List:Commits« Previous MessageNext Message »
From:Chaithra Gopalareddy Date:January 10 2012 8:35am
Subject:bzr push into mysql-trunk branch (chaithra.gopalareddy:3716 to 3717)
Bug#12911480
View as plain text  
 3717 Chaithra Gopalareddy	2012-01-10
      Bug#12911480: GROUP BY MAKE SET WITH EMPTY SET VALUES CRASH IN MY_HASH_SORT_SIMPLE
      
      Problem Description:
      While executing a make_set funtion in a group by clause with null output,
       we see problems like, accessing uninitialized area.
      
      Problem Analysis:
      While deducing the nullability of make_set function 
      (in Item_func_make_set::fix_fields), we do not take into consideration that the 
      first argument can be null and as a result the overall function result could be 
      null. 
      
      In the scenario presented, the first argument is null. So the result of 
      make_set will be null and therefor while accessing the keys in "hp_hashnr" 
      function, it tries to access an uninitialized area (as null bit is not set) 
      and hence the valgrind error. 
      
      While we do consider that the result set can be null when one of the arguments 
      (starting from the second) can be null in a make_set function. 
      
      In the current scenario, which is "select count(*) from t1 group by make_set(a,b)", 
      we do not consider field "a"s nullability. We only consider the rest of the 
      argument list which is "b" here.  As "b" is defined as not null while creating the 
      table, we are seeing the problem. 
      
      Solution:
      In Item_func_make_set::fix_fields(), we take into consideration even the first 
      argument's nullability.
     @ mysql-test/r/func_set.result
        Add test for Bug#12911480
     @ mysql-test/t/func_set.test
        Add test for Bug#12911480
     @ sql/item_strfunc.h
        Changed Item_func_make_set::fix_fields( ) function to calculate maybe_null variable.

    modified:
      mysql-test/r/func_set.result
      mysql-test/t/func_set.test
      sql/item_strfunc.h
 3716 Manish Kumar	2012-01-10
      BUG#11746146 - 23894: MYSQLBINLOG OUTPUTS SET INSERT_ID=N STATEMENTS UNNECESARILY WITH --DATABA
      
      This is a post-push fix that addresses review comments. In particular, improves coding style 
      and ensures that all memory is freed.
     @ client/mysqlbinlog.cc
        Modified the file with improved coding style.

    modified:
      client/mysqlbinlog.cc
=== modified file 'mysql-test/r/func_set.result'
--- a/mysql-test/r/func_set.result	2011-07-19 15:11:15 +0000
+++ b/mysql-test/r/func_set.result	2012-01-10 08:24:24 +0000
@@ -201,3 +201,13 @@ NULL
 1,2,3,4,5,6,7
 
 DROP TABLE t1;
+#
+# BUG#12211480: GROUP BY MAKE_SET WITH EMPTY SET VALUES CRASH IN MY_HASH_SORT_SIMPLE
+#
+CREATE TABLE t1 (a INT, b CHAR NOT NULL);
+INSERT INTO t1 VALUES (NULL,'1'),(NULL,'1');
+SELECT COUNT(*) FROM t1 GROUP BY MAKE_SET(a,b);
+COUNT(*)
+2
+DROP TABLE t1;
+# End of test BUG#12211480

=== modified file 'mysql-test/t/func_set.test'
--- a/mysql-test/t/func_set.test	2011-03-04 14:46:17 +0000
+++ b/mysql-test/t/func_set.test	2012-01-10 08:24:24 +0000
@@ -119,3 +119,15 @@ SELECT * FROM t1 WHERE FIND_IN_SET(NULL,
 
 --echo
 DROP TABLE t1;
+
+--echo #
+--echo # BUG#12211480: GROUP BY MAKE_SET WITH EMPTY SET VALUES CRASH IN MY_HASH_SORT_SIMPLE
+--echo #
+
+CREATE TABLE t1 (a INT, b CHAR NOT NULL);
+INSERT INTO t1 VALUES (NULL,'1'),(NULL,'1');
+SELECT COUNT(*) FROM t1 GROUP BY MAKE_SET(a,b);
+
+DROP TABLE t1;
+
+--echo # End of test BUG#12211480

=== modified file 'sql/item_strfunc.h'
--- a/sql/item_strfunc.h	2011-11-17 13:41:28 +0000
+++ b/sql/item_strfunc.h	2012-01-10 08:24:24 +0000
@@ -560,9 +560,11 @@ public:
   bool fix_fields(THD *thd, Item **ref)
   {
     DBUG_ASSERT(fixed == 0);
-    return ((!item->fixed && item->fix_fields(thd, &item)) ||
-	    item->check_cols(1) ||
-	    Item_func::fix_fields(thd, ref));
+    bool res= ((!item->fixed && item->fix_fields(thd, &item)) ||
+               item->check_cols(1) ||
+               Item_func::fix_fields(thd, ref));
+    maybe_null|= item->maybe_null;
+    return res;
   }
   void split_sum_func(THD *thd, Ref_ptr_array ref_pointer_array,
                       List<Item> &fields);

No bundle (reason: useless for push emails).
Thread
bzr push into mysql-trunk branch (chaithra.gopalareddy:3716 to 3717)Bug#12911480Chaithra Gopalareddy10 Jan