Regex causes segmentation fault

Hello,

I just found a big bug in mysql 4.0.13. Regular expressions always cause the
server to be killed:

mysqld got signal 11;

....

thd=0x884b4a0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
Cannot determine thread, fp=0x47d73408, backtrace may not be correct.
Stack range sanity check OK, backtrace follows:
0x810a9af
0x403611ec
0x401c1a57
0x401c1ca8
0x80d86af
0x811ca18
0x81181bf
0x8117572
0x8116dee
0x4035bd80
0x401e38a7
New value of fp=(nil) failed sanity check, terminating stack trace!

....

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 0x883e058 = SELECT "ban" REGEXP "^ba*n"
thd->thread_id=1

As you can see the query was very very simple but this does not matter, regexp
always causes a crash. The resolved stack trace is the following:

0x810a9af handle_segfault + 687
0x403611ec _end + 938787428
0x401c1a57 _end + 937085647
0x401c1ca8 _end + 937086240
0x80d86af _ZN15Item_func_regexD0Ev + 79
0x811ca18 _Z11mysql_parseP3THDPcj + 200
0x81181bf _Z16dispatch_command19enum_server_commandP3THDPcj + 3071
0x8117572 _Z10do_commandP3THD + 114
0x8116dee handle_one_connection + 750
0x4035bd80 _end + 938765816
0x401e38a7 _end + 937224479

Some important information of my system

Release: mysql-4.0.13 (Source distribution)
C compiler: gcc (GCC) 3.3 (SuSE Linux)
C++ compiler: g++ (GCC) 3.3 (SuSE Linux)
System: Linux hera 2.4.20 #1 Mon Feb 10 17:43:17 CET 2003 i686 unknown
Architecture: i686

Some paths: /usr/bin/perl /usr/bin/make /usr/bin/gmake /usr/bin/gcc
/usr/bin/cc
GCC: Reading specs from /usr/lib/gcc-lib/i586-suse-linux/3.3/specs
Configured with: ../configure --enable-threads=posix --prefix=/usr
--with-local-prefix=/usr/local --infodir=/usr/share/info
--mandir=/usr/share/man --libdir=/usr/lib
--enable-languages=c,c++,f77,objc,java,ada --disable-checking --enable-libgcj
--with-gxx-include-dir=/usr/include/g++ --with-slibdir=/lib
--with-system-zlib --enable-shared --enable-__cxa_atexit i586-suse-linux
Thread model: posix
gcc version 3.3 (SuSE Linux)
Compilation info: CC='gcc' CFLAGS='-O2 -march=i486 -mcpu=i686
-D_LARGEFILE_SOURCE -D_LARGE_FILES' CXX='g++' CXXFLAGS='-O2 -march=i486
-mcpu=i686 -D_FILE_OFFSET_BITS=64 -felide-constructors
-fno-exceptions -fno-rtti' LDFLAGS='-lstdc++' ASFLAGS=''
LIBC: Version 2.3.2
-rwxr-xr-x 1 root root 1475331 Mar 27 21:39 /lib/libc.so.6
-rw-r--r-- 1 root root 43012516 Mar 14 00:13 /usr/lib/libc.a
-rw-r--r-- 1 root root 204 Mar 14 00:13 /usr/lib/libc.so
-rw-r--r-- 1 root root 971438 Apr 11 12:00 /usr/lib/libc-client.a
lrwxrwxrwx 1 root root 19 Jun 2 16:32
/usr/lib/libc-client.so -> libc-client.so.2002
-rwxr-xr-x 1 root root 764016 Apr 11 12:00
/usr/lib/libc-client.so.2002
Configure command: ./configure '--enable-assembler' '--enable-local-infile'
'--with-mysqld-user=mysql' '--prefix=/usr' '--with-charset=german1'
'--libdir=/usr/lib' '--libexecdir=/usr/sbin' '--sysconfdir=/etc'
'--datadir=/usr/share' '--localstatedir=/var/db' '--infodir=/usr/share/info'
'--includedir=/usr/include' '--mandir=/usr/share/man'
'--enable-thread-safe-client' '--with-embedded-server' '--with-openssl'
'--enable-shared' '--with-berkeley-db' '--with-gnu-ld' '--with-innodb'
'--with-vio' '--with-pic' 'CFLAGS=-O2 -march=i486 -mcpu=i686
-D_LARGEFILE_SOURCE -D_LARGE_FILES' 'CXXFLAGS=-O2 -march=i486 -mcpu=i686
-D_FILE_OFFSET_BITS=64 -felide-constructors -fno-exceptions -fno-rtti'
'LDFLAGS=-lstdc++'

I hope that this helps you to solve this problem, because I am completely
unable to use regular expressions.

Tilman


--
MySQL Bugs Mailing List
For list archives: http://lists.mysql.com/bugs
To unsubscribe: http://lists.mysql.com/bugs?unsub=gcdmb-bugs@m.gmane.org

Re: Regex causes segmentation fault

Tilman Giese writes:
> Hello,
>
> I just found a big bug in mysql 4.0.13. Regular expressions always cause the
> server to be killed:
>
> mysqld got signal 11;
>
> ...
>
> thd=0x884b4a0
> Attempting backtrace. You can use the following information to find out
> where mysqld died. If you see no messages after this, something went
> terribly wrong...
> Cannot determine thread, fp=0x47d73408, backtrace may not be correct.
> Stack range sanity check OK, backtrace follows:
> 0x810a9af
> 0x403611ec
> 0x401c1a57
> 0x401c1ca8
> 0x80d86af
> 0x811ca18
> 0x81181bf
> 0x8117572
> 0x8116dee
> 0x4035bd80
> 0x401e38a7
> New value of fp=(nil) failed sanity check, terminating stack trace!
>
> ...
>
> Trying to get some variables.
> Some pointers may be invalid and cause the dump to abort...
> thd->query at 0x883e058 = SELECT "ban" REGEXP "^ba*n"
> thd->thread_id=1


[skip]

> I hope that this helps you to solve this problem, because I am completely
> unable to use regular expressions.
>
> Tilman
>

Hi!

