Ubuntu
mysql-8.0 package

Broken SQL CONCAT function behaviour in 5.7.30-0ubuntu0.18.04.1

Focal (20.04)
Bug #1877442

Bug #1877442 reported by Grégoire Payen de La Garanderie on 2020-05-07

This bug affects 2 people

	Status	Importance	Assigned to
mysql-5.7 (Ubuntu)	Invalid	High	Unassigned
Xenial	Won't Fix	High	Unassigned
Bionic	Fix Released	High	Unassigned
Eoan	Invalid	Undecided	Unassigned
Focal	Invalid	Undecided	Unassigned
mysql-8.0 (Ubuntu)	Invalid	High	Unassigned
Xenial	Invalid	Undecided	Unassigned
Bionic	Invalid	Undecided	Unassigned
Eoan	Won't Fix	High	Unassigned
Focal	Fix Released	High	Unassigned

Bug Description

[Impact]
This is a regression in MySQL 5.7.30 (does not affect 8.0 which is in focal and development release, nor 5.7.29). The CONCAT function has inconsistent behavior depending on whether or not the result is assigned to a variable, which is leading to a crash in slurmdbd.

Since it's limited to 5.7.30, the bug only affects stable releases Bionic and Xenial.

[Test Case]
- Start up MySQL Server 5.7.30
- Connect to it with the mysql cli (with default install of the server, "sudo mysql" will connect to the MySQL root user)
- Run the following two queries:
* SELECT CONCAT('');
* SET @var = ""; SELECT @var := CONCAT('');
They should give the same output, but the second one returns NULL instead of an empty string when using 5.7.30.

[Regression Potential]
The patch changes fairly low-level code, which can always carry some risk.

[Other info]
This bug is fixed in the next upstream release of MySQL (5.7.31), so the patch would only be needed until that is picked.

--- ORIGINAL DESCRIPTION ---
Hi,

Yesterday we upgraded from 5.7.29-0ubuntu0.18.04.1 to 5.7.30-0ubuntu0.18.04.1 (via unattended-upgrade) on Ubuntu 18.04 and slurmdbd (https://packages.ubuntu.com/bionic/admin/slurmdbd) started segfaulting.

Upon inspection, the slurmdbd crash is caused by a change of behaviour of the SQL CONCAT function. The new behaviour seems wrong.

Calling
SELECT CONCAT('');
will result in an empty string as expected however if the result is assigned to a variable with:
SET @var = ""; SELECT @var := CONCAT('');
the variable will be NULL instead of an empty string.

It seems that when the output of CONCAT is assigned to a variable; if CONCAT should have returned an empty string, it will set the variable to NULL instead.

SLURM itself crashes because it uses a stored procedure which relies on the output of CONCAT to be an empty string rather than a NULL variable and tries to dereference the pointer.

I wasn’t able to get hold of 5.7.29-0ubuntu0.18.04.1 via APT so I tested on 5.7.21-1ubuntu1. On 5.7.21, the variable was correctly set to an empty string. I have also tried on 20.04 and the behaviour is correct as well. So the problem seems to be present only in the version 5.7.30-0ubuntu0.18.04.1.

I think that the behaviour was introduced in the 5.7 branch by this commit:
https://github.com/mysql/mysql-server/commit/addb2aab601d98e685eccae545f79d120561ad9b
but I am not entirely sure.

This bug is a bit annoying because it makes SLURM with accounting enabled completely unusable. However downgrading MySQL to 5.7.29-0ubuntu0.18.04.1 temporarily fixed the problem.

I have attached a log file with examples to reproduce the bug.

Thank you very much.

See original description

Tags: