3738 Georgi Kodinov 2012-04-23
Bug #13966514: CRASH IN GET_SCHEMA_TABLES_RESULT WITH
MIN/MAX, LEFT/RIGHT JOIN ON I_S TABLE
When there's a MIN/MAX that's reduced to a constant due to the
presence of an unique index over the aggregated column the
tables from the query are optimized away.
If one of these removed tables happens to be a I_S table
the materialization check will still run due to the fact that the
the select_lex flag OPTION_SCHEMA_TABLE is not cleared up.
Fixed by adding a check in get_schema_tables_result() for the
presence of join tables (join_tab) before an attempt is made to
iterate over them (which leads to a null pointer dereference crash).
Test suite added.
modified:
mysql-test/r/information_schema.result
mysql-test/t/information_schema.test
sql/sql_show.cc
3737 Tor Didriksen 2012-04-25
Bug#13982125 BUFFER OVERFLOW OF VARIABLE BUF IN ITEM_FUNC_MAKETIME::GET_TIME
Add space for null-terminator, which is always added by sprintf.
modified:
mysql-test/r/func_time.result
mysql-test/t/func_time.test
sql/item_timefunc.cc
=== modified file 'mysql-test/r/information_schema.result'
--- a/mysql-test/r/information_schema.result 2012-03-06 14:29:42 +0000
+++ b/mysql-test/r/information_schema.result 2012-04-23 08:19:36 +0000
@@ -2072,6 +2072,21 @@ t6 e timestamp 6
#
# Clean-up.
drop database mysqltest;
+use test;
#
# End of 5.5 tests
#
+#
+# Bug #13966514 : CRASH IN GET_SCHEMA_TABLES_RESULT WITH MIN/MAX,
+# LEFT/RIGHT JOIN ON I_S TABLE
+#
+CREATE TABLE t1(a INT PRIMARY KEY);
+INSERT INTO t1 VALUES (1);
+# must not crash
+SELECT MAX(a) FROM information_schema.engines RIGHT JOIN t1 ON 1;
+MAX(a)
+1
+DROP TABLE t1;
+#
+# End of 5.6 tests
+#
=== modified file 'mysql-test/t/information_schema.test'
--- a/mysql-test/t/information_schema.test 2011-11-18 11:42:10 +0000
+++ b/mysql-test/t/information_schema.test 2012-04-23 08:19:36 +0000
@@ -1836,11 +1836,28 @@ select TABLE_NAME,COLUMN_NAME,DATA_TYPE,
--echo #
--echo # Clean-up.
drop database mysqltest;
+use test;
--echo #
--echo # End of 5.5 tests
--echo #
+--echo #
+--echo # Bug #13966514 : CRASH IN GET_SCHEMA_TABLES_RESULT WITH MIN/MAX,
+--echo # LEFT/RIGHT JOIN ON I_S TABLE
+--echo #
+
+CREATE TABLE t1(a INT PRIMARY KEY);
+INSERT INTO t1 VALUES (1);
+--echo # must not crash
+SELECT MAX(a) FROM information_schema.engines RIGHT JOIN t1 ON 1;
+DROP TABLE t1;
+
+
+--echo #
+--echo # End of 5.6 tests
+--echo #
+
# Wait till all disconnects are completed
--source include/wait_until_count_sessions.inc
=== modified file 'sql/sql_show.cc'
--- a/sql/sql_show.cc 2012-04-24 06:21:11 +0000
+++ b/sql/sql_show.cc 2012-04-23 08:19:36 +0000
@@ -7225,6 +7225,10 @@ bool get_schema_tables_result(JOIN *join
bool result= 0;
DBUG_ENTER("get_schema_tables_result");
+ /* Check if the schema table is optimized away */
+ if (!join->join_tab)
+ DBUG_RETURN(result);
+
for (JOIN_TAB *tab= join->join_tab; tab < tmp_join_tab; tab++)
{
if (!tab->table || !tab->table->pos_in_table_list)
No bundle (reason: useless for push emails).
| Thread |
|---|
| • bzr push into mysql-trunk branch (Georgi.Kodinov:3737 to 3738) Bug#13966514 | Georgi Kodinov | 25 Apr |
