From: Martin Hansson Date: January 12 2011 8:55am Subject: bzr commit into mysql-5.1 branch (martin.hansson:3543) Bug#58207 List-Archive: http://lists.mysql.com/commits/128483 X-Bug: 58207 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0866313356==" --===============0866313356== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///data0/martin/bzrroot/bug58207/5.1/ based on revid:dmitry.shulga@stripped 3543 Martin Hansson 2011-01-12 Bug#58207: invalid memory reads when using default column value and tmptable needed The function DEFAULT() works by modifying the the data buffer pointers (often referred to as 'record' or 'table record') of its argument. This modification is done during name resolution (fix_fields().) Unfortunately, the same modification is done when creating a temporary table, because default values need to propagate to the new table. Fixed by skipping the pointer modification for fields that are arguments to the DEFAULT function. modified: mysql-test/r/subselect4.result mysql-test/t/subselect4.test sql/sql_select.cc === modified file 'mysql-test/r/subselect4.result' --- a/mysql-test/r/subselect4.result 2010-09-07 09:21:09 +0000 +++ b/mysql-test/r/subselect4.result 2011-01-12 08:55:31 +0000 @@ -164,5 +164,16 @@ a b 2 NULL DROP TABLE t1, t2, t3, t4, t5; # +# Bug#58207: invalid memory reads when using default column value and +# tmptable needed +# +CREATE TABLE t(a VARCHAR(245) DEFAULT +'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'); +INSERT INTO t VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''); +SELECT * FROM (SELECT default(a) FROM t GROUP BY a) d; +default(a) +aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa +DROP TABLE t; +# # End of 5.1 tests. # === modified file 'mysql-test/t/subselect4.test' --- a/mysql-test/t/subselect4.test 2010-09-07 09:21:09 +0000 +++ b/mysql-test/t/subselect4.test 2011-01-12 08:55:31 +0000 @@ -136,6 +136,16 @@ SELECT * FROM t1 WHERE NULL NOT IN ( SEL DROP TABLE t1, t2, t3, t4, t5; +--echo # +--echo # Bug#58207: invalid memory reads when using default column value and +--echo # tmptable needed +--echo # +CREATE TABLE t(a VARCHAR(245) DEFAULT +'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'); +INSERT INTO t VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),(''); +SELECT * FROM (SELECT default(a) FROM t GROUP BY a) d; +DROP TABLE t; + --echo # --echo # End of 5.1 tests. === modified file 'sql/sql_select.cc' --- a/sql/sql_select.cc 2011-01-11 11:09:54 +0000 +++ b/sql/sql_select.cc 2011-01-12 08:55:31 +0000 @@ -9816,7 +9816,12 @@ Field *create_tmp_field(THD *thd, TABLE convert_blob_length); if (orig_type == Item::REF_ITEM && orig_modify) ((Item_ref*)orig_item)->set_result_field(result); - if (field->field->eq_def(result)) + /* + Fields that are used as arguments to the DEFAULT() function already have + their data pointers set to the default value during name resulotion. See + Item_default_value::fix_fields. + */ + if (orig_type != Item::DEFAULT_VALUE_ITEM && field->field->eq_def(result)) *default_field= field->field; return