List:Commits« Previous MessageNext Message »
From:Evgeny Potemkin Date:May 26 2011 12:14pm
Subject:Re: bzr commit into mysql-trunk branch (epotemkin:3002) Bug#11783262
View as plain text  
Hi Oystein,

On 05/26/2011 03:22 PM, Øystein Grøvlen wrote:
> Hi Evgeny,
>
> Changes looks good. Approved.
Thanks!
>
> I guess the reason this did not create problems for other users of 
> init_from_field() is that they did not rely on fieldnr.
Yep.
>
> -- 
> Øystein
Regards, Evgen.
>
> On 25/05/2011 14:09, Evgeny Potemkin wrote:
>> #At file:///work/bzrroot/11783262-bug/ based on 
>> revid:epotemkin@stripped
>>
>>   3002 Evgeny Potemkin    2011-05-25
>>        Bug#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY 
>> IN FROM.
>>        Incorrect initialization of field's index led to dereferencing memory 
>> out of
>>        array bounds and crash.
>>
>>        Now KEY_PART_INFO::init_from_field correctly initializes 
>> Field::field_index.
>>       @ mysql-test/r/derived.result
>>          Added a test case for the bug#11783262.
>>       @ mysql-test/t/derived.test
>>          Added a test case for the bug#11783262.
>>       @ sql/table.cc
>>          Bug#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY 
>> IN FROM.
>>          Now KEY_PART_INFO::init_from_field correctly initializes 
>> Field::field_index.
>>
>>      modified:
>>        mysql-test/r/derived.result
>>        mysql-test/t/derived.test
>>        sql/table.cc
>> === modified file 'mysql-test/r/derived.result'
>> --- a/mysql-test/r/derived.result    2011-02-17 12:14:26 +0000
>> +++ b/mysql-test/r/derived.result    2011-05-25 12:09:53 +0000
>> @@ -1328,3 +1328,23 @@ f1    f11    f2    f22    f3    f33
>>   DROP TABLE t1,t2,t3;
>>   DROP VIEW v1,v2,v3,v4,v6,v7;
>>   #
>> +#
>> +# BUG#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY
>> +#               IN FROM WITH WL5274
>> +#
>> +CREATE TABLE t1 (
>> +col_int_key INT,
>> +col_time_key time,
>> +col_varchar_key VARCHAR(1),
>> +KEY col_int_key (col_int_key),
>> +KEY col_varchar_key (col_varchar_key,col_int_key)
>> +) ENGINE=INNODB;
>> +SELECT alias1.col_time_key AS field1
>> +FROM ( ( SELECT SQ1_alias1.* FROM t1 AS SQ1_alias1 ) AS alias1
>> +INNER JOIN t1 AS alias2
>> +ON (alias2.col_int_key = alias1.col_int_key)
>> +)
>> +WHERE alias1.col_int_key = 207
>> +ORDER BY alias1.col_varchar_key, field1;
>> +field1
>> +DROP TABLE t1;
>>
>> === modified file 'mysql-test/t/derived.test'
>> --- a/mysql-test/t/derived.test    2011-02-17 12:14:26 +0000
>> +++ b/mysql-test/t/derived.test    2011-05-25 12:09:53 +0000
>> @@ -693,3 +693,24 @@ DROP VIEW v1,v2,v3,v4,v6,v7;
>>
>>   --echo #
>>
>> +--echo #
>> +--echo # BUG#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY
>> +--echo #               IN FROM WITH WL5274
>> +--echo #
>> +
>> +CREATE TABLE t1 (
>> +  col_int_key INT,
>> +  col_time_key time,
>> +  col_varchar_key VARCHAR(1),
>> +  KEY col_int_key (col_int_key),
>> +  KEY col_varchar_key (col_varchar_key,col_int_key)
>> +) ENGINE=INNODB;
>> +SELECT alias1.col_time_key AS field1
>> +FROM ( ( SELECT SQ1_alias1.* FROM t1 AS SQ1_alias1 ) AS alias1
>> +  INNER JOIN t1 AS alias2
>> +  ON (alias2.col_int_key = alias1.col_int_key)
>> +  )
>> +WHERE alias1.col_int_key = 207
>> +ORDER BY alias1.col_varchar_key, field1;
>> +
>> +DROP TABLE t1;
>>
>> === modified file 'sql/table.cc'
>> --- a/sql/table.cc    2011-02-17 12:14:26 +0000
>> +++ b/sql/table.cc    2011-05-25 12:09:53 +0000
>> @@ -775,7 +775,7 @@ void KEY_PART_INFO::init_flags()
>>   void KEY_PART_INFO::init_from_field(Field *fld)
>>   {
>>     field= fld;
>> -  fieldnr= field->field_index;
>> +  fieldnr= field->field_index + 1;
>>     null_bit= field->null_bit;
>>     null_offset= (uint) (field->null_ptr - (uchar*)
> field->table->record[0]);
>>     offset= field->offset(field->table->record[0]);
>>
>>
>>
>>
>>
>
>

Thread
bzr commit into mysql-trunk branch (epotemkin:3002) Bug#11783262Evgeny Potemkin25 May
  • Re: bzr commit into mysql-trunk branch (epotemkin:3002) Bug#11783262Øystein Grøvlen26 May
    • Re: bzr commit into mysql-trunk branch (epotemkin:3002) Bug#11783262Evgeny Potemkin26 May
  • Re: bzr commit into mysql-trunk branch (epotemkin:3002) Bug#11783262Roy Lyseng26 May
    • Re: bzr commit into mysql-trunk branch (epotemkin:3002) Bug#11783262Evgeny Potemkin26 May