From: Tor Didriksen Date: February 15 2011 10:27am Subject: bzr commit into mysql-5.5 branch (tor.didriksen:3326) Bug#11766860 List-Archive: http://lists.mysql.com/commits/131289 X-Bug: 11766860 Message-Id: <20110215102733.EF0E53780@atum07.norway.sun.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8971699638278167131==" --===============8971699638278167131== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///export/home/didrik/repo/5.5-foo/ based on revid:joerg@stripped 3326 Tor Didriksen 2011-02-15 Bug #11766860 - 60085: CRASH IN ITEM::SAVE_IN_FIELD() WITH TIME DATA TYPE This assumption in Item_cache_datetime::cache_value_int was wrong: - /* Assume here that the underlying item will do correct conversion.*/ - int_value= example->val_int_result(); @ mysql-test/r/subselect_innodb.result New test case. @ mysql-test/t/subselect_innodb.test New test case. @ sql/item.cc In Item_cache_datetime::cache_value_int() - call get_time() or get_date() depending on desired type - convert the returned MYSQL_TIME value to longlong depending on desired type @ sql/item.h The cached int_value in Item_cache_datetime should not be unsigned: - it is used mostly in signed context - it can actually have negative value (for TIME data type) @ sql/item_subselect.cc Add some DBUG_TRACE for easier bug-hunting. modified: mysql-test/r/subselect_innodb.result mysql-test/t/subselect_innodb.test sql/item.cc sql/item.h sql/item_subselect.cc === modified file 'mysql-test/r/subselect_innodb.result' --- a/mysql-test/r/subselect_innodb.result 2006-01-26 16:54:34 +0000 +++ b/mysql-test/r/subselect_innodb.result 2011-02-15 10:27:30 +0000 @@ -245,3 +245,12 @@ x NULL drop procedure p1; drop tables t1,t2,t3; +# +# Bug#60085 crash in Item::save_in_field() with time data type +# +CREATE TABLE t1(a date, b int, unique(b), unique(a), key(b)) engine=innodb; +INSERT INTO t1 VALUES ('2011-05-13', 0); +SELECT 1 FROM t1 WHERE b < (SELECT CAST(a as date) FROM t1 GROUP BY a); +1 +1 +DROP TABLE t1; === modified file 'mysql-test/t/subselect_innodb.test' --- a/mysql-test/t/subselect_innodb.test 2006-01-26 16:54:34 +0000 +++ b/mysql-test/t/subselect_innodb.test 2011-02-15 10:27:30 +0000 @@ -238,3 +238,12 @@ call p1(); call p1(); drop procedure p1; drop tables t1,t2,t3; + +--echo # +--echo # Bug#60085 crash in Item::save_in_field() with time data type +--echo # + +CREATE TABLE t1(a date, b int, unique(b), unique(a), key(b)) engine=innodb; +INSERT INTO t1 