#At file:///Users/kgeorge/mysql/bzr/B37348-5.1-5.1.29-rc/
2688 Georgi Kodinov 2008-09-23
Bug #37348: Crash in or immediately after JOIN::make_sum_func_list
Materializing temporary tables in outer contexts can cause the code that
allocates the fields that need to be copied for GROUP BY to decide to
copy more fields than initially counted.
Fixed by checking for the special case when it's actually wrong to
consider an Item_field as a thing that needs copying.
modified:
mysql-test/r/func_group.result
mysql-test/t/func_group.test
sql/item.cc
sql/item.h
sql/sql_select.cc
per-file messages:
mysql-test/r/func_group.result
Bug #37348: test case
mysql-test/t/func_group.test
Bug #37348: test case
sql/item.cc
Bug #37348: implement a way to recognise Item_aggregate_ref
sql/item.h
Bug #37348: implement a way to recognise Item_aggregate_ref
sql/sql_select.cc
Bug #37348: don't consider copying outer field references
seen through Item_aggregate_ref
=== modified file 'mysql-test/r/func_group.result'
--- a/mysql-test/r/func_group.result 2008-03-19 11:25:36 +0000
+++ b/mysql-test/r/func_group.result 2008-09-23 06:58:04 +0000
@@ -1416,4 +1416,139 @@ SELECT AVG(a), CAST(AVG(a) AS DECIMAL) F
AVG(a) CAST(AVG(a) AS DECIMAL)
15 15
DROP TABLE t1;
+CREATE TABLE derived1 (a bigint(21));
+INSERT INTO derived1 VALUES (2);
+CREATE TABLE D (
+pk int(11) NOT NULL AUTO_INCREMENT,
+int_nokey int(11) DEFAULT NULL,
+int_key int(11) DEFAULT NULL,
+filler blob,
+PRIMARY KEY (pk),
+KEY int_key (int_key)
+);
+INSERT INTO D VALUES
+(1,12,67,' X '),
+(2,15,15,NULL),
+(3,23,67,' X '),
+(4,23,67,' X '),
+(5,12,67,' X '),
+(6,60,60,NULL),
+(7,68,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(8,22,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(9,41,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(10,20,67,' X '),
+(11,43,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(12,79,79,NULL),
+(13,16,67,' X '),
+(14,73,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(15,77,77,NULL),
+(16,7,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(17,86,86,NULL),
+(18,4,67,' X '),
+(19,46,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(20,47,47,NULL),
+(21,82,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(22,52,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(23,45,45,NULL),
+(24,87,87,NULL),
+(25,33,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(26,91,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(27,10,67,' X '),
+(28,85,85,NULL),
+(29,64,64,NULL),
+(30,86,86,NULL),
+(31,99,99,NULL),
+(32,54,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(33,30,30,NULL),
+(34,94,94,NULL),
+(35,96,96,NULL),
+(36,34,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(37,97,97,NULL),
+(38,92,92,NULL),
+(39,40,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(40,23,67,' X '),
+(41,63,63,NULL),
+(42,70,70,NULL),
+(43,56,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(44,90,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(45,90,90,NULL),
+(46,69,69,NULL),
+(47,12,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(48,85,85,NULL),
+(49,59,59,NULL),
+(50,22,67,' X '),
+(51,99,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(52,39,39,NULL),
+(53,81,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(54,80,80,NULL),
+(55,68,68,NULL),
+(56,49,49,NULL),
+(57,55,55,NULL),
+(58,73,73,NULL),
+(59,4,67,' X '),
+(60,75,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(61,80,80,NULL),
+(62,21,67,' X '),
+(63,66,66,NULL),
+(64,41,41,NULL),
+(65,42,42,NULL),
+(66,45,45,NULL),
+(67,87,87,NULL),
+(68,42,42,NULL),
+(69,38,38,NULL),
+(70,2,67,' X '),
+(71,28,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(72,57,57,NULL),
+(73,33,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(74,70,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(75,6,67,' X '),
