oqgraph-dev team mailing list archive
-
oqgraph-dev team
-
Mailing list archive
-
Message #00207
[Bug 1134355] Re: V3 Attempting to rename the ORIGID attribute on a OQGRAPH engine table to 'parent' will cause mysqld to segfault
My current synopsis:
During alter table, when altering an option, an extra option record is added to the end of the current option list.
This list node is created in something called 'root' (temporary) memory which is freed on exit from dispatch_command() in sql_parse.cc (which is back up the call stack into the crash point)
If alter table succeeds, I assume the options get merged and the list
rejigged and the _old_ option in the list is properly removed and its
ancestor next fixed correctly, and the new item moved out of (root) ( or
some behaviour similar to this that doesnt cause memory problems)
If alter table fails when the alter consists of changing the value of an
option, the merged option list doesnt get rejigged to remove the 'new'
option, so when the temp memory is freed the last item in the list next
is left pointing to junk on exit form dispatch_command() ...
--
You received this bug notification because you are a member of OQgraph
developers, which is a bug assignee.
https://bugs.launchpad.net/bugs/1134355
Title:
V3 Attempting to rename the ORIGID attribute on a OQGRAPH engine table
to 'parent' will cause mysqld to segfault
Status in OQGraph Engine for MariaDB:
New
Bug description:
This segfault is in a different place from #1134338
Given
CREATE TABLE tol_tree (
latch SMALLINT UNSIGNED NULL,
origid BIGINT UNSIGNED NULL,
destid BIGINT UNSIGNED NULL,
weight DOUBLE NULL,
seq BIGINT UNSIGNED NULL,
linkid BIGINT UNSIGNED NULL,
KEY (latch, origid, destid) USING HASH,
KEY (latch, destid, origid) USING HASH
) ENGINE=OQGRAPH data_table='tol' origid='id' destid='id';
then
alter table tol_tree ORIGID='parent';
will segfault mysqld.
Note, if tol has another not null integer other than parent added to it, the following error is reported instead (and no crash)
ERROR 1036 (HY000): Table '#sql-36e_1' is read only
The only difference I can see is:
| parent | int(10) unsigned | YES | | NULL |
| someother | int(11) | NO | | NULL |
But then adding
| another | int(10) unsigned | YES | | NULL |
Allows the segfault to trigger, so it appears that it only occurs if
the type itself matches.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7f64700 (LWP 32564)]
0x000000000075c6ca in merge_engine_table_options (first=0x296c888, second=0x28868d0, root=0x7fffd41d2b58) at /home/andrew/develop/maria/repo/andrew-dev/sql/create_options.cc:609
609 for (end= first; end->next; end= end->next) /* no-op */;
(gdb) bt
#0 0x000000000075c6ca in merge_engine_table_options (first=0x296c888, second=0x28868d0, root=0x7fffd41d2b58) at /home/andrew/develop/maria/repo/andrew-dev/sql/create_options.cc:609
#1 0x00000000006bbcc5 in mysql_prepare_alter_table (thd=0x7fffd41cee30, table=0x296e840, create_info=0x7ffff7f62d10, alter_info=0x7ffff7f62e10) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_table.cc:5640
#2 0x00000000006be42e in mysql_alter_table (thd=0x7fffd41cee30, new_db=0x28868c0 "test", new_name=0x28862a8 "tol_tree", create_info=0x7ffff7f62d10, table_list=0x28862f8, alter_info=0x7ffff7f62e10, order_num=0, order=0x0, ignore=false, require_online=false) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_table.cc:6503
#3 0x000000000096f863 in Alter_table_statement::execute (this=0x2886900, thd=0x7fffd41cee30) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_alter.cc:106
#4 0x000000000061c840 in mysql_execute_command (thd=0x7fffd41cee30) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_parse.cc:4834
#5 0x000000000061f9ec in mysql_parse (thd=0x7fffd41cee30, rawbuf=0x28861e8 "alter table tol_tree ORIGID='parent'", length=36, parser_state=0x7ffff7f63670) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_parse.cc:6124
#6 0x00000000006129ba in dispatch_command (command=COM_QUERY, thd=0x7fffd41cee30, packet=0x7fffd41d40d1 "alter table tol_tree ORIGID='parent'", packet_length=36) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_parse.cc:1266
#7 0x0000000000611b35 in do_command (thd=0x7fffd41cee30) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_parse.cc:982
#8 0x0000000000721b31 in do_handle_one_connection (thd_arg=0x7fffd41cee30) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_connect.cc:1267
#9 0x00000000007215d9 in handle_one_connection (arg=0x7fffd41cee30) at /home/andrew/develop/maria/repo/andrew-dev/sql/sql_connect.cc:1181
#10 0x00007ffff7bc98ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#11 0x00007ffff706b92d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#12 0x0000000000000000 in ?? ()
To manage notifications about this bug go to:
https://bugs.launchpad.net/oqgraph/+bug/1134355/+subscriptions
References