List:Commits« Previous MessageNext Message »
From:kgeorge Date:September 28 2007 1:46pm
Subject:bk commit into 5.0 tree (gkodinov:1.2529) BUG#30587
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of kgeorge. When kgeorge does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-09-28 16:46:05+03:00, gkodinov@stripped +3 -0
  Bug #30587: mysql crashes when trying to group by TIME div NUMBER
  
  When calculating the result length of an integer DIV function 
  the number of decimals was used without checking the result type
  first. Thus an uninitialized number of decimals was used for some 
  types. This caused an excessive amount of memory to be allocated 
  for the field's buffer and crashed the server.
  
   
  Fixed by using the number of decimals only for data types that 
  can have decimals and thus have valid decimals number.

  mysql-test/r/func_math.result@stripped, 2007-09-28 16:45:57+03:00, gkodinov@stripped +46 -0
    Bug #30587: test case

  mysql-test/t/func_math.test@stripped, 2007-09-28 16:45:58+03:00, gkodinov@stripped +27 -0
    Bug #30587: test case

  sql/item_func.cc@stripped, 2007-09-28 16:45:58+03:00, gkodinov@stripped +5 -1
    Bug #30587: Don't use decimals on a type that doesn't have them.

diff -Nrup a/mysql-test/r/func_math.result b/mysql-test/r/func_math.result
--- a/mysql-test/r/func_math.result	2007-04-28 19:00:59 +03:00
+++ b/mysql-test/r/func_math.result	2007-09-28 16:45:57 +03:00
@@ -322,4 +322,50 @@ mod(5, cast(-2 as unsigned))	mod(5, 1844
 select pow(cast(-2 as unsigned), 5), pow(18446744073709551614, 5), pow(-2, 5);
 pow(cast(-2 as unsigned), 5)	pow(18446744073709551614, 5)	pow(-2, 5)
 2.1359870359209e+96	2.1359870359209e+96	-32
+CREATE TABLE t1 (a timestamp, b varchar(20), c bit(1));
+INSERT INTO t1 VALUES('1998-09-23', 'str1', 1), ('2003-03-25', 'str2', 0);
+SELECT a DIV 900 y FROM t1 GROUP BY y;
+Catalog	Database	Table	Table_alias	Column	Column_alias	Type	Length	Max length	Is_null	Flags	Decimals	Charsetnr
+def				y	y	8	19	11	Y	32800	0	63
+y
+22201025555
+22255916666
+SELECT DISTINCT a DIV 900 y FROM t1;
+Catalog	Database	Table	Table_alias	Column	Column_alias	Type	Length	Max length	Is_null	Flags	Decimals	Charsetnr
+def				y	y	8	19	11	Y	32800	0	63
+y
+22201025555
+22255916666
+SELECT b DIV 900 y FROM t1 GROUP BY y;
+Catalog	Database	Table	Table_alias	Column	Column_alias	Type	Length	Max length	Is_null	Flags	Decimals	Charsetnr
+def				y	y	8	20	1	Y	32768	0	63
+y
+0
+SELECT c DIV 900 y FROM t1 GROUP BY y;
+Catalog	Database	Table	Table_alias	Column	Column_alias	Type	Length	Max length	Is_null	Flags	Decimals	Charsetnr
+def				y	y	3	1	1	Y	32800	0	63
+y
+0
+DROP TABLE t1;
+CREATE TABLE t1(a LONGBLOB);
+INSERT INTO t1 VALUES('1'),('2'),('3');
+SELECT DISTINCT (a DIV 254576881) FROM t1;
+(a DIV 254576881)
+0
+SELECT (a DIV 254576881) FROM t1 UNION ALL 
+SELECT (a DIV 254576881) FROM t1;
+(a DIV 254576881)
+0
+0
+0
+0
+0
+0
+DROP TABLE t1;
+CREATE TABLE t1(a SET('a','b','c'));
+INSERT INTO t1 VALUES ('a');
+SELECT a DIV 2 FROM t1 UNION SELECT a DIV 2 FROM t1;
+a DIV 2
+0
+DROP TABLE t1;
 End of 5.0 tests
diff -Nrup a/mysql-test/t/func_math.test b/mysql-test/t/func_math.test
--- a/mysql-test/t/func_math.test	2007-04-28 19:00:59 +03:00
+++ b/mysql-test/t/func_math.test	2007-09-28 16:45:58 +03:00
@@ -205,4 +205,31 @@ select mod(cast(-2 as unsigned), 3), mod
 select mod(5, cast(-2 as unsigned)), mod(5, 18446744073709551614), mod(5, -2);
 select pow(cast(-2 as unsigned), 5), pow(18446744073709551614, 5), pow(-2, 5);
 
+#
+# Bug #30587: mysql crashes when trying to group by TIME div NUMBER
+#
+
+CREATE TABLE t1 (a timestamp, b varchar(20), c bit(1));
+INSERT INTO t1 VALUES('1998-09-23', 'str1', 1), ('2003-03-25', 'str2', 0);
+--enable_metadata
+SELECT a DIV 900 y FROM t1 GROUP BY y;
+SELECT DISTINCT a DIV 900 y FROM t1;
+SELECT b DIV 900 y FROM t1 GROUP BY y;
+SELECT c DIV 900 y FROM t1 GROUP BY y;
+--disable_metadata
+DROP TABLE t1;
+
+CREATE TABLE t1(a LONGBLOB);
+INSERT INTO t1 VALUES('1'),('2'),('3');
+SELECT DISTINCT (a DIV 254576881) FROM t1;
+SELECT (a DIV 254576881) FROM t1 UNION ALL 
+  SELECT (a DIV 254576881) FROM t1;
+DROP TABLE t1;
+
+CREATE TABLE t1(a SET('a','b','c'));
+INSERT INTO t1 VALUES ('a');
+SELECT a DIV 2 FROM t1 UNION SELECT a DIV 2 FROM t1;
+DROP TABLE t1;
+
+
 --echo End of 5.0 tests
diff -Nrup a/sql/item_func.cc b/sql/item_func.cc
--- a/sql/item_func.cc	2007-08-03 19:59:12 +03:00
+++ b/sql/item_func.cc	2007-09-28 16:45:58 +03:00
@@ -1380,7 +1380,11 @@ longlong Item_func_int_div::val_int()
 
 void Item_func_int_div::fix_length_and_dec()
 {
-  max_length=args[0]->max_length - args[0]->decimals;
+  Item_result argtype= args[0]->result_type();
+  /* use precision ony for the data type it is applicable for and valid */
+  max_length=args[0]->max_length -
+    (argtype == DECIMAL_RESULT || argtype == INT_RESULT ?
+     args[0]->decimals : 0);
   maybe_null=1;
   unsigned_flag=args[0]->unsigned_flag | args[1]->unsigned_flag;
 }
Thread
bk commit into 5.0 tree (gkodinov:1.2529) BUG#30587kgeorge28 Sep