2695 Igor Babaev 2009-02-12
Fixed bug #42744.
When processing a query the function calc_used_field_length was called
only once for each joined table tab. The function sets some field counters
in the JOIN_TAB structure for tab and their values depend on the value of
tab->read_set. The value of tab->read_set may change between the first call
of calc_used_field_length and the last call of this function in
JOIN_CACHE::calc_record_fields. Yet the method did not recalculate the
value of the counters. As a result the function could allocate less memory
than it was needed for the descriptors of fields stored in join caches.
In some situations it could lead to memory corruption and crashes.
modified:
mysql-test/r/innodb_mysql.result
mysql-test/t/innodb_mysql.test
sql/sql_join_cache.cc
2694 Sergey Petrunia 2009-02-12 [merge]
Merge
removed:
mysql-test/suite/ndb/r/ndb_discover_db2.result
mysql-test/suite/ndb/t/ndb_discover_db2-master.opt
mysql-test/suite/ndb/t/ndb_discover_db2.test
mysql-test/suite/ndb/t/ndb_partition_error2-master.opt
mysql-test/suite/ndb/t/ndb_restore_partition-master.opt
mysql-test/suite/rpl_ndb_big/t/rpl_ndb_dd_partitions-master.opt
mysql-test/suite/rpl_ndb_big/t/rpl_ndb_dd_partitions-slave.opt
mysql-test/suite/rpl_ndb_big/t/rpl_truncate_7ndb_2-master.opt
added:
mysql-test/suite/ndb/r/ndb_dd_ddl_grant.result
mysql-test/suite/ndb/t/ndb_dd_ddl_grant.test
mysql-test/suite/ndb_binlog/my.cnf
mysql-test/suite/ndb_team/my.cnf
mysql-test/suite/rpl_ndb_big/my.cnf
mysql-test/suite/rpl_ndb_big/t/rpl_ndb_dd_partitions-master.opt
mysql-test/suite/rpl_ndb_big/t/rpl_ndb_dd_partitions-slave.opt
storage/ndb/src/mgmapi/mgmapi_error.c
storage/ndb/test/run-test/conf-upgrade.cnf
storage/ndb/test/run-test/upgrade-tests.txt
modified:
.bzr-mysql/default.conf
.bzrignore
Makefile.am
configure.in
extra/perror.c
mysql-test/Makefile.am
mysql-test/lib/v1/mysql-test-run.pl
mysql-test/lib/v1/ndb_config_1_node.ini
mysql-test/lib/v1/ndb_config_2_node.ini
mysql-test/mysql-test-run.pl
mysql-test/r/partition_mgm.result
mysql-test/std_data/ndb_config_config.ini
mysql-test/suite/ndb/my.cnf
mysql-test/suite/ndb/r/bug36547.result
mysql-test/suite/ndb/r/ndb_basic.result
mysql-test/suite/ndb/r/ndb_config.result
mysql-test/suite/ndb/r/ndb_dbug_lock.result
mysql-test/suite/ndb/r/ndb_dd_ddl.result
mysql-test/suite/ndb/r/ndb_discover_db.result
mysql-test/suite/ndb/r/ndb_read_multi_range.result
mysql-test/suite/ndb/t/bug36547.test
mysql-test/suite/ndb/t/ndb_dbug_lock.test
mysql-test/suite/ndb/t/ndb_dd_ddl.test
mysql-test/suite/ndb/t/ndb_dd_dump.test
mysql-test/suite/ndb/t/ndb_discover_db.test
mysql-test/suite/ndb/t/ndb_read_multi_range.test
mysql-test/suite/ndb/t/ndb_restore_partition.test
mysql-test/suite/ndb_binlog/r/ndb_binlog_basic.result
mysql-test/suite/ndb_binlog/r/ndb_binlog_restore.result
mysql-test/suite/ndb_binlog/t/ndb_binlog_basic.test
mysql-test/suite/ndb_team/r/rpl_ndb_extraColMaster.result
mysql-test/suite/ndb_team/t/rpl_ndb_dd_advance.test
mysql-test/suite/parts/r/partition_auto_increment_ndb.result
mysql-test/suite/rpl_ndb/my.cnf
mysql-test/suite/rpl_ndb_big/r/rpl_ndb_2innodb.result
mysql-test/suite/rpl_ndb_big/r/rpl_ndb_2myisam.result
mysql-test/suite/rpl_ndb_big/r/rpl_ndb_sync.result
mysql-test/suite/rpl_ndb_big/t/rpl_ndb_2innodb-master.opt
