c in dispatch_command (command=COM_QUERY, thd=0x2483d40, packet=0x2487151 "SELECT COUNT FROM `information_schema`.`INNODB_SYS_INDEXES`", packet_length=62) at sql_parse.cc:1226

      The issue seams to be that page=0x0 in a lot of calls.
      A likely cause for the bug is that the code in i_s_innodb_schema_table_fill() doesn't properly detect that we are at end of the table.

      Attachments

        Activity

          People

            Unassigned Unassigned
            monty Michael Widenius
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.