Hi Roy,
On 05/26/2011 04:31 PM, Roy Lyseng wrote:
> Hi Evgeny,
>
> the bugfix is approved.
Thanks!
>
> However, it seems that it would be less error-prone to store fieldnr in the
> KEY_PART_INFO struct as one less the current value. Most uses of the field
> subtracts one before using it. Later refactoring?
Yep, currently I would like to avoid any refactoring on this WL.
>
> Thanks,
> Roy
Regards, Evgen.
>
> On 25.05.11 14.09, Evgeny Potemkin wrote:
>> #At file:///work/bzrroot/11783262-bug/ based on
>> revid:epotemkin@stripped
>>
>> 3002 Evgeny Potemkin 2011-05-25
>> Bug#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY
>> IN FROM.
>> Incorrect initialization of field's index led to dereferencing memory
>> out of
>> array bounds and crash.
>>
>> Now KEY_PART_INFO::init_from_field correctly initializes
>> Field::field_index.
>> @ mysql-test/r/derived.result
>> Added a test case for the bug#11783262.
>> @ mysql-test/t/derived.test
>> Added a test case for the bug#11783262.
>> @ sql/table.cc
>> Bug#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY
>> IN FROM.
>> Now KEY_PART_INFO::init_from_field correctly initializes
>> Field::field_index.
>>
>> modified:
>> mysql-test/r/derived.result
>> mysql-test/t/derived.test
>> sql/table.cc
>> === modified file 'mysql-test/r/derived.result'
>> --- a/mysql-test/r/derived.result 2011-02-17 12:14:26 +0000
>> +++ b/mysql-test/r/derived.result 2011-05-25 12:09:53 +0000
>> @@ -1328,3 +1328,23 @@ f1 f11 f2 f22 f3 f33
>> DROP TABLE t1,t2,t3;
>> DROP VIEW v1,v2,v3,v4,v6,v7;
>> #
>> +#
>> +# BUG#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY
>> +# IN FROM WITH WL5274
>> +#
>> +CREATE TABLE t1 (
>> +col_int_key INT,
>> +col_time_key time,
>> +col_varchar_key VARCHAR(1),
>> +KEY col_int_key (col_int_key),
>> +KEY col_varchar_key (col_varchar_key,col_int_key)
>> +) ENGINE=INNODB;
>> +SELECT alias1.col_time_key AS field1
>> +FROM ( ( SELECT SQ1_alias1.* FROM t1 AS SQ1_alias1 ) AS alias1
>> +INNER JOIN t1 AS alias2
>> +ON (alias2.col_int_key = alias1.col_int_key)
>> +)
>> +WHERE alias1.col_int_key = 207
>> +ORDER BY alias1.col_varchar_key, field1;
>> +field1
>> +DROP TABLE t1;
>>
>> === modified file 'mysql-test/t/derived.test'
>> --- a/mysql-test/t/derived.test 2011-02-17 12:14:26 +0000
>> +++ b/mysql-test/t/derived.test 2011-05-25 12:09:53 +0000
>> @@ -693,3 +693,24 @@ DROP VIEW v1,v2,v3,v4,v6,v7;
>>
>> --echo #
>>
>> +--echo #
>> +--echo # BUG#11783262: CRASH IN ITEM_FIELD::ITEM_FIELD IN ITEM.CC ON SUBQUERY
>> +--echo # IN FROM WITH WL5274
>> +--echo #
>> +
>> +CREATE TABLE t1 (
>> + col_int_key INT,
>> + col_time_key time,
>> + col_varchar_key VARCHAR(1),
>> + KEY col_int_key (col_int_key),
>> + KEY col_varchar_key (col_varchar_key,col_int_key)
>> +) ENGINE=INNODB;
>> +SELECT alias1.col_time_key AS field1
>> +FROM ( ( SELECT SQ1_alias1.* FROM t1 AS SQ1_alias1 ) AS alias1
>> + INNER JOIN t1 AS alias2
>> + ON (alias2.col_int_key = alias1.col_int_key)
>> + )
>> +WHERE alias1.col_int_key = 207
>> +ORDER BY alias1.col_varchar_key, field1;
>> +
>> +DROP TABLE t1;
>>
>> === modified file 'sql/table.cc'
>> --- a/sql/table.cc 2011-02-17 12:14:26 +0000
>> +++ b/sql/table.cc 2011-05-25 12:09:53 +0000
>> @@ -775,7 +775,7 @@ void KEY_PART_INFO::init_flags()
>> void KEY_PART_INFO::init_from_field(Field *fld)
>> {
>> field= fld;
>> - fieldnr= field->field_index;
>> + fieldnr= field->field_index + 1;
>> null_bit= field->null_bit;
>> null_offset= (uint) (field->null_ptr - (uchar*)
> field->table->record[0]);
>> offset= field->offset(field->table->record[0]);
>>
>
