MySQL 5.7 Crash Analysis: BLOB INSERT … ON DUPLICATE Bug and Its Fix
This article analyzes a MySQL 5.7.20 crash that occurs during INSERT operations on BLOB columns with INSERT … ON DUPLICATE syntax, explains the underlying bug in the copy_blob_value function, shows how to reproduce and locate it with gdb, and provides the fix introduced in MySQL 5.7.22.
1. Fault Phenomenon
A MySQL 5.7.20 community instance crashed while executing an INSERT that involved a BLOB column.
/mysql/mysql-5.7.20/bin/mysqld(my_print_stacktrace+0x35)[0xf468f5]
/mysql/mysql-5.7.20/bin/mysqld(handle_fatal_signal+0x4a4)[0x7cd434]
/lib64/libpthread.so.0(+0xf100)[0x7f3564112100]
/mysql/mysql-5.7.20/bin/mysqld(_ZN10Field_blob15copy_blob_valueEP11st_mem_root+0x30)[0x7fd160]
/mysql/mysql-5.7.20/bin/mysqld(_Z25mysql_prepare_blob_valuesP3THDR4List14ItemEP11st_mem_root+0x29e)[0xe9901e]
/mysql/mysql-5.7.20/bin/mysqld(_Z12write_recordP3THDP5TABLEP9COPY_INFOS4_+0x212)[0xe995f2]
/mysql/mysql-5.7.20/bin/mysqld(_ZN14Sql_cmd_insert12mysql_insertEP3THDP10TABLE_LIST+0x812)[0xe9a982]
/mysql/mysql-5.7.20/bin/mysqld(_ZN14Sql_cmd_insert7executeEP3THD+0xce)[0xe9b15e]
/mysql/mysql-5.7.20/bin/mysqld(_Z21mysql_execute_commandP3THDb+0xd82)[0xd13b62]
/mysql/mysql-5.7.20/bin/mysqld(_Z11mysql_parseP3THD12Parser_state+0x3a5)[0xd18205]
/mysql/mysql-5.7.20/bin/mysqld(_Z16dispatch_commandP3THDPK8COM_DATA19enum_server_command+0x11bf)[0xd1942f]2. Fault Analysis
The stack trace shows the crash happened inside the copy_blob_value function while MySQL was processing an INSERT that touched a BLOB field.
Using a local MySQL 5.7.25 instance and gdb we set a breakpoint at the offending address:
gdb ./mysqld
(gdb) b *0x7fd160
Breakpoint 1 at 0x7fd160: file /export/home/pb2/build/sh_0-32013917-1545390211.74/mysql-5.7.25/sql/field.cc, line 3053.Inspecting the source at github.com/mysql/mysql-server/blob/mysql-5.7.25/sql/field.cc revealed no prior bug fix. By searching the function copy_blob_value in the repository and viewing the git blame, a bug fix record was found.
The bug description indicates that when an INSERT … UPDATE (i.e., INSERT … ON DUPLICATE) statement fails due to a unique‑key conflict, MySQL performs an UPDATE that re‑uses the memory address of the original INSERT's VALUE(). This can lead to three crash scenarios:
Valgrind error : the pointer LHS_FIELD points to memory that has already been freed and re‑allocated, causing a null‑pointer dereference.
Update Bad Data : the pointer LHS_FIELD->ptr points to memory that was not freed but reused, resulting in corrupted data.
Both : if the new allocation lands at the same address as the previous one, both conditions may occur.
BUG Link
https://bugs.mysql.com/bug.php?id=79243
3. Trigger Conditions
The crash is triggered when an INSERT … ON DUPLICATE statement operates on a column of type BLOB.
4. Handling Method
Upgrade to MySQL 5.7.22 or later, where the bug is fixed.
Avoid using INSERT … ON DUPLICATE on BLOB columns.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Aikesheng Open Source Community
The Aikesheng Open Source Community provides stable, enterprise‑grade MySQL open‑source tools and services, releases a premium open‑source component each year (1024), and continuously operates and maintains them.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.