MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Alexey Kopytov Date:February 12 2008 9:43am
Subject:bk commit into 5.0 tree (kaa:1.2593) BUG#33389
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of kaa.  When kaa does a push these changes
will be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2008-02-12 12:43:55+03:00, kaa@mbp. +3 -0
  Fix for bug #33389: Selecting from a view into a table from within SP
                      or trigger crashes server
  
  Under some circumstances a combination of VIEWs, subselects with outer
  references and PS/SP/triggers could lead to use of uninitialized memory
  and server crash as a result.
  
  Fixed by changing the code in Item_field::fix_fields() so that in cases
  when the field is a VIEW reference, we first check whether the field
  is also an outer reference, and mark it appropriately before returning.

  mysql-test/r/view.result@stripped, 2008-02-12 12:43:53+03:00, kaa@mbp. +16 -0
    Added a test case for bug #33389.

  mysql-test/t/view.test@stripped, 2008-02-12 12:43:53+03:00, kaa@mbp. +22 -0
    Added a test case for bug #33389.

  sql/item.cc@stripped, 2008-02-12 12:43:54+03:00, kaa@mbp. +12 -12
    In cases when in Item_field::fix_fields() from_field is a view reference,
    do not return too early, i.e. before marking the reference as an outer
    one when needed.

diff -Nrup a/mysql-test/r/view.result b/mysql-test/r/view.result
--- a/mysql-test/r/view.result	2008-01-11 19:54:26 +03:00
+++ b/mysql-test/r/view.result	2008-02-12 12:43:53 +03:00
@@ -3618,4 +3618,20 @@ ERROR HY000: Field of view 'test.v1' und
 set @@sql_mode=@old_mode;
 drop view v1;
 drop table t1;
+create table t1 (a int, key(a));
+create table t2 (c int);
+create view v1 as select a b from t1;
+create view v2 as select 1 a from t2, v1 where c in 
+(select 1 from t1 where b = a);
+insert into t1 values (1), (1);
+insert into t2 values (1), (1);
+prepare stmt from "select * from v2 where a = 1";
+execute stmt;
+a
+1
+1
+1
+1
+drop view v1, v2;
+drop table t1, t2;
 End of 5.0 tests.
diff -Nrup a/mysql-test/t/view.test b/mysql-test/t/view.test
--- a/mysql-test/t/view.test	2008-01-11 19:54:15 +03:00
+++ b/mysql-test/t/view.test	2008-02-12 12:43:53 +03:00
@@ -3470,5 +3470,27 @@ insert into v1 values(1);
 set @@sql_mode=@old_mode;
 drop view v1;
 drop table t1;
+
+#
+# Bug #33389: Selecting from a view into a table from within SP or trigger 
+#             crashes server
+#
+
+create table t1 (a int, key(a));
+create table t2 (c int);
+                   
+create view v1 as select a b from t1;
+create view v2 as select 1 a from t2, v1 where c in 
+                  (select 1 from t1 where b = a);
+                   
+insert into t1 values (1), (1);
+insert into t2 values (1), (1);
+                   
+prepare stmt from "select * from v2 where a = 1";
+execute stmt; 
+
+drop view v1, v2;
+drop table t1, t2;
+
 --echo End of 5.0 tests.
 
diff -Nrup a/sql/item.cc b/sql/item.cc
--- a/sql/item.cc	2008-01-11 20:57:33 +03:00
+++ b/sql/item.cc	2008-02-12 12:43:54 +03:00
@@ -3903,6 +3903,18 @@ bool Item_field::fix_fields(THD *thd, It
     else if (!from_field)
       goto error;
 
+    if (!outer_fixed && cached_table && cached_table->select_lex &&
+          context->select_lex &&
+          cached_table->select_lex != context->select_lex)
+    {
+      int ret;
+      if ((ret= fix_outer_field(thd, &from_field, reference)) < 0)
+        goto error;
+      else if (!ret)
+        return FALSE;
+      outer_fixed= 1;
+    }
+
     /*
       if it is not expression from merged VIEW we will set this field.
 
@@ -3917,18 +3929,6 @@ bool Item_field::fix_fields(THD *thd, It
     */
     if (from_field == view_ref_found)
       return FALSE;
-
-    if (!outer_fixed && cached_table && cached_table->select_lex &&
-          context->select_lex &&
-          cached_table->select_lex != context->select_lex)
-    {
-      int ret;
-      if ((ret= fix_outer_field(thd, &from_field, reference)) < 0)
-        goto error;
-      else if (!ret)
-        return FALSE;
-      outer_fixed= 1;
-    }
 
     set_field(from_field);
     if (thd->lex->in_sum_func &&
Thread
bk commit into 5.0 tree (kaa:1.2593) BUG#33389Alexey Kopytov12 Feb