+(76,54,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(77,49,49,NULL),
+(78,20,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(79,5,67,' X '),
+(80,74,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(81,72,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(82,32,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(83,45,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(84,58,58,NULL),
+(85,19,67,' X '),
+(86,22,67,' X '),
+(87,0,67,' X '),
+(88,95,95,NULL),
+(89,56,56,NULL),
+(90,37,37,NULL),
+(91,57,57,NULL),
+(92,98,98,NULL),
+(93,86,86,NULL),
+(94,15,67,' X '),
+(95,4,67,' X '),
+(96,83,83,NULL),
+(97,81,81,NULL),
+(98,32,32,NULL),
+(99,63,63,NULL),
+(100,45,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(102,NULL,33,NULL),
+(103,49,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+(104,92,12,NULL),
+(105,53,12,NULL),
+(106,41,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X ');
+SELECT
+(SELECT COUNT( int_nokey )
+FROM derived1 AS X
+WHERE
+X.int_nokey < 61
+GROUP BY pk
+LIMIT 1)
+FROM D AS X
+WHERE X.int_key < 13
+GROUP BY int_nokey LIMIT 1;
+(SELECT COUNT( int_nokey )
+FROM derived1 AS X
+WHERE
+X.int_nokey < 61
+GROUP BY pk
+LIMIT 1)
+1
+DROP TABLE derived1;
+DROP TABLE D;
End of 5.0 tests
=== modified file 'mysql-test/t/func_group.test'
--- a/mysql-test/t/func_group.test 2008-03-19 11:25:36 +0000
+++ b/mysql-test/t/func_group.test 2008-09-23 06:58:04 +0000
@@ -933,5 +933,143 @@ SELECT AVG(a), CAST(AVG(a) AS DECIMAL) F
DROP TABLE t1;
+#
+# Bug #37348: Crash in or immediately after JOIN::make_sum_func_list
+#
+
+CREATE TABLE derived1 (a bigint(21));
+INSERT INTO derived1 VALUES (2);
+
+
+CREATE TABLE D (
+ pk int(11) NOT NULL AUTO_INCREMENT,
+ int_nokey int(11) DEFAULT NULL,
+ int_key int(11) DEFAULT NULL,
+ filler blob,
+ PRIMARY KEY (pk),
+ KEY int_key (int_key)
+);
+
+INSERT INTO D VALUES
+ (1,12,67,' X '),
+ (2,15,15,NULL),
+ (3,23,67,' X '),
+ (4,23,67,' X '),
+ (5,12,67,' X '),
+ (6,60,60,NULL),
+ (7,68,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (8,22,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (9,41,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (10,20,67,' X '),
+ (11,43,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (12,79,79,NULL),
+ (13,16,67,' X '),
+ (14,73,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (15,77,77,NULL),
+ (16,7,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (17,86,86,NULL),
+ (18,4,67,' X '),
+ (19,46,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (20,47,47,NULL),
+ (21,82,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (22,52,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (23,45,45,NULL),
+ (24,87,87,NULL),
+ (25,33,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (26,91,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (27,10,67,' X '),
+ (28,85,85,NULL),
+ (29,64,64,NULL),
+ (30,86,86,NULL),
+ (31,99,99,NULL),
+ (32,54,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (33,30,30,NULL),
+ (34,94,94,NULL),
+ (35,96,96,NULL),
+ (36,34,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (37,97,97,NULL),
+ (38,92,92,NULL),
+ (39,40,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (40,23,67,' X '),
+ (41,63,63,NULL),
+ (42,70,70,NULL),
+ (43,56,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (44,90,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (45,90,90,NULL),
+ (46,69,69,NULL),
+ (47,12,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (48,85,85,NULL),
+ (49,59,59,NULL),
+ (50,22,67,' X '),
+ (51,99,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (52,39,39,NULL),
+ (53,81,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (54,80,80,NULL),
+ (55,68,68,NULL),
+ (56,49,49,NULL),
+ (57,55,55,NULL),
+ (58,73,73,NULL),
+ (59,4,67,' X '),
