Commit 55852670 authored by Ramil Kalimullin's avatar Ramil Kalimullin

Fix for bug#52397: another crash with explain extended and group_concat

Problem: EXPLAIN EXTENDED was trying to resolve references to 
freed temporary table fields for GROUP_CONCAT()'s ORDER BY arguments.

Fix: use stored original GROUP_CONCAT()'s arguments in such a case.


mysql-test/r/func_gconcat.result:
  Fix for bug#52397: another crash with explain extended and group_concat
    - test result.
mysql-test/t/func_gconcat.test:
  Fix for bug#52397: another crash with explain extended and group_concat
    - test case.
sql/item_sum.cc:
  Fix for bug#52397: another crash with explain extended and group_concat
    - use "pargs", printing ORDER BY arguments in the 
  Item_func_group_concat::print() instead of "order" to avoid
  possible reference resolving to (freed) temporary table fields.
parent 6eca53f1
...@@ -995,4 +995,19 @@ SELECT 1 FROM ...@@ -995,4 +995,19 @@ SELECT 1 FROM
1 1
1 1
DROP TABLE t1; DROP TABLE t1;
#
# Bug #52397: another crash with explain extended and group_concat
#
CREATE TABLE t1 (a INT);
INSERT INTO t1 VALUES (0), (0);
EXPLAIN EXTENDED SELECT 1 FROM
(SELECT GROUP_CONCAT(t1.a ORDER BY t1.a ASC) FROM
t1 t2, t1 GROUP BY t1.a) AS d;
id select_type table type possible_keys key key_len ref rows filtered Extra
1 PRIMARY <derived2> system NULL NULL NULL NULL 1 100.00
2 DERIVED t2 ALL NULL NULL NULL NULL 2 100.00 Using temporary; Using filesort
2 DERIVED t1 ALL NULL NULL NULL NULL 2 100.00 Using join buffer
Warnings:
Note 1003 select 1 AS `1` from (select group_concat(`test`.`t1`.`a` order by `test`.`t1`.`a` ASC separator ',') AS `GROUP_CONCAT(t1.a ORDER BY t1.a ASC)` from `test`.`t1` `t2` join `test`.`t1` group by `test`.`t1`.`a`) `d`
DROP TABLE t1;
End of 5.0 tests End of 5.0 tests
...@@ -708,4 +708,16 @@ SELECT 1 FROM ...@@ -708,4 +708,16 @@ SELECT 1 FROM
DROP TABLE t1; DROP TABLE t1;
--echo #
--echo # Bug #52397: another crash with explain extended and group_concat
--echo #
CREATE TABLE t1 (a INT);
INSERT INTO t1 VALUES (0), (0);
EXPLAIN EXTENDED SELECT 1 FROM
(SELECT GROUP_CONCAT(t1.a ORDER BY t1.a ASC) FROM
t1 t2, t1 GROUP BY t1.a) AS d;
DROP TABLE t1;
--echo End of 5.0 tests --echo End of 5.0 tests
...@@ -3420,7 +3420,7 @@ void Item_func_group_concat::print(String *str, enum_query_type query_type) ...@@ -3420,7 +3420,7 @@ void Item_func_group_concat::print(String *str, enum_query_type query_type)
{ {
if (i) if (i)
str->append(','); str->append(',');
(*order[i]->item)->print(str, query_type); pargs[i + arg_count_field]->print(str, query_type);
if (order[i]->asc) if (order[i]->asc)
str->append(STRING_WITH_LEN(" ASC")); str->append(STRING_WITH_LEN(" ASC"));
else else
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment