From: Tor Didriksen Date: February 11 2011 1:23pm Subject: bzr commit into mysql-5.5 branch (tor.didriksen:3323) Bug#60085 List-Archive: http://lists.mysql.com/commits/131128 X-Bug: 60085 Message-Id: <20110211132340.96A79376D@atum07.norway.sun.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0032087052791630846==" --===============0032087052791630846== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///export/home/didrik/repo/5.5-bug60085nulltime/ based on revid:alexander.barkov@stripped 3323 Tor Didriksen 2011-02-11 Bug #60085 crash in Item::save_in_field() with time data type Item_singlerow_subselect::val_str() incorrectly assumed that value->val_str() could not change value->null_value @ mysql-test/r/subselect_innodb.result New test case. @ mysql-test/t/subselect_innodb.test New test case. @ sql/item.cc Add some DBUG_TRACE for easier bug-hunting. @ sql/item_subselect.cc Item_singlerow_subselect::val_xxx() should do null_value= value->null_value; rather than null_value= false; Add some DBUG_TRACE for easier bug-hunting. modified: mysql-test/r/subselect_innodb.result mysql-test/t/subselect_innodb.test sql/item.cc sql/item_subselect.cc === modified file 'mysql-test/r/subselect_innodb.result' --- a/mysql-test/r/subselect_innodb.result 2006-01-26 16:54:34 +0000 +++ b/mysql-test/r/subselect_innodb.result 2011-02-11 13:23:34 +0000 @@ -245,3 +245,11 @@ x NULL drop procedure p1; drop tables t1,t2,t3; +# +# Bug#60085 crash in Item::save_in_field() with time data type +# +CREATE TABLE t1(a date, b int, unique(b), unique(a), key(b)) engine=innodb; +INSERT INTO t1 VALUES ('2011-05-13', 0); +SELECT 1 FROM t1 WHERE b < (SELECT CAST(a as date) FROM t1 GROUP BY a); +1 +DROP TABLE t1; === modified file 'mysql-test/t/subselect_innodb.test' --- a/mysql-test/t/subselect_innodb.test 2006-01-26 16:54:34 +0000 +++ b/mysql-test/t/subselect_innodb.test 2011-02-11 13:23:34 +0000 @@ -238,3 +238,12 @@ call p1(); call p1(); drop procedure p1; drop tables t1,t2,t3; + +--echo # +--echo # Bug#60085 crash in Item::save_in_field() with time data type +--echo # + +CREATE TABLE t1(a date, b int, unique(b), unique(a), key(b)) engine=innodb; +INSERT INTO t1 VALUES ('2011-05-13', 0); +SELECT 1 FROM t1 WHERE b < (SELECT CAST(a as date) FROM t1 GROUP BY a); +DROP TABLE t1; === modified file 'sql/item.cc' --- a/sql/item.cc 2011-01-12 12:58:47 +0000 +++ b/sql/item.cc 2011-02-11 13:23:34 +0000 @@ -1059,7 +1059,9 @@ int Item::save_in_field_no_warnings(Fiel ulonglong sql_mode= thd->variables.sql_mode; thd->variables.sql_mode&= ~(MODE_NO_ZERO_IN_DATE | MODE_NO_ZERO_DATE); thd->count_cuted_fields= CHECK_FIELD_IGNORE; + res= save_in_field(field, no_conversions); + thd->count_cuted_fields= tmp; dbug_tmp_restore_column_map(table->write_set, old_map); thd->variables.sql_mode= sql_mode; @@ -5373,6 +5375,7 @@ int Item_null::save_safe_in_field(Field