[MDEV-11348] LOAD DATA LOCAL INFILE crashes the server on loading a backslash followed by a multi-byte character Created: 2016-11-25  Updated: 2020-08-25  Resolved: 2016-11-25

Status: Closed
Project: MariaDB Server
Component/s: Character Sets
Affects Version/s: 10.0, 10.1
Fix Version/s: 10.0.29, 10.1.20

Type: Bug Priority: Critical
Reporter: Alexander Barkov Assignee: Alexander Barkov
Resolution: Fixed Votes: 2
Labels: None

Attachments: Text File data.txt    
Issue Links:
Relates
relates to MDEV-11343 LOAD DATA INFILE fails to load data w... Closed

 Description   

This script crashes the server when loading the attached file data.txt.

DROP TABLE IF EXISTS t1;
 
CREATE TABLE t1 (
 
  a int NOT NULL,
 
  b int NOT NULL,
 
  c int NOT NULL,
 
  d int NOT NULL,
 
  e int NOT NULL,
 
  f int NOT NULL,
 
  g int NOT NULL,
 
  h int NOT NULL,
 
  i int NOT NULL,
 
  j int NOT NULL,
 
  k int NOT NULL,
 
  l double NOT NULL,
 
  q varchar(2048) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL DEFAULT ''
 
);
 
LOAD DATA LOCAL INFILE '/tmp/data.txt'
 
INTO TABLE t1 CHARACTER SET utf8
 
FIELDS TERMINATED BY '\t' ENCLOSED BY '' ESCAPED BY '\\'
 
LINES TERMINATED BY '\n';

Stack trace:

#0  0x00007ffff5dc4a98 in __GI_raise (sig=sig@entry=6)
 
    at ../sysdeps/unix/sysv/linux/raise.c:55
 
#1  0x00007ffff5dc669a in __GI_abort () at abort.c:89
 
#2  0x00007ffff5dbd227 in __assert_fail_base (fmt=<optimized out>, 
    assertion=assertion@entry=0xe81576 "0", 
    file=file@entry=0xe81280 "/home/bar/maria-git/server-10.0.load-local/sql/net_serv.cc", line=line@entry=1074, 
    function=function@entry=0xe815c0 <my_real_read(st_net*, unsigned long*, char)::__PRETTY_FUNCTION__> "ulong my_real_read(NET*, size_t*, my_bool)")
 
    at assert.c:92
 
#3  0x00007ffff5dbd2d2 in __GI___assert_fail (assertion=0xe81576 "0", 
    file=0xe81280 "/home/bar/maria-git/server-10.0.load-local/sql/net_serv.cc", line=1074, 
    function=0xe815c0 <my_real_read(st_net*, unsigned long*, char)::__PRETTY_FUNCTION__> "ulong my_real_read(NET*, size_t*, my_bool)") at assert.c:101
 
#4  0x00000000005999a1 in my_real_read (net=0x7ffff40cf328, 
    complen=0x7ffff7f7c3b0, header=0 '\000')
 
    at /home/bar/maria-git/server-10.0.load-local/sql/net_serv.cc:1074
 
#5  0x0000000000599a05 in my_net_read_packet (net=0x7ffff40cf328, 
    read_from_server=0 '\000')
 
    at /home/bar/maria-git/server-10.0.load-local/sql/net_serv.cc:1137
 
#6  0x00000000009cc257 in _my_b_net_read (info=0x7ffff7f7c618, 
    Buffer=0x7ffff7f7c48f "", Count=1)
 
    at /home/bar/maria-git/server-10.0.load-local/sql/mf_iocache.cc:61
 
#7  0x0000000000e0731f in _my_b_get (info=0x7ffff7f7c618)
 
    at /home/bar/maria-git/server-10.0.load-local/mysys/mf_iocache.c:1509
 
#8  0x000000000099ca59 in READ_INFO::skip_data_till_eof (this=0x7ffff7f7c5a0)
 
    at /home/bar/maria-git/server-10.0.load-local/sql/sql_load.cc:128
 
#9  0x00000000009970f5 in mysql_load (thd=0x7ffff40cf070, ex=0x7ffed1822240, 
    table_list=0x7ffed18222c8, fields_vars=..., set_fields=..., 
    set_values=..., handle_duplicates=DUP_ERROR, ignore=true, 
    read_file_from_client=true)
 
    at /home/bar/maria-git/server-10.0.load-local/sql/sql_load.cc:562 at



 Comments   
Comment by Alexander Barkov [ 2016-11-25 ]

It also crashes if I do a similar LOAD into a GEOMETRY column using the same file data.txt:

DROP TABLE IF EXISTS t1;
 
CREATE TABLE t1 (
 
  a int NOT NULL,
 
  b int NOT NULL,
 
  c int NOT NULL,
 
  d int NOT NULL,
 
  e int NOT NULL,
 
  f int NOT NULL,
 
  g int NOT NULL,
 
  h int NOT NULL,
 
  i int NOT NULL,
 
  j int NOT NULL,
 
  k int NOT NULL,
 
  l double NOT NULL,
 
  q GEOMETRY
 
);
 
LOAD DATA LOCAL INFILE '/tmp/data.txt' INTO TABLE t1;

If I now remove the "LOCAL" clause, it returns an error without crashing:

LOAD DATA INFILE '/tmp/data.txt' INTO TABLE t1;


ERROR 1416 (22003): Cannot get geometry object from data you send to the GEOMETRY field

Note, crash only happens with the "mysql" client. With "mysqltest" as a client the server does not crash.

[bar@home ~]$ mysqltest --user=root --socket=/tmp/mysql.sock test
 
LOAD DATA LOCAL INFILE '/tmp/data.txt' INTO TABLE t1;
 
LOAD DATA LOCAL INFILE '/tmp/data.txt' INTO TABLE t1;
 
mysqltest: At line 1: query 'LOAD DATA LOCAL INFILE '/tmp/data.txt' INTO TABLE t1' failed: 1416: Cannot get geometry object from data you send to the GEOMETRY field
 
not ok

If I run the same query using "mysql --execute", it also does not crash:

mysql --socket=/tmp/mysql.sock --execute="LOAD DATA LOCAL INFILE '/tmp/data.txt' INTO TABLE t1" test
 
ERROR 1416 (22003) at line 1: Cannot get geometry object from data you send to the GEOMETRY field

The problems seems to be related with a wrong order of "progress report" vs "error" packets. Hence only "mysql" in interactive mode makes the server crash.

The crash happens than a my_error() call happens for any reasons during loading (e.g. a bad multi-byte sequence or a bad GEOMETRY value was found).

Comment by Alexander Barkov [ 2017-02-27 ]

Alvin, I just checked: the fix is merged into 10.1. So no additional patches for 10.1 should be needed.

Comment by Jean-François Gagné [ 2017-02-27 ]

Can we know in which 10.1.x it was merged ?

Comment by Alvin Richards (Inactive) [ 2017-02-27 ]

Git commit appears to be 10.1.20

Generated at Thu Feb 08 07:49:15 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.