From: Georgi Kodinov Date: October 30 2009 1:16pm Subject: bzr commit into mysql-5.0 branch (joro:2831) Bug#48291 List-Archive: http://lists.mysql.com/commits/88742 X-Bug: 48291 Message-Id: <200910301316.n9UDGTsR001387@magare.gmz> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============2403953896393957132==" --===============2403953896393957132== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/kgeorge/mysql/work/B48291-5.0-bugteam/ based on revid:joro@stripped 2831 Georgi Kodinov 2009-10-30 Bug #48291 : crash with row() operator,select into @var, and subquery returning multiple rows Error handling was missing when handling subqueires in WHERE and when assigning a SELECT result to a @variable. This caused crash(es). Fixed by adding error handling code to both the WHERE condition evaluation and to assignment to an @variable. modified: mysql-test/r/select.result mysql-test/t/select.test sql/sql_class.cc sql/sql_select.cc === modified file 'mysql-test/r/select.result' --- a/mysql-test/r/select.result 2009-10-21 09:04:08 +0000 +++ b/mysql-test/r/select.result 2009-10-30 13:15:43 +0000 @@ -4430,4 +4430,16 @@ SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS 1 1 DROP TABLE t1; +# +# Bug #48291 : crash with row() operator,select into @var, and +# subquery returning multiple rows +# +CREATE TABLE t1(a INT); +INSERT INTO t1 VALUES (2),(3); +# Should not crash +SELECT 1 FROM t1 WHERE a <> 1 AND NOT +ROW(a,a) <=> ROW((SELECT 1 FROM t1 WHERE 1=2),(SELECT 1 FROM t1)) +INTO @var0; +ERROR 21000: Subquery returns more than 1 row +DROP TABLE t1; End of 5.0 tests === modified file 'mysql-test/t/select.test' --- a/mysql-test/t/select.test 2009-10-21 09:04:08 +0000 +++ b/mysql-test/t/select.test 2009-10-30 13:15:43 +0000 @@ -3766,5 +3766,22 @@ EXPLAIN SELECT 1 FROM t1 NATURAL LEFT JO SELECT 1 FROM t1 NATURAL LEFT JOIN t1 AS t2 FORCE INDEX(a); DROP TABLE t1; + +--echo # +--echo # Bug #48291 : crash with row() operator,select into @var, and +--echo # subquery returning multiple rows +--echo # + +CREATE TABLE t1(a INT); +INSERT INTO t1 VALUES (2),(3); + +--echo # Should not crash +--error ER_SUBQUERY_NO_1_ROW +SELECT 1 FROM t1 WHERE a <> 1 AND NOT +ROW(a,a) <=> ROW((SELECT 1 FROM t1 WHERE 1=2),(SELECT 1 FROM t1)) +INTO @var0; + +DROP TABLE t1; + --echo End of 5.0 tests === modified file 'sql/sql_class.cc' --- a/sql/sql_class.cc 2009-07-24 