VALUES ('2011-05-13', 0); +SELECT 1 FROM t1 WHERE b < (SELECT CAST(a as date) FROM t1 GROUP BY a); +DROP TABLE t1; === modified file 'sql/item.cc' --- a/sql/item.cc 2011-01-12 12:58:47 +0000 +++ b/sql/item.cc 2011-02-15 10:27:30 +0000 @@ -1059,7 +1059,9 @@ int Item::save_in_field_no_warnings(Fiel ulonglong sql_mode= thd->variables.sql_mode; thd->variables.sql_mode&= ~(MODE_NO_ZERO_IN_DATE | MODE_NO_ZERO_DATE); thd->count_cuted_fields= CHECK_FIELD_IGNORE; + res= save_in_field(field, no_conversions); + thd->count_cuted_fields= tmp; dbug_tmp_restore_column_map(table->write_set, old_map); thd->variables.sql_mode= sql_mode; @@ -7462,16 +7464,43 @@ longlong Item_cache_int::val_int() bool Item_cache_datetime::cache_value_int() { if (!example) - return FALSE; + return false; - value_cached= TRUE; + value_cached= true; // Mark cached string value obsolete - str_value_cached= FALSE; - /* Assume here that the underlying item will do correct conversion.*/ - int_value= example->val_int_result(); + str_value_cached= false; + + MYSQL_TIME ltime; + const bool eval_error= + (field_type() == MYSQL_TYPE_TIME) ? + example->get_time(<ime) : + example->get_date(<ime, TIME_FUZZY_DATE); + + if (eval_error) + int_value= 0; + else + { + switch(field_type()) + { + case MYSQL_TYPE_DATETIME: + case MYSQL_TYPE_TIMESTAMP: + int_value= TIME_to_ulonglong_datetime(<ime); + break; + case MYSQL_TYPE_TIME: + int_value= TIME_to_ulonglong_time(<ime); + break; + default: + int_value= TIME_to_ulonglong_date(<ime); + break; + } + if (ltime.neg) + int_value= -int_value; + } + null_value= example->null_value; unsigned_flag= example->unsigned_flag; - return TRUE; + + return true; } === modified file 'sql/item.h' --- a/sql/item.h 2011-02-08 15:47:33 +0000 +++ b/sql/item.h 2011-02-15 10:27:30 +0000 @@ -3449,7 +3449,7 @@ class Item_cache_datetime: public Item_c { protected: String str_value; - ulonglong int_value; + longlong int_value; bool str_value_cached; public: Item_cache_datetime(enum_field_types field_type_arg): === modified file 'sql/item_subselect.cc' --- a/sql/item_subselect.cc 2011-01-12 12:15:22 +0000 +++ b/sql/item_subselect.cc 2011-02-15 10:27:30 +0000 @@ -256,30 +256,31 @@ bool Item_subselect::walk(Item_processor bool Item_subselect::exec() { - int res; + DBUG_ENTER("Item_subselect::exec"); /* Do not execute subselect in case of a fatal error or if the query has been killed. */ if (thd->is_error() || thd->killed) - return 