List:Commits« Previous MessageNext Message »
From:Tor Didriksen Date:February 11 2011 1:23pm
Subject:bzr commit into mysql-5.5 branch (tor.didriksen:3323) Bug#60085
View as plain text  
#At file:///export/home/didrik/repo/5.5-bug60085nulltime/ based on revid:alexander.barkov@stripped

 3323 Tor Didriksen	2011-02-11
      Bug #60085 crash in Item::save_in_field() with time data type
      
      Item_singlerow_subselect::val_str() incorrectly assumed that
      value->val_str() could not change value->null_value
     @ mysql-test/r/subselect_innodb.result
        New test case.
     @ mysql-test/t/subselect_innodb.test
        New test case.
     @ sql/item.cc
        Add some DBUG_TRACE for easier bug-hunting.
     @ sql/item_subselect.cc
        Item_singlerow_subselect::val_xxx() should do
            null_value= value->null_value;
        rather than
            null_value= false;
        Add some DBUG_TRACE for easier bug-hunting.

    modified:
      mysql-test/r/subselect_innodb.result
      mysql-test/t/subselect_innodb.test
      sql/item.cc
      sql/item_subselect.cc
=== modified file 'mysql-test/r/subselect_innodb.result'
--- a/mysql-test/r/subselect_innodb.result	2006-01-26 16:54:34 +0000
+++ b/mysql-test/r/subselect_innodb.result	2011-02-11 13:23:34 +0000
@@ -245,3 +245,11 @@ x
 NULL
 drop procedure p1;
 drop tables t1,t2,t3;
+#
+# Bug#60085 crash in Item::save_in_field() with time data type
+#
+CREATE TABLE t1(a date, b int, unique(b), unique(a), key(b)) engine=innodb;
+INSERT INTO t1 VALUES ('2011-05-13', 0);
+SELECT 1 FROM t1 WHERE b < (SELECT CAST(a as date) FROM t1 GROUP BY a);
+1
+DROP TABLE t1;

=== modified file 'mysql-test/t/subselect_innodb.test'
--- a/mysql-test/t/subselect_innodb.test	2006-01-26 16:54:34 +0000
+++ b/mysql-test/t/subselect_innodb.test	2011-02-11 13:23:34 +0000
@@ -238,3 +238,12 @@ call p1();
 call p1();
 drop procedure p1;
 drop tables t1,t2,t3;
+
+--echo #
+--echo # Bug#60085 crash in Item::save_in_field() with time data type
+--echo #
+
+CREATE TABLE t1(a date, b int, unique(b), unique(a), key(b)) engine=innodb;
+INSERT INTO t1 VALUES ('2011-05-13', 0);
+SELECT 1 FROM t1 WHERE b < (SELECT CAST(a as date) FROM t1 GROUP BY a); 
+DROP TABLE t1;

=== modified file 'sql/item.cc'
--- a/sql/item.cc	2011-01-12 12:58:47 +0000
+++ b/sql/item.cc	2011-02-11 13:23:34 +0000
@@ -1059,7 +1059,9 @@ int Item::save_in_field_no_warnings(Fiel
   ulonglong sql_mode= thd->variables.sql_mode;
   thd->variables.sql_mode&= ~(MODE_NO_ZERO_IN_DATE | MODE_NO_ZERO_DATE);
   thd->count_cuted_fields= CHECK_FIELD_IGNORE;
+
   res= save_in_field(field, no_conversions);
+
   thd->count_cuted_fields= tmp;
   dbug_tmp_restore_column_map(table->write_set, old_map);
   thd->variables.sql_mode= sql_mode;
@@ -5373,6 +5375,7 @@ int Item_null::save_safe_in_field(Field 
 int Item::save_in_field(Field *field, bool no_conversions)
 {
   int error;
+  DBUG_ENTER("Item::save_in_field");
   if (result_type() == STRING_RESULT)
   {
     String *result;
@@ -5383,7 +5386,8 @@ int Item::save_in_field(Field *field, bo
     if (null_value)
     {
       str_value.set_quick(0, 0, cs);
-      return set_field_to_null_with_conversions(field, no_conversions);
+      int retval= set_field_to_null_with_conversions(field, no_conversions);
+      DBUG_RETURN(retval);
     }
 
