List:Commits« Previous MessageNext Message »
From:Martin Hansson Date:January 12 2011 9:55am
Subject:bzr push into mysql-5.1 branch (martin.hansson:3542 to 3543) Bug#58207
View as plain text  
 3543 Martin Hansson	2011-01-12
      Bug#58207: invalid memory reads when using default column value and 
      tmptable needed
      
      The function DEFAULT() works by modifying the the data buffer pointers (often
      referred to as 'record' or 'table record') of its argument. This modification
      is done during name resolution (fix_fields().) Unfortunately, the same
      modification is done when creating a temporary table, because default values
      need to propagate to the new table.
      
      Fixed by skipping the pointer modification for fields that are arguments to
      the DEFAULT function.

    modified:
      mysql-test/r/subselect4.result
      mysql-test/t/subselect4.test
      sql/sql_select.cc
 3542 Dmitry Shulga	2011-01-11
      Fixed Bug#58887	- server not throwing "Packet too large" error
      if max_allowed_packet >= 16M.
      
      This bug was introduced by patch for bug#42503.
      
      This patch restores behaviour that there was before patch
      for bug#42503 was applied.
     @ sql/net_serv.cc
        Restored original right condition.

    modified:
      sql/net_serv.cc
=== modified file 'mysql-test/r/subselect4.result'
--- a/mysql-test/r/subselect4.result	2010-09-07 09:21:09 +0000
+++ b/mysql-test/r/subselect4.result	2011-01-12 08:55:31 +0000
@@ -164,5 +164,16 @@ a	b
 2	NULL
 DROP TABLE t1, t2, t3, t4, t5;
 #
+# Bug#58207: invalid memory reads when using default column value and 
+# tmptable needed
+#
+CREATE TABLE t(a VARCHAR(245) DEFAULT
+'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa');
+INSERT INTO t VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),('');
+SELECT * FROM (SELECT default(a) FROM t GROUP BY a) d;
+default(a)
+aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+DROP TABLE t;
+#
 # End of 5.1 tests.
 #

=== modified file 'mysql-test/t/subselect4.test'
--- a/mysql-test/t/subselect4.test	2010-09-07 09:21:09 +0000
+++ b/mysql-test/t/subselect4.test	2011-01-12 08:55:31 +0000
@@ -136,6 +136,16 @@ SELECT * FROM t1 WHERE NULL NOT IN ( SEL
 
 DROP TABLE t1, t2, t3, t4, t5;
 
+--echo #
+--echo # Bug#58207: invalid memory reads when using default column value and 
+--echo # tmptable needed
+--echo #
+CREATE TABLE t(a VARCHAR(245) DEFAULT
+'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa');
+INSERT INTO t VALUES (''),(''),(''),(''),(''),(''),(''),(''),(''),(''),('');
+SELECT * FROM (SELECT default(a) FROM t GROUP BY a) d;
+DROP TABLE t;
+
 
 --echo #
 --echo # End of 5.1 tests.

=== modified file 'sql/sql_select.cc'
--- a/sql/sql_select.cc	2011-01-11 11:09:54 +0000
+++ b/sql/sql_select.cc	2011-01-12 08:55:31 +0000
@@ -9816,7 +9816,12 @@ Field *create_tmp_field(THD *thd, TABLE 
                                           convert_blob_length);
     if (orig_type == Item::REF_ITEM && orig_modify)
       ((Item_ref*)orig_item)->set_result_field(result);
-    if (field->field->eq_def(result))
+    /*
+      Fields that are used as arguments to the DEFAULT() function already have
+      their data pointers set to the default value during name resulotion. See
+      Item_default_value::fix_fields.
+    */
+    if (orig_type != Item::DEFAULT_VALUE_ITEM && field->field->eq_def(result))
       *default_field= field->field;
     return result;
   }


Attachment: [text/bzr-bundle] bzr/martin.hansson@oracle.com-20110112085531-bj93mupb5dndw41r.bundle
Thread
bzr push into mysql-5.1 branch (martin.hansson:3542 to 3543) Bug#58207Martin Hansson12 Jan