Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mysqld may crash when inserting a row with value length less than fields length #78

Open
skyinfall opened this issue Feb 29, 2012 · 2 comments
Open

Mysqld may crash when inserting a row with value length less than fields length #78

skyinfall opened this issue Feb 29, 2012 · 2 comments
Labels
bug_report fixed_or_implemented

Comments

@skyinfall
Copy link

  • table used

    CREATE TABLE `test` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`t1` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8

  • telnet hs to insert:

     telnet localhost 9999
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
P       0       test    test    PRIMARY id,t1
0       1
0       +       1       321
Connection closed by foreign host.
work@backup02:~/local/src/hs$ 120229 14:26:20 mysqld_safe Number of processes running now: 0
120229 14:26:20 mysqld_safe mysqld restarted

modify t1 column to varchar(255) default null, mysqld won't crash, but result is sth like below:

select * from test.test;
+-----+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id  | t1                                                                                                                                                                                                                                                     |
+-----+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 321 | +       1       321
st PRIMARY id,t1    Y id,t1                                                                                                                                                                                                                 |
+-----+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

  • ENV:
    HS 1.1.0
    Mysqld Server version: 5.1.49-log Source distribution
    Linux version 2.6.32-5-xen-amd64 (Debian 2.6.32-39) (dannf@debian.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) Are there plans to put this on cpan? #1 SMP Thu Nov 3 05:42:31 UTC 2011

  • mysql crash Trace:

    thd: 0x27feab40
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x7fa893ff6ea0 thread_stack 0x30000
/home/work/local/mysql/libexec/mysqld(my_print_stacktrace+0x29) [0x964989]
/home/work/local/mysql/libexec/mysqld(handle_segfault+0x3db) [0x61da0b]
/lib/libpthread.so.0(+0xef60) [0x7fae228ecf60]
/lib/libc.so.6(memcpy+0x3fb) [0x7fae215e6b4b]
/home/work/local/mysql/libexec/mysqld(String::copy(char const*, unsigned int, charset_info_st*)+0xbd) [0x6183ad]
/home/work/local/mysql/libexec/mysqld(make_truncated_value_warning(THD*, MYSQL_ERROR::enum_warning_level, char const*, unsigned int, enum_mysql_timestamp_type, char const*)+0x87) [0x6edd97]
/home/work/local/mysql/libexec/mysqld(Field_timestamp::store(char const*, unsigned int, charset_info_st*)+0xe7) [0x5ff497]
/home/work/local/mysql/lib/mysql/plugin/handlersocket.so(dena::dbcontext::cmd_insert_internal(dena::dbcallback_i&, dena::prep_stmt const&, dena::string_ref const*, unsigned long)+0x102) [0x7fadf8b512f2]
/home/work/local/mysql/lib/mysql/plugin/handlersocket.so(dena::hstcpsvr_worker::do_exec_on_index(char*, char*, char*, char*, dena::hstcpsvr_conn&)+0x735) [0x7fadf8b59695]
/home/work/local/mysql/lib/mysql/plugin/handlersocket.so(dena::hstcpsvr_worker::execute_lines(dena::hstcpsvr_conn&)+0x5c) [0x7fadf8b59d3c]
/home/work/local/mysql/lib/mysql/plugin/handlersocket.so(dena::hstcpsvr_worker::run_one_ep()+0x238) [0x7fadf8b5aca8]
/home/work/local/mysql/lib/mysql/plugin/handlersocket.so(dena::hstcpsvr_worker::run()+0x6e) [0x7fadf8b5bb1e]
/home/work/local/mysql/lib/mysql/plugin/handlersocket.so(dena::thread::thread_main(void*)+0xd) [0x7fadf8b60dfd]
/lib/libpthread.so.0(+0x68ba) [0x7fae228e48ba]
/lib/libc.so.6(clone+0x6d) [0x7fae2163602d]
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at (nil) is an invalid pointer
thd->thread_id=16
thd->killed=NOT_KILLED
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.
@skyinfall
Copy link
Author

It seems caused by commit ca9c878

    fixed a inconsistency between protocol.txt and the actual code. protocol.txt
    says that columns to be inserted are specified by open_index, but the code
    has ignored it.

To fix it, handlersocket/database.cpp line 663

  • for (size_t i = 0; i < n; ++i) {
  • for (size_t i = 0; i < n && i< fvalslen; ++i) {
 works fine in my place. :)

ahiguti added a commit that referenced this issue May 1, 2012
@ahiguti
fixed an invalid memory access (issue #78)
38c10da
@ahiguti
Copy link
Contributor

ahiguti commented May 1, 2012

reproduced and fixed. thanks a lot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug_report fixed_or_implemented
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ahiguti @skyinfall