From: Date: January 18 2008 8:50pm
Subject: bk commit into 5.0 tree (sergefp:1.2590) BUG#33794
List-Archive: http://lists.mysql.com/commits/41066
X-Bug: 33794
Message-Id: <20080118195043.0A56A2D7721@pslp.localdomain>

Below is the list of changes that have just been committed into a local
5.0 repository of sergefp.  When sergefp does a push these changes
will be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2008-01-18 22:50:36+03:00, sergefp@stripped +3 -0
  BUG#33794 "MySQL crashes executing specific query":
  The problem occurred when one had a subquery that had an equality X=Y where 
  Y referred to a named select list expression from the parent select. MySQL 
  crashed when trying to use the X=Y equality for ref-based access. 
  
  Fixed by allowing non-Item_field items in the described case.

  mysql-test/r/subselect.result@stripped, 2008-01-18 22:50:30+03:00, sergefp@stripped +48 -0
    BUG#33794 "MySQL crashes executing specific query"
    - Testcase

  mysql-test/t/subselect.test@stripped, 2008-01-18 22:50:30+03:00, sergefp@stripped +55 -0
    BUG#33794 "MySQL crashes executing specific query"
    - Testcase

  sql/sql_select.cc@stripped, 2008-01-18 22:50:30+03:00, sergefp@stripped +2 -1
    BUG#33794 "MySQL crashes executing specific query"
    get_store_key() assumed that if it got a reference
      t.key=Item_outer_ref(Item_direct_ref(x)) 
    then x was an Item_field object, which is not the case when one refers to a
    named select list expression out ot subquery.

diff -Nrup a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result
--- a/mysql-test/r/subselect.result	2008-01-09 00:39:19 +03:00
+++ b/mysql-test/r/subselect.result	2008-01-18 22:50:30 +03:00
@@ -4392,4 +4392,52 @@ select count(*) from t1 where f12 = 
 count(*)
 3
 drop table t1,t2;
+CREATE TABLE t4 (
+f7 varchar(32) collate utf8_bin NOT NULL default '',
+f10 varchar(32) collate utf8_bin default NULL,
+PRIMARY KEY  (f7)
+);
+INSERT INTO t4 VALUES(1,1), (2,null);
+CREATE TABLE t2 (
+f4 varchar(32) collate utf8_bin NOT NULL default '',
+f2 varchar(50) collate utf8_bin default NULL,
+f3 varchar(10) collate utf8_bin default NULL,
+PRIMARY KEY  (f4),
+UNIQUE KEY uk1 (f2)
+);
+INSERT INTO t2 VALUES(1,1,null), (2,2,null);
+CREATE TABLE t1 (
+f8 varchar(32) collate utf8_bin NOT NULL default '',
+f1 varchar(10) collate utf8_bin default NULL,
+f9 varchar(32) collate utf8_bin default NULL,
+PRIMARY KEY  (f8)
+);
+INSERT INTO t1 VALUES (1,'P',1), (2,'P',1), (3,'R',2);
+CREATE TABLE t3 (
+f6 varchar(32) collate utf8_bin NOT NULL default '',
+f5 varchar(50) collate utf8_bin default NULL,
+PRIMARY KEY (f6)
+);
+INSERT INTO t3 VALUES (1,null), (2,null);
+SELECT
+IF(t1.f1 = 'R', a1.f2, t2.f2) AS a4,
+IF(t1.f1 = 'R', a1.f3, t2.f3) AS f3,
+SUM(
+IF(
+(SELECT VPC.f2
+FROM t2 VPC, t4 a2, t2 a3
+WHERE
+VPC.f4 = a2.f10 AND a3.f2 = a4
+LIMIT 1) IS NULL, 
+0, 
+t3.f5
+)
+) AS a6
+FROM 
+t2, t3, t1 JOIN t2 a1 ON t1.f9 = a1.f4
+GROUP BY a4;
+a4	f3	a6
+1	NULL	NULL
+2	NULL	NULL
+DROP TABLE t1, t2;
 End of 5.0 tests.
diff -Nrup a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test
--- a/mysql-test/t/subselect.test	2008-01-09 00:39:53 +03:00
+++ b/mysql-test/t/subselect.test	2008-01-18 22:50:30 +03:00
@@ -3252,4 +3252,59 @@ select count(*) from t1 where f12 = 
 (select f22 from t2 where f22 = f12 order by f21 desc, f22, f23 limit 1);
 
 drop table t1,t2;
+
+#
+# BUG#33794 "MySQL crashes executing specific query on specific dump"
+#
+CREATE TABLE t4 (
+  f7 varchar(32) collate utf8_bin NOT NULL default '',
+  f10 varchar(32) collate utf8_bin default NULL,
+  PRIMARY KEY  (f7)
+);
+INSERT INTO t4 VALUES(1,1), (2,null);
+
+CREATE TABLE t2 (
+  f4 varchar(32) collate utf8_bin NOT NULL default '',
+  f2 varchar(50) collate utf8_bin default NULL,
+  f3 varchar(10) collate utf8_bin default NULL,
+  PRIMARY KEY  (f4),
+  UNIQUE KEY uk1 (f2)
+);
+INSERT INTO t2 VALUES(1,1,null), (2,2,null);
+
+CREATE TABLE t1 (
+  f8 varchar(32) collate utf8_bin NOT NULL default '',
+  f1 varchar(10) collate utf8_bin default NULL,
+  f9 varchar(32) collate utf8_bin default NULL,
+  PRIMARY KEY  (f8)
+);
+INSERT INTO t1 VALUES (1,'P',1), (2,'P',1), (3,'R',2);
+
+CREATE TABLE t3 (
+  f6 varchar(32) collate utf8_bin NOT NULL default '',
+  f5 varchar(50) collate utf8_bin default NULL,
+  PRIMARY KEY (f6)
+);
+INSERT INTO t3 VALUES (1,null), (2,null);
+
+SELECT
+  IF(t1.f1 = 'R', a1.f2, t2.f2) AS a4,
+  IF(t1.f1 = 'R', a1.f3, t2.f3) AS f3,
+  SUM(
+    IF(
+      (SELECT VPC.f2
+       FROM t2 VPC, t4 a2, t2 a3
+       WHERE
+         VPC.f4 = a2.f10 AND a3.f2 = a4
+       LIMIT 1) IS NULL, 
+       0, 
+       t3.f5
+    )
+  ) AS a6
+FROM 
+  t2, t3, t1 JOIN t2 a1 ON t1.f9 = a1.f4
+GROUP BY a4;
+
+DROP TABLE t1, t2;
 --echo End of 5.0 tests.
+
diff -Nrup a/sql/sql_select.cc b/sql/sql_select.cc
--- a/sql/sql_select.cc	2007-12-20 13:23:59 +03:00
+++ b/sql/sql_select.cc	2008-01-18 22:50:30 +03:00
@@ -5379,7 +5379,8 @@ get_store_key(THD *thd, KEYUSE *keyuse, 
            (keyuse->val->type() == Item::REF_ITEM &&
             ((Item_ref*)keyuse->val)->ref_type() == Item_ref::OUTER_REF &&
             (*(Item_ref**)((Item_ref*)keyuse->val)->ref)->ref_type() ==
-             Item_ref::DIRECT_REF) )
+             Item_ref::DIRECT_REF && 
+            keyuse->val->real_item()->type() == Item::FIELD_ITEM))
     return new store_key_field(thd,
 			       key_part->field,
 			       key_buff + maybe_null,