Server crashes in my_strnncollsp_simple on LEFT JOIN with CSV table, TEXT field

Bug #970528 reported by Elena Stepanova
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released
Michael Widenius

Bug Description

#4 <signal handler called>
#5 0x08767901 in my_strnncollsp_simple (cs=0x8a5d2a0,
    a=0xfefefefe <Address 0xfefefefe out of bounds>, a_length=65278,
    b=0x938f529 "r\245\245\245\245\245\245\001r\245\245\245\245\245\245@\365\070\t", b_length=1,
    diff_if_only_endspace_difference=0 '\000') at ctype-simple.c:167
#6 0x0828f2af in sortcmp (s=0x9391ba8, t=0x9391c48, cs=0x8a5d2a0) at
#7 0x08214e69 in Arg_comparator::compare_string (this=0x9391d54) at
#8 0x081fa66a in Arg_comparator::compare (this=0x9391d54) at item_cmpfunc.h:81
#9 0x08216864 in Item_func_eq::val_int (this=0x9391cd8) at
#10 0x08321d7d in join_read_const_table (tab=0x93a8cb8, pos=0x93920f0) at
#11 0x0830cf05 in make_join_statistics (join=0x9392070, tables_arg=0x9391770, conds=0x0,
    keyuse_array=0x939317c) at
#12 0x08306e5c in JOIN::optimize (this=0x9392070) at
#13 0x0830bfb3 in mysql_select (thd=0x9319d78, rref_pointer_array=0x931b3e0, tables=0x9391770,
    wild_num=1, fields=..., conds=0x0, og_num=0, order=0x0, group=0x0, having=0x0, proc_param=0x0,
    select_options=2147764736, result=0x9392058, unit=0x931b078, select_lex=0x931b2e8)
#14 0x08304eee in handle_select (thd=0x9319d78, lex=0x931b01c, result=0x9392058,
    setup_tables_done_option=0) at
#15 0x082ae52b in execute_sqlcom_select (thd=0x9319d78, all_tables=0x9391770) at
#16 0x082a599e in mysql_execute_command (thd=0x9319d78) at
#17 0x082b093f in mysql_parse (thd=0x9319d78,
    rawbuf=0x9391600 "SELECT * FROM t1 LEFT JOIN t2 ON ( b = a )", length=42,
    found_semicolon=0xae9fc220) at
#18 0x082a35f0 in dispatch_command (command=COM_QUERY, thd=0x9319d78,
    packet=0x9378639 "SELECT * FROM t1 LEFT JOIN t2 ON ( b = a )", packet_length=42)
#19 0x082a285b in do_command (thd=0x9319d78) at
#20 0x0829f8e5 in handle_one_connection (arg=0x9319d78) at
#21 0xb76ecb25 in start_thread () from /lib/

Stack trace is from the recent maria/5.1:
bzr version-info
revision-id: <email address hidden>
date: 2012-03-30 13:42:52 +0300
build-date: 2012-04-01 06:17:20 +0400
revno: 3142

Also reproducible on current MariaDB 5.2 revno 3128, 5.3 revno 3482, 5.5 revno 3353.
Not reproducible with the provided scenario on MySQL 5.5 revno 3737, MySQL trunk 3706.
No specific optimizer_switch required.
EXPLAIN also crashes.
The test case contains 2 selects. The first goes all right, but I could not get rid of it, without it the second one does not crash.

# Test case:

INSERT INTO t1 VALUES ('x'),('y');

INSERT INTO t2 VALUES ('r'),('t');

SELECT * FROM t1 LEFT JOIN t2 ON ( b = a );

# End of test case

Revision history for this message
Elena Stepanova (elenst) wrote :

Not setting it to 'Critical' because of the CSV table and the fact that the bug has been there for a long time, no apparent complaints.
But setting to 'High' rather than 'Medium', because the scenario becomes quite realistic if log-output=TABLE.
Please adjust if needed.

summary: - Server crashes in my_strnncollsp_simple on LEFT/RIGHT JOIN with CSV
- table, TEXT field
+ Server crashes in my_strnncollsp_simple on LEFT JOIN with CSV table,
+ TEXT field
Elena Stepanova (elenst)
Changed in maria:
assignee: nobody → Sergey Petrunia (sergefp)
Changed in maria:
status: New → Confirmed
Elena Stepanova (elenst)
Changed in maria:
assignee: Sergey Petrunia (sergefp) → Michael Widenius (monty)
Revision history for this message
Michael Widenius (monty) wrote :

There was several issues that caused this:
- Bug in CSV where it provided wrong statistics (it claimed the table was empty when it wasn't)
- The optimizer trusted blindly the engine when it reports that there is 0 rows, but didn't take care of the error when it did find rows in such a table. For this case I will add detection + error reporting in 5.5

I have now fixed the CSV issue in 5.1; Will merge it to 5.2 and up.

Changed in maria:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.