3695 Chaithra Gopalareddy 2012-02-24
Bug#13012483:EXPLAIN EXTENDED, PREPARED STATEMENT, CRASH IN
CHECK_SIMPLE_EQUALITY
PROBLEM:
Crash in "check_simple_equality" when using a subquery with "IN" and
"ALL" in prepare.
ANALYSIS:
Crash can be reproduced using a simplified query like this one:
prepare s from "select 1 from g1 where 1 < all (
select @:=(1 in (select 1 from g1)) from g1)";
This bug is currently present only on 5.5.and 5.1. Its fixed as part
of work log(#1110) in 5.6. We are taking one change to fix this
in 5.5 and 5.1.
Problem seems to be present because we are trying to evaluate "is_null"
on an argument which is part of a subquery
(In Item_is_not_null_test::update_used_tables()).
But the condition to evaluate is only when we do not have a sub query
present, which means to say that "with_subselect" is not set.
With respect to the above query, we create an object of type
"Item_in_optimizer" which by definition is always associated with a
subquery. While in 5.6 we set "with_subselect" to true for
"Item_in_optimizer" object, we do not do the same in 5.5. This results in
the evaluation for "is_null" resulting in a coredump.
So, we are now setting "with_subselect" to true for "Item_in_optimizer"
in 5.1 and 5.5.
@ mysql-test/r/func_in.result
Result file changes for the test case added
@ mysql-test/t/func_in.test
Test case added for Bug#13012483
@ sql/item_cmpfunc.h
Changed Item_in_optimizer::Item_in_optimizer( ) to set "with_subselect"
to true
modified:
mysql-test/r/func_in.result
mysql-test/t/func_in.test
sql/item_cmpfunc.h
3694 Vasil Dimov 2012-02-21
Fix Bug#13639142 64128: INNODB ERROR IN SERVER LOG OF INNODB_BUG34300
Suppress innodb_bug34300 from failing if InnoDB prints:
120221 11:05:03 InnoDB: ERROR: the age of the last checkpoint is 9439048,
InnoDB: which exceeds the log group capacity 9433498.
by default the log capacity is 2 log files, 5 MB each.
modified:
mysql-test/suite/innodb/t/innodb_bug34300.test
mysql-test/suite/innodb_plugin/t/innodb_bug34300.test
=== modified file 'mysql-test/r/func_in.result'
--- a/mysql-test/r/func_in.result 2011-04-12 09:51:36 +0000
+++ b/mysql-test/r/func_in.result 2012-02-24 06:23:36 +0000
@@ -776,4 +776,14 @@ SELECT 1 IN (YEAR(FROM_UNIXTIME(NULL)) ,
1 IN (YEAR(FROM_UNIXTIME(NULL)) ,1)
1
#
+#
+# Bug#13012483: EXPLAIN EXTENDED, PREPARED STATEMENT, CRASH IN CHECK_SIMPLE_EQUALITY
+#
+CREATE TABLE t1 (a INT);
+PREPARE s FROM "SELECT 1 FROM t1 WHERE 1 < ALL (SELECT @:= (1 IN (SELECT 1 FROM t1)) FROM t1)";
+EXECUTE s;
+1
+DROP TABLE t1;
+# End of test BUG#13012483
+#
End of 5.1 tests
=== modified file 'mysql-test/t/func_in.test'
--- a/mysql-test/t/func_in.test 2011-04-12 09:51:36 +0000
+++ b/mysql-test/t/func_in.test 2012-02-24 06:23:36 +0000
@@ -562,4 +562,17 @@ SELECT 1 IN (YEAR(FROM_UNIXTIME(NULL)) ,
--echo #
+--echo #
+--echo # Bug#13012483: EXPLAIN EXTENDED, PREPARED STATEMENT, CRASH IN CHECK_SIMPLE_EQUALITY
+--echo #
+
+CREATE TABLE t1 (a INT);
+PREPARE s FROM "SELECT 1 FROM t1 WHERE 1 < ALL (SELECT @:= (1 IN (SELECT 1 FROM t1)) FROM t1)";
+EXECUTE s;
+
+DROP TABLE t1;
+
+--echo # End of test BUG#13012483
+
+--echo #
--echo End of 5.1 tests
=== modified file 'sql/item_cmpfunc.h'
--- a/sql/item_cmpfunc.h 2011-06-30 15:37:13 +0000
+++ b/sql/item_cmpfunc.h 2012-02-24 06:23:36 +0000
@@ -254,7 +254,7 @@ public:
Item_in_optimizer(Item *a, Item_in_subselect *b):
Item_bool_func(a, my_reinterpret_cast(Item *)(b)), cache(0),
save_cache(0), result_for_null_param(UNKNOWN)
- {}
+ { with_subselect= true; }
bool fix_fields(THD *, Item **);
bool fix_left(THD *thd, Item **ref);
bool is_null();
No bundle (reason: useless for push emails).
| Thread |
|---|
| • bzr push into mysql-5.1 branch (chaithra.gopalareddy:3694 to 3695)Bug#13012483 | Chaithra Gopalareddy | 24 Feb |