mysql-test/suite/rpl_ndb_big/t/rpl_ndb_2innodb.test
mysql-test/suite/rpl_ndb_big/t/rpl_ndb_2myisam-master.opt
mysql-test/suite/rpl_ndb_big/t/rpl_ndb_2myisam.test
mysql-test/suite/rpl_ndb_big/t/rpl_ndb_apply_status.test
mysql-test/suite/rpl_ndb_big/t/rpl_truncate_7ndb_2.test
mysql-test/t/disabled.def
mysql-test/t/partition_mgm.test
scripts/make_binary_distribution.sh
scripts/mysql_system_tables.sql
sql/ha_ndbcluster.cc
sql/ha_ndbcluster_binlog.cc
sql/mysqld.cc
sql/set_var.cc
sql/slave.cc
sql/sql_join_cache.cc
sql/sql_partition.cc
sql/sql_select.cc
storage/csv/ha_tina.cc
storage/ndb/include/mgmapi/mgmapi.h
storage/ndb/include/mgmapi/mgmapi_config_parameters.h
storage/ndb/include/mgmapi/mgmapi_error.h
storage/ndb/include/mgmapi/ndb_logevent.h
storage/ndb/include/ndbapi/NdbScanOperation.hpp
storage/ndb/include/util/Bitmask.hpp
storage/ndb/src/common/portlib/NdbThread.c
storage/ndb/src/common/util/Bitmask.cpp
storage/ndb/src/kernel/blocks/ERROR_codes.txt
storage/ndb/src/kernel/blocks/backup/Backup.cpp
storage/ndb/src/kernel/blocks/backup/Backup.hpp
storage/ndb/src/kernel/blocks/dbdih/DbdihMain.cpp
storage/ndb/src/kernel/blocks/dblqh/Dblqh.hpp
storage/ndb/src/kernel/blocks/dblqh/DblqhMain.cpp
storage/ndb/src/kernel/blocks/dbtc/DbtcMain.cpp
storage/ndb/src/kernel/blocks/dbutil/DbUtil.cpp
storage/ndb/src/kernel/blocks/lgman.cpp
storage/ndb/src/kernel/blocks/qmgr/QmgrMain.cpp
storage/ndb/src/kernel/vm/Configuration.cpp
storage/ndb/src/mgmapi/Makefile.am
storage/ndb/src/mgmapi/ndb_logevent.cpp
storage/ndb/src/mgmsrv/MgmtSrvr.cpp
storage/ndb/src/mgmsrv/MgmtSrvr.hpp
storage/ndb/src/mgmsrv/Services.cpp
storage/ndb/src/mgmsrv/Services.hpp
storage/ndb/src/ndbapi/ClusterMgr.cpp
storage/ndb/src/ndbapi/ClusterMgr.hpp
storage/ndb/src/ndbapi/NdbEventOperationImpl.cpp
storage/ndb/src/ndbapi/NdbEventOperationImpl.hpp
storage/ndb/src/ndbapi/NdbScanOperation.cpp
storage/ndb/src/ndbapi/Ndbif.cpp
storage/ndb/src/ndbapi/TransporterFacade.hpp
storage/ndb/src/ndbapi/ndberror.c
storage/ndb/test/include/DbUtil.hpp
storage/ndb/test/ndbapi/testBasic.cpp
storage/ndb/test/ndbapi/testMgm.cpp
storage/ndb/test/ndbapi/testNodeRestart.cpp
storage/ndb/test/ndbapi/testScan.cpp
storage/ndb/test/ndbapi/testUpgrade.cpp
storage/ndb/test/run-test/Makefile.am
storage/ndb/test/run-test/atrt-gather-result.sh
storage/ndb/test/run-test/atrt.hpp
storage/ndb/test/run-test/autotest-boot.sh
storage/ndb/test/run-test/autotest-run.sh
storage/ndb/test/run-test/command.cpp
storage/ndb/test/run-test/daily-basic-tests.txt
storage/ndb/test/run-test/db.cpp
storage/ndb/test/run-test/files.cpp
storage/ndb/test/run-test/main.cpp
storage/ndb/test/run-test/setup.cpp
storage/ndb/test/src/DbUtil.cpp
storage/ndb/test/src/HugoTransactions.cpp
storage/ndb/test/src/NDBT_Tables.cpp
storage/ndb/test/tools/log_listner.cpp
storage/ndb/tools/waiter.cpp
=== modified file 'mysql-test/r/innodb_mysql.result'
--- a/mysql-test/r/innodb_mysql.result 2009-02-02 12:28:30 +0000
+++ b/mysql-test/r/innodb_mysql.result 2009-02-12 18:27:05 +0000
@@ -1848,3 +1848,24 @@ TRUNCATE TABLE t2;
DROP TABLE t2;
DROP TABLE t1;
End of 5.1 tests
+#
+# BUG#42744: Crash when using a join buffer to join a table with a blob
+# column and an additional column used for duplicate elimination.
