Commit b5917934 authored by Gleb Shchepa's avatar Gleb Shchepa

Bug #39844: Query Crash Mysql Server 5.0.67

Server crashed during a sort order optimization
of a dependent subquery:

SELECT
    (SELECT t1.a FROM t1, t2
      WHERE t1.a = t2.b AND t2.a = t3.c
      ORDER BY t1.a)
  FROM t3;


Bitmap of tables, that the reference to outer table
column uses, in addition to the regular table bit
has the OUTER_REF_TABLE_BIT bit set.
The only_eq_ref_tables function traverses this map
bit by bit simultaneously with join->map2table list.
Obviously join->map2table never contains an entry
for the OUTER_REF_TABLE_BIT pseudo-table, so the
server crashed there.


The only_eq_ref_tables function has been modified
to traverse regular table bits only like the
update_depend_map function (resetting of the
OUTER_REF_TABLE_BIT there is enough, but
resetting of the whole set of PSEUDO_TABLE_BITS
is used there for sure).


mysql-test/r/order_by.result:
  Added test case for bug #39844.
mysql-test/t/order_by.test:
  Added test case for bug #39844.
sql/sql_select.cc:
  Bug #39844: Query Crash Mysql Server 5.0.67
  
  The only_eq_ref_tables function has been modified
  to traverse regular table bits only like the
  update_depend_map function (resetting of the
  OUTER_REF_TABLE_BIT there is enough, but
  resetting of the whole set of PSEUDO_TABLE_BITS
  is used there for sure).
parent 3ad228d7
...@@ -1076,3 +1076,19 @@ set session max_sort_length= 2180; ...@@ -1076,3 +1076,19 @@ set session max_sort_length= 2180;
select * from t1 order by b; select * from t1 order by b;
ERROR HY001: Out of sort memory; increase server sort buffer size ERROR HY001: Out of sort memory; increase server sort buffer size
drop table t1; drop table t1;
#
# Bug #39844: Query Crash Mysql Server 5.0.67
#
CREATE TABLE t1 (a INT PRIMARY KEY);
CREATE TABLE t2 (a INT PRIMARY KEY, b INT);
CREATE TABLE t3 (c INT);
INSERT INTO t1 (a) VALUES (1), (2);
INSERT INTO t2 (a,b) VALUES (1,2), (2,3);
INSERT INTO t3 (c) VALUES (1), (2);
SELECT
(SELECT t1.a FROM t1, t2 WHERE t1.a = t2.b AND t2.a = t3.c ORDER BY t1.a)
FROM t3;
(SELECT t1.a FROM t1, t2 WHERE t1.a = t2.b AND t2.a = t3.c ORDER BY t1.a)
2
NULL
DROP TABLE t1, t2, t3;
...@@ -738,3 +738,21 @@ set session max_sort_length= 2180; ...@@ -738,3 +738,21 @@ set session max_sort_length= 2180;
select * from t1 order by b; select * from t1 order by b;
drop table t1; drop table t1;
--echo #
--echo # Bug #39844: Query Crash Mysql Server 5.0.67
--echo #
CREATE TABLE t1 (a INT PRIMARY KEY);
CREATE TABLE t2 (a INT PRIMARY KEY, b INT);
CREATE TABLE t3 (c INT);
INSERT INTO t1 (a) VALUES (1), (2);
INSERT INTO t2 (a,b) VALUES (1,2), (2,3);
INSERT INTO t3 (c) VALUES (1), (2);
SELECT
(SELECT t1.a FROM t1, t2 WHERE t1.a = t2.b AND t2.a = t3.c ORDER BY t1.a)
FROM t3;
DROP TABLE t1, t2, t3;
...@@ -6574,6 +6574,7 @@ only_eq_ref_tables(JOIN *join,ORDER *order,table_map tables) ...@@ -6574,6 +6574,7 @@ only_eq_ref_tables(JOIN *join,ORDER *order,table_map tables)
{ {
if (specialflag & SPECIAL_SAFE_MODE) if (specialflag & SPECIAL_SAFE_MODE)
return 0; // skip this optimize /* purecov: inspected */ return 0; // skip this optimize /* purecov: inspected */
tables&= ~PSEUDO_TABLE_BITS;
for (JOIN_TAB **tab=join->map2table ; tables ; tab++, tables>>=1) for (JOIN_TAB **tab=join->map2table ; tables ; tab++, tables>>=1)
{ {
if (tables & 1 && !eq_ref_table(join, order, *tab)) if (tables & 1 && !eq_ref_table(join, order, *tab))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment