#At file:///home/anurag/mysqlsrc/mysql-5.0-bugteam-37740/ based on revid:matthias.leich@stripped
2748 Anurag Shekhar 2009-05-18
Bug#37740 Server crashes on execute statement with full text search and
match against.
While executing a prepared statement server checks the Item_func_match if
the table variable is initialized, If it is initialized it assumes
that the item_fields too are initialized. And proceeds with execution
of prepared statement. But in reality the fields are not initialized,
which results in a crash latter when the fields are accessed.
This bug is fixed (for 5.0 and 5.1) by setting "table" to 0 so that table
and fields are reinitialized while executing the prepared statement.
However this fixes only the symptom of the actual problem which is
incorrect implementation of Item_func_match::eq().
The fix for 6.0 will be made separately to address the actual problem by
fixing implementation in eq() method.
@ mysql-test/r/fulltext.result
Updated results with the outputs of new test case.
@ mysql-test/t/fulltext.test
Added new test case to test scenario decribed in the bug.
@ sql/item_func.h
setting table to 0 to ensure the table and fields are reinitialized while
executing the prepared statement.
modified:
mysql-test/r/fulltext.result
mysql-test/t/fulltext.test
sql/item_func.h
=== modified file 'mysql-test/r/fulltext.result'
--- a/mysql-test/r/fulltext.result 2009-04-14 17:20:13 +0000
+++ b/mysql-test/r/fulltext.result 2009-05-18 08:35:13 +0000
@@ -510,3 +510,10 @@ CREATE TABLE t1(a TEXT);
SELECT GROUP_CONCAT(a) AS st FROM t1 HAVING MATCH(st) AGAINST('test' IN BOOLEAN MODE);
ERROR HY000: Incorrect arguments to AGAINST
DROP TABLE t1;
+CREATE TABLE t1 (col text, FULLTEXT KEY full_text (col));
+prepare s from
+"SELECT MATCH (col) AGAINST('findme') FROM t1 ORDER BY MATCH (col) AGAINST('findme')"
+ ;
+execute s;
+MATCH (col) AGAINST('findme')
+drop table t1;
=== modified file 'mysql-test/t/fulltext.test'
--- a/mysql-test/t/fulltext.test 2009-04-14 17:20:13 +0000
+++ b/mysql-test/t/fulltext.test 2009-05-18 08:35:13 +0000
@@ -440,3 +440,17 @@ CREATE TABLE t1(a TEXT);
--error ER_WRONG_ARGUMENTS
SELECT GROUP_CONCAT(a) AS st FROM t1 HAVING MATCH(st) AGAINST('test' IN BOOLEAN MODE);
DROP TABLE t1;
+
+#
+# BUG#37740 Server crashes on execute statement with full text search and match against
+#
+
+CREATE TABLE t1 (col text, FULLTEXT KEY full_text (col));
+
+prepare s from
+ "SELECT MATCH (col) AGAINST('findme') FROM t1 ORDER BY MATCH (col) AGAINST('findme')"
+ ;
+
+execute s;
+drop table t1;
+
=== modified file 'sql/item_func.h'
--- a/sql/item_func.h 2009-02-24 14:47:12 +0000
+++ b/sql/item_func.h 2009-05-18 08:35:13 +0000
@@ -1456,6 +1456,11 @@ public:
ft_handler->please->close_search(ft_handler);
ft_handler= 0;
concat_ws= 0;
+ /*
+ Setting table to null so that during next execute
+ table goes throu re initialization.
+ */
+ table= 0;
DBUG_VOID_RETURN;
}
enum Functype functype() const { return FT_FUNC; }
Attachment: [text/bzr-bundle] bzr/anurag.shekhar@sun.com-20090518083513-5krw03i5j024wk2f.bundle
