Date: 2012-10-23 08:36:46 +0200
From: Inho Kim <<georgios.kim>>
To: SQL devs <>
Version: 11.13.5 (Oct2012-SP1)
CC: @bartscheers, @drstmane

Last updated: 2013-01-22 09:29:12 +0100

Comment 17848

Date: 2012-10-23 08:36:46 +0200
From: Inho Kim <<georgios.kim>>

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4
Build Identifier:

If table has varchar/char/clob column with default null option,
insert statement cause server crash..

Reproducible: Always

Steps to Reproduce:

1.create table test ( id int, name varchar(20) default null);
2.insert into test ( id ) values ( 1 );

Comment 17849

Date: 2012-10-23 10:47:01 +0200
From: @drstmane

I can reproduce the segfault (with Oct2012 v11.13.3).

Thanks for reporting!

Comment 17850

Date: 2012-10-23 11:24:44 +0200
From: @drstmane

The problem is that sql2str() in sql/common/sql_string.c is called with str_nil as argument, but is unable to handle that correctly:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffed14d700 (LWP 2421)]
0x00007fffee2a9702 in sql2str (s=0x7ffff6a93290 "\200") at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/sql/common/sql_string.c:130
130 *p++ = *cur;
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.6-3.fc15.x86_64 cfitsio-3.280-2.fc16.x86_64 cyrus-sasl-lib-2.1.23-27.fc16.x86_64 geos-3.3.1-1.fc16.x86_64 glibc-2.14.90-24.fc16.9.x86_64 keyutils-libs-1.5.2-1.fc16.x86_64 krb5-libs-1.9.4-3.fc16.x86_64 libcom_err-1.41.14-2.fc15.x86_64 libcurl-7.21.7-7.fc16.x86_64 libgcc-4.6.3-2.fc16.x86_64 libidn-1.22-3.fc16.x86_64 libselinux-2.1.6-6.fc16.x86_64 libssh2-1.2.7-4.fc16.x86_64 libstdc++-4.6.3-2.fc16.x86_64 libuuid-2.20.1-2.3.fc16.x86_64 libxml2-2.7.8-6.fc16.x86_64 ncurses-libs-5.9-2.20110716.fc16.x86_64 nspr-4.9.1-2.fc16.x86_64 nss-3.13.5-1.fc16.x86_64 nss-softokn-freebl-3.13.5-1.fc16.x86_64 nss-util-3.13.5-1.fc16.x86_64 openldap-2.4.26-8.fc16.x86_64 openssl-1.0.0j-1.fc16.x86_64 pcre-8.12-9.fc16.x86_64 readline-6.2-2.fc16.x86_64 zlib-1.2.5-7.fc16.x86_64
(gdb) bt
0 0x00007fffee2a9702 in sql2str (s=0x7ffff6a93290 "\200") at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/sql/common/sql_string.c:130
1 0x00007fffee1e59b8 in stmt_atom_string (sa=0x7fffe01d5c00, S=0x7ffff6a93290 "\200") at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/sql/server/sql_statement.c:158
2 0x00007fffee1e9d7c in stmt_alias (sa=0x7fffe01d5c00, op1=0x7fffe00a4700, tname=0x7ffff6a93290 "\200", alias=0x7fffe00a4780 "L2") at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/sql/server/sql_statement.c:1610
3 0x00007fffee244ee8 in stmt_rename (sql=0x7fffe0005470, rel=0x7fffe00a3880, exp=0x7fffe00a3c10, s=0x7fffe00a4700) at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/sql/server/rel_bin.c:1109
4 0x00007fffee24a43d in rel2bin_project (sql=0x7fffe0005470, rel=0x7fffe00a3880, refs=0x7fffe00a4360, topn=0x0) at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/sql/server/rel_bin.c:2191
5 0x00007fffee25431b in subrel_bin (sql=0x7fffe0005470, rel=0x7fffe00a3880, refs=0x7fffe00a4360) at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/sql/server/rel_bin.c:4360
6 0x00007fffee24ddac in rel2bin_insert (sql=0x7fffe0005470, rel=0x7fffe00a4330, refs=0x7fffe00a4360) at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/sql/server/rel_bin.c:2992
7 0x00007fffee254401 in subrel_bin (sql=0x7fffe0005470, rel=0x7fffe00a4330, refs=0x7fffe00a4360) at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/sql/server/rel_bin.c:4380
8 0x00007fffee25465a in output_rel_bin (sql=0x7fffe0005470, rel=0x7fffe00a4330) at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/sql/server/rel_bin.c:4428
9 0x00007fffee171b17 in sql_relation2stmt (c=0x7fffe0005470, r=0x7fffe00a4330) at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/sql/backends/monet5/sql.mx:1678
10 0x00007fffee160e3b in SQLparser (c=0x7fffef130348) at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/sql/backends/monet5/sql_scenario.c:1504
11 0x00007ffff703df24 in runPhase (c=0x7fffef130348, phase=1) at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/monetdb5/mal/mal_scenario.c:522
12 0x00007ffff703e07f in runScenarioBody (c=0x7fffef130348) at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/monetdb5/mal/mal_scenario.c:564
13 0x00007ffff703e316 in runScenario (c=0x7fffef130348) at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/monetdb5/mal/mal_scenario.c:601
14 0x00007ffff703f3b8 in MSserveClient (dummy=0x7fffef130348) at /ufs/manegold//Monet/HG/Jul2012/source/MonetDB/monetdb5/mal/mal_session.c:438
15 0x0000003cf3c07d90 in start_thread () from /lib64/libpthread.so.0
16 0x0000003cf30f119d in clone () from /lib64/libc.so.6
(gdb) li
125 }
126 escaped = FALSE;
127 } else if (*cur == '\') {
128 escaped = TRUE;
129 } else {
130 *p++ = *cur;
131 }
132 }
133 *p = '\0';
134 return s;
(gdb) p s
$1 = 0x7ffff6a93290 "\200"
(gdb) p *s
$2 = -128 '\200'
(gdb) p p
$3 = 0x7ffff6a93290 "\200"
(gdb) p *p
$4 = -128 '\200'
(gdb) p cur
$5 = 0x7ffff6a93290 "\200"
(gdb) p cur
$6 = -128 '\200'
(gdb) p str_nil
$7 = "\200"
(gdb) p &str_nil
$8 = (const char ()[2]) 0x7ffff6a93290
(gdb)

Comment 17972

Date: 2012-11-21 14:39:50 +0100
From: @grobian

Changeset e798c1a1af8b made by Fabian Groffen fabian@monetdb.org in the MonetDB repo, refers to this bug.

For complete details, see http//devmonetdborg/hg/MonetDB?cmd=changeset;node=e798c1a1af8b

Changeset description:

sql2str: handle str_nil

Detect str_nil early instead of crashing on it lateron.  Return same
str_nil, so we end up with nil/NULL afterwards.  Bug #3168

Comment 18371

Date: 2013-01-22 09:29:12 +0100
From: @sjoerdmullender

Oct2012-SP3 has been released.