BestHub
Sign in
Databases 6 min read

MySQL 5.7 Crash Analysis: BLOB INSERT … ON DUPLICATE Bug and Its Fix

This article analyzes a MySQL 5.7.20 crash that occurs during INSERT operations on BLOB columns with INSERT … ON DUPLICATE syntax, explains the underlying bug in the copy_blob_value function, shows how to reproduce and locate it with gdb, and provides the fix introduced in MySQL 5.7.22.

Aikesheng Open Source Community
Aikesheng Open Source Community
Aikesheng Open Source Community
MySQL 5.7 Crash Analysis: BLOB INSERT … ON DUPLICATE Bug and Its Fix

1. Fault Phenomenon

A MySQL 5.7.20 community instance crashed while executing an INSERT that involved a BLOB column.

/mysql/mysql-5.7.20/bin/mysqld(my_print_stacktrace+0x35)[0xf468f5]
/mysql/mysql-5.7.20/bin/mysqld(handle_fatal_signal+0x4a4)[0x7cd434]
/lib64/libpthread.so.0(+0xf100)[0x7f3564112100]
/mysql/mysql-5.7.20/bin/mysqld(_ZN10Field_blob15copy_blob_valueEP11st_mem_root+0x30)[0x7fd160]
/mysql/mysql-5.7.20/bin/mysqld(_Z25mysql_prepare_blob_valuesP3THDR4List14ItemEP11st_mem_root+0x29e)[0xe9901e]
/mysql/mysql-5.7.20/bin/mysqld(_Z12write_recordP3THDP5TABLEP9COPY_INFOS4_+0x212)[0xe995f2]
/mysql/mysql-5.7.20/bin/mysqld(_ZN14Sql_cmd_insert12mysql_insertEP3THDP10TABLE_LIST+0x812)[0xe9a982]
/mysql/mysql-5.7.20/bin/mysqld(_ZN14Sql_cmd_insert7executeEP3THD+0xce)[0xe9b15e]
/mysql/mysql-5.7.20/bin/mysqld(_Z21mysql_execute_commandP3THDb+0xd82)[0xd13b62]
/mysql/mysql-5.7.20/bin/mysqld(_Z11mysql_parseP3THD12Parser_state+0x3a5)[0xd18205]
/mysql/mysql-5.7.20/bin/mysqld(_Z16dispatch_commandP3THDPK8COM_DATA19enum_server_command+0x11bf)[0xd1942f]

2. Fault Analysis

The stack trace shows the crash happened inside the copy_blob_value function while MySQL was processing an INSERT that touched a BLOB field.

Using a local MySQL 5.7.25 instance and gdb we set a breakpoint at the offending address:

gdb ./mysqld
(gdb) b *0x7fd160
Breakpoint 1 at 0x7fd160: file /export/home/pb2/build/sh_0-32013917-1545390211.74/mysql-5.7.25/sql/field.cc, line 3053.

Inspecting the source at github.com/mysql/mysql-server/blob/mysql-5.7.25/sql/field.cc revealed no prior bug fix. By searching the function copy_blob_value in the repository and viewing the git blame, a bug fix record was found.

The bug description indicates that when an INSERT … UPDATE (i.e., INSERT … ON DUPLICATE ) statement fails due to a unique‑key conflict, MySQL performs an UPDATE that re‑uses the memory address of the original INSERT's VALUE(). This can lead to three crash scenarios:

Valgrind error : the pointer LHS_FIELD points to memory that has already been freed and re‑allocated, causing a null‑pointer dereference.

Update Bad Data : the pointer LHS_FIELD->ptr points to memory that was not freed but reused, resulting in corrupted data.

Both : if the new allocation lands at the same address as the previous one, both conditions may occur.

BUG Link

https://bugs.mysql.com/bug.php?id=79243

3. Trigger Conditions

The crash is triggered when an INSERT … ON DUPLICATE statement operates on a column of type BLOB.

4. Handling Method

Upgrade to MySQL 5.7.22 or later, where the bug is fixed.

Avoid using INSERT … ON DUPLICATE on BLOB columns.

databaseMySQLbugcrashblobINSERT ON DUPLICATE
Aikesheng Open Source Community
Written by

Aikesheng Open Source Community

The Aikesheng Open Source Community provides stable, enterprise‑grade MySQL open‑source tools and services, releases a premium open‑source component each year (1024), and continuously operates and maintains them.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment