• Developer Zone
• Lists Home
• FAQ

Below is the list of changes that have just been committed into a local
5.0 repository of igor. When igor does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-06-07 22:35:31-07:00, igor@stripped +3 -0
  Fixed bug #28811: crash for a query containing a subquery with 
  ORDER BY and LIMIT 1. 
  The bug was introduced by the patch for bug 21727. The patch
  erroneously skipped initialization of the array of headers
  for sorted records for non-first evaluations of the subquery.
  
  To fix the problem a new parameter has been added to the
  function make_char_array that performs the initialization.
  Now this function is called for any invocation of the 
  filesort procedure. Yet it allocates the buffer for sorted
  records only if this parameter is NULL.

  mysql-test/r/subselect.result@stripped, 2007-06-07 22:35:28-07:00, igor@stripped +26
-0
    Added a test case for bug #28811.

  mysql-test/t/subselect.test@stripped, 2007-06-07 22:35:28-07:00, igor@stripped +32 -0
    Added a test case for bug #28811.

  sql/filesort.cc@stripped, 2007-06-07 22:35:28-07:00, igor@stripped +11 -8
    Fixed bug #28811: crash for a query containing a subquery with 
    ORDER BY and LIMIT 1. 
    The bug was introduced by the patch for bug 21727. The patch
    erroneously skipped initialization of the array of headers
    for sorted records for non-first evaluations of the subquery.
    
    To fix the problem a new parameter has been added to the
    function make_char_array that performs the initialization.
    Now this function is called for any invocation of the 
    filesort procedure. Yet it allocates the buffer for sorted
    records only if this parameter is NULL.

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	igor
# Host:	olga.mysql.com
# Root:	/home/igor/dev-opt/mysql-5.0-opt-bug28811

--- 1.120/sql/filesort.cc	2007-06-07 22:35:37 -07:00
+++ 1.121/sql/filesort.cc	2007-06-07 22:35:37 -07:00
@@ -35,7 +35,8 @@
 
 	/* functions defined in this file */
 
-static char **make_char_array(register uint fields, uint length, myf my_flag);
+static char **make_char_array(char **old_pos, register uint fields,
+                              uint length, myf my_flag);
 static BUFFPEK *read_buffpek_from_file(IO_CACHE *buffer_file, uint count);
 static ha_rows find_all_keys(SORTPARAM *param,SQL_SELECT *select,
 			     uchar * *sort_keys, IO_CACHE *buffer_file,
@@ -202,9 +203,9 @@
     ulong old_memavl;
     ulong keys= memavl/(param.rec_length+sizeof(char*));
     param.keys=(uint) min(records+1, keys);
-    if (table_sort.sort_keys ||
-        (table_sort.sort_keys= (uchar **) make_char_array(param.keys, param.rec_length,
-                                               MYF(0))))
+    if ((table_sort.sort_keys=
+	 (uchar **) make_char_array((char **) table_sort.sort_keys,
+                                    param.keys, param.rec_length, MYF(0))))
       break;
     old_memavl=memavl;
     if ((memavl=memavl/4*3) < min_sort_memory && old_memavl >
min_sort_memory)
@@ -346,14 +347,16 @@
 
 	/* Make a array of string pointers */
 
-static char **make_char_array(register uint fields, uint length, myf my_flag)
+static char **make_char_array(char **old_pos, register uint fields,
+                              uint length, myf my_flag)
 {
   register char **pos;
-  char **old_pos,*char_pos;
+  char *char_pos;
   DBUG_ENTER("make_char_array");
 
-  if ((old_pos= (char**) my_malloc((uint) fields*(length+sizeof(char*)),
-				    my_flag)))
+  if (old_pos ||
+      (old_pos= (char**) my_malloc((uint) fields*(length+sizeof(char*)),
+				   my_flag)))
   {
     pos=old_pos; char_pos=((char*) (pos+fields)) -length;
     while (fields--) *(pos++) = (char_pos+= length);

--- 1.193/mysql-test/r/subselect.result	2007-06-07 22:35:37 -07:00
+++ 1.194/mysql-test/r/subselect.result	2007-06-07 22:35:37 -07:00
@@ -4080,4 +4080,30 @@
 Warnings:
 Note	1003	select `res`.`count(*)` AS `count(*)` from (select count(0) AS `count(*)` from
`test`.`t1` group by `test`.`t1`.`a`) `res`
 DROP TABLE t1;
+CREATE TABLE t1 (
+a varchar(255) default NULL,
+b timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
+INDEX idx(a,b)
+);
+CREATE TABLE t2 (
+a varchar(255) default NULL
+);
+INSERT INTO t1 VALUES ('abcdefghijk','2007-05-07 06:00:24');
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO `t1` VALUES ('asdf','2007-02-08 01:11:26');
+INSERT INTO `t2` VALUES ('abcdefghijk');
+INSERT INTO `t2` VALUES ('asdf');
+SET session sort_buffer_size=8192;
+SELECT (SELECT 1 FROM  t1 WHERE t1.a=t2.a ORDER BY t1.b LIMIT 1) AS d1 FROM t2;
+d1
+1
+1
+DROP TABLE t1,t2;
 End of 5.0 tests.

--- 1.155/mysql-test/t/subselect.test	2007-06-07 22:35:37 -07:00
+++ 1.156/mysql-test/t/subselect.test	2007-06-07 22:35:37 -07:00
@@ -2913,4 +2913,36 @@
 
 DROP TABLE t1;
 
+#
+# Bug #28811: crash for query containing subquery with ORDER BY and LIMIT 1 
+#
+ 
+CREATE TABLE t1 (
+  a varchar(255) default NULL,
+  b timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
+  INDEX idx(a,b)
+);
+CREATE TABLE t2 (
+  a varchar(255) default NULL
+);
+
+INSERT INTO t1 VALUES ('abcdefghijk','2007-05-07 06:00:24');
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO t1 SELECT * FROM t1;
+INSERT INTO `t1` VALUES ('asdf','2007-02-08 01:11:26');
+INSERT INTO `t2` VALUES ('abcdefghijk');
+INSERT INTO `t2` VALUES ('asdf');
+
+SET session sort_buffer_size=8192;
+
+SELECT (SELECT 1 FROM  t1 WHERE t1.a=t2.a ORDER BY t1.b LIMIT 1) AS d1 FROM t2;
+
+DROP TABLE t1,t2;
+
 --echo End of 5.0 tests.