OQGRAPH

An OQGRAPH table with ORIGID attribute empty or set to non-existent column on a OQGRAPH cause mysqld to segfault in ha_oqgraph

Bug #1134338 reported by Andrew McDonnell
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OQGRAPH
Fix Committed
Undecided
Andrew McDonnell

Bug Description

Note: alter table tol_tree ORIGID='blah' correctly yields an error message if blah doesnt exist (not non-null integer)

alter table tol_tree ORIGID=''

alter table tol_tree ORIGID='' when correct
[Switching to Thread 0x7ffff7f64700 (LWP 32528)]
0x00007fffec0b9e07 in ha_oqgraph::open (this=0x2a024b8, name=0x29fde18 "./test/#sql-7ee8_1", mode=2, test_if_locked=18) at /home/andrew/develop/maria/repo/andrew-dev/storage/oqgraph/ha_oqgraph.cc:464
464 if ((*field)->type() != origid->type() ||
(gdb) bt
#0 0x00007fffec0b9e07 in ha_oqgraph::open (this=0x2a024b8, name=0x29fde18 "./test/#sql-7ee8_1", mode=2, test_if_locked=18) at /home/andrew/develop/maria/repo/andrew-dev/storage/oqgraph/ha_oqgraph.cc:464
#1 0x00000000007e4f06 in handler::ha_open (this=0x2a024b8, table_arg=0x29fd0a0, name=0x29fde18 "./test/#sql-7ee8_1", mode=2, test_if_locked=18) at /home/andrew/develop/maria/repo/andrew-dev/sql/handler.cc:2347
#2 0x00000000006e55fd in open_table_from_share (thd=0x7fffe81d3820, share=0x29fd9f8, alias=0x7ffff7f62420 "#sql-7ee8_1", db_stat=7, prgflag=44, ha_open_flags=16, outparam=0x29fd0a0, is_create_table=false) at /home/andrew/develop/maria/repo/andrew-dev/sql/table.cc:2652
#3 0x00000000005b9b65 in open_table_uncached (thd=0x7fffe81d3820, path=0x7ffff7f61220 "./test/#sql-7ee8_1", db=0x2886340 "test", table_name=0x7ffff7f62420 "#sql-7ee8_1", add_to_temporary_tables_list=true) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_base.cc:6185
#4 0x00000000006bf184 in mysql_alter_table (thd=0x7fffe81d3820, new_db=0x2886340 "test", new_name=0x2885d28 "tol_tree", create_info=0x7ffff7f62d10, table_list=0x2885d78, alter_info=0x7ffff7f62e10, order_num=0, order=0x0, ignore=false, require_online=false) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_table.cc:6858
#5 0x000000000096f863 in Alter_table_statement::execute (this=0x2886380, thd=0x7fffe81d3820) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_alter.cc:106
#6 0x000000000061c840 in mysql_execute_command (thd=0x7fffe81d3820) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_parse.cc:4834
#7 0x000000000061f9ec in mysql_parse (thd=0x7fffe81d3820, rawbuf=0x2885c78 "alter table tol_tree ORIGID=''", length=30, parser_state=0x7ffff7f63670) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_parse.cc:6124
#8 0x00000000006129ba in dispatch_command (command=COM_QUERY, thd=0x7fffe81d3820, packet=0x7fffe81d8ac1 "alter table tol_tree ORIGID=''", packet_length=30) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_parse.cc:1266
#9 0x0000000000611b35 in do_command (thd=0x7fffe81d3820) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_parse.cc:982
#10 0x0000000000721b31 in do_handle_one_connection (thd_arg=0x7fffe81d3820) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_connect.cc:1267
#11 0x00000000007215d9 in handle_one_connection (arg=0x7fffe81d3820) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_connect.cc:1181
#12 0x00007ffff7bc98ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#13 0x00007ffff706b92d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#14 0x0000000000000000 in ?? ()

 #1134337

Andrew McDonnell (andymc73)
Changed in oqgraph:
assignee: nobody → Andrew McDonnell (andymc73)
Revision history for this message
Andrew McDonnell (andymc73) wrote :
Download full text (5.5 KiB)

This also happens at the same line if you create a table with a non-existent column for ORIGID (and posibly DESTID)

CREATE TABLE `backing` (
  `id` int(10) unsigned NOT NULL DEFAULT '0',
  `parent` int(10) unsigned DEFAULT NULL,
  `info` varchar(20) DEFAULT NULL,
  `not_id_type` varchar(20) DEFAULT NULL,
  PRIMARY KEY (`id`),
  KEY `name` (`info`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

CREATE TABLE oqtable ( latch SMALLINT UNSIGNED NULL, origid BIGINT UNSIGNED NULL, destid BIGINT UNSIGNED NULL, weight DOUBLE NULL, seq BIGINT UNSIGNED NULL, linkid BIGINT UNSIGNED NULL, KEY (latch, origid, destid) USING HASH, KEY (latch, destid, origid) USING HASH ) ENGINE=OQGRAPH, DATA_TABLE='backing',ORIGID='bogus',DESTID='id';

describe oqtable;

Note that the stack trace is different (it comes through JOIN) :

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7f64700 (LWP 16055)]
0x00007fffd5dc4e33 in ha_oqgraph::open (this=0x2d0b8c8, name=0x2d1b578 "./test/oqtable", mode=2, test_if_locked=18) at /home/andrew/develop/maria/repo/andrew-dev/storage/oqgraph/ha_oqgraph.cc:462
462 if ((*field)->type() != origid->type() ||
(gdb) ^CQuit
(gdb) bt
#0 0x00007fffd5dc4e33 in ha_oqgraph::open (this=0x2d0b8c8, name=0x2d1b578 "./test/oqtable", mode=2, test_if_locked=18) at /home/andrew/develop/maria/repo/andrew-dev/storage/oqgraph/ha_oqgraph.cc:462
#1 0x00000000007e4f7e in handler::ha_open (this=0x2d0b8c8, table_arg=0x2d0aed0, name=0x2d1b578 "./test/oqtable", mode=2, test_if_locked=18) at /home/andrew/develop/maria/repo/andrew-dev/sql/handler.cc:2347
#2 0x00000000006e5677 in open_table_from_share (thd=0x2c92590, share=0x2d1b148, alias=0x2cc5aa8 "oqtable", db_stat=39, prgflag=44, ha_open_flags=16, outparam=0x2d0aed0, is_create_table=false) at /home/andrew/develop/maria/repo/andrew-dev/sql/table.cc:2663
#3 0x00000000005b4377 in open_table (thd=0x2c92590, table_list=0x2d07840, mem_root=0x7ffff7f60e20, ot_ctx=0x7ffff7f60e60) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_base.cc:3207
#4 0x00000000005b68e8 in open_and_process_table (thd=0x2c92590, lex=0x7ffff7f61000, tables=0x2d07840, counter=0x7ffff7f60f8c, flags=1026, prelocking_strategy=0x7ffff7f60f90, has_prelocking_list=false, ot_ctx=0x7ffff7f60e60, new_frm_mem=0x7ffff7f60e20) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_base.cc:4564
#5 0x00000000005b7b35 in open_tables (thd=0x2c92590, start=0x7ffff7f60f40, counter=0x7ffff7f60f8c, flags=1026, prelocking_strategy=0x7ffff7f60f90) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_base.cc:5115
#6 0x00000000005b8c33 in open_normal_and_derived_tables (thd=0x2c92590, tables=0x2d07840, flags=1026, dt_phases=34) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_base.cc:5781
#7 0x0000000000693254 in fill_schema_table_by_open (thd=0x2c92590, is_show_fields_or_keys=true, table=0x2cf7378, schema_table=0x1507740, orig_db_name=0x7ffff7f62580, orig_table_name=0x7ffff7f62570, open_tables_state_backup=0x7ffff7f62460, can_deadlock=false) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_show.cc:4067
#8 0x0000000000694239 in get_all_tables (thd=0x2c92590, tables=0x2ca2c38, cond=0x0) at /home/andrew/develop/maria/...

Read more...

summary: - Attempting to rename the ORIGID attribute on a OQGRAPH engine table to
- empty string will cause mysqld to segfault
+ An OQGRAPH table with ORIGID attribute empty or set to non-existent
+ column on a OQGRAPH cause mysqld to segfault in ha_oqgraph
Revision history for this message
Andrew McDonnell (andymc73) wrote :

origid is NULL at this point

Need to add another error return above the current loop, stating origid is not valid.

Probably also repeat for DESTID

Revision history for this message
Andrew McDonnell (andymc73) wrote :
Andrew McDonnell (andymc73)
Changed in oqgraph:
status: New → Fix Committed
Revision history for this message
Arjen Lentz (arjen-lentz) wrote :

All good now, and the new test suite checks for scenarios like this.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.