MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:ramil Date:November 17 2007 7:20am
Subject:bk commit into 5.1 tree (ramil:1.2620) BUG#32260
View as plain text  
Below is the list of changes that have just been committed into a local
5.1 repository of ram. When ram does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-11-17 11:20:50+04:00, ramil@stripped +3 -0
  Fix for bug #32260: User variables in query cause server crash
    
  Problem: there's no guarantee that the user variable item's result_field
  is assigned when we're adjusting its table read map.
    
  Fix: check the result_field before using it.

  mysql-test/r/user_var.result@stripped, 2007-11-17 11:20:48+04:00, ramil@stripped +11 -0
    Fix for bug #32260: User variables in query cause server crash
      - test result.

  mysql-test/t/user_var.test@stripped, 2007-11-17 11:20:48+04:00, ramil@stripped +21 -0
    Fix for bug #32260: User variables in query cause server crash
      - test case.

  sql/item_func.cc@stripped, 2007-11-17 11:20:48+04:00, ramil@stripped +2 -1
    Fix for bug #32260: User variables in query cause server crash
      - using the result_field ensure it is set.

diff -Nrup a/mysql-test/r/user_var.result b/mysql-test/r/user_var.result
--- a/mysql-test/r/user_var.result	2007-06-04 10:07:19 +05:00
+++ b/mysql-test/r/user_var.result	2007-11-17 11:20:48 +04:00
@@ -353,3 +353,14 @@ select @a:=f4, count(f4) from t1 group b
 2.6	1
 1.6	4
 drop table t1;
+create table t1(a int);
+insert into t1 values(5),(4),(4),(3),(2),(2),(2),(1);
+set @rownum := 0;
+set @rank := 0;
+set @prev_score := NULL;
+select @rownum := @rownum + 1 as row,
+@rank := IF(@prev_score!=a, @rownum, @rank) as rank,
+@prev_score := a as score
+from t1 order by score desc;
+drop table t1;
+End of 5.1 tests
diff -Nrup a/mysql-test/t/user_var.test b/mysql-test/t/user_var.test
--- a/mysql-test/t/user_var.test	2007-06-03 17:06:53 +05:00
+++ b/mysql-test/t/user_var.test	2007-11-17 11:20:48 +04:00
@@ -237,3 +237,24 @@ select @a:=f2, count(f2) from t1 group b
 select @a:=f3, count(f3) from t1 group by 1 desc;
 select @a:=f4, count(f4) from t1 group by 1 desc;
 drop table t1;
+
+#
+# Bug #32260: User variables in query cause server crash
+#
+create table t1(a int);
+insert into t1 values(5),(4),(4),(3),(2),(2),(2),(1);
+set @rownum := 0;
+set @rank := 0;
+set @prev_score := NULL;
+# Disable the result log as we assign a value to a user variable in one part 
+# of a statement and use the same variable in other part of the same statement,
+# so we can get unexpected results.
+--disable_result_log
+select @rownum := @rownum + 1 as row,
+ @rank := IF(@prev_score!=a, @rownum, @rank) as rank,
+ @prev_score := a as score
+from t1 order by score desc;
+--enable_result_log
+drop table t1;
+
+--echo End of 5.1 tests
diff -Nrup a/sql/item_func.cc b/sql/item_func.cc
--- a/sql/item_func.cc	2007-11-13 00:09:44 +04:00
+++ b/sql/item_func.cc	2007-11-17 11:20:48 +04:00
@@ -3842,7 +3842,8 @@ Item_func_set_user_var::fix_length_and_d
 bool Item_func_set_user_var::register_field_in_read_map(uchar *arg)
 {
   TABLE *table= (TABLE *) arg;
-  if (result_field->table == table || !table)
+  if (result_field &&
+      (!table || result_field->table == table))
     bitmap_set_bit(result_field->table->read_set, result_field->field_index);
   return 0;
 }
Thread
bk commit into 5.1 tree (ramil:1.2620) BUG#32260ramil17 Nov