• Developer Zone
• Lists Home
• FAQ

#At file:///data0/martin/bzrroot/bug58207/5.1bt-minimal_fix/ based on revid:tor.didriksen@stripped

 3520 Martin Hansson	2010-12-14
      Bug#58207: invalid memory reads when using default column value and 
      tmptable needed
      
      The function DEFAULT() works by modifying the the data buffer pointers (often
      referred to as 'record' or 'table record') of its argument. This modification
      is done during name resolution (fix_fields().) Unfortunately, the same
      modification is done when creating a temporary table, because default values
      need to propagate to the new table.
      
      Fixed by skipping the pointer modification for fields that are arguments to
      the DEFAULT function.

    modified:
      mysql-test/r/subselect4.result
      mysql-test/t/subselect4.test
      sql/sql_select.cc
=== modified file 'mysql-test/r/subselect4.result'
--- a/mysql-test/r/subselect4.result	2010-09-07 09:21:09 +0000
+++ b/mysql-test/r/subselect4.result	2010-12-14 10:37:00 +0000
@@ -164,5 +164,22 @@ a	b
 2	NULL
 DROP TABLE t1, t2, t3, t4, t5;
 #
+# Bug#58207: invalid memory reads when using default column value and 
+# tmptable needed
+#
+CREATE TABLE t1( a CHAR(1)   DEFAULT 'a' );
+CREATE TABLE t2( a CHAR(245) DEFAULT 'a' );
+INSERT INTO t1 VALUES ('b'), ('c');
+INSERT INTO t2 VALUES ('b'), ('c');
+SELECT * FROM (SELECT DEFAULT(a) FROM t1) t11;
+DEFAULT(a)
+a
+a
+SELECT * FROM (SELECT DEFAULT(a) AS b FROM t2 GROUP BY a) t21;
+b
+a
+a
+DROP TABLE t1, t2;
+#
 # End of 5.1 tests.
 #

=== modified file 'mysql-test/t/subselect4.test'
--- a/mysql-test/t/subselect4.test	2010-09-07 09:21:09 +0000
+++ b/mysql-test/t/subselect4.test	2010-12-14 10:37:00 +0000
@@ -136,6 +136,21 @@ SELECT * FROM t1 WHERE NULL NOT IN ( SEL
 
 DROP TABLE t1, t2, t3, t4, t5;
 
+--echo #
+--echo # Bug#58207: invalid memory reads when using default column value and 
+--echo # tmptable needed
+--echo #
+CREATE TABLE t1( a CHAR(1)   DEFAULT 'a' );
+CREATE TABLE t2( a CHAR(245) DEFAULT 'a' );
+
+INSERT INTO t1 VALUES ('b'), ('c');
+INSERT INTO t2 VALUES ('b'), ('c');
+
+SELECT * FROM (SELECT DEFAULT(a) FROM t1) t11;
+
+SELECT * FROM (SELECT DEFAULT(a) AS b FROM t2 GROUP BY a) t21;
+
+DROP TABLE t1, t2;
 
 --echo #
 --echo # End of 5.1 tests.

=== modified file 'sql/sql_select.cc'
--- a/sql/sql_select.cc	2010-11-26 12:51:48 +0000
+++ b/sql/sql_select.cc	2010-12-14 10:37:00 +0000
@@ -9816,7 +9816,12 @@ Field *create_tmp_field(THD *thd, TABLE 
                                           convert_blob_length);
     if (orig_type == Item::REF_ITEM && orig_modify)
       ((Item_ref*)orig_item)->set_result_field(result);
-    if (field->field->eq_def(result))
+    /*
+      Fields that are used as arguments to the DEFAULT() function already have
+      their data pointers set to the default value during name resulotion. See
+      Item_default_value::fix_fields.
+    */
+    if (orig_type != Item::DEFAULT_VALUE_ITEM && field->field->eq_def(result))
       *default_field= field->field;
     return result;
   }


Attachment: [text/bzr-bundle] bzr/martin.hansson@oracle.com-20101214103700-sz4k5q589b50ixy4.bundle