List:Commits« Previous MessageNext Message »
From:Ramil Kalimullin Date:April 1 2010 8:24am
Subject:bzr push into mysql-5.1-bugteam branch (ramil:3435 to 3436) Bug#52397
View as plain text  
 3436 Ramil Kalimullin	2010-03-31
      Fix for bug#52397: another crash with explain extended and group_concat
      
      Problem: EXPLAIN EXTENDED was trying to resolve references to 
      freed temporary table fields for GROUP_CONCAT()'s ORDER BY arguments.
      
      Fix: use stored original GROUP_CONCAT()'s arguments in such a case.
     @ mysql-test/r/func_gconcat.result
        Fix for bug#52397: another crash with explain extended and group_concat
          - test result.
     @ mysql-test/t/func_gconcat.test
        Fix for bug#52397: another crash with explain extended and group_concat
          - test case.
     @ sql/item_sum.cc
        Fix for bug#52397: another crash with explain extended and group_concat
          - use "pargs", printing ORDER BY arguments in the 
        Item_func_group_concat::print() instead of "order" to avoid
        possible reference resolving to (freed) temporary table fields.

    modified:
      mysql-test/r/func_gconcat.result
      mysql-test/t/func_gconcat.test
      sql/item_sum.cc
 3435 Sergey Glukhov	2010-03-29
      fixed compiler warning
     @ sql/item_strfunc.h
        fixed compiler warning

    modified:
      sql/item_strfunc.h
=== modified file 'mysql-test/r/func_gconcat.result'
--- a/mysql-test/r/func_gconcat.result	2010-02-19 19:06:47 +0000
+++ b/mysql-test/r/func_gconcat.result	2010-03-31 13:00:56 +0000
@@ -995,4 +995,19 @@ SELECT 1 FROM
 1
 1
 DROP TABLE t1;
+#
+# Bug #52397: another crash with explain extended and group_concat
+#
+CREATE TABLE t1 (a INT);
+INSERT INTO t1 VALUES (0), (0);
+EXPLAIN EXTENDED SELECT 1 FROM
+(SELECT GROUP_CONCAT(t1.a ORDER BY t1.a ASC) FROM 
+t1 t2, t1 GROUP BY t1.a) AS d;
+id	select_type	table	type	possible_keys	key	key_len	ref	rows	filtered	Extra
+1	PRIMARY	<derived2>	system	NULL	NULL	NULL	NULL	1	100.00	
+2	DERIVED	t2	ALL	NULL	NULL	NULL	NULL	2	100.00	Using temporary; Using filesort
+2	DERIVED	t1	ALL	NULL	NULL	NULL	NULL	2	100.00	Using join buffer
+Warnings:
+Note	1003	select 1 AS `1` from (select group_concat(`test`.`t1`.`a` order by `test`.`t1`.`a` ASC separator ',') AS `GROUP_CONCAT(t1.a ORDER BY t1.a ASC)` from `test`.`t1` `t2` join `test`.`t1` group by `test`.`t1`.`a`) `d`
+DROP TABLE t1;
 End of 5.0 tests

=== modified file 'mysql-test/t/func_gconcat.test'
--- a/mysql-test/t/func_gconcat.test	2010-02-19 19:06:47 +0000
+++ b/mysql-test/t/func_gconcat.test	2010-03-31 13:00:56 +0000
@@ -708,4 +708,16 @@ SELECT 1 FROM
 
 DROP TABLE t1;
 
+
+--echo #
+--echo # Bug #52397: another crash with explain extended and group_concat
+--echo #
+CREATE TABLE t1 (a INT);
+INSERT INTO t1 VALUES (0), (0);
+EXPLAIN EXTENDED SELECT 1 FROM
+  (SELECT GROUP_CONCAT(t1.a ORDER BY t1.a ASC) FROM 
+    t1 t2, t1 GROUP BY t1.a) AS d;
+DROP TABLE t1;
+
+
 --echo End of 5.0 tests

=== modified file 'sql/item_sum.cc'
--- a/sql/item_sum.cc	2010-03-14 16:01:45 +0000
+++ b/sql/item_sum.cc	2010-03-31 13:00:56 +0000
@@ -3420,7 +3420,7 @@ void Item_func_group_concat::print(Strin
     {
       if (i)
         str->append(',');
-      (*order[i]->item)->print(str, query_type);
+      pargs[i + arg_count_field]->print(str, query_type);
       if (order[i]->asc)
         str->append(STRING_WITH_LEN(" ASC"));
       else


Attachment: [text/bzr-bundle] bzr/ramil@mysql.com-20100331130056-1d4n32zzmyk30yi5.bundle
Thread
bzr push into mysql-5.1-bugteam branch (ramil:3435 to 3436) Bug#52397Ramil Kalimullin1 Apr