OQGRAPH

INSERT into a OQGRAPH table having no attributes crashes mysqld

Bug #1134265 reported by Andrew McDonnell on 2013-02-27

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OQGRAPH	Fix Committed	Undecided	Andrew McDonnell

Bug Description

(I assume this is different to https://bugs.launchpad.net/maria/+bug/857699 because they would not have v3 as yet?)

When a OQGRAPH table was created with empty DATA_TABLE attribute it caused a null pointer dereference inside table.cc

Thread pointer: 0x0x21e5098
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
stack_bottom = 0x7fb96497be88 thread_stack 0x30000
addr2line: 'sql/mysqld': No such file
sql/mysqld(my_print_stacktrace+0x29)[0xa189d9]
sql/mysqld(handle_fatal_signal+0x40a)[0x69fe0a]
/lib/libpthread.so.0(+0xeff0)[0x7fb964618ff0]
/lib/libc.so.6(+0x7bcf2)[0x7fb963a5ecf2]
sql/mysqld(_Z20init_tmp_table_shareP3THDP11TABLE_SHAREPKcjS4_S4_+0xa7)[0x601e97]
/home/andrew/develop/maria/repo/andrew-dev/build/storage/oqgraph/ha_oqgraph.so(_ZN10ha_oqgraph4openEPKcij+0xa3)[0x7fb946be7de3]
sql/mysqld(_ZN7handler7ha_openEP5TABLEPKcij+0x3d)[0x6a30ad]
sql/mysqld(_Z21open_table_from_shareP3THDP11TABLE_SHAREPKcjjjP5TABLEb+0x738)[0x604398]
sql/mysqld(_Z10open_tableP3THDP10TABLE_LISTP11st_mem_rootP18Open_table_context+0xc00)[0x5427d0]
sql/mysqld(_Z11open_tablesP3THDPP10TABLE_LISTPjjP19Prelocking_strategy+0x2f7)[0x543247]
sql/mysqld(_Z20open_and_lock_tablesP3THDP10TABLE_LISTbjP19Prelocking_strategy+0x47)[0x543db7]
sql/mysqld[0x57466b]
sql/mysqld(_Z21mysql_execute_commandP3THD+0x3f9c)[0x57bfac]
sql/mysqld(_Z11mysql_parseP3THDPcjP12Parser_state+0x23d)[0x57e19d]
sql/mysqld(_Z16dispatch_command19enum_server_commandP3THDPcj+0x1440)[0x57f5f0]
sql/mysqld(_Z24do_handle_one_connectionP3THD+0x1e4)[0x62a874]
sql/mysqld(handle_one_connection+0x40)[0x62a900]
/lib/libpthread.so.0(+0x68ca)[0x7fb9646108ca]
/lib/libc.so.6(clone+0x6d)[0x7fb963ab292d]

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Query (0x7fb940004b80): INSERT INTO tol_tree (origid,destid) SELECT parent,id FROM tol WHERE parent IS NOT NULL
Connection ID (thread ID): 4
Status: NOT_KILLED

Rerunning mysqld inside gdb yields:

