#At file:///home/gluh/MySQL/mysql-5.0-bug-43612/ based on revid:anurag.shekhar@stripped
2735 Sergey Glukhov 2009-05-12
Bug#43612 crash with explain extended, union, order by
In UNION if we use last SELECT without braces and this
SELECT have ORDER BY clause, such clause belongs to
global UNION. At this moment it is parsed like last SELECT
part and used further as 'unit->global_parameters->order_list' value.
So during DESCRIBE EXTENDED we call select_lex->print_order() for
last SELECT where order fields refer to tmp table
which already freed. It leads to crash.
The fix is move such ORDER BY clause to
global_parameters->order_list and cleanup
last SELECT order_list.
@ mysql-test/r/union.result
test result
@ mysql-test/t/union.test
test case
@ sql/sql_yacc.yy
In UNION if we use last SELECT without braces and this
SELECT have ORDER BY clause, such clause belongs to
global UNION. At this moment it is parsed like last SELECT
part and used further as 'unit->global_parameters->order_list' value.
So during DESCRIBE EXTENDED we call select_lex->print_order() for
last SELECT where order fields refer to tmp table
which already freed. It leads to crash.
The fix is move such ORDER BY clause to
global_parameters->order_list and cleanup
last SELECT order_list.
modified:
mysql-test/r/union.result
mysql-test/t/union.test
sql/sql_yacc.yy
=== modified file 'mysql-test/r/union.result'
--- a/mysql-test/r/union.result 2009-03-27 12:58:34 +0000
+++ b/mysql-test/r/union.result 2009-05-12 10:36:23 +0000
@@ -1518,4 +1518,16 @@ SHOW FIELDS FROM t2;
Field Type Null Key Default Extra
d double(9,6) YES NULL
DROP TABLE t1, t2;
+CREATE TABLE t1(a INT);
+EXPLAIN EXTENDED
+SELECT a FROM t1
+UNION
+SELECT a FROM t1
+ORDER BY a;
+id select_type table type possible_keys key key_len ref rows Extra
+1 PRIMARY t1 system NULL NULL NULL NULL 0 const row not found
+2 UNION t1 system NULL NULL NULL NULL 0 const row not found
+NULL UNION RESULT <union1,2> ALL NULL NULL NULL NULL NULL Using filesort
+Warnings:
+Note 1003 select '0' AS `a` from `test`.`t1` union select '0' AS `a` from `test`.`t1` order by `a`
End of 5.0 tests
=== modified file 'mysql-test/t/union.test'
--- a/mysql-test/t/union.test 2009-03-27 12:58:34 +0000
+++ b/mysql-test/t/union.test 2009-05-12 10:36:23 +0000
@@ -1038,4 +1038,14 @@ CREATE TABLE t2 AS SELECT d FROM t1 UNIO
SHOW FIELDS FROM t2;
DROP TABLE t1, t2;
+#
+# Bug#43612 crash with explain extended, union, order by
+#
+CREATE TABLE t1(a INT);
+EXPLAIN EXTENDED
+SELECT a FROM t1
+UNION
+SELECT a FROM t1
+ORDER BY a;
+
--echo End of 5.0 tests
=== modified file 'sql/sql_yacc.yy'
--- a/sql/sql_yacc.yy 2009-04-28 09:48:54 +0000
+++ b/sql/sql_yacc.yy 2009-05-12 10:36:23 +0000
@@ -10691,6 +10691,32 @@ union_list:
}
select_init
{
+ LEX *lex=Lex;
+ if (lex->current_select->linkage == UNION_TYPE &&
+ lex->current_select->order_list.first &&
+ !lex->current_select->braces)
+ {
+ SELECT_LEX *sel= lex->current_select;
+ SELECT_LEX_UNIT *unit= sel->master_unit();
+ SELECT_LEX *fake= unit->fake_select_lex;
+ DBUG_ASSERT(fake);
+ SQL_LIST *tmp_order_list=
+ (SQL_LIST*) sql_memdup((char*) &sel->order_list,
+ sizeof(st_sql_list));
+ fake->order_list= *tmp_order_list;
+ unit->global_parameters= fake;
+ sel->order_list.empty();
+ if (sel->explicit_limit)
+ {
+ fake->explicit_limit= 1;
+ fake->select_limit= sel->select_limit;
+ fake->offset_limit= sel->offset_limit;
+ sel->select_limit= 0;
+ sel->offset_limit=0;
+ sel->explicit_limit= 0;
+ }
+ fake->ftfunc_list= sel->ftfunc_list;
+ }
/*
Remove from the name resolution context stack the context of the
last select in the union.
Attachment: [text/bzr-bundle] bzr/sergey.glukhov@sun.com-20090512103623-y8xvhltlspogrsnf.bundle
| Thread |
|---|
| • bzr commit into mysql-5.0-bugteam branch (Sergey.Glukhov:2735)Bug#43612 | Sergey Glukhov | 12 May |
