MariaDB

Crash in decimal_cmp on using UNIX_TIMESTAMP with a wrongly formatted timestamp

Bug #923429 reported by Elena Stepanova on 2012-01-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	MariaDB	Fix Released	Undecided	Sergei Golubchik	MariaDB 5.3

Bug Description

#3 0x082d05ab in handle_segfault (sig=11) at mysqld.cc:2838
#4 <signal handler called>
#5 0x0881d10e in decimal_cmp (from1=0x0, from2=0x945d0f8) at decimal.c:1971
#6 0x082114e3 in my_decimal_cmp (a=0x0, b=0x945d0f8) at my_decimal.h:438
#7 0x0823e58d in Arg_comparator::compare_decimal (this=0x945cecc) at item_cmpfunc.cc:1090
#8 0x0822374a in Arg_comparator::compare (this=0x945cecc) at item_cmpfunc.h:72
#9 0x08240614 in Item_func_gt::val_int (this=0x945ce48) at item_cmpfunc.cc:1884
#10 0x08208738 in Item::send (this=0x945ce48, protocol=0x93ee7e4, buffer=0xae898060) at item.cc:5971
#11 0x082b8b56 in select_send::send_data (this=0x945d000, items=...) at sql_class.cc:1996
#12 0x08356416 in JOIN::exec (this=0x946ac68) at sql_select.cc:2115
#13 0x08358e45 in mysql_select (thd=0x93ee4b8, rref_pointer_array=0x93f0044, tables=0x0,
    wild_num=0, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0,
    select_options=2147764736, result=0x945d000, unit=0x93efc28, select_lex=0x93eff08)
    at sql_select.cc:2931
#14 0x08350b5f in handle_select (thd=0x93ee4b8, lex=0x93efbcc, result=0x945d000,
    setup_tables_done_option=0) at sql_select.cc:284
#15 0x082ec098 in execute_sqlcom_select (thd=0x93ee4b8, all_tables=0x0) at sql_parse.cc:5148
#16 0x082e3474 in mysql_execute_command (thd=0x93ee4b8) at sql_parse.cc:2281
#17 0x082ee6d3 in mysql_parse (thd=0x93ee4b8, rawbuf=0x945cc08 "SELECT UNIX_TIMESTAMP('abc') > 0",
    length=32, found_semicolon=0xae899234) at sql_parse.cc:6149
#18 0x082e10d6 in dispatch_command (command=COM_QUERY, thd=0x93ee4b8, packet=0x9447329 "",
    packet_length=32) at sql_parse.cc:1227
#19 0x082e0580 in do_command (thd=0x93ee4b8) at sql_parse.cc:922
#20 0x082dd545 in handle_one_connection (arg=0x93ee4b8) at sql_connect.cc:1193
#21 0xb76aeb25 in start_thread () from /lib/libpthread.so.0

bzr version-info
revision-id: <email address hidden>
date: 2012-01-25 22:05:20 +0400
build-date: 2012-01-29 21:29:29 +0400
revno: 3395
branch-nick: maria-5.3

Also reproducible on MariaDB 5.3.2, 5.3.3, 5.5.
Could not reproduce in MariaDB 5.2, MySQL 5.1.60, 5.5.20, 5.6.4.

Minimal optimizer_switch: none required
Full optimizer_switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=off,table_elimination=on

Test case:

SELECT UNIX_TIMESTAMP('abc') > 0;

Related branches

lp:~maria-captains/maria/5.3-serg (Merged)

lp:maria/5.3

Elena Stepanova (elenst) on 2012-01-29

summary:

- Crash in decimal_cmp on using UNIX_TIMESTAMP on a wrongly formatted
+ Crash in decimal_cmp on using UNIX_TIMESTAMP with a wrongly formatted
timestamp

Elena Stepanova (elenst) on 2012-01-30

Changed in maria:
assignee:	nobody → Sergei (sergii)

Sergei Golubchik (sergii) on 2012-02-21

Changed in maria:
status:	New → Fix Committed

Revision history for this message

Elena Stepanova (elenst) wrote on 2012-03-18:

Fix released with 5.3.5-ga.

Changed in maria:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.