From: Date: January 10 2007 9:27am
Subject: bk commit into 4.1 tree (igor:1.2593) BUG#25427
List-Archive: http://lists.mysql.com/commits/17831
X-Bug: 25427
Message-Id: <20070110082716.EC40ABCB1E@olga.mysql.com>

Below is the list of changes that have just been committed into a local
4.1 repository of igor. When igor does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-01-10 00:27:11-08:00, igor@stripped +3 -0
  Fixed bug #25427.
  In the method Item_field::fix_fields we try to resolve the name of
  the field against the names of the aliases that occur in the select
  list. This is done by a call of the function find_item_in_list.
  When this function finds several occurrences of the field name
  it sends an error message to the error queue and returns 0.
  Yet the code did not take into account that find_item_in_list
  could return 0 and tried to dereference the returned value.

  mysql-test/r/order_by.result@stripped, 2007-01-10 00:27:09-08:00, igor@stripped +8 -0
    Added a test case for bug #25427.

  mysql-test/t/order_by.test@stripped, 2007-01-10 00:27:09-08:00, igor@stripped +15 -0
    Added a test case for bug #25427.

  sql/item.cc@stripped, 2007-01-10 00:27:09-08:00, igor@stripped +2 -0
    Fixed bug #25427.
    In the method Item_field::fix_fields we try to resolve the name of
    the field against the names of the aliases that occur in the select
    list. This is done by a call of the function find_item_in_list.
    When this function finds several occurrences of the field name 
    it sends an error message to the error queue and returns 0.
    Yet the code did not take into account that find_item_in_list
    could return 0 and tried to dereference the returned value.
    
    

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	igor
# Host:	olga.mysql.com
# Root:	/home/igor/dev-opt/mysql-4.1-opt-bug25427

--- 1.234/sql/item.cc	2007-01-10 00:27:16 -08:00
+++ 1.235/sql/item.cc	2007-01-10 00:27:16 -08:00
@@ -1761,6 +1761,8 @@
         Item** res= find_item_in_list(this, thd->lex->current_select->item_list,
                                       &counter, REPORT_EXCEPT_NOT_FOUND,
                                       &not_used);
+        if (!res)
+          return 1;
         if (res != (Item **)not_found_item)
         {
           if ((*res)->type() == Item::FIELD_ITEM)

--- 1.48/mysql-test/r/order_by.result	2007-01-10 00:27:16 -08:00
+++ 1.49/mysql-test/r/order_by.result	2007-01-10 00:27:16 -08:00
@@ -847,3 +847,11 @@
 SELECT a.a + 1 AS num FROM t1 a JOIN t1 b ON num = b.a;
 ERROR 42S22: Unknown column 'num' in 'on clause'
 DROP TABLE t1;
+CREATE TABLE t1 (a int);
+SELECT p.a AS val, q.a AS val1 FROM t1 p, t1 q ORDER BY val > 1;
+val	val1
+SELECT p.a AS val, q.a AS val FROM t1 p, t1 q ORDER BY val;
+ERROR 23000: Column 'val' in order clause is ambiguous
+SELECT p.a AS val, q.a AS val FROM t1 p, t1 q ORDER BY val > 1;
+ERROR 23000: Column 'val' in order clause is ambiguous
+DROP TABLE t1;

--- 1.35/mysql-test/t/order_by.test	2007-01-10 00:27:16 -08:00
+++ 1.36/mysql-test/t/order_by.test	2007-01-10 00:27:16 -08:00
@@ -575,4 +575,19 @@
 SELECT a.a + 1 AS num FROM t1 a JOIN t1 b ON num = b.a;
 DROP TABLE t1;
 
+#
+# Bug #25427: crash when order by expression contains a name
+#             that cannot be resolved unambiguously               
+#
+
+CREATE TABLE t1 (a int);
+
+SELECT p.a AS val, q.a AS val1 FROM t1 p, t1 q ORDER BY val > 1;
+--error 1052
+SELECT p.a AS val, q.a AS val FROM t1 p, t1 q ORDER BY val;
+--error 1052
+SELECT p.a AS val, q.a AS val FROM t1 p, t1 q ORDER BY val > 1;
+
+DROP TABLE t1;
+
 # End of 4.1 tests