Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:
Description
#4 <signal handler called>
#5 0x08767901 in my_strnncollsp_simple (cs=0x8a5d2a0,
a=0xfefefefe <Address 0xfefefefe out of bounds>, a_length=65278,
b=0x938f529 "r\245\245\245\245\245\245\001r\245\245\245\245\245\245@\365\070\t", b_length=1,
diff_if_only_endspace_difference=0 '\000') at ctype-simple.c:167
#6 0x0828f2af in sortcmp (s=0x9391ba8, t=0x9391c48, cs=0x8a5d2a0) at sql_string.cc:756
#7 0x08214e69 in Arg_comparator::compare_string (this=0x9391d54) at item_cmpfunc.cc:1286
#8 0x081fa66a in Arg_comparator::compare (this=0x9391d54) at item_cmpfunc.h:81
#9 0x08216864 in Item_func_eq::val_int (this=0x9391cd8) at item_cmpfunc.cc:1948
#10 0x08321d7d in join_read_const_table (tab=0x93a8cb8, pos=0x93920f0) at sql_select.cc:12200
#11 0x0830cf05 in make_join_statistics (join=0x9392070, tables_arg=0x9391770, conds=0x0,
keyuse_array=0x939317c) at sql_select.cc:2849
#12 0x08306e5c in JOIN::optimize (this=0x9392070) at sql_select.cc:1034
#13 0x0830bfb3 in mysql_select (thd=0x9319d78, rref_pointer_array=0x931b3e0, tables=0x9391770,
wild_num=1, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0,
select_options=2147764736, result=0x9392058, unit=0x931b078, select_lex=0x931b2e8)
at sql_select.cc:2551
#14 0x08304eee in handle_select (thd=0x9319d78, lex=0x931b01c, result=0x9392058,
setup_tables_done_option=0) at sql_select.cc:280
#15 0x082ae52b in execute_sqlcom_select (thd=0x9319d78, all_tables=0x9391770) at sql_parse.cc:5241
#16 0x082a599e in mysql_execute_command (thd=0x9319d78) at sql_parse.cc:2380
#17 0x082b093f in mysql_parse (thd=0x9319d78,
rawbuf=0x9391600 "SELECT * FROM t1 LEFT JOIN t2 ON ( b = a )", length=42,
found_semicolon=0xae9fc220) at sql_parse.cc:6216
#18 0x082a35f0 in dispatch_command (command=COM_QUERY, thd=0x9319d78,
packet=0x9378639 "SELECT * FROM t1 LEFT JOIN t2 ON ( b = a )", packet_length=42)
at sql_parse.cc:1294
#19 0x082a285b in do_command (thd=0x9319d78) at sql_parse.cc:906
#20 0x0829f8e5 in handle_one_connection (arg=0x9319d78) at sql_connect.cc:1183
#21 0xb76ecb25 in start_thread () from /lib/libpthread.so.0
Stack trace is from the recent maria/5.1:
bzr version-info
revision-id: <email address hidden>
date: 2012-03-30 13:42:52 +0300
build-date: 2012-04-01 06:17:20 +0400
revno: 3142
Notes:
Also reproducible on current MariaDB 5.2 revno 3128, 5.3 revno 3482, 5.5 revno 3353.
Not reproducible with the provided scenario on MySQL 5.5 revno 3737, MySQL trunk 3706.
No specific optimizer_switch required.
EXPLAIN also crashes.
The test case contains 2 selects. The first goes all right, but I could not get rid of it, without it the second one does not crash.
- Test case:
CREATE TABLE t1 ( b TEXT NOT NULL );
INSERT INTO t1 VALUES ('x'),('y');
CREATE TABLE t2 ( a VARCHAR(1) NOT NULL ) ENGINE=CSV;
INSERT INTO t2 VALUES ('r'),('t');
SELECT * FROM t2 ORDER BY a;
SELECT * FROM t1 LEFT JOIN t2 ON ( b = a );
- End of test case
Gliffy Diagrams
Attachments
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
Re: Server crashes in my_strnncollsp_simple on LEFT JOIN with CSV table, TEXT field
There was several issues that caused this:
- Bug in CSV where it provided wrong statistics (it claimed the table was empty when it wasn't)
- The optimizer trusted blindly the engine when it reports that there is 0 rows, but didn't take care of the error when it did find rows in such a table. For this case I will add detection + error reporting in 5.5
I have now fixed the CSV issue in 5.1; Will merge it to 5.2 and up.
Launchpad bug id: 970528
Re: Server crashes in my_strnncollsp_simple on LEFT JOIN with CSV table, TEXT field
Not setting it to 'Critical' because of the CSV table and the fact that the bug has been there for a long time, no apparent complaints.
But setting to 'High' rather than 'Medium', because the scenario becomes quite realistic if log-output=TABLE.
Please adjust if needed.