int Item::save_in_field(Field *field, bool no_conversions) { int error; + DBUG_ENTER("Item::save_in_field"); if (result_type() == STRING_RESULT) { String *result; @@ -5383,7 +5386,8 @@ int Item::save_in_field(Field *field, bo if (null_value) { str_value.set_quick(0, 0, cs); - return set_field_to_null_with_conversions(field, no_conversions); + int retval= set_field_to_null_with_conversions(field, no_conversions); + DBUG_RETURN(retval); } /* NOTE: If null_value == FALSE, "result" must be not NULL. */ @@ -5396,8 +5400,10 @@ int Item::save_in_field(Field *field, bo field->result_type() == STRING_RESULT) { double nr= val_real(); - if (null_value) - return set_field_to_null_with_conversions(field, no_conversions); + if (null_value) { + int retval= set_field_to_null_with_conversions(field, no_conversions); + DBUG_RETURN(retval); + } field->set_notnull(); error= field->store(nr); } @@ -5405,7 +5411,10 @@ int Item::save_in_field(Field *field, bo { double nr= val_real(); if (null_value) - return set_field_to_null_with_conversions(field, no_conversions); + { + int retval= set_field_to_null_with_conversions(field, no_conversions); + DBUG_RETURN(retval); + } field->set_notnull(); error=field->store(nr); } @@ -5414,7 +5423,10 @@ int Item::save_in_field(Field *field, bo my_decimal decimal_value; my_decimal *value= val_decimal(&decimal_value); if (null_value) - return set_field_to_null_with_conversions(field, no_conversions); + { + int retval= set_field_to_null_with_conversions(field, no_conversions); + DBUG_RETURN(retval); + } field->set_notnull(); error=field->store_decimal(value); } @@ -5422,11 +5434,14 @@ int Item::save_in_field(Field *field, bo { longlong nr=val_int(); if (null_value) - return set_field_to_null_with_conversions(field, no_conversions); + { + int retval= set_field_to_null_with_conversions(field, no_conversions); + DBUG_RETURN(retval); + } field->set_notnull(); error=field->store(nr, unsigned_flag); } - return error ? error : (field->table->in_use->is_error() ? 1 : 0); + DBUG_RETURN(error ? error : (field->table->in_use->is_error() ? 1 : 0)); } === modified file 'sql/item_subselect.cc' --- a/sql/item_subselect.cc 2011-01-12 12:15:22 +0000 +++ b/sql/item_subselect.cc 2011-02-11 13:23:34 +0000 @@ -256,30 +256,31 @@ bool Item_subselect::walk(Item_processor bool Item_subselect::exec() { - int res; + DBUG_ENTER("Item_subselect::exec"); /* Do not execute subselect in case of a fatal error or if the query has been killed. */ if (thd->is_error() || thd->killed) - return 1; + DBUG_RETURN(true); DBUG_ASSERT(!thd->lex->context_analysis_only); /* Simulate a failure in sub-query execution. Used to test e.g. out of memory or query being killed conditions. */ - DBUG_EXECUTE_IF("subselect_exec_fail", return 1;); + DBUG_EXECUTE_IF("subselect_exec_fail", DBUG_RETURN(true);); - res= engine->exec(); + bool