Commit 4c4f5062 authored by unknown's avatar unknown

Bug#25126: Reference to non-existant column in UPDATE...ORDER BY... crashes server

"update existingtable set anycolumn=nonexisting order by nonexisting" would crash
the server.

Though we would find the reference to a field, that doesn't mean we can then use
it to set some values.  It could be a reference to another field.  If it is NULL, 
don't try to use it to set values in the Item_field and instead return an error.

Over the previous patch, this signals an error at the location of the error, rather
than letting the subsequent deref signal it.


mysql-test/r/order_by.result:
  Verify that all permutations work.
mysql-test/t/order_by.test:
  Verify that all permutations work.
sql/item.cc:
  When the field is NULL, don't dereference it when we set_field().  
  Instead, raise an error.
parent 0f462179
...@@ -847,3 +847,27 @@ num (select num + 2 FROM t1 LIMIT 1) ...@@ -847,3 +847,27 @@ num (select num + 2 FROM t1 LIMIT 1)
SELECT a.a + 1 AS num FROM t1 a JOIN t1 b ON num = b.a; SELECT a.a + 1 AS num FROM t1 a JOIN t1 b ON num = b.a;
ERROR 42S22: Unknown column 'num' in 'on clause' ERROR 42S22: Unknown column 'num' in 'on clause'
DROP TABLE t1; DROP TABLE t1;
CREATE TABLE bug25126 (
val int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY
);
UPDATE bug25126 SET MissingCol = MissingCol;
ERROR 42S22: Unknown column 'MissingCol' in 'field list'
UPDATE bug25126 SET val = val ORDER BY MissingCol;
ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
UPDATE bug25126 SET val = val ORDER BY val;
UPDATE bug25126 SET val = 1 ORDER BY val;
UPDATE bug25126 SET val = 1 ORDER BY MissingCol;
ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
UPDATE bug25126 SET val = 1 ORDER BY val, MissingCol;
ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
UPDATE bug25126 SET val = MissingCol ORDER BY MissingCol;
ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
UPDATE bug25126 SET MissingCol = 1 ORDER BY val, MissingCol;
ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
UPDATE bug25126 SET MissingCol = 1 ORDER BY MissingCol;
ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
UPDATE bug25126 SET MissingCol = val ORDER BY MissingCol;
ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
UPDATE bug25126 SET MissingCol = MissingCol ORDER BY MissingCol;
ERROR 42S22: Unknown column 'MissingCol' in 'order clause'
DROP TABLE bug25126;
...@@ -575,4 +575,34 @@ SELECT a + 1 AS num, (select num + 2 FROM t1 LIMIT 1) FROM t1; ...@@ -575,4 +575,34 @@ SELECT a + 1 AS num, (select num + 2 FROM t1 LIMIT 1) FROM t1;
SELECT a.a + 1 AS num FROM t1 a JOIN t1 b ON num = b.a; SELECT a.a + 1 AS num FROM t1 a JOIN t1 b ON num = b.a;
DROP TABLE t1; DROP TABLE t1;
#
# Bug#25126: Reference to non-existant column in UPDATE...ORDER BY...
# crashes server
#
CREATE TABLE bug25126 (
val int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY
);
--error 1054
UPDATE bug25126 SET MissingCol = MissingCol;
--error 1054
UPDATE bug25126 SET val = val ORDER BY MissingCol;
UPDATE bug25126 SET val = val ORDER BY val;
UPDATE bug25126 SET val = 1 ORDER BY val;
--error 1054
UPDATE bug25126 SET val = 1 ORDER BY MissingCol;
--error 1054
UPDATE bug25126 SET val = 1 ORDER BY val, MissingCol;
--error 1054
UPDATE bug25126 SET val = MissingCol ORDER BY MissingCol;
--error 1054
UPDATE bug25126 SET MissingCol = 1 ORDER BY val, MissingCol;
--error 1054
UPDATE bug25126 SET MissingCol = 1 ORDER BY MissingCol;
--error 1054
UPDATE bug25126 SET MissingCol = val ORDER BY MissingCol;
--error 1054
UPDATE bug25126 SET MissingCol = MissingCol ORDER BY MissingCol;
DROP TABLE bug25126;
# End of 4.1 tests # End of 4.1 tests
...@@ -1771,7 +1771,18 @@ bool Item_field::fix_fields(THD *thd, TABLE_LIST *tables, Item **ref) ...@@ -1771,7 +1771,18 @@ bool Item_field::fix_fields(THD *thd, TABLE_LIST *tables, Item **ref)
use the field from the Item_field in the select list and leave use the field from the Item_field in the select list and leave
the Item_field instance in place. the Item_field instance in place.
*/ */
set_field((*((Item_field**)res))->field);
Field *field= (*((Item_field**)res))->field;
if (field == NULL)
{
/* The column to which we link isn't valid. */
my_error(ER_BAD_FIELD_ERROR, MYF(0), (*res)->name,
current_thd->where);
return(1);
}
set_field(field);
return 0; return 0;
} }
else else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment