List:Commits« Previous MessageNext Message »
From:Georgi Kodinov Date:October 30 2009 1:16pm
Subject:bzr commit into mysql-5.0 branch (joro:2831) Bug#48291
View as plain text  
#At file:///home/kgeorge/mysql/work/B48291-5.0-bugteam/ based on revid:joro@stripped

 2831 Georgi Kodinov	2009-10-30
      Bug #48291 : crash with row() operator,select into @var, and 
        subquery returning multiple rows
      
      Error handling was missing when handling subqueires in WHERE 
      and when assigning a SELECT result to a @variable.
      This caused crash(es). 
      
      Fixed by adding error handling code to both the WHERE 
      condition evaluation and to assignment to an @variable.

    modified:
      mysql-test/r/select.result
      mysql-test/t/select.test
      sql/sql_class.cc
      sql/sql_select.cc
=== modified file 'mysql-test/r/select.result'
--- a/mysql-test/r/select.result	2009-10-21 09:04:08 +0000
+++ b/mysql-test/r/select.result	2009-10-30 13:15:43 +0000
@@ -4430,4 +4430,16 @@ SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS
 1
 1
 DROP TABLE t1;
+#
+# Bug #48291 : crash with row() operator,select into @var, and 
+#   subquery returning multiple rows
+#
+CREATE TABLE t1(a INT);
+INSERT INTO t1 VALUES (2),(3);
+# Should not crash
+SELECT 1 FROM t1 WHERE a <> 1 AND NOT
+ROW(a,a) <=> ROW((SELECT 1 FROM t1 WHERE 1=2),(SELECT 1 FROM t1))
+INTO @var0;
+ERROR 21000: Subquery returns more than 1 row
+DROP TABLE t1;
 End of 5.0 tests

=== modified file 'mysql-test/t/select.test'
--- a/mysql-test/t/select.test	2009-10-21 09:04:08 +0000
+++ b/mysql-test/t/select.test	2009-10-30 13:15:43 +0000
@@ -3766,5 +3766,22 @@ EXPLAIN SELECT 1 FROM t1 NATURAL LEFT JO
 SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a);
 DROP TABLE t1;
 
+
+--echo #
+--echo # Bug #48291 : crash with row() operator,select into @var, and 
+--echo #   subquery returning multiple rows
+--echo #
+
+CREATE TABLE t1(a INT);
+INSERT INTO t1 VALUES (2),(3);
+
+--echo # Should not crash
+--error ER_SUBQUERY_NO_1_ROW
+SELECT 1 FROM t1 WHERE a <> 1 AND NOT
+ROW(a,a) <=> ROW((SELECT 1 FROM t1 WHERE 1=2),(SELECT 1 FROM t1))
+INTO @var0;
+
+DROP TABLE t1;
  
+
 --echo End of 5.0 tests

=== modified file 'sql/sql_class.cc'
--- a/sql/sql_class.cc	2009-07-24 15:58:58 +0000
+++ b/sql/sql_class.cc	2009-10-30 13:15:43 +0000
@@ -2068,9 +2068,11 @@ bool select_dumpvar::send_data(List<Item
     else
     {
       Item_func_set_user_var *suv= new Item_func_set_user_var(mv->s, item);
-      suv->fix_fields(thd, 0);
+      if (suv->fix_fields(thd, 0))
+        DBUG_RETURN (1);
       suv->save_item_result(item);
-      suv->update();
+      if (suv->update())
+        DBUG_RETURN (1);
     }
   }
   DBUG_RETURN(0);

=== modified file 'sql/sql_select.cc'
--- a/sql/sql_select.cc	2009-10-30 09:40:44 +0000
+++ b/sql/sql_select.cc	2009-10-30 13:15:43 +0000
@@ -10822,6 +10822,7 @@ evaluate_join_record(JOIN *join, JOIN_TA
   bool not_used_in_distinct=join_tab->not_used_in_distinct;
   ha_rows found_records=join->found_records;
   COND *select_cond= join_tab->select_cond;
+  bool select_cond_result= TRUE;
 
   if (error > 0 || (*report_error))				// Fatal error
     return NESTED_LOOP_ERROR;
@@ -10833,7 +10834,17 @@ evaluate_join_record(JOIN *join, JOIN_TA
     return NESTED_LOOP_KILLED;               /* purecov: inspected */
   }
   DBUG_PRINT("info", ("select cond 0x%lx", (ulong)select_cond));
-  if (!select_cond || select_cond->val_int())
+
+  if (select_cond)
+  {
+    select_cond_result= test(select_cond->val_int());
+
+    /* check for errors evaluating the condition */
+    if (join->thd->net.report_error)
+      return NESTED_LOOP_ERROR;
+  }
+
+  if (!select_cond || select_cond_result)
   {
     /*
       There is no select condition or the attached pushed down


Attachment: [text/bzr-bundle] bzr/joro@sun.com-20091030131543-2b23fnqckgbzvete.bundle
Thread
bzr commit into mysql-5.0 branch (joro:2831) Bug#48291Georgi Kodinov30 Oct