15:58:58 +0000 +++ b/sql/sql_class.cc 2009-10-30 13:15:43 +0000 @@ -2068,9 +2068,11 @@ bool select_dumpvar::send_data(Lists, item); - suv->fix_fields(thd, 0); + if (suv->fix_fields(thd, 0)) + DBUG_RETURN (1); suv->save_item_result(item); - suv->update(); + if (suv->update()) + DBUG_RETURN (1); } } DBUG_RETURN(0); === modified file 'sql/sql_select.cc' --- a/sql/sql_select.cc 2009-10-30 09:40:44 +0000 +++ b/sql/sql_select.cc 2009-10-30 13:15:43 +0000 @@ -10822,6 +10822,7 @@ evaluate_join_record(JOIN *join, JOIN_TA bool not_used_in_distinct=join_tab->not_used_in_distinct; ha_rows found_records=join->found_records; COND *select_cond= join_tab->select_cond; + bool select_cond_result= TRUE; if (error > 0 || (*report_error)) // Fatal error return NESTED_LOOP_ERROR; @@ -10833,7 +10834,17 @@ evaluate_join_record(JOIN *join, JOIN_TA return NESTED_LOOP_KILLED; /* purecov: inspected */ } DBUG_PRINT("info", ("select cond 0x%lx", (ulong)select_cond)); - if (!select_cond || select_cond->val_int()) + + if (select_cond) + { + select_cond_result= test(select_cond->val_int()); + + /* check for errors evaluating the condition */ + if (join->thd->net.report_error) + return NESTED_LOOP_ERROR; + } + + if (!select_cond || select_cond_result) { /* There is no select condition or the attached pushed down --===============2403953896393957132== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/joro@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: joro@stripped # target_branch: file:///home/kgeorge/mysql/work/B48291-5.0-bugteam/ # testament_sha1: 8a45d2d824aba3c2c835728644c10b5ba8a80280 # timestamp: 2009-10-30 15:16:29 +0200 # base_revision_id: joro@stripped # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWTrHbEMABFzfgFQQeXf//3/v /6C////+YAlO+ktZBAASk2wAKCgFKAyKYqehDACPU0yBtGIQaAGBBoBpgcaMmRhGIBhNBgE0GgZM mjJkMIDHGjJkYRiAYTQYBNBoGTJoyZDCAwkU0QjQaET2io3qeqaPTNIeqafqjaamNNTR6TygPKGh xoyZGEYgGE0GATQaBkyaMmQwgMJJCaAAmIaEwmphJ5DUj0E0aHkTTINH6ppSbPQmhBrWs9V3V+tr e30fsupoFSeinPiHn652Sn7GriG2WtGWMdLp5pxVOcvlcsCGEOXi4pWulb8K7YGVHvOu3kx1gDMl rO6+zf33vaV0kcHzQacCj8F6DwCcDEYHDL0fqvDt958TJAbNyO0M4NsbTY2G+fclu5tenvwYvqPI LDMrdmHW7HeMoQ/p7Kpk+eJLZ5JEO6hIqR0PzN6+Y6+Q5H6uFAxL4/yMySY+vI/E/hST+jgkLevq 7ipR3e3h7vtmjT0LVLJnNLVMH0ncRkasnmpUXFCoHhQ1qyA1UCQcrNHpWVfP+8WVbDuC8YzVaBgw 2QURQaxUaZbyeUQ5rWDAxkEHD2zRfN22I5VECGOR9jaxIWSbtmgXi+9sbY2u9nQaVgzzDzmsZ9hW