HandlerSocket-Plugin-for-MySQL icon indicating copy to clipboard operation
HandlerSocket-Plugin-for-MySQL copied to clipboard
verified publisher icon DeNA

Mysqld may crash when inserting a row with value length less than fields length

Open skyinfall opened this issue 13 years ago • 2 comments

  • table used

    CREATE TABLE `test` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`t1` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8

  • telnet hs to insert:

     telnet localhost 9999
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
P       0       test    test    PRIMARY id,t1
0       1
0       +       1       321
Connection closed by foreign host.
work@backup02:~/local/src/hs$ 120229 14:26:20 mysqld_safe Number of processes running now: 0
120229 14:26:20 mysqld_safe mysqld restarted

modify t1 column to varchar(255) default null, mysqld won't crash, but result is sth like below:

select * from test.test;
+-----+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id  | t1                                                                                                                                                                                                                                                     |
+-----+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 321 | +       1       321
st PRIMARY id,t1    Y id,t1                                                                                                                                                                                                                 |
+-----+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

  • ENV: HS 1.1.0 Mysqld Server version: 5.1.49-log Source distribution Linux version 2.6.32-5-xen-amd64 (Debian 2.6.32-39) ([email protected]) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Thu Nov 3 05:42:31 UTC 2011

  • mysql crash Trace:

    thd: 0x27feab40
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x7fa893ff6ea0 thread_stack 0x30000
/home/work/local/mysql/libexec/mysqld(my_print_stacktrace+0x29) [0x964989]
/home/work/local/mysql/libexec/mysqld(handle_segfault+0x3db) [0x61da0b]
/lib/libpthread.so.0(+0xef60) [0x7fae228ecf60]
/lib/libc.so.6(memcpy+0x3fb) [0x7fae215e6b4b]
/home/work/local/mysql/libexec/mysqld(String::copy(char const*, unsigned int, charset_info_st*)+0xbd) [0x6183ad]
/home/work/local/mysql/libexec/mysqld(make_truncated_value_warning(THD*, MYSQL_ERROR::enum_warning_level, char const*, unsigned int, enum_mysql_timestamp_type, char const*)+0x87) [0x6edd97]
/home/work/local/mysql/libexec/mysqld(Field_timestamp::store(char const*, unsigned int, charset_info_st*)+0xe7) [0x5ff497]
/home/work/local/mysql/lib/mysql/plugin/handlersocket.so(dena::dbcontext::cmd_insert_internal(dena::dbcallback_i&, dena::prep_stmt const&, dena::string_ref const*, unsigned long)+0x102) [0x7fadf8b512f2]
/home/work/local/mysql/lib/mysql/plugin/handlersocket.so(dena::hstcpsvr_worker::do_exec_on_index(char*, char*, char*, char*, dena::hstcpsvr_conn&)+0x735) [0x7fadf8b59695]
/home/work/local/mysql/lib/mysql/plugin/handlersocket.so(dena::hstcpsvr_worker::execute_lines(dena::hstcpsvr_conn&)+0x5c) [0x7fadf8b59d3c]
/home/work/local/mysql/lib/mysql/plugin/handlersocket.so(dena::hstcpsvr_worker::run_one_ep()+0x238) [0x7fadf8b5aca8]
/home/work/local/mysql/lib/mysql/plugin/handlersocket.so(dena::hstcpsvr_worker::run()+0x6e) [0x7fadf8b5bb1e]
/home/work/local/mysql/lib/mysql/plugin/handlersocket.so(dena::thread<:worker_throbj>::thread_main(void*)+0xd) [0x7fadf8b60dfd]
/lib/libpthread.so.0(+0x68ba) [0x7fae228e48ba]
/lib/libc.so.6(clone+0x6d) [0x7fae2163602d]
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at (nil) is an invalid pointer
thd->thread_id=16
thd->killed=NOT_KILLED
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.

skyinfall avatar Feb 29 '12 06:02 skyinfall

It seems caused by commit ca9c8784197835290e134007b9c52ea5f1ab02ce

    fixed a inconsistency between protocol.txt and the actual code. protocol.txt
    says that columns to be inserted are specified by open_index, but the code
    has ignored it.

To fix it, handlersocket/database.cpp line 663

  • for (size_t i = 0; i < n; ++i) {
  • for (size_t i = 0; i < n && i< fvalslen; ++i) { works fine in my place. :)

skyinfall avatar Feb 29 '12 07:02 skyinfall

reproduced and fixed. thanks a lot.

ahiguti avatar May 01 '12 12:05 ahiguti