1; + DBUG_RETURN(true); DBUG_ASSERT(!thd->lex->context_analysis_only); /* Simulate a failure in sub-query execution. Used to test e.g. out of memory or query being killed conditions. */ - DBUG_EXECUTE_IF("subselect_exec_fail", return 1;); + DBUG_EXECUTE_IF("subselect_exec_fail", DBUG_RETURN(true);); - res= engine->exec(); + bool res= engine->exec(); if (engine_changed) { engine_changed= 0; - return exec(); + res= exec(); + DBUG_RETURN(res); } - return (res); + DBUG_RETURN(res); } Item::Type Item_subselect::type() const --===============8971699638278167131== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/tor.didriksen@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: tor.didriksen@stripped\ # rpuhq1lo9jsv2llr # target_branch: file:///export/home/didrik/repo/5.5-foo/ # testament_sha1: 99524b80485b4ceaaa1a116d4109f732dcad20af # timestamp: 2011-02-15 11:27:33 +0100 # base_revision_id: joerg@stripped # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWYa+5TUABclfgFAQWff////n //C////6YAwOever4ffHueuve3rd3d2d8L05119Sp60vvs6oxAZ7t970GSKankn6RptTUzTI0J+k EMgAAAAADQSSRppqNoJkCelNNqaDajQANANNANDQaBJQARPU0nqnqHtInogNAAAyBoZBoDIEiImS m0hT9U3hEyhsFNHppkAh5TIYCeoGjQRUQARpomYpoqfnpNR6ZJlRsTUaBgnqYBGASRE0AAgU8BU/ QammiDRHtUb1AaJgAjRZI6EAMY0XRJOoMx3Hg9PgrhICUKBSefsPREV04L8b/0fOONvm7nBotabA 7Ki3HQiHojVTCP6thOueKcaXxzaYCuPHM5Ted2uISADts5IKncy5YkNNpxwvOGW/NrY7NCpy0xFS ZU9UAIQHrfj8xzPjjfG+kLbOKf8SqG2mmJsD7ziw94lszb2zf1Zq/mQQ7ERhdWvQG5NY5pkxTi0b rfOc9UCUmPYSZJhWMa1NzjMGnf9hwFxw7ta07N2QuDzxPVWiPzjsYqLCNUqF5JBX8SXeOi8obphf n2PT9DXb+wiUqXFt+xy2tjEe1QqivLz0k2EbvuTRfvj5QvvJsDB9kOJFToGa16LaYTCaymfmPgMV h/0oEUYGY+muvUmjkDa2ru/fImgeBv8d9tuzXDI9Zm3U9LeM6Ixrzmju1iJ/NxJmAy+FmGOJFFYx +HvsRIwf3scBriMx4mwmO4Yj56nX1nsDRyzy8qn6OOTDB4HIYipu5/KXaNBT8SDw/3f9ZTFWBrOJ mhlrMQtGYGwDAMgBHCHGk1gJS7OYbE+RT7eMgNNAcJOLtQNT4TNI6yVp8sC6rVcXyS7tcGDCE1kI MFa1ZUj0h4Cf12jQ00jAq10pjbl/atUlgJjwiTO8WOujaOSkQrGoZBSBIEKrCtnZRQpgMRPHjpI1 jFMnIgjIvUXpqDIoBFTvbmgWLEpK4sPbZVSVlinsEcmCL1wVjK1oNaxmKdisnXO0UD3MAoiUBfFQ jYZc98kZCZIK/KU88qzVYojkmJNY2G3hjNbvHNiyiOStNMlUUFC/WQzUJKrWZVErlIqqMnnlDrzx FiUk8mYZ9pFG46GnNECzdBW9/+LE124xMITu3VGGq9TxIAlBIwCqAwggNgVG6iK4WVmZEgwmjvyv oeaTHVnNo5qJhy8EoMZQid+aBQAiLBExPuk5f0E6tBtsVIjZV1BheBWAoi1JgsZZRiMrBxpU6FcU ylNkdpaSlJDGDJreV1Ew6xLE5cdExQa13qZOqlqrjbne0by+IaC8kLWypaTxyxLSaIpykfwK41J8 BpJllJlWFRXGFbZrB8SkKvVf2phXxL4WkW7FBelcFBRrwptNUCGJm6sIqc1gJSVLbSiQIDVzKgP3 pjs09vdlcPvwT8ARaCYGSuGQr/tJbC8HxYa44lNlDMBcXGjQbN8V57TMNfhuKIVl5lMBxvUkw+cq