(gdb) bt
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:31
#1 0x0000000000601e97 in init_tmp_table_share (thd=0x21d1058, share=0x21e1b00, key=0x20a0e40 "test", key_length=<value optimized out>, table_name=0x0, path=0x7fffda1b2a56 "") at /home/andrew/develop/maria/repo/andrew-dev/sql/table.cc:397
#2 0x00007fffda1a0de3 in ha_oqgraph::open (this=0x21e16f0, name=0x20a0e50 "./test/tol_tree", mode=<value optimized out>, test_if_locked=<value optimized out>) at /home/andrew/develop/maria/repo/andrew-dev/storage/oqgraph/ha_oqgraph.cc:332
#3 0x00000000006a30ad in handler::ha_open (this=0x0, table_arg=<value optimized out>, name=0x20a0e50 "./test/tol_tree", mode=2, test_if_locked=0) at /home/andrew/develop/maria/repo/andrew-dev/sql/handler.cc:2347
#4 0x0000000000604398 in open_table_from_share (thd=0x21d1058, share=0x20a0aa0, alias=<value optimized out>, db_stat=<value optimized out>, prgflag=<value optimized out>, ha_open_flags=<value optimized out>, outparam=0x21e0d68, is_create_table=false) at /home/andrew/develop/maria/repo/andrew-dev/sql/table.cc:2652
#5 0x00000000005427d0 in open_table (thd=0x21d1058, table_list=0x21dd190, mem_root=0x7ffff7f62a90, ot_ctx=0x7ffff7f62ad0) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_base.cc:3207
#6 0x0000000000543247 in open_and_process_table (thd=0x21d1058, start=<value optimized out>, counter=<value optimized out>, flags=<value optimized out>, prelocking_strategy=<value optimized out>) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_base.cc:4564
#7 open_tables (thd=0x21d1058, start=<value optimized out>, counter=<value optimized out>, flags=<value optimized out>, prelocking_strategy=<value optimized out>) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_base.cc:5115
#8 0x0000000000543db7 in open_and_lock_tables (thd=0x0, tables=0x21dd190, derived=true, flags=0, prelocking_strategy=0x0) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_base.cc:5718
#9 0x000000000057466b in open_and_lock_tables (thd=0x0, tables=0xffffffff, flags=<value optimized out>, derived=<value optimized out>) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_base.h:503
#10 0x000000000057bfac in mysql_execute_command (thd=0x21d1058) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_parse.cc:3355
#11 0x000000000057e19d in mysql_parse (thd=0x21d1058, rawbuf=<value optimized out>, length=89, parser_state=0x7ffff7f649c0) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_parse.cc:6124
#12 0x000000000057f5f0 in dispatch_command (command=COM_QUERY, thd=0x21d1058, packet=<value optimized out>, packet_length=<value optimized out>) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_parse.cc:1266
#13 0x000000000062a874 in do_handle_one_connection (thd_arg=<value optimized out>) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_connect.cc:1267
#14 0x000000000062a900 in handle_one_connection (arg=0x21d1058) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_connect.cc:1181
#15 0x00007ffff7bc98ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#16 0x00007ffff706b92d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#17 0x0000000000000000 in ?? ()

This should also be checked at table creation, given that a HQ_OQGRAPH table should have constraints checked similarly to a view, but ha_oqgraph::open() should also check for NULL pointer conditions - this might occur in a plugin upgrade situation for example.

Similar situation applies to ORIGID and DESTID attributes.

Related branches

lp://qastaging/~oqgraph-dev/maria/10.0-oqgraph3 (Merged)

Revision history for this message

Andrew McDonnell (andymc73) wrote on 2013-02-27:

Patch to fix this specific situation. Edit (2.1 KiB, text/plain)

Andrew McDonnell (andymc73) on 2013-02-27

Changed in oqgraph:
status:	New → Fix Committed

Revision history for this message

Andrew McDonnell (andymc73) wrote on 2013-02-27:

Note, bug 1134305 would probably make this redundant.
But, as noted in http://dev.mysql.com/doc/refman/5.5/en/alter-table.html , it is possible that invalid data can make it to hq_oqgraph::open() regardless of checks made at construction.

<blockquote>
Alterations that modify only table metadata and not table data can be made immediately by altering the table's .frm file and not touching table contents. The following changes are fast alterations that can be made this way:

Renaming a column, except for the InnoDB storage engine.

Changing the default value of a column (except for NDB tables; see Limitations of NDBCLUSTER online operations).

Changing the definition of an ENUM or SET column by adding new enumeration or set members to the end of the list of valid member values, as long as the storage side of the data type does not change. For example, adding a member to a SET column that has 8 members changes the required storage per value from 1 byte to 2 bytes; this will require a table copy. Adding members in the middle of the list causes renumbering of existing members, which requires a table copy.
</blockquote>

Also the example of a VIEW - if a referenced table is ALTER RENAME'd then the VIEW needs an return an error, it does not show a dependency.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Patch to fix this specific situation. Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.