#At file:///home/gluh/MySQL/mysql-5.0-bugteam/ based on revid:pstoev@stripped
2741 Sergey Glukhov 2009-05-15
Bug#43612 crash with explain extended, union, order by
In UNION if we use last SELECT without braces and this
SELECT have ORDER BY clause, such clause belongs to
global UNION. It is parsed like last SELECT
part and used further as 'unit->global_parameters->order_list' value.
During DESCRIBE EXTENDED we call select_lex->print_order() for
last SELECT where order fields refer to tmp table
which already freed. It leads to crash.
The fix is clean up global_parameters->order_list
instead of fake_select_lex->order_list.
@ mysql-test/r/union.result
test result
@ mysql-test/t/union.test
test case
@ sql/sql_union.cc
In UNION if we use last SELECT without braces and this
SELECT have ORDER BY clause, such clause belongs to
global UNION. It is parsed like last SELECT
part and used further as 'unit->global_parameters->order_list' value.
During DESCRIBE EXTENDED we call select_lex->print_order() for
last SELECT where order fields refer to tmp table
which already freed. It leads to crash.
The fix is clean up global_parameters->order_list
instead of fake_select_lex->order_list.
modified:
mysql-test/r/union.result
mysql-test/t/union.test
sql/sql_union.cc
=== modified file 'mysql-test/r/union.result'
--- a/mysql-test/r/union.result 2009-03-27 12:58:34 +0000
+++ b/mysql-test/r/union.result 2009-05-15 07:03:34 +0000
@@ -1518,4 +1518,17 @@ SHOW FIELDS FROM t2;
Field Type Null Key Default Extra
d double(9,6) YES NULL
DROP TABLE t1, t2;
+CREATE TABLE t1(a INT);
+EXPLAIN EXTENDED
+SELECT a FROM t1
+UNION
+SELECT a FROM t1
+ORDER BY a;
+id select_type table type possible_keys key key_len ref rows Extra
+1 PRIMARY t1 system NULL NULL NULL NULL 0 const row not found
+2 UNION t1 system NULL NULL NULL NULL 0 const row not found
+NULL UNION RESULT <union1,2> ALL NULL NULL NULL NULL NULL Using filesort
+Warnings:
+Note 1003 select '0' AS `a` from `test`.`t1` union select '0' AS `a` from `test`.`t1` order by `a`
+DROP TABLE t1;
End of 5.0 tests
=== modified file 'mysql-test/t/union.test'
--- a/mysql-test/t/union.test 2009-03-27 12:58:34 +0000
+++ b/mysql-test/t/union.test 2009-05-15 07:03:34 +0000
@@ -1038,4 +1038,16 @@ CREATE TABLE t2 AS SELECT d FROM t1 UNIO
SHOW FIELDS FROM t2;
DROP TABLE t1, t2;
+#
+# Bug#43612 crash with explain extended, union, order by
+#
+CREATE TABLE t1(a INT);
+EXPLAIN EXTENDED
+SELECT a FROM t1
+UNION
+SELECT a FROM t1
+ORDER BY a;
+DROP TABLE t1;
+
+
--echo End of 5.0 tests
=== modified file 'sql/sql_union.cc'
--- a/sql/sql_union.cc 2008-10-09 15:24:31 +0000
+++ b/sql/sql_union.cc 2009-05-15 07:03:34 +0000
@@ -653,10 +653,22 @@ bool st_select_lex_unit::cleanup()
join->tables= 0;
}
error|= fake_select_lex->cleanup();
- if (fake_select_lex->order_list.elements)
+ /*
+ There are two cases when we should clean order items:
+ 1. UNION with SELECTs which all enclosed into braces
+ in this case global_parameters == fake_select_lex
+ 2. UNION where last SELECT is not enclosed into braces
+ in this case global_parameters == 'last select'
+ So we should use global_parameters->order_list for
+ proper order list clean up.
+ Note: global_parameters and fake_select_lex are always
+ initialized for UNION
+ */
+ DBUG_ASSERT(global_parameters);
+ if (global_parameters->order_list.elements)
{
ORDER *ord;
- for (ord= (ORDER*)fake_select_lex->order_list.first; ord; ord= ord->next)
+ for (ord= (ORDER*)global_parameters->order_list.first; ord; ord= ord->next)
(*ord->item)->cleanup();
}
}
Attachment: [text/bzr-bundle] bzr/sergey.glukhov@sun.com-20090515070334-t2bmuovmuw4kjzfe.bundle
| Thread |
|---|
| • bzr commit into mysql-5.0-bugteam branch (Sergey.Glukhov:2741)Bug#43612 | Sergey Glukhov | 15 May |