HEy2k+tZGjSRJPNkSEfCcrvI4WjkzKoOVkuM6WMT0YmpVGBYVTU5FSzq6Us4yr34ipcan1KHcUAB +uszQ/FKIyxW800UtVEQywkKYc2Rqoo3yYbNVQbbrrGEI48sxvmqZSlyrMts1w0Ln4tgUk+weigo 9A+MUUFTGyT2abjWRLSR6fUsIYvjBXaoG+GSgJ55Dw4GYSFxMJGQmKYYFJPfVfi902jGgykjQOLI GQS1eLPt5ZruO7CyypkevYZdxv6+7iapx0yViJnMiu9EWhZ2KUpeEpSiL3IkTu8Sqh3Axq8cujAY oB8qai7jhGjUdQnzVOtrqb2GmTIbYxqRDO+iLyfZ5EbOgK24Ey3VCS/BHX/hEdp2cYz2d7LWjJJt /sGCVC2EBR1KI6Jv8McrMw8bdxWFg6xogxOxOVzh0/u4ISb6ExzFX1CN739BycqQsDGE0qT5zki4 FHQMHMhpajcz8gMGk6RfYJrAU8BOvBidlEkTgWlJdzozCjDW4YuCkLwxOkoCWc+pzl9YmKKguLCe 8HdZ0PfCYwVLDhIeAQcLbW3mpLSaAv0UlzKuckjSL+zDOWkxdOFw6dw7VyOz0jux5kPo7iKIIaIZ AhlGBBz+2BFxMu8y5zsUoOnE/TiCKdzYfEe6m1LEZH0nurx8/O3yKT6fnHAjkgKMMD6C94oAWcvQ uKvygPSW2jpcijTivXxwQsD5yRIzhxzc9rbhKlD8/tWd8+o8ag5hWI2lx+H3KPQ1GjkRgokhIfFg 0tk5E4Xk5C/i0Hu/VzQPrZcX4Kl5hyuUBPku/qpLfpNRSZVD9DQe5aDFxj3pjZ0AYYy6H2GOgjeb /Hn5Xga2EYIFqJfcswhsZit0sqee6JEyTYYG/LIv7zWWkLdJBuJ13TNzdC1ZykgTzl5BUJFBfitq YGDmI18HLaSc/zLcuFRhg54NpZiYGeL2K8xrNd1Tb57kCaZ6uyp2dJHpEyRo1Rh4xhzm0yXQqZ3n B4GJGMUzRI1BWMIIsjcZFZwr496O5sjwHw3y60Q0S4rjRdYXGJlpZh2StQ5GBuzaKhOgWLQI0kxc BOSbUorZvlS7J3VSNtVFqAwNtmiYhbFtxKBmZ2m/vhTwZsV141nRNVfTzbh/EaA2IGXUqRAO8ke0 rGDBezN1HPUWSZ25cXO+XgXGF6KUxXI7BRSZorAHCKgvXk4HtPUQz1PdSC3FlpySXcXHI2roR4zd 5UqCMQf4C24q6lnQqKCbiBcP0dXW5ug6zg/+Sf1pBL09VTzYtZzrnX5S43iu5GYrtMJCDURWzeU4 oXspzgZkDyACtS1EqQAd/cOFatK7VqNR4eNpwtCZdTUFOf8oVEbruytZ3I9kJmTEXV/J3upv7Xx9 HME1vnA20uLa5EbOIB9OxWTg9YdVuPnQMzMWAHdIie+kQpHw0EAMlndytKJxH5EHKRmJfNgyh18O yyvNBqBj20bAGNkPLS/dGLGMWMp7a6k9/AKHi56nx4fILyq7GPe5ujasFoO9eyHED232LUvWAV0q /xZo6wWYTKQEukV02OMhhArTyYYIGiKsqBRjJHv9Ba5PcLyTrJX2t4tlBKHUS/snKmdXh5Txi5xa W2zWCQE3tDEkghQx1mmAtibhid1LTR6N2lqqGDY2aWjiYHzCDkw3M7D15tsydItahDiIRRlklBG2 ixIGFSpKtoOK9cjdViRgwumjxLbzBUFzgtZtTks6w2jaqECYiJlS0u8pJVDp1RoWG5NNag3hZWxu Bqj7wnMM0TjDWXISEKjnaVwAoD4N2BMdr5OXvnNM+xWG9AiBlM28pXC+DJt05TTbRSt8Mm7GCQBn Hgu+gttejk0N0/bI1xjIbRam8W9kcXZM+TkwY8GnFwFi7n4Oetqe8Nz47ijQbIGmSUZPE84qyJ6U M8uyCDw7yaLhpKrUfWcnPzjdCMh3eyI2hphRwANDJK9zm7nN6uFe+szF/o2RbUjSHPwZHHAhCcC5 gUaenEdxdY0ddaQK96B4AFHapDrFloRBehm2ZamStJIl2aDayKcz40dGtd3d3d3d3Vy6idMWCvPK 14IO3dOBZgKutNY6c6lSIbwlibdSlXZZHOx13aX4vg5jM0ET2teI6sH30EXQxFoziIoSgqpyhKud UvVI6ENDps5FaNrJx6grmER6KomRFV+xQrzmL82YqE42ws6UpdinKarVaTITEXeSgF6q1vaKGdyW iO8sCykrEDwdzhoQM4u15hcRgQU/n8z3aReL18tToN8HcswsLSd7k8jRxq5QEsFVnOSEmZAzFctT ESSMOl7YBg9AkkMfZprgSO5j5PY29lS8mx1uEoNlBEiRbWAcXsexeYErV6Dbhcy4j2tGm/LptIfw LuSKcKEhDX3Kag== --===============8971699638278167131==--