>Description: I think I just found a bug in mysql 3.23.41 (as shipped with RedHat Linux 7.2 x86). I have a database "tcg" which contains two tables: "edition" (3 columns, 1 primary key) and "card" (several columns, about 6500 lines, 1 primary key). I just started the mysql client (same host) and did:
mysql> select * from card,edition where cost > 2 order by cost; ERROR 1030: Got error 28 from table handler This is the error I got. "cost" is an INT column in table "card". I should add that "edition" only contains a few rows and /var/lib/mysql/tcg, containing these both tables, is just about 1.3 MB in size, so this is nothing fancy. Before mysql spilled out this error, it was working on disk for a minute, CPU load went up into the sky. I looked onto /tmp at that moment and saw this: -rw-rw---- 1 mysql mysql 1024 Jan 21 20:35 #sql531_7a_0.MYI -rw-rw---- 1 mysql mysql 952995840 Jan 21 20:37 #sql531_7a_0.MYD So mysqld was busy filling up my /tmp with nearly one Gig of data. When /tmp was full, I got the abovementioned error.. >How-To-Repeat: Always reproducible by just repeating the abovementioned query. Funny(?) thing is that if you abort the client so the socket is closed, mysqlD continues its task of filling up the temp disk. >Fix: No idea. But I consider this to be a bug, no matter whether the query is syntactically correct or not. Maybe used for a DoS attack on a server. >Submitter-Id: <submitter ID> >Originator: Johannes Tevessen >Organization: [A] KPNQwest Germany * Theodor-Heuss-Str. 43 * D-51149 Köln [T] +49-2203-97865-538 [F] +49-2203-97865-531 [M] +49-178-5352334 [E] [EMAIL PROTECTED] [I] www.kpnqwest.de > >MySQL support: [none | licence | email support | extended email support ] >Synopsis: DoS: Fills up disk after query >Severity: serious >Priority: medium >Category: mysql >Class: sw-bug >Release: mysql-3.23.41 (Source distribution) >Server: /usr/bin/mysqladmin Ver 8.21 Distrib 3.23.41, for redhat-linux-gnu on i386 Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB This software comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to modify and redistribute it under the GPL license Server version 3.23.41 Protocol version 10 Connection Localhost via UNIX socket UNIX socket /var/lib/mysql/mysql.sock Uptime: 18 hours 35 min 39 sec Threads: 2 Questions: 291516 Slow queries: 1 Opens: 134 Flush tables: 1 Open tables: 3 Queries per second avg: 4.355 >Environment: System: Linux aris.dummy.de 2.4.17 #3 Mon Jan 14 00:22:26 CET 2002 i686 unknown Architecture: i686 Some paths: /usr/bin/perl /usr/bin/make /usr/bin/gmake /usr/bin/gcc /usr/bin/cc GCC: Reading specs from /usr/lib/gcc-lib/i686-pc-linux-gnu/3.0.3/specs Configured with: ../gcc-3.0.3/configure --prefix=/usr Thread model: single gcc version 3.0.3 Compilation info: CC='gcc' CFLAGS='-O2 -march=i386 -mcpu=i686 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE' CXX='c++' CXXFLAGS='-O2 -march=i386 -mcpu=i686 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE' LDFLAGS='' LIBC: lrwxrwxrwx 1 root root 13 Aug 20 19:45 /lib/libc.so.6 -> libc-2.2.3.so -rwxr-xr-x 1 root root 1276360 Jul 27 01:10 /lib/libc-2.2.3.so -rw-r--r-- 1 root root 26938980 Jul 27 00:46 /usr/lib/libc.a -rw-r--r-- 1 root root 178 Jul 27 00:46 /usr/lib/libc.so Configure command: ./configure i386-redhat-linux --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --without-debug --without-readline --enable-shared --with-extra-charsets=complex --with-bench --localstatedir=/var/lib/mysql --with-unix-socket-path=/var/lib/mysql/mysql.sock --with-mysqld-user=mysql --with-extra-charsets=all --disable-assember --with-berkeley-db --enable-large-files=yes --enable-largefile=yes --with-thread-safe-client --enable-assembler --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php