+ (60,75,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (61,80,80,NULL),
+ (62,21,67,' X '),
+ (63,66,66,NULL),
+ (64,41,41,NULL),
+ (65,42,42,NULL),
+ (66,45,45,NULL),
+ (67,87,87,NULL),
+ (68,42,42,NULL),
+ (69,38,38,NULL),
+ (70,2,67,' X '),
+ (71,28,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (72,57,57,NULL),
+ (73,33,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (74,70,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (75,6,67,' X '),
+ (76,54,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (77,49,49,NULL),
+ (78,20,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (79,5,67,' X '),
+ (80,74,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (81,72,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (82,32,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (83,45,4,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (84,58,58,NULL),
+ (85,19,67,' X '),
+ (86,22,67,' X '),
+ (87,0,67,' X '),
+ (88,95,95,NULL),
+ (89,56,56,NULL),
+ (90,37,37,NULL),
+ (91,57,57,NULL),
+ (92,98,98,NULL),
+ (93,86,86,NULL),
+ (94,15,67,' X '),
+ (95,4,67,' X '),
+ (96,83,83,NULL),
+ (97,81,81,NULL),
+ (98,32,32,NULL),
+ (99,63,63,NULL),
+ (100,45,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (102,NULL,33,NULL),
+ (103,49,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X '),
+ (104,92,12,NULL),
+ (105,53,12,NULL),
+ (106,41,96,' X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X ');
+
+SELECT
+ (SELECT COUNT( int_nokey )
+ FROM derived1 AS X
+ WHERE
+ X.int_nokey < 61
+ GROUP BY pk
+ LIMIT 1)
+FROM D AS X
+WHERE X.int_key < 13
+GROUP BY int_nokey LIMIT 1;
+
+DROP TABLE derived1;
+DROP TABLE D;
+
###
--echo End of 5.0 tests
=== modified file 'sql/item.cc'
--- a/sql/item.cc 2008-09-08 10:04:42 +0000
+++ b/sql/item.cc 2008-09-23 06:58:04 +0000
@@ -1336,6 +1336,7 @@ public:
else
Item_ident::print(str, query_type);
}
+ virtual Ref_Type ref_type() { return AGGREGATE_REF; }
};
=== modified file 'sql/item.h'
--- a/sql/item.h 2008-08-15 20:42:29 +0000
+++ b/sql/item.h 2008-09-23 06:58:04 +0000
@@ -2126,7 +2126,7 @@ class Item_ref :public Item_ident
protected:
void set_properties();
public:
- enum Ref_Type { REF, DIRECT_REF, VIEW_REF, OUTER_REF };
+ enum Ref_Type { REF, DIRECT_REF, VIEW_REF, OUTER_REF, AGGREGATE_REF };
Field *result_field; /* Save result here */
Item **ref;
Item_ref(Name_resolution_context *context_arg,
=== modified file 'sql/sql_select.cc'
--- a/sql/sql_select.cc 2008-08-28 09:54:50 +0000
+++ b/sql/sql_select.cc 2008-09-23 06:58:04 +0000
@@ -14804,6 +14804,7 @@ setup_copy_fields(THD *thd, TMP_TABLE_PA
Item *pos;
List_iterator_fast<Item> li(all_fields);
Copy_field *copy= NULL;
+ IF_DBUG(Copy_field *copy_start);
res_selected_fields.empty();
res_all_fields.empty();
List_iterator_fast<Item> itr(res_all_fields);
@@ -14816,12 +14817,20 @@ setup_copy_fields(THD *thd, TMP_TABLE_PA
goto err2;
param->copy_funcs.empty();
+ IF_DBUG(copy_start= copy);
for (i= 0; (pos= li++); i++)
{
Field *field;
uchar *tmp;
Item *real_pos= pos->real_item();
- if (real_pos->type() == Item::FIELD_ITEM)
+ /*
+ Condition decoding :
+ (i) fields
+ (ii) that are not referenced through outer ref to an aggregate function
+ */
+ if (real_pos->type() == Item::FIELD_ITEM && /* i */
+ !(real_pos != pos &&
+ ((Item_ref *)pos)->ref_type() == Item_ref::AGGREGATE_REF)) /* ii */
{
Item_field *item;
if (!(item= new Item_field(thd, ((Item_field*) real_pos))))
@@ -14868,6 +14877,7 @@ setup_copy_fields(THD *thd, TMP_TABLE_PA
goto err;
if (copy)
{
+ DBUG_ASSERT (param->field_count > (uint) (copy - copy_start));
copy->set(tmp, item->result_field);
item->result_field->move_field(copy->to_ptr,copy->to_null_ptr,1);
#ifdef HAVE_purify
| Thread |
|---|
| • bzr commit into mysql-5.1 branch (kgeorge:2688) Bug#37348 | Georgi Kodinov | 23 Sep |
