From: Georgi Kodinov Date: April 25 2012 11:09am Subject: bzr push into mysql-trunk branch (Georgi.Kodinov:3737 to 3738) Bug#13966514 List-Archive: http://lists.mysql.com/commits/143654 X-Bug: 13966514 Message-Id: <201204251109.q3PB982I032454@acsmt356.oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit 3738 Georgi Kodinov 2012-04-23 Bug #13966514: CRASH IN GET_SCHEMA_TABLES_RESULT WITH MIN/MAX, LEFT/RIGHT JOIN ON I_S TABLE When there's a MIN/MAX that's reduced to a constant due to the presence of an unique index over the aggregated column the tables from the query are optimized away. If one of these removed tables happens to be a I_S table the materialization check will still run due to the fact that the the select_lex flag OPTION_SCHEMA_TABLE is not cleared up. Fixed by adding a check in get_schema_tables_result() for the presence of join tables (join_tab) before an attempt is made to iterate over them (which leads to a null pointer dereference crash). Test suite added. modified: mysql-test/r/information_schema.result mysql-test/t/information_schema.test sql/sql_show.cc 3737 Tor Didriksen 2012-04-25 Bug#13982125 BUFFER OVERFLOW OF VARIABLE BUF IN ITEM_FUNC_MAKETIME::GET_TIME Add space for null-terminator, which is always added by sprintf. modified: mysql-test/r/func_time.result mysql-test/t/func_time.test sql/item_timefunc.cc === modified file 'mysql-test/r/information_schema.result' --- a/mysql-test/r/information_schema.result 2012-03-06 14:29:42 +0000 +++ b/mysql-test/r/information_schema.result 2012-04-23 08:19:36 +0000 @@ -2072,6 +2072,21 @@ t6 e timestamp 6 # # Clean-up. drop database mysqltest; +use test; # # End of 5.5 tests # +# +# Bug #13966514 : CRASH IN GET_SCHEMA_TABLES_RESULT WITH MIN/MAX, +# LEFT/RIGHT JOIN ON I_S TABLE +# +CREATE TABLE t1(a INT PRIMARY KEY); +INSERT INTO t1 VALUES (1); +# must not crash +SELECT MAX(a) FROM information_schema.engines RIGHT JOIN t1 ON 1; +MAX(a) +1 +DROP TABLE t1; +# +# End of 5.6 tests +# === modified file 'mysql-test/t/information_schema.test' --- a/mysql-test/t/information_schema.test 2011-11-18 11:42:10 +0000 +++ b/mysql-test/t/information_schema.test 2012-04-23 08:19:36 +0000 @@ -1836,11 +1836,28 @@ select TABLE_NAME,COLUMN_NAME,DATA_TYPE, --echo # --echo # Clean-up. drop database mysqltest; +use test; --echo # --echo # End of 5.5 tests --echo # +--echo # +--echo # Bug #13966514 : CRASH IN GET_SCHEMA_TABLES_RESULT WITH MIN/MAX, +--echo # LEFT/RIGHT JOIN ON I_S TABLE +--echo # + +CREATE TABLE t1(a INT PRIMARY KEY); +INSERT INTO t1 VALUES (1); +--echo # must not crash +SELECT MAX(a) FROM information_schema.engines RIGHT JOIN t1 ON 1; +DROP TABLE t1; + + +--echo # +--echo # End of 5.6 tests +--echo # + # Wait till all disconnects are completed --source include/wait_until_count_sessions.inc === modified file 'sql/sql_show.cc' --- a/sql/sql_show.cc 2012-04-24 06:21:11 +0000 +++ b/sql/sql_show.cc 2012-04-23 08:19:36 +0000 @@ -7225,6 +7225,10 @@ bool get_schema_tables_result(JOIN *join bool result= 0; DBUG_ENTER("get_schema_tables_result"); + /* Check if the schema table is optimized away */ + if (!join->join_tab) + DBUG_RETURN(result); + for (JOIN_TAB *tab= join->join_tab; tab < tmp_join_tab; tab++) { if (!tab->table || !tab->table->pos_in_table_list) No bundle (reason: useless for push emails).