List:Commits« Previous MessageNext Message »
From:Martin Hansson Date:January 11 2011 8:56am
Subject:bzr commit into mysql-5.1 branch (martin.hansson:3540) Bug#58207
View as plain text  
#At file:///data0/martin/bzrroot/bug58207/5.1/ based on revid:mattias.jonsson@stripped

 3540 Martin Hansson	2011-01-11
      Bug#58207: invalid memory reads when using default column value and 
      tmptable needed
      
      The function DEFAULT() works by modifying the the data buffer pointers (often
      referred to as 'record' or 'table record') of its argument. This modification
      is done during name resolution (fix_fields().) Unfortunately, the same
      modification is done when creating a temporary table, because default values
      need to propagate to the new table.
      
      Fixed by skipping the pointer modification for fields that are arguments to
      the DEFAULT function.

    modified:
      mysql-test/r/subselect4.result
      mysql-test/t/subselect4.test
      sql/sql_select.cc
=== modified file 'mysql-test/r/subselect4.result'
--- a/mysql-test/r/subselect4.result	2010-09-07 09:21:09 +0000
+++ b/mysql-test/r/subselect4.result	2011-01-11 08:56:35 +0000
@@ -164,5 +164,16 @@ a	b
 2	NULL
 DROP TABLE t1, t2, t3, t4, t5;
 #
+# Bug#58207: invalid memory reads when using default column value and 
+# tmptable needed
+#
+CREATE TABLE t(a VARCHAR(245) DEFAULT
+'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa');
+INSERT INTO t VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),('');
+SELECT * FROM (SELECT default(a) FROM t GROUP BY a) d;
+default(a)
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+DROP TABLE t;
+#
 # End of 5.1 tests.
 #

=== modified file 'mysql-test/t/subselect4.test'
--- a/mysql-test/t/subselect4.test	2010-09-07 09:21:09 +0000
+++ b/mysql-test/t/subselect4.test	2011-01-11 08:56:35 +0000
@@ -136,6 +136,16 @@ SELECT * FROM t1 WHERE NULL NOT IN ( SEL
 
 DROP TABLE t1, t2, t3, t4, t5;
 
+--echo #
+--echo # Bug#58207: invalid memory reads when using default column value and 
+--echo # tmptable needed
+--echo #
+CREATE TABLE t(a VARCHAR(245) DEFAULT
+'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa');
+INSERT INTO t VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),('');
+SELECT * FROM (SELECT default(a) FROM t GROUP BY a) d;
+DROP TABLE t;
+
 
 --echo #
 --echo # End of 5.1 tests.

=== modified file 'sql/sql_select.cc'
--- a/sql/sql_select.cc	2010-12-28 23:47:05 +0000
+++ b/sql/sql_select.cc	2011-01-11 08:56:35 +0000
@@ -9817,7 +9817,12 @@ Field *create_tmp_field(THD *thd, TABLE 
                                           convert_blob_length);
     if (orig_type == Item::REF_ITEM && orig_modify)
       ((Item_ref*)orig_item)->set_result_field(result);
-    if (field->field->eq_def(result))
+    /*
+      Fields that are used as arguments to the DEFAULT() function already have
+      their data pointers set to the default value during name resulotion. See
+      Item_default_value::fix_fields.
+    */
+    if (orig_type != Item::DEFAULT_VALUE_ITEM && field->field->eq_def(result))
       *default_field= field->field;
     return result;
   }


Attachment: [text/bzr-bundle] bzr/martin.hansson@oracle.com-20110111085635-58u402my5orn3qxn.bundle
Thread
bzr commit into mysql-5.1 branch (martin.hansson:3540) Bug#58207Martin Hansson11 Jan