From: Date: September 19 2006 6:45pm
Subject: bk commit into 5.0 tree (igor:1.2273) BUG#22015
List-Archive: http://lists.mysql.com/commits/12220
X-Bug: 22015
Message-Id: <20060919164548.BC9E4980D2@igor.local>

Below is the list of changes that have just been committed into a local
5.0 repository of igor. When igor does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2006-09-19 09:45:41-07:00, igor@stripped +3 -0
  Fixed bug #22015: crash with GROUP_CONCAT over a derived table
  that returns the results of aggregation by GROUP_CONCAT.
  The crash was due to an overflow happened for the field
  sortoder->length.
  The fix prevents this overflow exploiting the fact that the
  value of sortoder->length cannot be greater than the value of
  thd->variables.max_sort_length.   

  mysql-test/r/func_gconcat.result@stripped, 2006-09-19 09:45:38-07:00, igor@stripped +9 -0
    Added a test case for bug #22015.

  mysql-test/t/func_gconcat.test@stripped, 2006-09-19 09:45:38-07:00, igor@stripped +15 -0
    Added a test case for bug #22015.

  sql/filesort.cc@stripped, 2006-09-19 09:45:38-07:00, igor@stripped +1 -0
    Fixed bug #22015: crash with GROUP_CONCAT over a derived table
    that returns the results of aggregation by GROUP_CONCAT.
    The crash was due to an overflow happened for the field
    sortoder->length.
    The fix prevents this overflow exploiting the fact that the
    value of sortoder->length cannot be greater than the value of
    thd->variables.max_sort_length.   

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	igor
# Host:	rurik.mysql.com
# Root:	/home/igor/dev-opt/mysql-5.0-opt-bug22015

--- 1.105/sql/filesort.cc	2006-09-19 09:45:48 -07:00
+++ 1.106/sql/filesort.cc	2006-09-19 09:45:48 -07:00
@@ -1268,6 +1268,7 @@
       switch ((sortorder->result_type=sortorder->item->result_type())) {
       case STRING_RESULT:
 	sortorder->length=sortorder->item->max_length;
+        set_if_smaller(sortorder->length, thd->variables.max_sort_length);
 	if (use_strnxfrm((cs=sortorder->item->collation.collation)))
 	{ 
           sortorder->length= cs->coll->strnxfrmlen(cs, sortorder->length);

--- 1.59/mysql-test/r/func_gconcat.result	2006-09-19 09:45:48 -07:00
+++ 1.60/mysql-test/r/func_gconcat.result	2006-09-19 09:45:48 -07:00
@@ -654,3 +654,12 @@
 240001
 SET GROUP_CONCAT_MAX_LEN = 1024;
 DROP TABLE t1;
+CREATE TABLE t1 (a int, b int);
+INSERT INTO t1 VALUES (2,1), (1,2), (2,2), (1,3);
+SELECT GROUP_CONCAT(a), x 
+FROM (SELECT a, GROUP_CONCAT(b) x FROM t1 GROUP BY a) AS s
+GROUP BY x;
+GROUP_CONCAT(a)	x
+2	1,2
+1	2,3
+DROP TABLE t1;

--- 1.45/mysql-test/t/func_gconcat.test	2006-09-19 09:45:48 -07:00
+++ 1.46/mysql-test/t/func_gconcat.test	2006-09-19 09:45:48 -07:00
@@ -447,3 +447,18 @@
 SELECT CHAR_LENGTH( GROUP_CONCAT(b) ) FROM t1;
 SET GROUP_CONCAT_MAX_LEN = 1024;
 DROP TABLE t1;
+
+#
+# Bug #22015: crash with GROUP_CONCAT over a derived table that 
+#             returns the results of aggregation by GROUP_CONCAT  
+#
+
+CREATE TABLE t1 (a int, b int);
+
+INSERT INTO t1 VALUES (2,1), (1,2), (2,2), (1,3);
+
+SELECT GROUP_CONCAT(a), x 
+  FROM (SELECT a, GROUP_CONCAT(b) x FROM t1 GROUP BY a) AS s
+    GROUP BY x;
+
+DROP TABLE t1;