List:Commits« Previous MessageNext Message »
From:Roy Lyseng Date:May 26 2011 12:31pm
Subject:Re: bzr commit into mysql-trunk branch (epotemkin:3002) Bug#11783262
View as plain text  
Hi Evgeny,

the bugfix is approved.

However, it seems that it would be less error-prone to store fieldnr in the 
KEY_PART_INFO struct as one less the current value. Most uses of the field 
subtracts one before using it. Later refactoring?

Thanks,
Roy

On 25.05.11 14.09, Evgeny Potemkin wrote:
> #At file:///work/bzrroot/11783262-bug/ based on
> revid:epotemkin@stripped
>
>   3002 Evgeny Potemkin	2011-05-25
>        Bug#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY IN FROM.
>        Incorrect initialization of field's index led to dereferencing memory out of
>        array bounds and crash.
>
>        Now KEY_PART_INFO::init_from_field correctly initializes Field::field_index.
>       @ mysql-test/r/derived.result
>          Added a test case for the bug#11783262.
>       @ mysql-test/t/derived.test
>          Added a test case for the bug#11783262.
>       @ sql/table.cc
>          Bug#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY IN
> FROM.
>          Now KEY_PART_INFO::init_from_field correctly initializes
> Field::field_index.
>
>      modified:
>        mysql-test/r/derived.result
>        mysql-test/t/derived.test
>        sql/table.cc
> === modified file 'mysql-test/r/derived.result'
> --- a/mysql-test/r/derived.result	2011-02-17 12:14:26 +0000
> +++ b/mysql-test/r/derived.result	2011-05-25 12:09:53 +0000
> @@ -1328,3 +1328,23 @@ f1	f11	f2	f22	f3	f33
>   DROP TABLE t1,t2,t3;
>   DROP VIEW v1,v2,v3,v4,v6,v7;
>   #
> +#
> +# BUG#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY
> +#               IN FROM WITH WL5274
> +#
> +CREATE TABLE t1 (
> +col_int_key INT,
> +col_time_key time,
> +col_varchar_key VARCHAR(1),
> +KEY col_int_key (col_int_key),
> +KEY col_varchar_key (col_varchar_key,col_int_key)
> +) ENGINE=INNODB;
> +SELECT alias1.col_time_key AS field1
> +FROM ( ( SELECT SQ1_alias1.* FROM t1 AS SQ1_alias1 ) AS alias1
> +INNER JOIN t1 AS alias2
> +ON (alias2.col_int_key = alias1.col_int_key)
> +)
> +WHERE alias1.col_int_key = 207
> +ORDER BY alias1.col_varchar_key, field1;
> +field1
> +DROP TABLE t1;
>
> === modified file 'mysql-test/t/derived.test'
> --- a/mysql-test/t/derived.test	2011-02-17 12:14:26 +0000
> +++ b/mysql-test/t/derived.test	2011-05-25 12:09:53 +0000
> @@ -693,3 +693,24 @@ DROP VIEW v1,v2,v3,v4,v6,v7;
>
>   --echo #
>
> +--echo #
> +--echo # BUG#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY
> +--echo #               IN FROM WITH WL5274
> +--echo #
> +
> +CREATE TABLE t1 (
> +  col_int_key INT,
> +  col_time_key time,
> +  col_varchar_key VARCHAR(1),
> +  KEY col_int_key (col_int_key),
> +  KEY col_varchar_key (col_varchar_key,col_int_key)
> +) ENGINE=INNODB;
> +SELECT alias1.col_time_key AS field1
> +FROM ( ( SELECT SQ1_alias1.* FROM t1 AS SQ1_alias1 ) AS alias1
> +  INNER JOIN t1 AS alias2
> +  ON (alias2.col_int_key = alias1.col_int_key)
> +  )
> +WHERE alias1.col_int_key = 207
> +ORDER BY alias1.col_varchar_key, field1;
> +
> +DROP TABLE t1;
>
> === modified file 'sql/table.cc'
> --- a/sql/table.cc	2011-02-17 12:14:26 +0000
> +++ b/sql/table.cc	2011-05-25 12:09:53 +0000
> @@ -775,7 +775,7 @@ void KEY_PART_INFO::init_flags()
>   void KEY_PART_INFO::init_from_field(Field *fld)
>   {
>     field= fld;
> -  fieldnr= field->field_index;
> +  fieldnr= field->field_index + 1;
>     null_bit= field->null_bit;
>     null_offset= (uint) (field->null_ptr - (uchar*)
> field->table->record[0]);
>     offset= field->offset(field->table->record[0]);
>
Thread
bzr commit into mysql-trunk branch (epotemkin:3002) Bug#11783262Evgeny Potemkin25 May
  • Re: bzr commit into mysql-trunk branch (epotemkin:3002) Bug#11783262Øystein Grøvlen26 May
    • Re: bzr commit into mysql-trunk branch (epotemkin:3002) Bug#11783262Evgeny Potemkin26 May
  • Re: bzr commit into mysql-trunk branch (epotemkin:3002) Bug#11783262Roy Lyseng26 May
    • Re: bzr commit into mysql-trunk branch (epotemkin:3002) Bug#11783262Evgeny Potemkin26 May