From: Martin Hansson Date: January 11 2011 8:56am Subject: bzr commit into mysql-5.1 branch (martin.hansson:3540) Bug#58207 List-Archive: http://lists.mysql.com/commits/128397 X-Bug: 58207 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2047588317==" --===============2047588317== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///data0/martin/bzrroot/bug58207/5.1/ based on revid:mattias.jonsson@stripped 3540 Martin Hansson 2011-01-11 Bug#58207: invalid memory reads when using default column value and tmptable needed The function DEFAULT() works by modifying the the data buffer pointers (often referred to as 'record' or 'table record') of its argument. This modification is done during name resolution (fix_fields().) Unfortunately, the same modification is done when creating a temporary table, because default values need to propagate to the new table. Fixed by skipping the pointer modification for fields that are arguments to the DEFAULT function. modified: mysql-test/r/subselect4.result mysql-test/t/subselect4.test sql/sql_select.cc === modified file 'mysql-test/r/subselect4.result' --- a/mysql-test/r/subselect4.result 2010-09-07 09:21:09 +0000 +++ b/mysql-test/r/subselect4.result 2011-01-11 08:56:35 +0000 @@ -164,5 +164,16 @@ a b 2 NULL DROP TABLE t1, t2, t3, t4, t5; # +# Bug#58207: invalid memory reads when using default column value and +# tmptable needed +# +CREATE TABLE t(a VARCHAR(245) DEFAULT +'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'); +INSERT INTO t VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''); +SELECT * FROM (SELECT default(a) FROM t GROUP BY a) d; +default(a) +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +DROP TABLE t; +# # End of 5.1 tests. # === modified file 'mysql-test/t/subselect4.test' --- a/mysql-test/t/subselect4.test 2010-09-07 09:21:09 +0000 +++ b/mysql-test/t/subselect4.test 2011-01-11 08:56:35 +0000 @@ -136,6 +136,16 @@ SELECT * FROM t1 WHERE NULL NOT IN ( SEL DROP TABLE t1, t2, t3, t4, t5; +--echo # +--echo # Bug#58207: invalid memory reads when using default column value and +--echo # tmptable needed +--echo # +CREATE TABLE t(a VARCHAR(245) DEFAULT +'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'); +INSERT INTO t VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''); +SELECT * FROM (SELECT default(a) FROM t GROUP BY a) d; +DROP TABLE t; + --echo # --echo # End of 5.1 tests. === modified file 'sql/sql_select.cc' --- a/sql/sql_select.cc 2010-12-28 23:47:05 +0000 +++ b/sql/sql_select.cc 2011-01-11 08:56:35 +0000 @@ -9817,7 +9817,12 @@ Field *create_tmp_field(THD *thd, TABLE convert_blob_length); if (orig_type == Item::REF_ITEM && orig_modify) ((Item_ref*)orig_item)->set_result_field(result); - if (field->field->eq_def(result)) + /* + Fields that are used as arguments to the DEFAULT() function already have + their data pointers set to the default value during name resulotion. See + Item_default_value::fix_fields. + */ + if (orig_type != Item::DEFAULT_VALUE_ITEM && field->field->eq_def(result)) *default_field= field->field; return