From: Georgi Kodinov Date: March 11 2009 12:13pm Subject: bzr commit into mysql-5.0-bugteam branch (joro:2773) Bug#43354 List-Archive: http://lists.mysql.com/commits/68867 X-Bug: 43354 Message-Id: <200903111213.n2BCDrJ6003152@magare.gmz> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7231744371260779858==" --===============7231744371260779858== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/kgeorge/mysql/work/B43354-5.0-bugteam/ based on revid:matthias.leich@stripped 2773 Georgi Kodinov 2009-03-11 Bug #43354: Use key hint can crash server in explain extended query The copy of the original arguments of a aggregate function was not initialized until after fix_fields(). Sometimes (e.g. when there's an error processing the statement) the print() can be called with no corresponding fix_fields() call. Fixed by adding a check if the Item is fixed before using the arguments copy. @ mysql-test/r/explain.result Bug #43354: test case @ mysql-test/t/explain.test Bug #43354: test case @ sql/item_sum.cc Bug #43354: use the argument list copy only if it's initialized modified: mysql-test/r/explain.result mysql-test/t/explain.test sql/item_sum.cc === modified file 'mysql-test/r/explain.result' --- a/mysql-test/r/explain.result 2008-12-09 18:35:02 +0000 +++ b/mysql-test/r/explain.result 2009-03-11 12:10:44 +0000 @@ -155,3 +155,7 @@ id select_type table type possible_keys Warnings: Note 1003 select 1 AS `1` from (select count(distinct `test`.`t1`.`a`) AS `COUNT(DISTINCT t1.a)` from `test`.`t1` join `test`.`t2` group by `test`.`t1`.`a`) `s1` DROP TABLE t1,t2; +CREATE TABLE t1 (a INT PRIMARY KEY); +EXPLAIN EXTENDED SELECT COUNT(a) FROM t1 USE KEY(a); +ERROR HY000: Key 'a' doesn't exist in table 't1' +DROP TABLE t1; === modified file 'mysql-test/t/explain.test' --- a/mysql-test/t/explain.test 2008-12-09 18:35:02 +0000 +++ b/mysql-test/t/explain.test 2009-03-11 12:10:44 +0000 @@ -123,4 +123,17 @@ execute s1; DROP TABLE t1,t2; + +# +# Bug #43354: Use key hint can crash server in explain extended query +# + +CREATE TABLE t1 (a INT PRIMARY KEY); + +--error ER_KEY_DOES_NOT_EXITS +EXPLAIN EXTENDED SELECT COUNT(a) FROM t1 USE KEY(a); + +DROP TABLE t1; + + # End of 5.0 tests. === modified file 'sql/item_sum.cc' --- a/sql/item_sum.cc 2008-12-09 18:35:02 +0000 +++ b/sql/item_sum.cc 2009-03-11 12:10:44 +0000 @@ -440,7 +440,8 @@ void Item_sum::make_field(Send_field *tm void Item_sum::print(String *str) { - Item **pargs= orig_args; + /* orig_args is not filled with valid values until fix_fields() */ + Item **pargs= fixed ? orig_args : args; str->append(func_name()); for (uint i=0 ; i < arg_count ; i++) { --===============7231744371260779858== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/joro@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: joro@stripped # target_branch: file:///home/kgeorge/mysql/work/B43354-5.0-bugteam/ # testament_sha1: