MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Gleb Shchepa Date:June 5 2009 7:24pm
Subject:bzr commit into mysql-5.1-bugteam branch (gshchepa:2929) Bug#44886
View as plain text  
#At file:///work/bzr/44886/44886-5.1/ based on revid:bernt.johnsen@stripped

 2929 Gleb Shchepa	2009-06-06
      Bug #44886: SIGSEGV in test_if_skip_sort_order() -
                  uninitialized variable used as subscript
      
      Grouping select from a "constant" InnoDB table (a table
      of a single row) joined with other tables caused a crash.
     @ mysql-test/r/innodb_mysql.result
        Added test case for bug bug #44886.
     @ mysql-test/t/innodb_mysql.test
        Added test case for bug bug #44886.
     @ sql/sql_select.cc
        Bug #44886: SIGSEGV in test_if_skip_sort_order() -
                    uninitialized variable used as subscript
        
        1. The test_if_order_by_key function returned unitialized
           used_key_parts parameter in case of a "constant" InnoDB
           table. Calling function uses this parameter values as
           an array index, thus sometimes it caused a crash.
           The test_if_order_by_key function has been modified
           to set used_key_parts to 0 (no need for ordering).
        
        2. The test_if_skip_sort_order function has been
           modified to accept zero used_key_parts value and
           to prevent an array access by negative index.

    modified:
      mysql-test/r/innodb_mysql.result
      mysql-test/t/innodb_mysql.test
      sql/sql_select.cc
=== modified file 'mysql-test/r/innodb_mysql.result'
--- a/mysql-test/r/innodb_mysql.result	2009-06-04 10:26:18 +0000
+++ b/mysql-test/r/innodb_mysql.result	2009-06-05 19:24:39 +0000
@@ -2120,4 +2120,21 @@ a	b
 4	14
 5	5
 DROP TABLE t1, t2, t3, t4;
+#
+# Bug#44886: SIGSEGV in test_if_skip_sort_order() -
+#            uninitialized variable used as subscript 
+#
+CREATE TABLE t1 (a INT, b INT, c INT, d INT, PRIMARY KEY (b), KEY (a,c))
+ENGINE=InnoDB;
+INSERT INTO t1 VALUES (1,1,1,0);
+CREATE TABLE t2 (a INT, b INT, e INT, KEY (e)) ENGINE=InnoDB;
+INSERT INTO t2 VALUES (1,1,2);
+CREATE TABLE t3 (a INT, b INT) ENGINE=MyISAM;
+INSERT INTO t3 VALUES (1, 1);
+SELECT * FROM t1, t2, t3
+WHERE t1.a = t3.a AND (t1.b = t3.b OR t1.d) AND t2.b = t1.b AND t2.e = 2
+GROUP BY t1.b;
+a	b	c	d	a	b	e	a	b
+1	1	1	0	1	1	2	1	1
+DROP TABLE t1, t2, t3;
 End of 5.1 tests

=== modified file 'mysql-test/t/innodb_mysql.test'
--- a/mysql-test/t/innodb_mysql.test	2009-05-05 09:38:19 +0000
+++ b/mysql-test/t/innodb_mysql.test	2009-06-05 19:24:39 +0000
@@ -359,4 +359,25 @@ SELECT * FROM t4;
 
 DROP TABLE t1, t2, t3, t4;
 
+--echo #
+--echo # Bug#44886: SIGSEGV in test_if_skip_sort_order() -
+--echo #            uninitialized variable used as subscript 
+--echo #
+
+CREATE TABLE t1 (a INT, b INT, c INT, d INT, PRIMARY KEY (b), KEY (a,c))
+  ENGINE=InnoDB;
+INSERT INTO t1 VALUES (1,1,1,0);
+
+CREATE TABLE t2 (a INT, b INT, e INT, KEY (e)) ENGINE=InnoDB;
+INSERT INTO t2 VALUES (1,1,2);
+
+CREATE TABLE t3 (a INT, b INT) ENGINE=MyISAM;
+INSERT INTO t3 VALUES (1, 1);
+
+SELECT * FROM t1, t2, t3
+  WHERE t1.a = t3.a AND (t1.b = t3.b OR t1.d) AND t2.b = t1.b AND t2.e = 2
+  GROUP BY t1.b;
+
+DROP TABLE t1, t2, t3;
+
 --echo End of 5.1 tests

=== modified file 'sql/sql_select.cc'
--- a/sql/sql_select.cc	2009-05-25 08:00:40 +0000
+++ b/sql/sql_select.cc	2009-06-05 19:24:39 +0000
@@ -12651,7 +12651,10 @@ static int test_if_order_by_key(ORDER *o
          one row).  The sorting doesn't matter.
         */
         if (key_part == key_part_end && reverse == 0)
+        {
+          *used_key_parts= 0;
           DBUG_RETURN(1);
+        }
       }
       else
         DBUG_RETURN(0);
@@ -13148,7 +13151,8 @@ test_if_skip_sort_order(JOIN_TAB *tab,OR
             select_limit= table_records;
           if (group)
           {
-            rec_per_key= keyinfo->rec_per_key[used_key_parts-1];
+            rec_per_key= used_key_parts ? keyinfo->rec_per_key[used_key_parts-1]
+                                        : 1;
             set_if_bigger(rec_per_key, 1);
             /*
               With a grouping query each group containing on average


Attachment: [text/bzr-bundle] bzr/gshchepa@mysql.com-20090605192439-d0kajckq6wwxgr64.bundle
Thread
bzr commit into mysql-5.1-bugteam branch (gshchepa:2929) Bug#44886Gleb Shchepa5 Jun