List:Commits« Previous MessageNext Message »
From:Georgi Kodinov Date:March 11 2009 12:14pm
Subject:bzr push into mysql-5.0-bugteam branch (joro:2772 to 2773) Bug#43354
View as plain text  
 2773 Georgi Kodinov	2009-03-11
      Bug #43354: Use key hint can crash server in explain extended query
            
      The copy of the original arguments of a aggregate function was not
      initialized until after fix_fields().
      Sometimes (e.g. when there's an error processing the statement)
      the print() can be called with no corresponding fix_fields() call.
            
      Fixed by adding a check if the Item is fixed before using the arguments
      copy.
     @ mysql-test/r/explain.result
        Bug #43354: test case
     @ mysql-test/t/explain.test
        Bug #43354: test case
     @ sql/item_sum.cc
        Bug #43354: use the argument list copy only if it's initialized

    modified:
      mysql-test/r/explain.result
      mysql-test/t/explain.test
      sql/item_sum.cc
 2772 Matthias Leich	2009-03-10 [merge]
      Merge of fix into actual tree

    modified:
      mysql-test/include/wait_until_count_sessions.inc
      mysql-test/r/consistent_snapshot.result
      mysql-test/r/dirty_close.result
      mysql-test/r/flush_block_commit.result
      mysql-test/r/flush_block_commit_notembedded.result
      mysql-test/r/flush_read_lock_kill.result
      mysql-test/r/lock_multi.result
      mysql-test/r/mysqlbinlog.result
      mysql-test/r/read_only.result
      mysql-test/r/show_check.result
      mysql-test/r/skip_name_resolve.result
      mysql-test/r/sp-security.result
      mysql-test/r/view.result
      mysql-test/r/view_grant.result
      mysql-test/t/alter_table-big.test
      mysql-test/t/connect.test
      mysql-test/t/consistent_snapshot.test
      mysql-test/t/dirty_close.test
      mysql-test/t/flush_block_commit.test
      mysql-test/t/flush_block_commit_notembedded.test
      mysql-test/t/flush_read_lock_kill.test
      mysql-test/t/init_connect.test
      mysql-test/t/lock_multi.test
      mysql-test/t/mysqlbinlog.test
      mysql-test/t/mysqltest.test
      mysql-test/t/read_only.test
      mysql-test/t/show_check.test
      mysql-test/t/skip_name_resolve.test
      mysql-test/t/sp-security.test
      mysql-test/t/sp_notembedded.test
      mysql-test/t/ssl-big.test
      mysql-test/t/ssl.test
      mysql-test/t/ssl_compress.test
      mysql-test/t/status.test
      mysql-test/t/user_limits.test
      mysql-test/t/view.test
      mysql-test/t/view_grant.test
      mysql-test/t/wait_timeout.test
      mysql-test/t/xa.test
=== modified file 'mysql-test/r/explain.result'
--- a/mysql-test/r/explain.result	2008-12-09 18:35:02 +0000
+++ b/mysql-test/r/explain.result	2009-03-11 12:10:44 +0000
@@ -155,3 +155,7 @@ id	select_type	table	type	possible_keys	
 Warnings:
 Note	1003	select 1 AS `1` from (select count(distinct `test`.`t1`.`a`) AS `COUNT(DISTINCT t1.a)` from `test`.`t1` join `test`.`t2` group by `test`.`t1`.`a`) `s1`
 DROP TABLE t1,t2;
+CREATE TABLE t1 (a INT PRIMARY KEY);
+EXPLAIN EXTENDED SELECT COUNT(a) FROM t1 USE KEY(a);
+ERROR HY000: Key 'a' doesn't exist in table 't1'
+DROP TABLE t1;

=== modified file 'mysql-test/t/explain.test'
--- a/mysql-test/t/explain.test	2008-12-09 18:35:02 +0000
+++ b/mysql-test/t/explain.test	2009-03-11 12:10:44 +0000
@@ -123,4 +123,17 @@ execute s1;
 
 DROP TABLE t1,t2;
 
+
+#
+# Bug #43354: Use key hint can crash server in explain extended query
+#
+
+CREATE TABLE t1 (a INT PRIMARY KEY);
+
+--error ER_KEY_DOES_NOT_EXITS
+EXPLAIN EXTENDED SELECT COUNT(a) FROM t1 USE KEY(a);
+
+DROP TABLE t1;
+
+
 # End of 5.0 tests.

=== modified file 'sql/item_sum.cc'
--- a/sql/item_sum.cc	2008-12-09 18:35:02 +0000
+++ b/sql/item_sum.cc	2009-03-11 12:10:44 +0000
@@ -440,7 +440,8 @@ void Item_sum::make_field(Send_field *tm
 
 void Item_sum::print(String *str)
 {
-  Item **pargs= orig_args;
+  /* orig_args is not filled with valid values until fix_fields() */
+  Item **pargs= fixed ? orig_args : args;
   str->append(func_name());
   for (uint i=0 ; i < arg_count ; i++)
   {


Attachment: [text/bzr-bundle] bzr/joro@sun.com-20090311121044-2h4g50mqx10h52su.bundle
Thread
bzr push into mysql-5.0-bugteam branch (joro:2772 to 2773) Bug#43354Georgi Kodinov11 Mar