Below is the list of changes that have just been committed into a local
5.0 repository of kaa. When kaa does a push these changes
will be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html
ChangeSet@stripped, 2008-02-10 15:56:54+03:00, kaa@mbp. +3 -0
Fix for bug #33389: Selecting from a view into a table from within SP
or trigger crashes server
Under some circumstances a combination of VIEWs, subselects with outer
references and PS/SP/triggers could lead to use of uninitialized memory
and server crash as a result.
Fixed by changing the code in Item_field::fix_fields() so that in cases
when the field is a VIEW reference, we first check whether the field
is also an outer reference, and mark it appropriately before returning.
mysql-test/r/view.result@stripped, 2008-02-10 15:56:52+03:00, kaa@mbp. +14 -0
Added a test case for bug #33389.
mysql-test/t/view.test@stripped, 2008-02-10 15:56:52+03:00, kaa@mbp. +22 -0
Added a test case for bug #33389.
sql/item.cc@stripped, 2008-02-10 15:56:52+03:00, kaa@mbp. +12 -12
In cases when in Item_field::fix_fields() from_field is a view reference,
do not return too early, i.e. before marking the reference as an outer
one when needed.
diff -Nrup a/mysql-test/r/view.result b/mysql-test/r/view.result
--- a/mysql-test/r/view.result 2008-01-11 19:54:26 +03:00
+++ b/mysql-test/r/view.result 2008-02-10 15:56:52 +03:00
@@ -3618,4 +3618,18 @@ ERROR HY000: Field of view 'test.v1' und
set @@sql_mode=@old_mode;
drop view v1;
drop table t1;
+create table t1 (a int default null, key(a));
+create table t2 (c int not null);
+create view v1 as select a b from t1;
+create view v2 as select 1 a from t2 s left join v1 c on 1 where c in
+(select 1 from t1 where b = a);
+insert into t1 values (1), (1);
+insert into t2 values (1);
+prepare stmt from "select * from v2 where a = 1";
+execute stmt;
+a
+1
+1
+drop view v1, v2;
+drop table t1, t2;
End of 5.0 tests.
diff -Nrup a/mysql-test/t/view.test b/mysql-test/t/view.test
--- a/mysql-test/t/view.test 2008-01-11 19:54:15 +03:00
+++ b/mysql-test/t/view.test 2008-02-10 15:56:52 +03:00
@@ -3470,5 +3470,27 @@ insert into v1 values(1);
set @@sql_mode=@old_mode;
drop view v1;
drop table t1;
+
+#
+# Bug #33389: Selecting from a view into a table from within SP or trigger
+# crashes server
+#
+
+create table t1 (a int default null, key(a));
+create table t2 (c int not null);
+
+create view v1 as select a b from t1;
+create view v2 as select 1 a from t2 s left join v1 c on 1 where c in
+ (select 1 from t1 where b = a);
+
+insert into t1 values (1), (1);
+insert into t2 values (1);
+
+prepare stmt from "select * from v2 where a = 1";
+execute stmt;
+
+drop view v1, v2;
+drop table t1, t2;
+
--echo End of 5.0 tests.
diff -Nrup a/sql/item.cc b/sql/item.cc
--- a/sql/item.cc 2008-01-11 20:57:33 +03:00
+++ b/sql/item.cc 2008-02-10 15:56:52 +03:00
@@ -3903,6 +3903,18 @@ bool Item_field::fix_fields(THD *thd, It
else if (!from_field)
goto error;
+ if (!outer_fixed && cached_table && cached_table->select_lex &&
+ context->select_lex &&
+ cached_table->select_lex != context->select_lex)
+ {
+ int ret;
+ if ((ret= fix_outer_field(thd, &from_field, reference)) < 0)
+ goto error;
+ else if (!ret)
+ return FALSE;
+ outer_fixed= 1;
+ }
+
/*
if it is not expression from merged VIEW we will set this field.
@@ -3917,18 +3929,6 @@ bool Item_field::fix_fields(THD *thd, It
*/
if (from_field == view_ref_found)
return FALSE;
-
- if (!outer_fixed && cached_table && cached_table->select_lex &&
- context->select_lex &&
- cached_table->select_lex != context->select_lex)
- {
- int ret;
- if ((ret= fix_outer_field(thd, &from_field, reference)) < 0)
- goto error;
- else if (!ret)
- return FALSE;
- outer_fixed= 1;
- }
set_field(from_field);
if (thd->lex->in_sum_func &&
| Thread |
|---|
| • bk commit into 5.0 tree (kaa:1.2593) BUG#33389 | Alexey Kopytov | 10 Feb |
