From: Date: August 27 2008 3:03pm
Subject: bzr commit into mysql-5.0 branch (epotemkin:2678) Bug#38195
List-Archive: http://lists.mysql.com/commits/52702
X-Bug: 38195
Message-Id: <20080827130328.B5802547D2@moonbone.localdomain>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

#At file:///work/bzr_trees/38195-bug-5.0-bugteam/

 2678 Evgeny Potemkin	2008-08-27
      Bug#38195: Incorrect handling of aggregate functions when loose index scan is
      used causes server crash.
            
      When the loose index scan access method is used values of aggregated functions
      are precomputed by it. Aggregation of such functions shouldn't be performed
      in this case and functions should be treated as normal ones.
      The create_tmp_table function wasn't taking this into account and this led to
      a crash if a query has MIN/MAX aggregate functions and employs temporary table
      and loose index scan.
      Now the JOIN::exec and the create_tmp_table functions treat MIN/MAX aggregate
      functions as normal ones when the loose index scan is used.
modified:
  mysql-test/r/group_min_max.result
  mysql-test/t/group_min_max.test
  sql/sql_select.cc

per-file messages:
  mysql-test/r/group_min_max.result
    Added a test case for the bug#38195.
  mysql-test/t/group_min_max.test
    Added a test case for the bug#38195.
  sql/sql_select.cc
    Bug#38195: Incorrect handling of aggregate functions when loose index scan is
    used causes server crash.
    The JOIN::exec and the create_tmp_table functions treat MIN/MAX aggregate
    functions as normal ones when the loose index scan is used.
=== modified file 'mysql-test/r/group_min_max.result'
--- a/mysql-test/r/group_min_max.result	2008-08-19 10:36:24 +0000
+++ b/mysql-test/r/group_min_max.result	2008-08-27 13:03:17 +0000
@@ -2353,3 +2353,79 @@ a	MIN(b)	MAX(b)	AVG(b)
 2	1	3	2.0000
 1	1	3	2.0000
 DROP TABLE t1;
+create table t1 (a int, b int, primary key (a,b), key `index` (a,b)) engine=MyISAM;
+insert into  t1 (a,b) values 
+(0,0),(0,1),(0,2),(0,3),(0,4),(0,5),(0,6),
+(0,7),(0,8),(0,9),(0,10),(0,11),(0,12),(0,13),
+(1,0),(1,1),(1,2),(1,3),(1,4),(1,5),(1,6),
+(1,7),(1,8),(1,9),(1,10),(1,11),(1,12),(1,13),
+(2,0),(2,1),(2,2),(2,3),(2,4),(2,5),(2,6),
+(2,7),(2,8),(2,9),(2,10),(2,11),(2,12),(2,13),
+(3,0),(3,1),(3,2),(3,3),(3,4),(3,5),(3,6),
+(3,7),(3,8),(3,9),(3,10),(3,11),(3,12),(3,13);
+insert into t1 (a,b) select a, max(b)+1 from t1 where a = 0 group by a;
+select * from t1;
+a	b
+0	0
+0	1
+0	2
+0	3
+0	4
+0	5
+0	6
+0	7
+0	8
+0	9
+0	10
+0	11
+0	12
+0	13
+0	14
+1	0
+1	1
+1	2
+1	3
+1	4
+1	5
+1	6
+1	7
+1	8
+1	9
+1	10
+1	11
+1	12
+1	13
+2	0
+2	1
+2	2
+2	3
+2	4
+2	5
+2	6
+2	7
+2	8
+2	9
+2	10
+2	11
+2	12
+2	13
+3	0
+3	1
+3	2
+3	3
+3	4
+3	5
+3	6
+3	7
+3	8
+3	9
+3	10
+3	11
+3	12
+3	13
+explain extended select sql_buffer_result a, max(b)+1 from t1 where a = 0 group by a;
+id	select_type	table	type	possible_keys	key	key_len	ref	rows	Extra
+1	SIMPLE	t1	range	PRIMARY,index	PRIMARY	4	NULL	3	Using where; Using index for group-by; Using temporary
+Warnings:
+Note	1003	select sql_buffer_result `test`.`t1`.`a` AS `a`,(max(`test`.`t1`.`b`) + 1) AS `max(b)+1` from `test`.`t1` where (`test`.`t1`.`a` = 0) group by `test`.`t1`.`a`
+drop table t1;

=== modified file 'mysql-test/t/group_min_max.test'
--- a/mysql-test/t/group_min_max.test	2008-08-19 10:36:24 +0000
+++ b/mysql-test/t/group_min_max.test	2008-08-27 13:03:17 +0000
@@ -916,3 +916,22 @@ SELECT a, MIN(b), MAX(b), AVG(b) FROM t1
 SELECT a, MIN(b), MAX(b), AVG(b) FROM t1 GROUP BY a ORDER BY a DESC;
 
 DROP TABLE t1;
+
+#
+# Bug#38195: Incorrect handling of aggregate functions when loose index scan is
+#            used causes server crash.
+#
+create table t1 (a int, b int, primary key (a,b), key `index` (a,b)) engine=MyISAM;
+insert into  t1 (a,b) values 
+(0,0),(0,1),(0,2),(0,3),(0,4),(0,5),(0,6),
+  (0,7),(0,8),(0,9),(0,10),(0,11),(0,12),(0,13),
+(1,0),(1,1),(1,2),(1,3),(1,4),(1,5),(1,6),
+  (1,7),(1,8),(1,9),(1,10),(1,11),(1,12),(1,13),
+(2,0),(2,1),(2,2),(2,3),(2,4),(2,5),(2,6),
+  (2,7),(2,8),(2,9),(2,10),(2,11),(2,12),(2,13),
+(3,0),(3,1),(3,2),(3,3),(3,4),(3,5),(3,6),
+  (3,7),(3,8),(3,9),(3,10),(3,11),(3,12),(3,13);
+insert into t1 (a,b) select a, max(b)+1 from t1 where a = 0 group by a;
+select * from t1;
+explain extended select sql_buffer_result a, max(b)+1 from t1 where a = 0 group by a;
+drop table t1;

=== modified file 'sql/sql_select.cc'
--- a/sql/sql_select.cc	2008-08-19 10:36:24 +0000
+++ b/sql/sql_select.cc	2008-08-27 13:03:17 +0000
@@ -1724,7 +1724,8 @@ JOIN::exec()
     if (!items1)
     {
       items1= items0 + all_fields.elements;
-      if (sort_and_group || curr_tmp_table->group)
+      if (sort_and_group || curr_tmp_table->group ||
+          tmp_table_param.precomputed_group_by)
       {
 	if (change_to_use_tmp_fields(thd, items1,
 				     tmp_fields_list1, tmp_all_fields1,
@@ -9259,6 +9260,8 @@ create_tmp_table(THD *thd,TMP_TABLE_PARA
   MI_COLUMNDEF *recinfo;
   uint total_uneven_bit_length= 0;
   bool force_copy_fields= param->force_copy_fields;
+  /* Treat sum functions as normal ones when loose index scan is used. */
+  save_sum_fields|= param->precomputed_group_by;
   DBUG_ENTER("create_tmp_table");
   DBUG_PRINT("enter",("distinct: %d  save_sum_fields: %d  rows_limit: %lu  group: %d",
 		      (int) distinct, (int) save_sum_fields,