From: Jorgen Loland Date: December 15 2010 1:07pm Subject: Re: bzr commit into mysql-5.1-bugteam branch (martin.hansson:3520) Bug#58207 List-Archive: http://lists.mysql.com/commits/126932 Message-Id: <4D08BDA6.2080802@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Martin, The fix looks good, but the test case in the patch does not give valgrind warning. Please provide a test case that is fixed by the patch (e.g., the one reported in the bug). If you violently refuse to replace this test, you can add one more instead. Jørgen On 12/14/2010 11:37 AM, Martin Hansson wrote: > #At file:///data0/martin/bzrroot/bug58207/5.1bt-minimal_fix/ based on revid:tor.didriksen@stripped > > 3520 Martin Hansson 2010-12-14 > Bug#58207: invalid memory reads when using default column value and > tmptable needed > > The function DEFAULT() works by modifying the the data buffer pointers (often > referred to as 'record' or 'table record') of its argument. This modification > is done during name resolution (fix_fields().) Unfortunately, the same > modification is done when creating a temporary table, because default values > need to propagate to the new table. > > Fixed by skipping the pointer modification for fields that are arguments to > the DEFAULT function. > > modified: > mysql-test/r/subselect4.result > mysql-test/t/subselect4.test > sql/sql_select.cc > === modified file 'mysql-test/r/subselect4.result' > --- a/mysql-test/r/subselect4.result 2010-09-07 09:21:09 +0000 > +++ b/mysql-test/r/subselect4.result 2010-12-14 10:37:00 +0000 > @@ -164,5 +164,22 @@ a b > 2 NULL > DROP TABLE t1, t2, t3, t4, t5; > # > +# Bug#58207: invalid memory reads when using default column value and > +# tmptable needed > +# > +CREATE TABLE t1( a CHAR(1) DEFAULT 'a' ); > +CREATE TABLE t2( a CHAR(245) DEFAULT 'a' ); > +INSERT INTO t1 VALUES ('b'), ('c'); > +INSERT INTO t2 VALUES ('b'), ('c'); > +SELECT * FROM (SELECT DEFAULT(a) FROM t1) t11; > +DEFAULT(a) > +a > +a > +SELECT * FROM (SELECT DEFAULT(a) AS b FROM t2 GROUP BY a) t21; > +b > +a > +a > +DROP TABLE t1, t2; > +# > # End of 5.1 tests. > # > > === modified file 'mysql-test/t/subselect4.test' > --- a/mysql-test/t/subselect4.test 2010-09-07 09:21:09 +0000 > +++ b/mysql-test/t/subselect4.test 2010-12-14 10:37:00 +0000 > @@ -136,6 +136,21 @@ SELECT * FROM t1 WHERE NULL NOT IN ( SEL > > DROP TABLE t1, t2, t3, t4, t5; > > +--echo # > +--echo # Bug#58207: invalid memory reads when using default column value and > +--echo # tmptable needed > +--echo # > +CREATE TABLE t1( a CHAR(1) DEFAULT 'a' ); > +CREATE TABLE t2( a CHAR(245) DEFAULT 'a' ); > + > +INSERT INTO t1 VALUES ('b'), ('c'); > +INSERT INTO t2 VALUES ('b'), ('c'); > + > +SELECT * FROM (SELECT DEFAULT(a) FROM t1) t11; > + > +SELECT * FROM (SELECT DEFAULT(a) AS b FROM t2 GROUP BY a) t21; > + > +DROP TABLE t1, t2; > > --echo # > --echo # End of 5.1 tests. > > === modified file 'sql/sql_select.cc' > --- a/sql/sql_select.cc 2010-11-26 12:51:48 +0000 > +++ b/sql/sql_select.cc 2010-12-14 10:37:00 +0000 > @@ -9816,7 +9816,12 @@ Field *create_tmp_field(THD *thd, TABLE > convert_blob_length); > if (orig_type == Item::REF_ITEM&& orig_modify) > ((Item_ref*)orig_item)->set_result_field(result); > - if (field->field->eq_def(result)) > + /* > + Fields that are used as arguments to the DEFAULT() function already have > + their data pointers set to the default value during name resulotion. See > + Item_default_value::fix_fields. > + */ > + if (orig_type != Item::DEFAULT_VALUE_ITEM&& field->field->eq_def(result)) > *default_field= field->field; > return result; > } > > > > >