• Developer Zone
• Lists Home
• FAQ

#At file:///work/bzrroot/11783262-bug/ based on revid:epotemkin@stripped

 3002 Evgeny Potemkin	2011-05-25
      Bug#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY IN FROM.
      Incorrect initialization of field's index led to dereferencing memory out of
      array bounds and crash.
      
      Now KEY_PART_INFO::init_from_field correctly initializes Field::field_index.
     @ mysql-test/r/derived.result
        Added a test case for the bug#11783262.
     @ mysql-test/t/derived.test
        Added a test case for the bug#11783262.
     @ sql/table.cc
        Bug#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY IN FROM.
        Now KEY_PART_INFO::init_from_field correctly initializes Field::field_index.

    modified:
      mysql-test/r/derived.result
      mysql-test/t/derived.test
      sql/table.cc
=== modified file 'mysql-test/r/derived.result'
--- a/mysql-test/r/derived.result	2011-02-17 12:14:26 +0000
+++ b/mysql-test/r/derived.result	2011-05-25 12:09:53 +0000
@@ -1328,3 +1328,23 @@ f1	f11	f2	f22	f3	f33
 DROP TABLE t1,t2,t3;
 DROP VIEW v1,v2,v3,v4,v6,v7;
 #
+#
+# BUG#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY
+#               IN FROM WITH WL5274 
+#
+CREATE TABLE t1 (
+col_int_key INT,
+col_time_key time,
+col_varchar_key VARCHAR(1),
+KEY col_int_key (col_int_key),
+KEY col_varchar_key (col_varchar_key,col_int_key)
+) ENGINE=INNODB;
+SELECT alias1.col_time_key AS field1
+FROM ( ( SELECT SQ1_alias1.* FROM t1 AS SQ1_alias1 ) AS alias1
+INNER JOIN t1 AS alias2
+ON (alias2.col_int_key = alias1.col_int_key)
+)
+WHERE alias1.col_int_key = 207
+ORDER BY alias1.col_varchar_key, field1;
+field1
+DROP TABLE t1;

=== modified file 'mysql-test/t/derived.test'
--- a/mysql-test/t/derived.test	2011-02-17 12:14:26 +0000
+++ b/mysql-test/t/derived.test	2011-05-25 12:09:53 +0000
@@ -693,3 +693,24 @@ DROP VIEW v1,v2,v3,v4,v6,v7;
 
 --echo #
 
+--echo #
+--echo # BUG#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY
+--echo #               IN FROM WITH WL5274 
+--echo #
+
+CREATE TABLE t1 (
+  col_int_key INT,
+  col_time_key time,
+  col_varchar_key VARCHAR(1),
+  KEY col_int_key (col_int_key),
+  KEY col_varchar_key (col_varchar_key,col_int_key)
+) ENGINE=INNODB;
+SELECT alias1.col_time_key AS field1
+FROM ( ( SELECT SQ1_alias1.* FROM t1 AS SQ1_alias1 ) AS alias1
+  INNER JOIN t1 AS alias2
+  ON (alias2.col_int_key = alias1.col_int_key)
+  )
+WHERE alias1.col_int_key = 207
+ORDER BY alias1.col_varchar_key, field1;
+
+DROP TABLE t1; 

=== modified file 'sql/table.cc'
--- a/sql/table.cc	2011-02-17 12:14:26 +0000
+++ b/sql/table.cc	2011-05-25 12:09:53 +0000
@@ -775,7 +775,7 @@ void KEY_PART_INFO::init_flags()
 void KEY_PART_INFO::init_from_field(Field *fld)
 {
   field= fld;
-  fieldnr= field->field_index;
+  fieldnr= field->field_index + 1;
   null_bit= field->null_bit;
   null_offset= (uint) (field->null_ptr - (uchar*) field->table->record[0]);
   offset= field->offset(field->table->record[0]);


Attachment: [text/bzr-bundle] bzr/epotemkin@mysql.com-20110525120953-vpvavnn1ods423dh.bundle