#At file:///home/kgeorge/mysql/work/B48458-5.0-bugteam/ based on revid:joro@stripped
2844 Georgi Kodinov 2009-11-09
Bug #48458: simple query tries to allocate enormous amount of
memory
The server was doing a bad class typecast causing setting of
wrong value for the maximum number of items in an internal
structure used in equality propagation.
Fixed by not doing the wrong typecast and asserting the type
of the Item where it should be done.
modified:
mysql-test/r/select.result
mysql-test/t/select.test
sql/sql_select.cc
=== modified file 'mysql-test/r/select.result'
--- a/mysql-test/r/select.result 2009-10-30 13:15:43 +0000
+++ b/mysql-test/r/select.result 2009-11-09 14:09:46 +0000
@@ -4442,4 +4442,18 @@ ROW(a,a) <=> ROW((SELECT 1 FROM t1 WHERE
INTO @var0;
ERROR 21000: Subquery returns more than 1 row
DROP TABLE t1;
+#
+# Bug #48458: simple query tries to allocate enormous amount of
+# memory
+#
+CREATE TABLE t1(a INT NOT NULL, b YEAR);
+INSERT INTO t1 VALUES ();
+Warnings:
+Warning 1364 Field 'a' doesn't have a default value
+CREATE TABLE t2(c INT);
+# Should not err out because of out-of-memory
+SELECT 1 FROM t2 JOIN t1 ON 1=1
+WHERE a != '1' AND NOT a >= b OR NOT ROW(b,a )<> ROW(a,a);
+1
+DROP TABLE t1,t2;
End of 5.0 tests
=== modified file 'mysql-test/t/select.test'
--- a/mysql-test/t/select.test 2009-10-30 13:15:43 +0000
+++ b/mysql-test/t/select.test 2009-11-09 14:09:46 +0000
@@ -3783,5 +3783,18 @@ INTO @var0;
DROP TABLE t1;
+--echo #
+--echo # Bug #48458: simple query tries to allocate enormous amount of
+--echo # memory
+--echo #
+
+CREATE TABLE t1(a INT NOT NULL, b YEAR);
+INSERT INTO t1 VALUES ();
+CREATE TABLE t2(c INT);
+--echo # Should not err out because of out-of-memory
+SELECT 1 FROM t2 JOIN t1 ON 1=1
+ WHERE a != '1' AND NOT a >= b OR NOT ROW(b,a )<> ROW(a,a);
+DROP TABLE t1,t2;
+
--echo End of 5.0 tests
=== modified file 'sql/sql_select.cc'
--- a/sql/sql_select.cc 2009-11-10 08:21:41 +0000
+++ b/sql/sql_select.cc 2009-11-09 14:09:46 +0000
@@ -7535,12 +7535,12 @@ static COND *build_equal_items_for_cond(
{
item_equal->fix_length_and_dec();
item_equal->update_used_tables();
+ set_if_bigger(thd->lex->current_select->max_equal_elems,
+ item_equal->members());
+ return item_equal;
}
- else
- item_equal= (Item_equal *) eq_list.pop();
- set_if_bigger(thd->lex->current_select->max_equal_elems,
- item_equal->members());
- return item_equal;
+
+ return eq_list.pop();
}
else
{
Attachment: [text/bzr-bundle] bzr/joro@sun.com-20091109140946-07wao5od7l1vn4x1.bundle
| Thread |
|---|
| • bzr commit into mysql-5.0-bugteam branch (joro:2844) Bug#48458 | Georgi Kodinov | 10 Nov |