res= engine->exec(); if (engine_changed) { engine_changed= 0; - return exec(); + res= exec(); + DBUG_RETURN(res); } - return (res); + DBUG_RETURN(res); } Item::Type Item_subselect::type() const @@ -572,8 +573,9 @@ double Item_singlerow_subselect::val_rea DBUG_ASSERT(fixed == 1); if (!exec() && !value->null_value) { - null_value= FALSE; - return value->val_real(); + double retval= value->val_real(); + null_value= value->null_value; + return retval; } else { @@ -587,8 +589,9 @@ longlong Item_singlerow_subselect::val_i DBUG_ASSERT(fixed == 1); if (!exec() && !value->null_value) { - null_value= FALSE; - return value->val_int(); + longlong retval= value->val_int(); + null_value= value->null_value; + return retval; } else { @@ -599,15 +602,17 @@ longlong Item_singlerow_subselect::val_i String *Item_singlerow_subselect::val_str(String *str) { + DBUG_ENTER("Item_singlerow_subselect::val_str"); if (!exec() && !value->null_value) { - null_value= FALSE; - return value->val_str(str); + String *retval= value->val_str(str); + null_value= value->null_value; + DBUG_RETURN(retval); } else { reset(); - return 0; + DBUG_RETURN(0); } } @@ -616,8 +621,9 @@ my_decimal *Item_singlerow_subselect::va { if (!exec() && !value->null_value) { - null_value= FALSE; - return value->val_decimal(decimal_value); + my_decimal *retval= value->val_decimal(decimal_value); + null_value= value->null_value; + return retval; } else { @@ -631,8 +637,9 @@ bool Item_singlerow_subselect::val_bool( { if (!exec() && !value->null_value) { - null_value= FALSE; - return value->val_bool(); + bool retval= value->val_bool(); + null_value= value->null_value; + return retval; } else { --===============0032087052791630846== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/tor.didriksen@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: tor.didriksen@stripped\ # r936bvz6p9i95glr # target_branch: file:///export/home/didrik/repo/5.5-bug60085nulltime/ # testament_sha1: 84703176d1991ad3b9532c441b4841b77a69371a # timestamp: 2011-02-11 14:23:40 +0100 # base_revision_id: alexander.barkov@stripped\ # 9sxqewix0fg8c50j # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWQSGb6QABdVfgFAQWPf////n 3+C////6YAs/PffbteuidT3Ou2bbJmmL2PeWdmtNs8J1JtZoElCmU2jUbU0xNqeiD1M1PEmIGjIA AAAcZMmjENNDATQxNGmTEDIwmjTTCDJhJJGCNVPaZBkKaHlMjTQAAaAAAAJEQmkynqMjIJPGqepp +qekGg9QAAGmgyekEUk1DQeqbEBqR4KbJTMU00xNDQPU0AAAkkTTQNBGkwE0Mk2lNqZNPKGj1DNN NRoB5R4H5MkleaNRTDTjjp2yGoA9AYBy8vI+jmK5VW0Da1sYpmRTa4IJkDvQIpX14Ne6OwnQ6W6c bVF9tuBLGkg16MqRfXq4pmpFY7bzhyYN3jdDKYxhlP+KKhVAqExU0Pw9xzOdvw/TDxD4B1BEQwwk iPIcXyANVuvROrm5zZsePaTbK2rqnYbY1hug6MXFmrY0uil4CLVrMvBhizyUvNXqmZl0aHSKOjOf TCd3PHxL903ecxgbhZugniVBOUrtKiYPA8TzgWlLTaqYLMvyWHzieGJxOIhQ+2aX1UtZnOAMh9Kg 4cgZEO4WwRciuk+J8hjAP+IgSnvWKvCyxIsC5sy7trFpttk5K+xuF8JnakLbL0cSTcyaCYxLbxsY