eOiqZulzbjlk41lSxaobYFEdJBvE+yyqtShUOWQtAuRmCLyoF4Fn1Vc3Ox3fej2Dda4m2rfIEpZO EowOMGI8W3Hhni1MZdnTQEJb/XqRPfYHWJhbyFQCk/xctrethQMoRAIkE87AmBCSkDkTGBYNAcxF NJeFamoZBUiNJMIKgFUFZKtHHTSVEzzhsJHgy+DnZnwZcEAVvFSS6dEpSK1AGsTYeYjO7AGMGgGF EQbJGEtlv0VZNPJkvxEzIXzChqpUTj8CtClCMrElewqKdMTbaV9oPzL0WH62mgYDIHECeCsbftPM hWgWhnOjaQHPJqTOLyYzBbRyxda8oeFBBKcpBOMDQpJD/nA4ECpWti12JgJWpIsvTgkIRkQphns0 bDe+AxSS4TE0WRa6gn4FhWXncdn1TFQK0zOXgajU0dTV33OkDQHEEQMgmkUt5YSm0eJOoMWNQ1QZ g5tqmM+V5WZDolYfYq6VvRSMYjYF5SRPUr9T6Wher74vzaTeYbsd8M4kxYTlyFUwXti8s2jrdk0w Xllrj/2Zgxm/yKbq6qygw2xKS0nPY8hdKpOAn30G4oNQ/WMbnDz3FJJfI2TYTg2shOPr0HWjj4md EnnjpLDcXSrkSk48cqQLy8wN3kG02FBRkGzMfaUWXlFga5IJ4M6kdvaslkhSSFJEoHkS961FAdTe SlVrIcnU2hPBIJxgnKcT6IBKUkwRJSkicrvTqYUePQmiwCIRhSp9pP2SLD4SmzymXgXeWWUGB1NV G+otglJt+pyNXAGQmgZBwOX8EfX1fFz2mifSPjHzcwcfA9og1JfEPUcbjIoYZGbiX7B/vxKqqysh L9DtII2hiGf4GGRSEp/JLvFPqgrtZbgKpiczj6xQTGNcAxpYcx2CwkipT8ALQkFcxKxYMhnKhigX +yctP1FkTkKy0mCtg+Q8YhWQi9VFQpxokAuNTwfMUQl9by8sJipBAXL8ztWkQusGInJCVAskMQlX ojaxOMTiBOPAE8O4glWI6D2kHUW9J8D3HrrPnM6jOUs4F3H2AyZ0pflOx8STaKQ15UPYO94VTorB MfK6YW5Tn3LDAkWOvumP5n9CBoC/t+AQJDgMMfI/ucTMoN0piPJTQibMzFH2/fYTByI2guABUQ6O DUWkxDYQOOJKfgbA3niW5ECo+YpzYZ/jX7NdPXejtGsjxBfanS2IQzxNowu09pOIJ+iLE9do4LBs wozN5mTERciklE+8Ey7DpQR073OGCCN8JSPEcueEkepqIJZwglGAnB1/LhiZu7Rqcz2SBtOJ1N5s 8Qy8BTlmtGGpEErbiGfaiERB5a8teu9T/oUGR37DpzqEFZaZUh9CYD33yP7NMuatq5GHd3tEUQo8 /LUcNRWJopV8sQT0VDJEUEZkcru1I8jwOw7TeSjE43AqJDA2nUJCCPA8C5G00/EPaGaPnREY4/QC 3RB539Dp0URGoO/aMC14oJHcsTMoq9ariU29DoDB7NQXEoET4lEQHoxT9A9p7PUQj2kihkmXmwFu xLcaaA2nQFuiY/m3/TijWbehgayhCoJy3RLC70rcnStXC6defdO+YlZhDLPrckXbVUOeX/1nC34H p4e0xsJTV/r93VfoOEweeJNiHt6jNkcXAuJwS6HjgcjVA560e70JBS8ZSK97KtQLjCIWqgcgeIJF NEXuYnOxygdKebzxvQikf4phXbu+41FBE7tHlPuISckVE5q84F//L7jhblxFso0MdI0iCYjELmsF Cok0OTdXpD40a6U7obIcaifKAwKZcDmXxYGTJmA2jlwOc03VEEnbxhBIcf2fwNTj4bIiRUJMBlvj imStZWCLL4KkQSZEVAzJ68omokmS1FOKFW6xHPnzFPpKixBYVntGM17K77yigssTD6z68nAszqWY oW47LDeG1G7wDYHJmTLwcZp6W4l4igpSTxmmBfZv4ugwx6PDd6ODeyfoV1Ujp3rQ3hyGkICCW8lz FxRUlrJj5MTjDMDMDGSxlhbbzfvVg4tGbnykOJfdTq+5YrdIMx+3oaz48r6ROROjpataRAajn4xX hcjY2228x5lKQ2SMayDLZJZErgcl7hA/AjYaL4WNg5nTuHGEigwqQXxxiqCQXZQFH7wGMCkCVghP l3VsVDgG1K59/vcehC4eY627FRXKgUVyULN4ySwMWDMiAkTPSFpYHR1h5sH8V56y89J0vBMIL8na tiGnNpAyKMCgnyOxKK94LI+DlIkTHpOUSMs35abiKqHlIyvDEPIpXIu5cBxKYIO0dx0GR5A4dkaZ I3jt9SKGLTyJLLS2e0FlmbA2Gv1Y/+LuSKcKEgdY7Yhg --===============2403953896393957132==--