     /* NOTE: If null_value == FALSE, "result" must be not NULL.  */
@@ -5396,8 +5400,10 @@ int Item::save_in_field(Field *field, bo
            field->result_type() == STRING_RESULT)
   {
     double nr= val_real();
-    if (null_value)
-      return set_field_to_null_with_conversions(field, no_conversions);
+    if (null_value) {
+      int retval= set_field_to_null_with_conversions(field, no_conversions);
+      DBUG_RETURN(retval);
+    }
     field->set_notnull();
     error= field->store(nr);
   }
@@ -5405,7 +5411,10 @@ int Item::save_in_field(Field *field, bo
   {
     double nr= val_real();
     if (null_value)
-      return set_field_to_null_with_conversions(field, no_conversions);
+    {
+      int retval= set_field_to_null_with_conversions(field, no_conversions);
+      DBUG_RETURN(retval);
+    }
     field->set_notnull();
     error=field->store(nr);
   }
@@ -5414,7 +5423,10 @@ int Item::save_in_field(Field *field, bo
     my_decimal decimal_value;
     my_decimal *value= val_decimal(&decimal_value);
     if (null_value)
-      return set_field_to_null_with_conversions(field, no_conversions);
+    {
+      int retval= set_field_to_null_with_conversions(field, no_conversions);
+      DBUG_RETURN(retval);
+    }
     field->set_notnull();
     error=field->store_decimal(value);
   }
@@ -5422,11 +5434,14 @@ int Item::save_in_field(Field *field, bo
   {
     longlong nr=val_int();
     if (null_value)
-      return set_field_to_null_with_conversions(field, no_conversions);
+    {
+      int retval= set_field_to_null_with_conversions(field, no_conversions);
+      DBUG_RETURN(retval);
+    }
     field->set_notnull();
     error=field->store(nr, unsigned_flag);
   }
-  return error ? error : (field->table->in_use->is_error() ? 1 : 0);
+  DBUG_RETURN(error ? error : (field->table->in_use->is_error() ? 1 : 0));
 }
 
 

=== modified file 'sql/item_subselect.cc'
--- a/sql/item_subselect.cc	2011-01-12 12:15:22 +0000
+++ b/sql/item_subselect.cc	2011-02-11 13:23:34 +0000
@@ -256,30 +256,31 @@ bool Item_subselect::walk(Item_processor
 
 bool Item_subselect::exec()
 {
-  int res;
+  DBUG_ENTER("Item_subselect::exec");
 
   /*
     Do not execute subselect in case of a fatal error
     or if the query has been killed.
   */
   if (thd->is_error() || thd->killed)
-    return 1;
+    DBUG_RETURN(true);
 
   DBUG_ASSERT(!thd->lex->context_analysis_only);
   /*
     Simulate a failure in sub-query execution. Used to test e.g.
     out of memory or query being killed conditions.
   */
-  DBUG_EXECUTE_IF("subselect_exec_fail", return 1;);
+  DBUG_EXECUTE_IF("subselect_exec_fail", DBUG_RETURN(true););
 
-  res= engine->exec();
+  bool res= engine->exec();
 
   if (engine_changed)
   {
     engine_changed= 0;
-    return exec();
+    res= exec();
+    DBUG_RETURN(res);
   }
-  return (res);
+  DBUG_RETURN(res);
 }
 
 Item::Type Item_subselect::type() const
@@ -572,8 +573,9 @@ double Item_singlerow_subselect::val_rea
   DBUG_ASSERT(fixed == 1);
   if (!exec() && !value->null_value)
   {
-    null_value= FALSE;
-    return value->val_real();
+    double retval= value->val_real();
+    null_value= value->null_value;
+    return retval;
   }
   else
   {
@@ -587,8 +589,9 @@ longlong Item_singlerow_subselect::val_i
   DBUG_ASSERT(fixed == 1);
   if (!exec() && !value->null_value)
   {
-    null_value= FALSE;
-    return value->val_int();
+    longlong retval= value->val_int();
+    null_value= value->null_value;
+    return retval;
   }
   else
   {
@@ -599,15 +602,17 @@ longlong Item_singlerow_subselect::val_i
 
 String *Item_singlerow_subselect::val_str(String *str)
 {
+  DBUG_ENTER("Item_singlerow_subselect::val_str");
   if (!exec() && !value->null_value)
   {
-    null_value= FALSE;
-    return value->val_str(str);
+    String *retval= value->val_str(str);
+    null_value= value->null_value;
+    DBUG_RETURN(retval);
   }
   else
   {
     reset();
-    return 0;
+    DBUG_RETURN(0);
   }
 }
 
@@ -616,8 +621,9 @@ my_decimal *Item_singlerow_subselect::va
 {
   if (!exec() && !value->null_value)
   {
-    null_value= FALSE;
-    return value->val_decimal(decimal_value);
+    my_decimal *retval= value->val_decimal(decimal_value);
+    null_value= value->null_value;
+    return retval;
   }
   else
   {
@@ -631,8 +637,9 @@ bool Item_singlerow_subselect::val_bool(
 {
   if (!exec() && !value->null_value)
   {
-    null_value= FALSE;
-    return value->val_bool();
+    bool retval= value->val_bool();
+    null_value= value->null_value;
+    return retval;
   }
   else
   {


Attachment: [text/bzr-bundle] bzr/tor.didriksen@oracle.com-20110211132334-r936bvz6p9i95glr.bundle
Thread
bzr commit into mysql-5.5 branch (tor.didriksen:3323) Bug#60085Tor Didriksen11 Feb
  • Re: bzr commit into mysql-5.5 branch (tor.didriksen:3323) Bug#60085Jorgen Loland11 Feb
    • Re: bzr commit into mysql-5.5 branch (tor.didriksen:3323) Bug#60085Tor Didriksen11 Feb
      • Re: bzr commit into mysql-5.5 branch (tor.didriksen:3323) Bug#60085Jorgen Loland14 Feb