Commit fc57b4cf authored by Sergey Glukhov's avatar Sergey Glukhov

Bug#43612 crash with explain extended, union, order by

In UNION if we use last SELECT without braces and this
SELECT have ORDER BY clause, such clause belongs to
global UNION. It is parsed like last SELECT
part and used further as 'unit->global_parameters->order_list' value.
During DESCRIBE EXTENDED we call select_lex->print_order() for
last SELECT where order fields refer to tmp table 
which already freed. It leads to crash.
The fix is clean up global_parameters->order_list
instead of fake_select_lex->order_list.


mysql-test/r/union.result:
  test result
mysql-test/t/union.test:
  test case
sql/sql_union.cc:
  In UNION if we use last SELECT without braces and this
  SELECT have ORDER BY clause, such clause belongs to
  global UNION. It is parsed like last SELECT
  part and used further as 'unit->global_parameters->order_list' value.
  During DESCRIBE EXTENDED we call select_lex->print_order() for
  last SELECT where order fields refer to tmp table 
  which already freed. It leads to crash.
  The fix is clean up global_parameters->order_list
  instead of fake_select_lex->order_list.
parent ccc0ffb4
...@@ -1518,4 +1518,17 @@ SHOW FIELDS FROM t2; ...@@ -1518,4 +1518,17 @@ SHOW FIELDS FROM t2;
Field Type Null Key Default Extra Field Type Null Key Default Extra
d double(9,6) YES NULL d double(9,6) YES NULL
DROP TABLE t1, t2; DROP TABLE t1, t2;
CREATE TABLE t1(a INT);
EXPLAIN EXTENDED
SELECT a FROM t1
UNION
SELECT a FROM t1
ORDER BY a;
id select_type table type possible_keys key key_len ref rows Extra
1 PRIMARY t1 system NULL NULL NULL NULL 0 const row not found
2 UNION t1 system NULL NULL NULL NULL 0 const row not found
NULL UNION RESULT <union1,2> ALL NULL NULL NULL NULL NULL Using filesort
Warnings:
Note 1003 select '0' AS `a` from `test`.`t1` union select '0' AS `a` from `test`.`t1` order by `a`
DROP TABLE t1;
End of 5.0 tests End of 5.0 tests
...@@ -1038,4 +1038,16 @@ CREATE TABLE t2 AS SELECT d FROM t1 UNION SELECT d FROM t1; ...@@ -1038,4 +1038,16 @@ CREATE TABLE t2 AS SELECT d FROM t1 UNION SELECT d FROM t1;
SHOW FIELDS FROM t2; SHOW FIELDS FROM t2;
DROP TABLE t1, t2; DROP TABLE t1, t2;
#
# Bug#43612 crash with explain extended, union, order by
#
CREATE TABLE t1(a INT);
EXPLAIN EXTENDED
SELECT a FROM t1
UNION
SELECT a FROM t1
ORDER BY a;
DROP TABLE t1;
--echo End of 5.0 tests --echo End of 5.0 tests
...@@ -653,10 +653,22 @@ bool st_select_lex_unit::cleanup() ...@@ -653,10 +653,22 @@ bool st_select_lex_unit::cleanup()
join->tables= 0; join->tables= 0;
} }
error|= fake_select_lex->cleanup(); error|= fake_select_lex->cleanup();
if (fake_select_lex->order_list.elements) /*
There are two cases when we should clean order items:
1. UNION with SELECTs which all enclosed into braces
in this case global_parameters == fake_select_lex
2. UNION where last SELECT is not enclosed into braces
in this case global_parameters == 'last select'
So we should use global_parameters->order_list for
proper order list clean up.
Note: global_parameters and fake_select_lex are always
initialized for UNION
*/
DBUG_ASSERT(global_parameters);
if (global_parameters->order_list.elements)
{ {
ORDER *ord; ORDER *ord;
for (ord= (ORDER*)fake_select_lex->order_list.first; ord; ord= ord->next) for (ord= (ORDER*)global_parameters->order_list.first; ord; ord= ord->next)
(*ord->item)->cleanup(); (*ord->item)->cleanup();
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment