[MDEV-7505] Too large scale in DECIMAL dynamic column getter crashes mysqld Created: 2015-01-27  Updated: 2015-06-05  Resolved: 2015-06-05

Status: Closed
Project: MariaDB Server
Component/s: Dynamic Columns
Affects Version/s: 10.0.15, 5.5
Fix Version/s: 5.5.44, 10.0.20, 10.1.6

Type: Bug Priority: Major
Reporter: Tom Assignee: Sergey Vojtovich
Resolution: Fixed Votes: 0
Labels: None
Environment:

Darwin 13.4.0 Darwin Kernel Version 13.4.0: Sun Aug 17 19:50:11 PDT 2014; root:xnu-2422.115.4~1/RELEASE_X86_64 x86_64

Sprint: 5.5.44

 Description    

    CREATE TABLE `product` (
 
        `id` INT(11) NOT NULL AUTO_INCREMENT,
 
        `name` VARCHAR(128),
 
        `dynamic_columns` BLOB,
 
        PRIMARY KEY (`id`)
 
    ) ENGINE =InnoDB DEFAULT CHARSET =utf8;
 
    INSERT INTO `product` (name, dynamic_columns) VALUES (
 
        'name1',
 
        COLUMN_CREATE(
 
            'str', 'value1',
 
            'int', 123,
 
            'float', 123.456,
 
            'bool', true,
 
            'null', null,
 
            'children', COLUMN_CREATE(
 
                'str', 'value1',
 
                'int', 123,
 
                'float', 123.456,
 
                'bool', true,
 
                'null', null)));
 
    SELECT COLUMN_GET(`dynamic_columns`, 'float' AS DECIMAL(6,34)) FROM `product`;
 

150126 16:50:38 [ERROR] mysqld got signal 11 ;
 
This could be because you hit a bug. It is also possible that this binary
 
or one of the libraries it was linked against is corrupt, improperly built,
 
or misconfigured. This error can also be caused by malfunctioning hardware.
 
 
 
To report this bug, see http://kb.askmonty.org/en/reporting-bugs
 
 
 
We will try our best to scrape up some info that will hopefully help
 
diagnose the problem, but since we have already crashed, 
something is definitely wrong and this may fail.
 
 
 
Server version: 10.0.15-MariaDB
 
key_buffer_size=2147483648
 
read_buffer_size=131072
 
max_used_connections=3
 
max_threads=153
 
thread_count=3
 
It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 2433222 K  bytes of memory
 
Hope that's ok; if not, decrease some variables in the equation.
 
 
 
Thread pointer: 0x0x7f9d21841408
 
Attempting backtrace. You can use the following information to find out
 
where mysqld died. If you see no messages after this, something went
 
terribly wrong...
 
stack_bottom = 0x21b408e90 thread_stack 0x48000
 
0   mysqld                              0x0000000107a9482d my_print_stacktrace + 60
 
0   mysqld                              0x000000010757b2cd handle_fatal_signal + 602
 
0   libsystem_platform.dylib            0x00007fff8cf625aa _sigtramp + 26
 
0   libsystem_malloc.dylib              0x00007fff8e922868 malloc_zone_malloc + 71
 
0   mysqld                              0x000000010774cd8c _ZN6String6appendEPKcj + 194
 
0   mysqld                              0x00000001075dd587 _ZN15Item_dyncol_get5printEP6String15enum_query_type + 43
 
0   mysqld                              0x00000001075b4a60 _ZL9item_nameP4ItemP6String + 40
 
0   mysqld                              0x00000001075ab0cf _ZL21wrong_precision_errorjP4Itemym + 135
 
0   mysqld                              0x00000001075ab00f _Z20get_length_and_scaleyyPmPjjjP4Item + 59
 
0   mysqld                              0x00000001075b46e6 _Z16create_func_castP3THDP4Item11Cast_targetPKcS5_PK15charset_info_st + 1018
 
0   mysqld                              0x00000001077fc207 _Z10MYSQLparseP3THD + 58895
 
0   mysqld                              0x00000001076e3a2f _Z9parse_sqlP3THDP12Parser_stateP19Object_creation_ctxb + 124
 
0   mysqld                              0x00000001076db751 _Z11mysql_parseP3THDPcjP12Parser_state + 164
 
0   mysqld                              0x00000001076d9131 _Z16dispatch_command19enum_server_commandP3THDPcj + 1003
 
0   mysqld                              0x00000001076db408 _Z10do_commandP3THD + 231
 
0   mysqld                              0x00000001077a1883 _Z24do_handle_one_connectionP3THD + 383
 
0   mysqld                              0x00000001077a16f7 handle_one_connection + 59
 
0   libsystem_pthread.dylib             0x00007fff8f2d0899 _pthread_body + 138
 
0   libsystem_pthread.dylib             0x00007fff8f2d072a _pthread_struct_init + 0
 
0   libsystem_pthread.dylib             0x00007fff8f2d4fc9 thread_start + 13
 
 
 
Trying to get some variables.
 
Some pointers may be invalid and cause the dump to abort.
 
Query (0x7f9d21038220): is an invalid pointer
 
Connection ID (thread ID): 2
 
Status: NOT_KILLED
 
 
 
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,engine_condition_pushdown=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on,extended_keys=on,exists_to_in=on
 
 
 
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
 
information that should help you find out what is causing the crash.
 
150126 16:50:38 mysqld_safe mysqld restarted

my.cnf is:

[clint-server]
 
socket = /tmp/mysql.sock
 
max_allowed_packet = 1024M
 
 
 
[mysqld]
 
user = fsb
 
datadir = /Volumes/RAIDv2/mysql
 
key_buffer_size = 2G
 
innodb_buffer_pool_size = 2G
 
net_write_timeout = 3600
 
net_read_timeout = 3600
 
max_allowed_packet = 1024M
 
 
 
[mysqlhotcopy]
 
interactive-timeout



 Comments   
Comment by Geoff Montee (Inactive) [ 2015-01-27 ]

Should this query return an error, similar to how CAST does? If so, COLUMN_CREATE may also need to be fixed. That function doesn't result in a crash, but it doesn't return an error either.

MariaDB [(none)]> SELECT CAST(123.1 AS DECIMAL(6,34));
 
ERROR 1425 (42000): Too big scale 34 specified for '123.1'. Maximum is 30.
 
MariaDB [(none)]> SELECT COLUMN_CREATE('test_col', 123.1 AS DECIMAL(6,34));
 
+---------------------------------------------------+
 
| COLUMN_CREATE('test_col', 123.1 AS DECIMAL(6,34)) |
 
+---------------------------------------------------+
 
|     test_col{                             |
 
+---------------------------------------------------+
 
1 row in set (0.01 sec)

Comment by Elena Stepanova [ 2015-01-27 ] 

CREATE TABLE `product` (name VARCHAR(128), dynamic_columns BLOB);
 
INSERT INTO `product` VALUES ('name1', COLUMN_CREATE(1, 123.456));
 
SELECT COLUMN_GET(`dynamic_columns`, 1 AS DECIMAL(6,34)) FROM `product`;

Stack trace from 5.5 revno 4414 debug

 
sql/item_strfunc.cc:4471: virtual void Item_dyncol_get::print(String*, enum_query_type): Assertion `str->length() >= 5' failed.
 
150127  3:21:41 [ERROR] mysqld got signal 6 ;
 
 
 
#6  0x00007f5a378446f1 in *__GI___assert_fail (assertion=0xe1ac9c "str->length() >= 5", file=<optimized out>, line=4471, function=0xe1b4c0 "virtual void Item_dyncol_get::print(String*, enum_query_type)") at assert.c:81
 
#7  0x000000000087814f in Item_dyncol_get::print (this=0x7f5a32687360, str=0x7f5a32fb20e0, query_type=QT_ORDINARY) at 5.5/sql/item_strfunc.cc:4471
 
#8  0x000000000082e3cf in item_name (a=0x7f5a32687360, str=0x7f5a32fb20e0) at 5.5/sql/item_create.cc:47
 
#9  0x000000000082e444 in wrong_precision_error (errcode=1425, a=0x7f5a32687360, number=34, maximum=30) at 5.5/sql/item_create.cc:59
 
#10 0x000000000082e506 in get_length_and_scale (length=6, decimals=34, out_length=0x7f5a32fb29c8, out_decimals=0x7f5a32fb29c4, max_precision=65, max_scale=30, a=0x7f5a32687360) at 5.5/sql/item_create.cc:83
 
#11 0x0000000000834891 in create_func_cast (thd=0x7f5a33550060, a=0x7f5a32687360, cast_type=ITEM_CAST_DECIMAL, c_len=0x7f5a32687350 "6", c_dec=0x7f5a32687358 "34", cs=0x0) at 5.5/sql/item_create.cc:5633
 
#12 0x0000000000834fe3 in create_func_dyncol_get (thd=0x7f5a33550060, str=0x7f5a326871b8, num=0x7f5a326872c0, cast_type=ITEM_CAST_DECIMAL, c_len=0x7f5a32687350 "6", c_dec=0x7f5a32687358 "34", cs=0x0) at 5.5/sql/item_create.cc:5776
 
#13 0x0000000000796bcc in MYSQLparse (thd=0x7f5a33550060) at 5.5/sql/sql_yacc.yy:8843
 
#14 0x0000000000642a22 in parse_sql (thd=0x7f5a33550060, parser_state=0x7f5a32fb5620, creation_ctx=0x0) at 5.5/sql/sql_parse.cc:7793
 
#15 0x000000000063ea47 in mysql_parse (thd=0x7f5a33550060, rawbuf=0x7f5a32687078 "SELECT COLUMN_GET(`dynamic_columns`, 1 AS DECIMAL(6,34)) FROM `product`", length=71, parser_state=0x7f5a32fb5620) at 5.5/sql/sql_parse.cc:5864
 
#16 0x00000000006327d5 in dispatch_command (command=COM_QUERY, thd=0x7f5a33550060, packet=0x7f5a33607061 "SELECT COLUMN_GET(`dynamic_columns`, 1 AS DECIMAL(6,34)) FROM `product`", packet_length=71) at 5.5/sql/sql_parse.cc:1079
 
#17 0x0000000000631961 in do_command (thd=0x7f5a33550060) at 5.5/sql/sql_parse.cc:793
 
#18 0x0000000000733fee in do_handle_one_connection (thd_arg=0x7f5a33550060) at 5.5/sql/sql_connect.cc:1266
 
#19 0x0000000000733aad in handle_one_connection (arg=0x7f5a33550060) at 5.5/sql/sql_connect.cc:1181
 
#20 0x0000000000b6c089 in pfs_spawn_thread (arg=0x7f5a33571ca0) at 5.5/storage/perfschema/pfs.cc:1015
 
#21 0x00007f5a3963eb50 in start_thread (arg=<optimized out>) at pthread_create.c:304

Comment by Tom [ 2015-01-27 ]

It turns out the following is sufficient:

SELECT COLUMN_GET(`x`, 'y' AS DECIMAL(5,34))

No DB, table or record required.

Comment by Sergey Vojtovich [ 2015-06-04 ]

serg, please review fix for this bug.

Generated at Thu Feb 08 07:20:06 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.