From: Georgi Kodinov Date: November 5 2009 11:19am Subject: bzr commit into mysql-5.0-bugteam branch (joro:2840) Bug#48458 List-Archive: http://lists.mysql.com/commits/89451 X-Bug: 48458 Message-Id: <200911051119.nA5BJ4jH006387@magare.gmz> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1096886564723046460==" --===============1096886564723046460== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/kgeorge/mysql/work/B48458-5.0-bugteam/ based on revid:joro@stripped 2840 Georgi Kodinov 2009-11-05 Bug #48458: simple query tries to allocate enormous amount of memory The server was doing a bad class typecast causing setting of wrong value for the maximum number of items in an internal structure used in equality propagation. Fixed by not doing the wrong typecast and asserting the type of the Item where it should be done. modified: mysql-test/r/select.result mysql-test/t/select.test sql/sql_select.cc === modified file 'mysql-test/r/select.result' --- a/mysql-test/r/select.result 2009-10-30 13:15:43 +0000 +++ b/mysql-test/r/select.result 2009-11-05 11:18:58 +0000 @@ -4442,4 +4442,18 @@ ROW(a,a) <=> ROW((SELECT 1 FROM t1 WHERE INTO @var0; ERROR 21000: Subquery returns more than 1 row DROP TABLE t1; +# +# Bug #48458: simple query tries to allocate enormous amount of +# memory +# +CREATE TABLE t1(a INT NOT NULL, b YEAR); +INSERT INTO t1 VALUES (); +Warnings: +Warning 1364 Field 'a' doesn't have a default value +CREATE TABLE t2(c INT); +# Should not err out because of out-of-memory +SELECT 1 FROM t2 JOIN t1 ON 1=1 +WHERE a != '1' AND NOT a >= b OR NOT ROW(b,a )<> ROW(a,a); +1 +DROP TABLE t1,t2; End of 5.0 tests === modified file 'mysql-test/t/select.test' --- a/mysql-test/t/select.test 2009-10-30 13:15:43 +0000 +++ b/mysql-test/t/select.test 2009-11-05 11:18:58 +0000 @@ -3783,5 +3783,18 @@ INTO @var0; DROP TABLE t1; +--echo # +--echo # Bug #48458: simple query tries to allocate enormous amount of +--echo # memory +--echo # + +CREATE TABLE t1(a INT NOT NULL, b YEAR); +INSERT INTO t1 VALUES (); +CREATE TABLE t2(c INT); +--echo # Should not err out because of out-of-memory +SELECT 1 FROM t2 JOIN t1 ON 1=1 + WHERE a != '1' AND NOT a >= b OR NOT ROW(b,a )<> ROW(a,a); +DROP TABLE t1,t2; + --echo End of 5.0 tests === modified file 'sql/sql_select.cc' --- a/sql/sql_select.cc 2009-11-03 16:58:54 +0000 +++ b/sql/sql_select.cc 2009-11-05 11:18:58 +0000 @@ -7515,13 +7515,15 @@ static COND *build_equal_items_for_cond( { if ((item_equal= cond_equal.current_level.pop())) { + DBUG_ASSERT (item_equal->type() == Item::FUNC_ITEM && + item_equal->functype() == Item_func::MULT_EQUAL_FUNC); item_equal->fix_length_and_dec(); item_equal->update_used_tables(); + set_if_bigger(thd->lex->current_select->max_equal_elems, + item_equal->members()); } else - item_equal= (Item_equal *) eq_list.pop(); - set_if_bigger(thd->lex->current_select->max_equal_elems, - item_equal->members()); + return eq_list.pop(); return item_equal; } else --===============1096886564723046460== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/joro@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: joro@stripped # target_branch: file:///home/kgeorge/mysql/work/B48458-5.0-bugteam/ # testament_sha1: d0b92ceb2857b03aed4e0911b06299b416387c34 # timestamp: 2009-11-05 13:19:04 +0200 # base_revision_id: joro@stripped # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWWS7cOUAA6f/gEEwDAB55/// f///oL////BgCC6qfUAAKiYQAUANKBKIUxqaanqn5BJ6ZNqj1A8pjU2gjxRo81TyngUHqeoONGTI wjEAwmgwCaDQMmTRkyGEBjjRkyMIxAMJoMAmg0DJk0ZMhhAYSKCCU9PVP1PSjyammNR4kabSY1AB kA0eoD1NPUONGTIwjEAwmgwCaDQMmTRkyGEBhJIJkBGJoBMEATTST9U9T0jJ6amjTT1NDR6nqLRX iTQ28snK82G+VlhVXru3bIjRRRQvnut1QzMnka9znEqUg1a7r8t5zp+lRKrJEvlM+GURBeLHhykn jzzi9qGroRK6oRqiPQmFGGkuIXUyces15y1oeYA1pzooqjY2s2pHNrnXWTxv3jKc2aFNFS3ZQW++ AZwOpx05zAfAvEg0sE5ftkxXcaTKMHnUYRpWMx9xSA9cI0oMtmZa1kyZcByGGMhtzjipnWEyBoiH LnJV0umVHG7lXJOg/Vat11DKx1KqSgpMhOjlXEdRhDkGVCrrpHmdWKyD3WPothmPZ5Ffu7/PTp6r juqbttnSvHna+7iIdOyKQW8rY2xtaXgd4yQWCwxfyRQfgOMiY9v1r4PwLXN7R3pMt+ZwJFxoRct5 wRkAcD4Yb/q/yk44cZCPwR7ymUSZ/t48HsSNzHHrrfymooBktgO74L8UWqf2/bMQbYfe92xmRQag 3PAICcKUB4RHmJFIgy0phFAYGBtKpAFyyJDgnImajxeZvBkS6nvRrC31HBTcIYYsxGQsICVwj8qY iM9w70o2YwsfmoeVKtN+ETUGgtJBsHOLSrZaI6qSI9o+/cYUk5haYmg81pGS3lAUiOimrxhsDYFa quQj6xMSSbHtLHbYXj6i2ArSwxPp2kqhGebb7rikUbE4m8cwuocO3KQ6Y46nzVJnox1ErikeaiWQ ZzNj62mDFrqO8vpgQsiivFyZSCikbvEXyIDxi8xHDLHIH5BLhwjMkZFoxTMLPuTwkiRQfUx+pgsM r9LGBrzkSQjGYUMullOJ3sHE356atBMRWZ3rEu51m8vLi0yo8zRX1qit4xrM9e2xx0iZpsDES8cU Dl1xUDpzMiZPIuLiJq5H3/LpHQR01uSzHWbTVmgYjipTGL3QRnLyJzcrSIisyyNqjZWVWutikPB7 iBrKjCokEc7SpEYUkCkirqFwNllkiggQ20giyUd8ZEZe7I6YsvDIDO0XNUkG208R8d+gGRWiDwyF Fj7EjgdfmWNAZL5MfmeMiZt0uLxCD0OGHnTIjScTfOH6hp7kaIFWkhSTnnFxLK0Lzi6zrqOk2MKz cTWGEH+RdU50nzoCRBaol8Ok6BbCASiaidmsirS+S4/dXPF8j7EioVTFYfAWBSsk6ZYx9CJEmJ4D Gc/6YDxhjITgmVMTHH5h9DYTCCLzKonEqpGIFQmICiFryZ/+YTuOEo8qhExRTlO/m8s+NKVwJiT1 AqiamNw0tiRU61CU/QpvFN7Rp9SsPCUUGlJSSUm/VmdUqwjnGYSvtQ2zp/D5FWAHJZWJZslYQxm3 og2HSipwt7mpHOkB73vBbp+D07SkjKJTmCUjYKkhEZLRYy57xFGeYLAzRYrOZcXm/9DoO4nJMXaT 5ruDslw0TRyOkOordUgHeJIR2iJV1/j0c1EWHHZoXV8erUdYxvK0Zl2FCM4iGo0CMb6uYbarSgH5 Rws6uiyVHfRzIJw9v70mEU+39OIhi85m8dHt2nI4EjyVvgEidTLRmCAnl8LzIvRIR6Z8pHfp/Vx8 6TI1HLlUI9ldoyMhNm4rMHBMl73zBsY6r9tWrjmfSU6yDDRV6KuV5Shs6kXDOSL4pU0SS3NPy4vG F1D3EdR7CY7kSMCRfNdg83FpIOs6zsKQ1f2XctoVQG36DuiDzw5eXI7Zb0yXfp1Djk8DpHGGvXVH 9a8NoiRx8dwjIzj+wBtXWvgxs9Ow9SSJ/IeRLom05INtZ47c6bXu4iP4QUh8g7tNxwEUGK89auFn zeUpM59kvXvm+c2QWCPOHH+vbdqQFmJG+Y7Y7ZUONB4KcBiCp1EGD0KstxhiO5KBeG8tzdD24suh BHF8FY8z51NXJknpHpdSijWmD21j4Guzsed06+xAZxDlFg7ldylCIQgvQ392JUWm9rfSxFiuTbAp T4EX7LTe8pk6mFkb0AyCjOHuhJmmKgZJhzqZHAtVKjm0MUazgWKYSZMyU7h68aeSNq02AETcv/P5 VpeWI84CC1IdokubIzXCvcui8wCi9FCiMIvoWzVoUhYBGOQj7FGMGXPnzROgPgiQV1hBfbn3vsss GhXXje8xPUtwF2HLNSi5a3aznk872ThdrsIRVDJaV/nTzsWpk+qxqtKeLTbGw98QCj1J4IkTYKGK Pa54mTEFTugtWL+s8FrorGaO+ZuLrFmDz7hmOctVm10AkDgn3CHrQeOdDhGMvM2g3W23Y2d83KBp rsNVWC3orYgI0XWjkvjcqvYRqYcbsaRygwtAL4nrvncWKul3ETjQRT5UH5GZM2unsVZcJve4Psy6 x5N12eMU4VSxSHpz2KGi/ZQ5RdHPOBI7ehHNTaaJKPQtGItXPdcuLBBASIp0dBhBPMGcGyY6A8R5 iIxV3oPWB7nrWI0n7Puw03bhqRu6l6r5W73jth5SS8DAWuLOBmvKE9Gm82jqarArY9pG24lO41aj Qf/F3JFOFCQZLtw5QA== --===============1096886564723046460==--