d8f0b73e530f57b3b5d73832f23b88862dbfa89d # timestamp: 2009-03-11 14:13:53 +0200 # base_revision_id: matthias.leich@stripped\ # zkii1kht3p2138rz # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWcXTFwkAA5pfgFAQWfP////v 3mC////wYAf9r7z2+9b5jaNcOtr333evpdvtXT15fbdBkqZpT1MempPUMamGmRPU08p6jCZDEDyj IaGElNRoJtGgKZT1D9U0bUA2p6j0gyGgAPSZBkgGkEj0hk0aA09QDQDQAAAASJEnoU2hMpiPKfqN TRkMjIA0ZGno1BoxBFQgAkxoaCZMJTyephINAAAAASSBNIwKY0Eyp/qYp6nkKPSGnqPFNGQaaA0x SmNeLK9p2PbzbfjU319Wvo7C/P3X3xlyPCsYNEOMctEmzd25r/Y7XY6YD+uFxK6uErXPbhI0dYpg +yOrHTUVu7Vlm8GpbybbY2dn6DNlqtansxEoM+kibPI6zHr3fuf57jMe/9zRp/A/Y+u/KeRE/QwJ H8dmP92aJWEN2Bmg24Jxc3G0bqNQCh5atN/JX9a4kpbciJxjiZYoesAiJ8wLB05IziWMoDSJqH3x 6BBZeEQYwsYj3Ba4xm6GNgt37f/JLNorwQCeRJ3ndBXaY03CCKioXI1EEZDMQxOqSo+/A1tHs47j vHHsj5UjKLhvvkc7NamlagNoju9E7Th6MO9mKtMzvO+UflbTg+UGPu9ssl3rmTfUwFu3sRNWKLst KrK1ziqflUXWINLbQ4OKUUzQ0r+BSFOlSAkEWC8hi6GD2izRUjSFJ7Z3tIC1sWOIT3mUxHkCBzym JEQ5WCJJ1yGp6h6ZWErq1YnKKRnwOwQ9I+k5EFI4rTkikW6WxQqjdPleT2qxMyxCRZE4n8jwfKo6 o3rOXYmgajQGO7I2odgWG55OGkzuvKA0ixa3Ekvm6pSbzG5tuZYDQu0qNxtD/OBvKTWYCcXR8LnE 8XtasNvc5jagWajK0jKLU4NQ79XizuohcWkWor4nB4OFRa5Cg2EDXq6YKi3PewiptDdQPMVUQhN2 Pmh00hsi1TxHZPw40xUWJYWCxpGYo6++I9SahaVOqp9bqbG7hG8U2WsRn48DKXCOFFoyNBwVA9s4 rRpXJ98PW9fNa33zzUlAaiAsMg95tdkMbX4DImWkCQzreNkFlMLVM3FpSmibHLH4Y2muRtvzGZS4 ctUESzjjAmWWYExyejoi4VWZiV41kZ3eRchPSY4wiZWjIRKyC1JwlfKA9XHTa9bCSiOMh1oqBiTF bJ1DDFsZVXkrVCakDxNElgYRKHkFSzkb87N02eU4dF8gPwwr3barBkD43DDlWhQ0tHtD2WyqiQ8D nNmeFwcSaR7w/pzHMYMo2wzQawnK30plRMOk75HWYTCGonBqKionZ21yJHahkZotMZB3sVGazkC0 qOsGJmOwtqRf1FBAgNIQP8UFELB18DQSXWlwTChcYsVGVBWjYGHe+q6e1znQtC0rhUCHG/fwgLoh viXH9ODzPaTDKeY4O8geJW48j3+IWeRvntrxXvKiV6OYTTr5AtPD8LEa5VvFF6p0Y5QEcpFzL4Vq +kpNi21Up691ygvZ+RgXHpLaPHEDcYZiCit05rhppLswFKAWYUNA5BEHhGMHoaBZDYWT7EVSyv3z 1QLJVX3RKYTQCBA3UNJmqkyQXMBky926AgYlSRPGpMDEnpKRObfsbCglvDZLHi3aJ3sZ90fB74RU 6x6ayTRf2uWoO31nqwGMCJaXmQnuVOhNYOGwjk48QpkVPwZWpSigYPwbYuO4hSOiUGJM6n76WoV/ WpgVsdRJdycOSvXzjEuufPlq5fRiA8gVtYV42xRtYREOSK5QItW/hXVEKKJTOncK9i69xpfCI1j9 pLmdcg7CJQPLlgnkTeKZUEtXgvksOi7VgI6GPMzwV6+S5+pUxtkiYd+2oRxzFdRvZMmFJTwfCWKe GyoO66FfQ49/zD4GrxGkRIJgOa+TW5L3SDwl9ul0O5c9JpfNiYdXYx2UefJHc1GU8gqex4zlCkyk rhmEWyFduyGofQ+8q8OMpUVMgyJ5oEX+D8Txn6BaHZznvKCiQsKzncO+sFkIdsMYLC+WPi/hPcYv IaHufZNh06Q0OmAQfezpV6g4YPhWLUejbngEpRXWROjA6rFBgil6bATMCBWI4y0jZEpivhsFxSCx M8usrIcskvWyoLtIk1rrnP+epob7LYMUyy4WKzCSQPOL0UqmKhgIFOyCVFGTb2ZFbYWDUNA3njTr hY+51WI++HPIdmAh9MMinT4KOrWhQwOI9mAUMX4waK6HOZ+kaXxNyPc5WWm+hg8+fFP7g20hWBX5 QVluc0CEAcpfOtiqUNu/LNNYg5I2HgzuEOu7Xvj6YTMhzb0jLrRfUJx801/Flb4MrLQqWNknNBae bgT9MXAVkKAZhDLxUn2+nFnVPjHYoKpSIRGbTy2Is9q+J2ZVxwMrx4ZwjTcIevpsRPrDW1LnOjGM vLmkoEgKyCF8Jh0CRS1PVWbZl3GV2TRbwspaJuLjPKYKgFQVHEc7AtYpK2goqC6c0wfJ8vEvRKR3 TyHEMpSOeJ0yaeHFiheeEjiXGmg5SvGdlBKIJ4NVz3TjSJyZYPf6eRh4OL9iZK5WibWVMkpMBosa JuKVYvMFeb1E3cuoQ5baVzLGCjWGbcyEultG9g37XixROTM+xzk2uMSzS1s0WG9yOOddrGedmcJF 430W5nPk27Do/+LuSKcKEhi6YuEg --===============7231744371260779858==--