MNhaQPmvhAoXnWrCzI3lE6ziZDgMTz9SInaM8CTPJruPrGiOB1byCTufhbiKaYxGNc2XdAwRqsOE j8Sl5UZkMYmtYm0zikKc/tAbi89q5FIRJhOVX5q3mN7p+4WgpOPbpVwLdAiK8vVPG2zErrmmwvoV +UGTNCxgCZCblEawmIQQxHCIXVS0FrqwVWg3OlYVWgh8zCH1sqn4UnmVlkMW5qwsVgpSBkjDhz1U oQziKkqRN2UmrpJUSVuYeSZWWk4PUAYVhOtKSnLUUuGO7eUlyKpXawDszham3Dz16olbgMiCx2/n gqn0cqhCJVMEbjDsvSDEUhJxIE+HUqNBGdRKtMlIfa7hZDTkzEbDaWgpq4Jvv4xZh6/VL4ZoYvVr yxXFzD+WK5bS5yl1IgiW0uCozwWhoppNl+AHKQYtDOWk0XXPvQRY9QyAmVy2skripwmyjWGq5616 AVpuugJtxZkfMx0xc8YXIXHBPCZonK5+xkFxEpJFS9XMpKnDaZI1NkdLZpsoUlLBBx882sCkE1Ji C5L5tdU2gFgrI5dpe60sVo9pJ27WOtL04q5lVKeIaxlYa7bgo0WwqvneJQve9Z6DDzJgkxuKyzTz xFnQ7FhlJF+RZ3p0yY3o2ad24epGI9/GceRD/Sdepeaes2FCi6VuCZ6u6YSRmIBHUpiiYxCvzHAZ BjIbLysrxrzlBSUZVlCpQI0ppdUjbEoyBG0bqqZVEiCnn6S3retH+WuGBTVfFz63VQfzrhtm8yHG BsoSN3II2DY9k71OOJtJPLiebWVWZYOqBY2jApG05FbSss6zAsg6wnJyp1SYrcPInaXlPXEulpgQ j0XKyjnJjKwO1Hr0qrFYEqFDevHqWlQUVDTUxmKsbwcoa02nQnVM03p7x0XPIGvPPCDjbuWMDjfT Qrr7HOdcnp01ZsmfMxoBPwwKFIxBdF5kU5XaY8LAzUtgQhpHlpWZgWfnWctzxW7eDJ+FmD5x6ecR GkTYNm54dFESKXaRSEXuEShligZpXxeN1U86DmGmPa0MGIe8ghms8yH8JSyGEyMHBIGNwDG8HONv xDHJAWkVDmTkLwB856z0n2G3lMRtjbG/SH9CDMtaAoWKIkPQ2/5hg4VB5mZkeoIM4Dx9AexYL1kn iXBVr41igIPQhImNTJnZXe4MoYn7hIFYTJiJImAkTk6mGMpIFAF8wznoThceJ5FxprC0zGIQJ1Ji 0rBYaDEQZTKClWEYGAOYS4fojvR4T39/4e4EI9sGDCGECKwlgiZteQ4JhQIF0p1CIHhIvBUTCIqi M5lr8uUrkXITSaDmM75Fo70BL3mm895fBE6VmmLdoJM1y74PQlqC3PT8E7vWnIkXLUYlCvPCanA1 JUhF+vEN9AbQoEYms8NGQ1cusY7zOXFZyE2ZShQOHG0b42b1k93ZhOCO9QG+0HxfmVbTr6uDUMpG g46CO1xOQw6SskXsiT5Ky4yMhEJmFxsgcfWnQW2pkBaIMchEYhFCNyj0Fy1taOcIxCD8TLHF8sL5 E3PMwnKBa1gq5GkwoYU8SxdwO0uPaaTlmZ8my9vR6JZNpytVXQWMdjHBGKOffAOI2QZOHQ2zITnD CRUbNlHyqW9jKbHj4c3CLptKgUlGFyLmAqB4Xnj0ZczgbEDEFhKmm8YlGbUBQVKVQoQRBPZp1XMr XaYRz2xfZcNnGmLJF39y5q7gTOoQLsesxpDA8HRQrOvYG7LvzXtPP6M4nSxMbBTypUsRUZEoyVfc XNG7G62pBoLJZwWfYN2HrNR0nsurXN18lhSX4TlURiHUixOT1nFyBuGEvf6C3mEBnCmN7WRkJhg2 PBSJ1hQ0ywDAYTRutLAnrgTswMSclGCw6RPZOFay0O6AwsJKoSUo0xwPCJuDJqcptefN3IuUOdjc 5HwB1FWXkj9VqNWlW0zenAk3GLtkgaXCPENtgdb3pexY210FqpEfQ+SHVHHjy10IDMF2dL13Lxa1 NzAZGKqGWUMi3OOWR9kyq1i2YVQ66lPfUSxicdb5vQTlKF0LYGBwrZzm9MQpMiBCO8mJvhModxGp ApIGYJ0aw9HLIKTzQDgqLChUhLh3tpq2aAyR1KqgJaDiW1SQFwy1ok6Ll8PfL4IxNFTeclT2SeGm OmbWQVrnDiICjKoUBD7AwgBqSE8TYpUspZQp51lqCgLFHAF3kbTQxEajABouNQxe9di1pb0b+tXL rETv2ywamV5OVqaksZAx6Zu3gIcSKDIjEdnAqEwCe18jlOD2u6o99pK1HigQtTk9lTnldl168WdV rPmEHKuvEFz6WBhE6OCttOKvq2xKHPIrIWu10zd7e+xk1dHZe60Njielxjd4anBwMzcQUlOYLmg4 O43zqZCgHY9RyAoALo3Lrpz1SSOJ2Lm4uGB4niPRht1T0XlfSJY1q9bjmDuOhT0bMqrXqckhYwnd 5mpoUTCQkDRg3107+xNIZ8zXjyl/kBOwWvWnNwtQb41hgmSbV1iSCrs0DfiLj5A7nlEREREQszvU DOVHQZwgolxB2tBe6eLk505VHSe1ZlWQNckZ3uUm3ofY2AjlmClrURCBFvKA6rzxATGXSj9Umh6d HBaD3GBEgR8Cu5QhJkvAjHum4tpaYLQudSai9IDF69K42uSeNXlOqQ28ygDY9hrbcoJx0eARmiIE fX73i1mcEdTVJlIPUcpNrcEDp2e0vWVWKII3hsZmaKkp4RJHMFCiOjvsdq7HuDUDOZttaNEmzet7 n4tz1bsS+duaPlZoV5q80yCT3VsmxvZpj9TmBhjZ2M7E3uSlt+r5F/8XckU4UJAEhm+k --===============0032087052791630846==--