From 0ad7fc58c7e149fe7885d6a3558637f87513047a Mon Sep 17 00:00:00 2001 From: unknown <evgen@moonbone.local> Date: Fri, 7 Dec 2007 22:54:47 +0300 Subject: [PATCH] Bug#32482: Crash for a query with ORDER BY a user variable. The Item_func_set_user_var::register_field_in_read_map() did not check that the result_field was null.This caused server crashes for queries that required order by such a field and were executed without using a temporary table. The Item_func_set_user_var::register_field_in_read_map() now checks the result_field to be not null. mysql-test/t/user_var.test: Added a test case for the bug#32482: Crash for a query with ORDER BY a user variable. mysql-test/r/user_var.result: Added a test case for the bug#32482: Crash for a query with ORDER BY a user variable. sql/item_func.cc: Bug#32482: Crash for a query with ORDER BY a user variable. The Item_func_set_user_var::register_field_in_read_map() now checks the result_field to be not null. --- mysql-test/r/user_var.result | 7 +++++++ mysql-test/t/user_var.test | 8 ++++++++ sql/item_func.cc | 9 ++++++--- 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/mysql-test/r/user_var.result b/mysql-test/r/user_var.result index 6fd7b39f22..2988a13de4 100644 --- a/mysql-test/r/user_var.result +++ b/mysql-test/r/user_var.result @@ -353,3 +353,10 @@ select @a:=f4, count(f4) from t1 group by 1 desc; 2.6 1 1.6 4 drop table t1; +create table t1 (f1 int); +insert into t1 values (2), (1); +select @i := f1 as j from t1 order by 1; +j +1 +2 +drop table t1; diff --git a/mysql-test/t/user_var.test b/mysql-test/t/user_var.test index 3a3e8f88f8..ca02e0b5f2 100644 --- a/mysql-test/t/user_var.test +++ b/mysql-test/t/user_var.test @@ -237,3 +237,11 @@ select @a:=f2, count(f2) from t1 group by 1 desc; select @a:=f3, count(f3) from t1 group by 1 desc; select @a:=f4, count(f4) from t1 group by 1 desc; drop table t1; + +# +# Bug#32482: Crash for a query with ORDER BY a user variable. +# +create table t1 (f1 int); +insert into t1 values (2), (1); +select @i := f1 as j from t1 order by 1; +drop table t1; diff --git a/sql/item_func.cc b/sql/item_func.cc index e255197920..41de960a37 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -3848,9 +3848,12 @@ Item_func_set_user_var::fix_length_and_dec() bool Item_func_set_user_var::register_field_in_read_map(uchar *arg) { - TABLE *table= (TABLE *) arg; - if (result_field->table == table || !table) - bitmap_set_bit(result_field->table->read_set, result_field->field_index); + if (result_field) + { + TABLE *table= (TABLE *) arg; + if (result_field->table == table || !table) + bitmap_set_bit(result_field->table->read_set, result_field->field_index); + } return 0; } -- 2.30.9