From: Chaithra Gopalareddy Date: January 10 2012 8:35am Subject: bzr push into mysql-trunk branch (chaithra.gopalareddy:3716 to 3717) Bug#12911480 List-Archive: http://lists.mysql.com/commits/142356 X-Bug: 12911480 Message-Id: <201201100835.q0A8Zl4O004463@acsmt357.oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit 3717 Chaithra Gopalareddy 2012-01-10 Bug#12911480: GROUP BY MAKE SET WITH EMPTY SET VALUES CRASH IN MY_HASH_SORT_SIMPLE Problem Description: While executing a make_set funtion in a group by clause with null output, we see problems like, accessing uninitialized area. Problem Analysis: While deducing the nullability of make_set function (in Item_func_make_set::fix_fields), we do not take into consideration that the first argument can be null and as a result the overall function result could be null. In the scenario presented, the first argument is null. So the result of make_set will be null and therefor while accessing the keys in "hp_hashnr" function, it tries to access an uninitialized area (as null bit is not set) and hence the valgrind error. While we do consider that the result set can be null when one of the arguments (starting from the second) can be null in a make_set function. In the current scenario, which is "select count(*) from t1 group by make_set(a,b)", we do not consider field "a"s nullability. We only consider the rest of the argument list which is "b" here. As "b" is defined as not null while creating the table, we are seeing the problem. Solution: In Item_func_make_set::fix_fields(), we take into consideration even the first argument's nullability. @ mysql-test/r/func_set.result Add test for Bug#12911480 @ mysql-test/t/func_set.test Add test for Bug#12911480 @ sql/item_strfunc.h Changed Item_func_make_set::fix_fields( ) function to calculate maybe_null variable. modified: mysql-test/r/func_set.result mysql-test/t/func_set.test sql/item_strfunc.h 3716 Manish Kumar 2012-01-10 BUG#11746146 - 23894: MYSQLBINLOG OUTPUTS SET INSERT_ID=N STATEMENTS UNNECESARILY WITH --DATABA This is a post-push fix that addresses review comments. In particular, improves coding style and ensures that all memory is freed. @ client/mysqlbinlog.cc Modified the file with improved coding style. modified: client/mysqlbinlog.cc === modified file 'mysql-test/r/func_set.result' --- a/mysql-test/r/func_set.result 2011-07-19 15:11:15 +0000 +++ b/mysql-test/r/func_set.result 2012-01-10 08:24:24 +0000 @@ -201,3 +201,13 @@ NULL 1,2,3,4,5,6,7 DROP TABLE t1; +# +# BUG#12211480: GROUP BY MAKE_SET WITH EMPTY SET VALUES CRASH IN MY_HASH_SORT_SIMPLE +# +CREATE TABLE t1 (a INT, b CHAR NOT NULL); +INSERT INTO t1 VALUES (NULL,'1'),(NULL,'1'); +SELECT COUNT(*) FROM t1 GROUP BY MAKE_SET(a,b); +COUNT(*) +2 +DROP TABLE t1; +# End of test BUG#12211480 === modified file 'mysql-test/t/func_set.test' --- a/mysql-test/t/func_set.test 2011-03-04 14:46:17 +0000 +++ b/mysql-test/t/func_set.test 2012-01-10 08:24:24 +0000 @@ -119,3 +119,15 @@ SELECT * FROM t1 WHERE FIND_IN_SET(NULL, --echo DROP TABLE t1; + +--echo # +--echo # BUG#12211480: GROUP BY MAKE_SET WITH EMPTY SET VALUES CRASH IN MY_HASH_SORT_SIMPLE +--echo # + +CREATE TABLE t1 (a INT, b CHAR NOT NULL); +INSERT INTO t1 VALUES (NULL,'1'),(NULL,'1'); +SELECT COUNT(*) FROM t1 GROUP BY MAKE_SET(a,b); + +DROP TABLE t1; + +--echo # End of test BUG#12211480 === modified file 'sql/item_strfunc.h' --- a/sql/item_strfunc.h 2011-11-17 13:41:28 +0000 +++ b/sql/item_strfunc.h 2012-01-10 08:24:24 +0000 @@ -560,9 +560,11 @@ public: bool fix_fields(THD *thd, Item **ref) { DBUG_ASSERT(fixed == 0); - return ((!item->fixed && item->fix_fields(thd, &item)) || - item->check_cols(1) || - Item_func::fix_fields(thd, ref)); + bool res= ((!item->fixed && item->fix_fields(thd, &item)) || + item->check_cols(1) || + Item_func::fix_fields(thd, ref)); + maybe_null|= item->maybe_null; + return res; } void split_sum_func(THD *thd, Ref_ptr_array ref_pointer_array, List &fields); No bundle (reason: useless for push emails).