result; } --===============2047588317== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/martin.hansson@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: martin.hansson@stripped\ # 58u402my5orn3qxn # target_branch: file:///data0/martin/bzrroot/bug58207/5.1/ # testament_sha1: c9fa355f1fe669c24d1f525c132aca550334ecc1 # timestamp: 2011-01-11 09:56:42 +0100 # base_revision_id: mattias.jonsson@stripped\ # 2bj4218kve40go1r # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWY9GwkIAA6ZfkFAQeff//3/n 3yC////wAEBgB9fevXrqj0KDDbOwaASBKcNEiDQNBoGgGho0aNAA9QAAAEpJkp6TZpNqeUwo9JoA AADQ0BoAaBCp5Rsj1Q0AAyaGTJkAAAAAAEigQTRpTyNT9U2p6jJo9T0mm1AMgDTQHqGgcZMmjEMT TAQMCaYIwTE000AGEEkgmjUwE0aATRpoSn4k2lPUNGJ6m1DTTR6nqLE0b2Op9eK6pqh2XHXZlMNt 6a3Q7R75YdBBj2RhipdC5IT+2bgaLADu6Rl3Pi7S9jXDH9Xx24paUwKQpQD41/n1kS3RP5YHeXyW CbY2m6uoN0rIkDejAN7fkRm05t7Kn8DgbzUQ5Dywfee/t+RMdKR+Z9PzJ1qJsc3DsvKwzqChYEsk JgkAkDBciGFHT6dVJyxCho4kspFBoSAC9qIKDr8aVBRBqn9x/Y2A/61UikVVMWa24Ebxs5GkEgIU KTadcbeuoWDjx224xP7izYJUwROxgYMzYKwhjIEhu0EfcMSIhtBHU2fQgakMHXd68/UY82L7WsgC IMPNaeji13AjMHiO6dsIFwbgDzLdmEcB94eBLm0CP63P2ldJhvnPHvrHhBUCTCVC8hfLXmo31KCz 69lBDY3YNckoTMCJIOGMDKOQ0JiCEhDjEMA9qucLRjM0FOhcBwiligIieRLiwsRJRNhcet0yiS3u xSe/F8qAoAGkx+TxFpxMfSqQBQIYRPByok99tRofCFPpqyrLdaGTv2spu0BGi0qFhKxNnBp30sdU X2TNU5HqJxyMpngMKyw4ktRp0jsWBDKgpLyK1VFjiWx+R4mWqjMykSV8rIfINlzxVGKqJH7YcjcI dkVVPsIl1+TwOhx5aitrrwXCx1xYM2qkuYuNs63ZfdkI8Q5hd9jfPUJj6iMUalv7nnBcYbKTusf0 p3FuzMYhmUjpttL0cXPxI/VbF0DRCTVmkCUxVtYjVl0wlUaRCD5o4TC1vvHOkqmTOQioxPtaZGt/ 7jyEQo24mDV2BiYZmUX0k08YQxJ1MH5tDi+siV5a0d5TN3b1vUWmqMyZiUEzHg/xqlbdsJh6DZVS Hp0q0OGIGt0TAxriXyaZygPJqhxMkTETHDzE3kxw+paLHGwYjyCK3wEXWQtziQE9hbdo44Fsh5p0 k7iA4cZqzRjaYlxXYPOXBv8V6oS0Qxvv45aaYqXSwzOqmKBJQkFUEObmFYqVvUb/jB8waOnFS9QM 6qREbfD5Fn4ygBs84da3DPafkVx2Exsf3DMTZp6CZIJIlEtP2FCuAbhfQJs61aK0PxbA/Q4DP65c gUCoV6h6BRmBo4CQjJAaXwoMxKFB3H6OgZ40URIsNBdQQpi5RFYPWljErw/nw9jh3Lcgb9/8PZPS /FsxjJBM89ANp0WeM2mQ5e11Fq2Nc5eLynTziWPfRGERf5fPegKWCLKTW3QhY4lqBrdpQqolyjUP 0Gm6N6SQTJAJUgtLlUCRMoDUGlVxVArA3wWDCQ0SgLezj2BSXeIy5sWH9JbqzpcXSOSouV5dxjEI OYSvVCAriP+Y5BJUZj09MqUxzNxFXGWXLnuJ6EaiSOBPYSKIYFKTGfYYLzgjQw7TvD5hdgUGRQmK 6IEJ+HSfQ4La42ZQsUGTDSHHhKiKQbh9/z1Gm1NFp9CjgbLvJXqvSywdepi0WI7cPxB5QgtWXn2R 0B+Hb37Qx0crWdUEEsZS/XDFg9PXA4hZkGhYJloXRyQWpRHIqo237n79EXnKFlU4oZyJMLDvIpRo 7sNYxxHGp/YdYDPQNA2YIhUF+Dll0O8/8vBPXw91hrgnu0uepwArXB/lcbXJcce1dsVr75jcgOiF yL2D2YPDS7/gQpBxdsSisbXLBO1eSx3pNFfkxL9PECqsigiYsJahWu1KRz9eK7Klz2TmKbDI0aoS 91wneLi801LX8PJclXw+ANow88zgKv03VJ/UtrDwCAr+MAinDhULAV4k4T0HgGyY5kKkqeLiG/On 3wAOoPc30PYGWzmxqTLQLkrk/A321xXlI0tapzB2jBS9hGszF1TvY3BjV6kETInNCcUWiODmsmCL 0V3tNWCkZZqFsJdLAr0Xai2xNCvFUmm0tRAXXXq6gyNCyRXd4dy7FWwgrHMkMAN2nT9F0n8QY0X/ YSvFZYW+tCzERdnLFMO6+Dghkix/RyZEYh5xfPYSVD8+b4VPevXhbVYLfnW3URda1XJoB7nLfEEM yifExWrd97+MeskED05MbYwCyhNbZtGDYwj3bY6yQUiVCTMOddQ7v1qHeRGRFZHGHHpxxtsxL1uF qo6uCCisBOUe6xGGs0WID0Xo1jMdCNCAYWQU6Mb1BJGtT7OQGcKm1dIgEBmXEsF2xi21Fk1X4hOy Rgu9UTlR/Elss7LONYiYmzjaX05rfBUu/WMJQOeQ4oc05gYCtUW5sVMh1Kfm3vEQMWwLBcWZEXx+ tTDQ7kNpp8qooremoTsH2ApVlREMrnyKSptXCLKThUHQOnhWczjngHKgrG0qnUxIpV1RvCDTBSss IoThclhAtM5P8XckU4UJCPRsJCA= --===============2047588317==--