Commit cc7a75e6 authored by unknown's avatar unknown

Fixed bug#17726: Not checked empty list caused endless loop

When the Item_cond::fix_fields() function reduces cond tree, it in loop
scans it's own list and when it founds Item_cond with same function (AND
or OR) it does next things: 1) replaces that item with item's list. 2)
empties item's list. Due to this operation is done twice - for update and
for view, at the update phase cond's list of lower view is already empty.
Empty list returns ref to itself, thus making endless loop by replacing
list with itself, emptying, replacing again and so on. This results in
server hung up.

To the Item_cond::fix_fields() function added check that ensures that
list being replaced with isn't empty.


mysql-test/t/view.test:
  Added test for bug#17726: Not checked empty list caused endless loop
mysql-test/r/view.result:
  Added test for bug#17726: Not checked empty list caused endless loop
sql/item_cmpfunc.cc:
  Fixed bug#17726: Not checked empty list caused endless loop
  To the Item_cond::fix_fields() function added check that ensures that
  list being replaced with isn't empty.
parent 7968f058
...@@ -2539,3 +2539,17 @@ drop view v1; ...@@ -2539,3 +2539,17 @@ drop view v1;
// //
View Create View View Create View
v1 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select sql_no_cache `test`.`t1`.`id` AS `id` from `t1` v1 CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `v1` AS select sql_no_cache `test`.`t1`.`id` AS `id` from `t1`
create table t1(f1 int, f2 int);
create view v1 as select ta.f1 as a, tb.f1 as b from t1 ta, t1 tb where ta.f1=tb
.f1 and ta.f2=tb.f2;
insert into t1 values(1,1),(2,2);
create view v2 as select * from v1 where a > 1 with check option;
select * from v2;
a b
2 2
update v2 set b=3 where a=2;
select * from v2;
a b
3 3
drop view v2, v1;
drop table t1;
...@@ -2385,3 +2385,17 @@ show create view v1; ...@@ -2385,3 +2385,17 @@ show create view v1;
drop view v1; drop view v1;
// //
delimiter ;// delimiter ;//
#
# Bug#17726 Not checked empty list caused endless loop
#
create table t1(f1 int, f2 int);
create view v1 as select ta.f1 as a, tb.f1 as b from t1 ta, t1 tb where ta.f1=tb
.f1 and ta.f2=tb.f2;
insert into t1 values(1,1),(2,2);
create view v2 as select * from v1 where a > 1 with check option;
select * from v2;
update v2 set b=3 where a=2;
select * from v2;
drop view v2, v1;
drop table t1;
...@@ -2553,7 +2553,8 @@ Item_cond::fix_fields(THD *thd, Item **ref) ...@@ -2553,7 +2553,8 @@ Item_cond::fix_fields(THD *thd, Item **ref)
{ {
table_map tmp_table_map; table_map tmp_table_map;
while (item->type() == Item::COND_ITEM && while (item->type() == Item::COND_ITEM &&
((Item_cond*) item)->functype() == functype()) ((Item_cond*) item)->functype() == functype() &&
!((Item_cond*) item)->list.is_empty())
{ // Identical function { // Identical function
li.replace(((Item_cond*) item)->list); li.replace(((Item_cond*) item)->list);
((Item_cond*) item)->list.empty(); ((Item_cond*) item)->list.empty();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment