From: Date: January 24 2008 1:46am Subject: bk commit into 6.0 tree (sergefp:1.2790) BUG#33033 List-Archive: http://lists.mysql.com/commits/41184 X-Bug: 33033 Message-Id: <20080124004625.CCF037580EC@foxhole.localdomain> Below is the list of changes that have just been committed into a local 6.0 repository of sergefp. When sergefp does a push these changes will be propagated to the main repository and, within 24 hours after the push, to the public repository. For information on how to access the public repository see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html ChangeSet@stripped, 2008-01-24 03:46:18+03:00, sergefp@stripped +3 -0 BUG#33033 "MySQL/InnoDB crashes with simple select range query" - If we've walked off the end of the range, still make the btr_pcur_store_position() call. If we're currently filling row prefetch cache (see row_sel_push_cached_row_for_mysql()), we will try to continue doing the scan after we've returned all records from the cache, and that is when we'll need correct btr position. mysql-test/r/innodb_mrr.result@stripped, 2008-01-24 03:46:08+03:00, sergefp@stripped +14 -0 BUG#33033 "MySQL/InnoDB crashes with simple select range query" - Testcase mysql-test/t/innodb_mrr.test@stripped, 2008-01-24 03:46:08+03:00, sergefp@stripped +20 -0 BUG#33033 "MySQL/InnoDB crashes with simple select range query" - Testcase storage/innobase/row/row0sel.c@stripped, 2008-01-24 03:46:08+03:00, sergefp@stripped +4 -3 BUG#33033 "MySQL/InnoDB crashes with simple select range query" - If we've walked off the end of the range, still make the btr_pcur_store_position() call. If we're currently filling row prefetch cache (see row_sel_push_cached_row_for_mysql()), we will try to continue doing the scan after we've returned all records from the cache, and that is when we'll need correct btr position. diff -Nrup a/mysql-test/r/innodb_mrr.result b/mysql-test/r/innodb_mrr.result --- a/mysql-test/r/innodb_mrr.result 2007-11-27 12:36:56 +03:00 +++ b/mysql-test/r/innodb_mrr.result 2008-01-24 03:46:08 +03:00 @@ -300,3 +300,17 @@ id select_type table type possible_keys drop table t2; drop table t1; set @@read_rnd_buffer_size= @read_rnd_buffer_size_save; +create table t1 (f1 int not null, f2 int not null,f3 int not null, f4 char(1), primary key (f1,f2), key ix(f3))Engine=InnoDB; +select * from t1 where (f3>=5 and f3<=10) or (f3>=1 and f3<=4); +f1 f2 f3 f4 +1 1 1 A +2 2 2 A +3 3 3 A +4 4 4 A +5 5 5 A +6 6 6 A +7 7 7 A +8 8 8 A +9 9 9 A +10 10 10 A +drop table t1; diff -Nrup a/mysql-test/t/innodb_mrr.test b/mysql-test/t/innodb_mrr.test --- a/mysql-test/t/innodb_mrr.test 2007-11-27 12:36:56 +03:00 +++ b/mysql-test/t/innodb_mrr.test 2008-01-24 03:46:08 +03:00 @@ -46,3 +46,23 @@ drop table t2; drop table t1; set @@read_rnd_buffer_size= @read_rnd_buffer_size_save; +# +# BUG#33033 "MySQL/InnoDB crashes with simple select range query" +# +create table t1 (f1 int not null, f2 int not null,f3 int not null, f4 char(1), primary key (f1,f2), key ix(f3))Engine=InnoDB; + +--disable_query_log +let $1=55; + +while ($1) +{ + eval insert into t1(f1,f2,f3,f4) values ($1,$1,$1,'A'); + dec $1; +} +--enable_query_log + +# The following must not crash: +select * from t1 where (f3>=5 and f3<=10) or (f3>=1 and f3<=4); + +drop table t1; + diff -Nrup a/storage/innobase/row/row0sel.c b/storage/innobase/row/row0sel.c --- a/storage/innobase/row/row0sel.c 2007-11-07 03:30:47 +03:00 +++ b/storage/innobase/row/row0sel.c 2008-01-24 03:46:08 +03:00 @@ -4175,7 +4175,7 @@ idx_cond_check: if (res == 2) { err = DB_RECORD_NOT_FOUND; - goto normal_return; + goto idx_cond_failed; } } @@ -4327,6 +4327,9 @@ got_row: HANDLER command where the user can move the cursor with PREV or NEXT even after a unique search. */ + err = DB_SUCCESS; + +idx_cond_failed: if (!unique_search_from_clust_index || prebuilt->select_lock_type != LOCK_NONE || prebuilt->used_in_HANDLER) { @@ -4335,8 +4338,6 @@ got_row: btr_pcur_store_position(pcur, &mtr); } - - err = DB_SUCCESS; goto normal_return;