Uploaded image for project: 'MariaDB Server'
  1. MDEV-559

Server crashes in Item_func_dyncol_check::val_int on COLUMN_CHECK

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects versions: None
    • Fix versions: 10.0.0
    • Components: None
    • Labels:
      None
    • Sprint:

      Description

      #3  0x083ce5bc in handle_fatal_signal (sig=11) at 5.5-dnames/sql/signal_handler.cc:262
      #4  <signal handler called>
      #5  0x0840a1fb in Item_func_dyncol_check::val_int (this=0xb277cd0) at 5.5-dnames/sql/item_cmpfunc.cc:6060
      #6  0x083eae16 in Item::send (this=0xb277cd0, protocol=0xb1c8450, buffer=0xad0a50a4) at 5.5-dnames/sql/item.cc:6357
      #7  0x081a9001 in Protocol::send_result_set_row (this=0xb1c8450, row_items=0xb1c9b18) at 5.5-dnames/sql/protocol.cc:900
      #8  0x08206b32 in select_send::send_data (this=0xb277e30, items=...) at 5.5-dnames/sql/sql_class.cc:2275
      #9  0x0826c585 in JOIN::exec (this=0xb277e40) at 5.5-dnames/sql/sql_select.cc:2229
      #10 0x0826eef2 in mysql_select (thd=0xb1c7ff0, rref_pointer_array=0xb1c9bc0, tables=0x0, wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0, select_options=2147748608, result=0xb277e30, unit=0xb1c95d0, select_lex=0xb1c9a80) at 5.5-dnames/sql/sql_select.cc:3050
      #11 0x08266966 in handle_select (thd=0xb1c7ff0, lex=0xb1c956c, result=0xb277e30, setup_tables_done_option=0) at 5.5-dnames/sql/sql_select.cc:313
      #12 0x082424f2 in execute_sqlcom_select (thd=0xb1c7ff0, all_tables=0x0) at 5.5-dnames/sql/sql_parse.cc:4621
      #13 0x0823b53d in mysql_execute_command (thd=0xb1c7ff0) at 5.5-dnames/sql/sql_parse.cc:2189
      #14 0x08244ac8 in mysql_parse (thd=0xb1c7ff0, rawbuf=0xb277a40 "SELECT COLUMN_CHECK(COLUMN_CREATE(1,'a'))", length=41, parser_state=0xad0a5d44) at 5.5-dnames/sql/sql_parse.cc:5736
      #15 0x08239007 in dispatch_command (command=COM_QUERY, thd=0xb1c7ff0, packet=0xb271d11 "", packet_length=41) at 5.5-dnames/sql/sql_parse.cc:1055
      #16 0x082384d3 in do_command (thd=0xb1c7ff0) at 5.5-dnames/sql/sql_parse.cc:794
      #17 0x083244b6 in do_handle_one_connection (thd_arg=0xb1c7ff0) at 5.5-dnames/sql/sql_connect.cc:1253
      #18 0x08324001 in handle_one_connection (arg=0xb1c7ff0) at 5.5-dnames/sql/sql_connect.cc:1168
      #19 0x0855010e in pfs_spawn_thread (arg=0xb2b8ad8) at 5.5-dnames/storage/perfschema/pfs.cc:1015
      #20 0xb7754e32 in start_thread () from /lib/libpthread.so.0
      

      Some variations of the test case on some machines don't crash the server, but produce ER_DYN_COL_WRONG_FORMAT (Encountered illegal format of dynamic column string) instead.

      Query (0xb277a40): SELECT COLUMN_CHECK(COLUMN_CREATE(1,'a'))
      Connection ID (thread ID): 2
      Status: NOT_KILLED
      

      bzr version-info

      revision-id: sanja@askmonty.org-20120924141218-rxxkg9trqayzd43z
      date: 2012-09-24 17:12:18 +0300
      build-date: 2012-09-27 22:52:32 +0400
      revno: 3492
      

      Server was built with BUILD/compile-pentium-debug-max

      Test case:

      SELECT COLUMN_CHECK(COLUMN_CREATE(1,'a'));
      

        Attachments

          Activity

            People

            • Assignee:
              sanja Oleksandr Byelkin
              Reporter:
              elenst Elena Stepanova
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: