[MDEV-559] Server crashes in Item_func_dyncol_check::val_int on COLUMN_CHECK Created: 2012-09-27  Updated: 2012-09-28  Resolved: 2012-09-28

Status: Closed
Project: MariaDB Server
Component/s: None
Affects Version/s: None
Fix Version/s: 10.0.0

Type: Bug Priority: Major
Reporter: Elena Stepanova Assignee: Oleksandr Byelkin
Resolution: Fixed Votes: 0
Labels: None


 Description    

#3  0x083ce5bc in handle_fatal_signal (sig=11) at 5.5-dnames/sql/signal_handler.cc:262
 
#4  <signal handler called>
 
#5  0x0840a1fb in Item_func_dyncol_check::val_int (this=0xb277cd0) at 5.5-dnames/sql/item_cmpfunc.cc:6060
 
#6  0x083eae16 in Item::send (this=0xb277cd0, protocol=0xb1c8450, buffer=0xad0a50a4) at 5.5-dnames/sql/item.cc:6357
 
#7  0x081a9001 in Protocol::send_result_set_row (this=0xb1c8450, row_items=0xb1c9b18) at 5.5-dnames/sql/protocol.cc:900
 
#8  0x08206b32 in select_send::send_data (this=0xb277e30, items=...) at 5.5-dnames/sql/sql_class.cc:2275
 
#9  0x0826c585 in JOIN::exec (this=0xb277e40) at 5.5-dnames/sql/sql_select.cc:2229
 
#10 0x0826eef2 in mysql_select (thd=0xb1c7ff0, rref_pointer_array=0xb1c9bc0, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0xb277e30, unit=0xb1c95d0, select_lex=0xb1c9a80) at 5.5-dnames/sql/sql_select.cc:3050
 
#11 0x08266966 in handle_select (thd=0xb1c7ff0, lex=0xb1c956c, result=0xb277e30, setup_tables_done_option=0) at 5.5-dnames/sql/sql_select.cc:313
 
#12 0x082424f2 in execute_sqlcom_select (thd=0xb1c7ff0, all_tables=0x0) at 5.5-dnames/sql/sql_parse.cc:4621
 
#13 0x0823b53d in mysql_execute_command (thd=0xb1c7ff0) at 5.5-dnames/sql/sql_parse.cc:2189
 
#14 0x08244ac8 in mysql_parse (thd=0xb1c7ff0, rawbuf=0xb277a40 "SELECT COLUMN_CHECK(COLUMN_CREATE(1,'a'))", length=41, parser_state=0xad0a5d44) at 5.5-dnames/sql/sql_parse.cc:5736
 
#15 0x08239007 in dispatch_command (command=COM_QUERY, thd=0xb1c7ff0, packet=0xb271d11 "", packet_length=41) at 5.5-dnames/sql/sql_parse.cc:1055
 
#16 0x082384d3 in do_command (thd=0xb1c7ff0) at 5.5-dnames/sql/sql_parse.cc:794
 
#17 0x083244b6 in do_handle_one_connection (thd_arg=0xb1c7ff0) at 5.5-dnames/sql/sql_connect.cc:1253
 
#18 0x08324001 in handle_one_connection (arg=0xb1c7ff0) at 5.5-dnames/sql/sql_connect.cc:1168
 
#19 0x0855010e in pfs_spawn_thread (arg=0xb2b8ad8) at 5.5-dnames/storage/perfschema/pfs.cc:1015
 
#20 0xb7754e32 in start_thread () from /lib/libpthread.so.0

Some variations of the test case on some machines don't crash the server, but produce ER_DYN_COL_WRONG_FORMAT (Encountered illegal format of dynamic column string) instead. 

Query (0xb277a40): SELECT COLUMN_CHECK(COLUMN_CREATE(1,'a'))
 
Connection ID (thread ID): 2
 
Status: NOT_KILLED

bzr version-info

revision-id: sanja@askmonty.org-20120924141218-rxxkg9trqayzd43z
 
date: 2012-09-24 17:12:18 +0300
 
build-date: 2012-09-27 22:52:32 +0400
 
revno: 3492

Server was built with BUILD/compile-pentium-debug-max

Test case:

SELECT COLUMN_CHECK(COLUMN_CREATE(1,'a'));


Generated at Thu Feb 08 06:29:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.