We have many tests in our test suite system who involve regular
expressions with REGEXP() function and they all succeed.

So, in order to help us locate a bug, please send us a set of SQL
statements (including CREATE / INSERT commands) that will always leed
to a crash like the above one.

--

Regards,

--
For technical support contracts, go to https://order.mysql.com/?ref=msmi
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Sinisa Milivojevic
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB
/_/ /_/\_, /___/\___\_\___/ Fulltime Developer and Support Coordinator
<___/ www.mysql.com Larnaca, Cyprus


--
MySQL Bugs Mailing List
For list archives: http://lists.mysql.com/bugs
To unsubscribe: http://lists.mysql.com/bugs?unsub=gcdmb-bugs@m.gmane.org

Re: Regex causes segmentation fault

> Hi!
>
> We have many tests in our test suite system who involve regular
> expressions with REGEXP() function and they all succeed.
>
> So, in order to help us locate a bug, please send us a set of SQL
> statements (including CREATE / INSERT commands) that will always leed
> to a crash like the above one.

Well, it does not matter which SQL statement you choose, each one leads to a
crash. For example, if I use the SQL statements at
http://www.mysql.com/doc/en/Regexp.html the server crashes for each listed
statement. It seems to be a general problem rather than a problem depending
on the SQL statement.

Tilman


--
MySQL Bugs Mailing List
For list archives: http://lists.mysql.com/bugs
To unsubscribe: http://lists.mysql.com/bugs?unsub=gcdmb-bugs@m.gmane.org

Re: Regex causes segmentation fault

Tilman Giese writes:
>
> Well, it does not matter which SQL statement you choose, each one leads to a
> crash. For example, if I use the SQL statements at
> http://www.mysql.com/doc/en/Regexp.html the server crashes for each listed
> statement. It seems to be a general problem rather than a problem depending
> on the SQL statement.
>
> Tilman

Hi!

I have run all the examples from that page and all worked just fine.

I used MySQL 4.0.13 binary.

--

Regards,

--
For technical support contracts, go to https://order.mysql.com/?ref=msmi
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Mr. Sinisa Milivojevic
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB
/_/ /_/\_, /___/\___\_\___/ Fulltime Developer and Support Coordinator
<___/ www.mysql.com Larnaca, Cyprus


--
MySQL Bugs Mailing List
For list archives: http://lists.mysql.com/bugs
To unsubscribe: http://lists.mysql.com/bugs?unsub=gcdmb-bugs@m.gmane.org

Re: Regex causes segmentation fault

Hi!

On Jun 18, Tilman Giese wrote:
> Hello,
>
> I just found a big bug in mysql 4.0.13. Regular expressions always cause the
> server to be killed:
>
> Some important information of my system
>
> Release: mysql-4.0.13 (Source distribution)
> C compiler: gcc (GCC) 3.3 (SuSE Linux)
> C++ compiler: g++ (GCC) 3.3 (SuSE Linux)
> System: Linux hera 2.4.20 #1 Mon Feb 10 17:43:17 CET 2003 i686 unknown
> Architecture: i686
>
> Configure command: ./configure '--enable-assembler' '--enable-local-infile'
> '--with-mysqld-user=mysql' '--prefix=/usr' '--with-charset=german1'
> '--libdir=/usr/lib' '--libexecdir=/usr/sbin' '--sysconfdir=/etc'
> '--datadir=/usr/share' '--localstatedir=/var/db' '--infodir=/usr/share/info'
> '--includedir=/usr/include' '--mandir=/usr/share/man'
> '--enable-thread-safe-client' '--with-embedded-server' '--with-openssl'
> '--enable-shared' '--with-berkeley-db' '--with-gnu-ld' '--with-innodb'
> '--with-vio' '--with-pic' 'CFLAGS=-O2 -march=i486 -mcpu=i686
> -D_LARGEFILE_SOURCE -D_LARGE_FILES' 'CXXFLAGS=-O2 -march=i486 -mcpu=i686
> -D_FILE_OFFSET_BITS=64 -felide-constructors -fno-exceptions -fno-rtti'
> 'LDFLAGS=-lstdc++'
>
> I hope that this helps you to solve this problem, because I am completely
> unable to use regular expressions.

You built MySQL yourself.
Things to check:
ldd mysqld -> be sure it does not need system regex library
compilation command line -> be sure that source files include
./regex/regex.h and NOT /usr/include/regex.h
check our binary. it should work, thus the problem is in how you
compiled MySQL.

Regards,
Sergei

--
MySQL Development Team
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Sergei Golubchik
/ /|_/ / // /\ \/ /_/ / /__ MySQL AB, http://www.mysql.com/
/_/ /_/\_, /___/\___\_\___/ Osnabrueck, Germany
<___/

--
MySQL Bugs Mailing List
For list archives: http://lists.mysql.com/bugs
To unsubscribe: http://lists.mysql.com/bugs?unsub=gcdmb-bugs@m.gmane.org