result; } --===============0866313356== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/martin.hansson@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: martin.hansson@stripped\ # bj93mupb5dndw41r # target_branch: file:///data0/martin/bzrroot/bug58207/5.1/ # testament_sha1: f200a6679e2d7c1e9f338f6618ad919627a1aa4b # timestamp: 2011-01-12 09:55:35 +0100 # base_revision_id: dmitry.shulga@stripped\ # d376jh0jefmsdslw # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWSdjHyUAA5RfkHAQeff//3/n 3yC////wAEBgB9c+ObUAOjC7ajdnR1iEtGEkpMmmiaaNNNqehqbUeJpHpNNA0A0GgAAZRU9qj0Mp 5inpBNMADUZGgGjTTIyDAQ4yZNDEYmjAIwEwgDATTRpkaAYSKBEwmVT8aaphTT1Pao9GKNPI0J6m JshBvVD0Q4yZNDEYmjAIwEwgDATTRpkaAYSSCYkwJkNTBGibRKafqn6o9Taj0jZQ9I0Gm00eDChC DUXkoupV4ERIDdOSGn+Cryc86pTyhjOZvkGvMeUBXdjrrqLPrtgDmwCHLUa4bpw1t3fzLV8418Gp LWmCqFVIOyvg7SJZtn3eI5V3LgTbG03V8Q3y0RIGUYBlsgPiyc2xjbT7zicDaQ5jy4fievT3lY6U j5n4fMrsUTsc3Lu9aQfUpVk+3UnGBMcekXKX4/o+k36vtUuj1qrqsOi1Bq/hVBQdhrmoKINR/gf4 NAf9KTFIpRi3a3EjgNC+bAnByoreOTC2XfogMeehzFfVUrTpVGQqbIwzNcUrlzmEhpARlGHx4IgR MQ6R0uIYJoqZMwx0Mx0vRAEQYddh6OTmuBGoPEcZ1BAuDeAb+A5iMl9weJ4z6tI/7g7eWzNfGlMr vZfBRJJmSGErlemoejbmozotK7LvLUIbG7BqLksyJzhBmBEgJMgNYYB2EY2ETYQJRVQwijyoIieQ PhadC5FlFuLj091dlW9MHBjJJ1dLUiFcwkJVuPlqORn6SDOuYk8GErLaYUrumIlUW+Nc6j00dhcd UOTvyuwvCCYGWG66Kr4Q2jyxR0KyxRvw22bSouI0EWIvcOQi25WCJGdZLYbyRLceRluipZGczCVH nvDba8Uyo/K87hsGPCp9RxGSJuAicduQXmXDLsVacXGOTi65ODTs9XiPIOYZ/U32cCVm4TzBGJ9o hxhx2vqLdx02l+ouJtsHUa8oL6EPpGOsgukA2XnLzVtlTDFYilkaGrkIYY55QWcdeZ71MoWDvraV dBESHoOjpYsQ3lNpeYyIWlb57W4ulpaVGG6hc4iAShizcmJL8iVJD7Z4jj81xL5QHGUJkE6ERQhR dSKHF7iJgOqHFdjVthJnvHFFB0AkIeSKaiZTeQIGdldry04BbGcB4LdtHFCveVkyJM3CL8DDSpW3 FZsTZ88jWTMY52MOcGKi7Y7Bjvwh2VRw0WqbwdVLYDiEYIdTkFYqVviM/MD/QNnfbTBQOhVIiNv7 uta+c2qpC6OwPBbxnsPmK81JjY/6DWTZx9pMkEkSiWH+hQrgG8XyCbPBWCsD+7IH+DgM+jlzhQKh YKH8Bj4BefYBUTKgvNQYn0NQYHxP0McyhaMOTw1F9RCcXKIrR6yY1lmP3R8hglV5A3Pn4lUS7WhG NVxMPAUUVsh2WSuofIoWhl6ztxF3e8Sv2IjCIvqu/ZAUs0V+6qi82aFpiWoGv/cEKTx1Q2hssfh8 V8kGTp9LlzPkbv6HxO/MRjVUYnsD3Ff7m4gXmjbCZ2doiIoe8U1+AjLkZgXlwzA71v/BeZZHnVUF 7mErlNAXxH/6HIJKqsenplNMdxwIq816+0hmu0xNViN2daORKO0yJpOcRxo5y9IIow7LkHzDjrNF eImbSaYv2KkS3ERJ3l4XSkavuFiB2ynWTDPjhQ/VeSDAU+Ns3C6omemfbbJCOUrPRIgsTGZgLWkQ WAEhRArGTrnqmvoLMrLlIC2pELGPk5BX6LAnj5xt4Nh9HHsFmg3LsTFYUey6Jw5E478OD+NcXnSF lK4oZyJMLHAilGr2YbRjvlxIEPKQgg5ZUMUS0BhjBa/xPIfRc6iuvouLVlNShrhFeO6IFy7n9V+y s3uS5510ivb08FYO7QOqF3GLB7mDJvIHyBxfNaJVLXdim2ZrLek0V8WJ/j1ApaooImthLMVzr1I7 f3cVzou3SusVbDI1bIS87xeSezjAygV3NFMItUqlWo8wNPayXjCK1mjcfNawGIHRW8LoPJw4VS1i uEnCegmvIN7hzIUyjxdocrF2Un1UAOoJQfwPiDXFys2K8XIrVLUZLhwvoumsyeCttCF2tVWJiPIW 0eljcGNXqBenJCthqGgL0Tk01MWAiZhRQcu9gW7MeEsEtKKJptLaOF468vEGRkiu7r2rktTCDUOZ IZCbM7p+4GKW/UStFq1FnWpQaNyY3d3RwQxRY/m5MjiIiHtjLVsJqp+yb4Ue9fZpdS0XDV7i61p8 GgHQOrk9RBHVlUYrPT4P4eFckED14saVQC2pNdboMG7+OkdhJfY1BKsTdE4xxlDdmpbiY0ZEOPr4 9Wm6a1GK4RZVPmaks1RYiiqc2lGIZl+Al0rpels3E6CTFgKdGM2zkEUdVV2Xgx3KLK2A4HDGNh2L v5jhesyupQUiau6YFK+PO1W0DuOCJiNWB4TMTMlpnrzxQjCTzpmOIualAMRWqLdAYoyHO0cV+QSF 0wQ9vD4KKPatrsUMyZNx5KagtKl1EPlYNkEp60PDFovUfSTHcLWe10BHWo5NWH8zBz/NaGg3ENSD fZvgm62jSW55k+IyuCNuWR4yi/8XckU4UJAnYx8l --===============0866313356==--