+#
+CREATE TABLE t1 (a tinyblob) ENGINE=InnoDB;
+CREATE TABLE t2 (a int PRIMARY KEY, b tinyblob) ENGINE=InnoDB;
+INSERT INTO t1 VALUES ('1'), (NULL);
+INSERT INTO t2 VALUES (1, '1');
+set join_cache_level=1;
+EXPLAIN
+SELECT t2.b FROM t1,t2 WHERE t1.a IN (SELECT 1 FROM t2);
+id select_type table type possible_keys key key_len ref rows Extra
+1 PRIMARY t2 ALL NULL NULL NULL NULL 1 Start temporary
+1 PRIMARY t2 index NULL PRIMARY 4 NULL 1 Using index; Using join buffer
+1 PRIMARY t1 ALL NULL NULL NULL NULL 2 Using where; End temporary; Using join buffer
+SELECT t2.b FROM t1,t2 WHERE t1.a IN (SELECT 1 FROM t2);
+b
+1
+set join_cache_level=default;
+DROP TABLE t1,t2;
+End of 6.0 tests
=== modified file 'mysql-test/t/innodb_mysql.test'
--- a/mysql-test/t/innodb_mysql.test 2009-01-09 10:20:32 +0000
+++ b/mysql-test/t/innodb_mysql.test 2009-02-12 18:27:05 +0000
@@ -185,3 +185,26 @@ DROP TABLE t2;
DROP TABLE t1;
--echo End of 5.1 tests
+
+--echo #
+--echo # BUG#42744: Crash when using a join buffer to join a table with a blob
+--echo # column and an additional column used for duplicate elimination.
+--echo #
+
+CREATE TABLE t1 (a tinyblob) ENGINE=InnoDB;
+CREATE TABLE t2 (a int PRIMARY KEY, b tinyblob) ENGINE=InnoDB;
+INSERT INTO t1 VALUES ('1'), (NULL);
+INSERT INTO t2 VALUES (1, '1');
+
+set join_cache_level=1;
+
+EXPLAIN
+SELECT t2.b FROM t1,t2 WHERE t1.a IN (SELECT 1 FROM t2);
+
+SELECT t2.b FROM t1,t2 WHERE t1.a IN (SELECT 1 FROM t2);
+
+set join_cache_level=default;
+
+DROP TABLE t1,t2;
+
+--echo End of 6.0 tests
=== modified file 'sql/sql_join_cache.cc'
--- a/sql/sql_join_cache.cc 2009-02-07 20:01:38 +0000
+++ b/sql/sql_join_cache.cc 2009-02-12 18:27:05 +0000
@@ -163,9 +163,8 @@ void JOIN_CACHE::calc_record_fields()
referenced_fields= 0;
for ( ; tab < join_tab ; tab++)
- {
- if (!tab->used_fieldlength)
- calc_used_field_length(join->thd, tab);
+ {
+ calc_used_field_length(join->thd, tab);
flag_fields+= test(tab->used_null_fields || tab->used_uneven_bit_fields);
flag_fields+= test(tab->table->maybe_null);
fields+= tab->used_fields;
| Thread |
|---|
| • bzr push into mysql-6.0-opt branch (igor:2694 to 2695) Bug#42744 | Igor Babaev | 12 Feb |
