Commit 17b47894 authored by unknown's avatar unknown

Bug #32374 crash with filesort when selecting from federated table and view.

filesort() uses file->estimate_rows_upper_bound() call to allocate
internal buffers. If this function returns a value smaller than
a number of row that will be returned later in find_all_keys(),
that can cause server crash.
Fixed by implementing ha_federated::estimate_rows_upper_bound() to
return maximum possible number of rows.
Present estimation for FEDERATED always returns 0 if the linked to the VIEW.


mysql-test/r/federated.result:
  Bug #32374 crash with filesort when selecting from federated table and view.
  
  test result
mysql-test/t/federated.test:
  Bug #32374 crash with filesort when selecting from federated table and view.
  
  test case
sql/ha_federated.cc:
  Bug #32374 crash with filesort when selecting from federated table and view.
  
  ha_federated::estimate_rows_upper_bound() implemented
sql/ha_federated.h:
  Bug #32374 crash with filesort when selecting from federated table and view.
  
  ha_federated::estimate_rows_upper_bound() interface
parent 72d70ff8
......@@ -1934,6 +1934,117 @@ select * from federated.t2;
a
1
drop table federated.t1, federated.t2;
create table t1 (a varchar(256));
drop view if exists v1;
create view v1 as select a from t1;
create table t1
(a varchar(256)) engine=federated
connection='mysql://root@127.0.0.1:SLAVE_PORT/test/v1';
select 1 from t1 order by a;
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
drop table t1;
drop table t1;
drop view v1;
DROP TABLE IF EXISTS federated.t1;
DROP DATABASE IF EXISTS federated;
DROP TABLE IF EXISTS federated.t1;
......
......@@ -1686,4 +1686,35 @@ insert into federated.t1 (a) values (1);
select * from federated.t2;
drop table federated.t1, federated.t2;
#
# Bug #32374 crash with filesort when selecting from federated table and view
#
connection slave;
create table t1 (a varchar(256));
--disable_warnings
drop view if exists v1;
--enable_warnings
create view v1 as select a from t1;
--disable_query_log
let $n= 100;
while ($n)
{
insert into t1 values (repeat('a',200));
dec $n;
}
--enable_query_log
connection master;
--replace_result $SLAVE_MYPORT SLAVE_PORT
eval create table t1
(a varchar(256)) engine=federated
connection='mysql://root@127.0.0.1:$SLAVE_MYPORT/test/v1';
select 1 from t1 order by a;
drop table t1;
connection slave;
drop table t1;
drop view v1;
source include/federated_cleanup.inc;
......@@ -2166,6 +2166,24 @@ int ha_federated::index_read_idx_with_result_set(byte *buf, uint index,
}
/*
This method is used exlusevely by filesort() to check if we
can create sorting buffers of necessary size.
If the handler returns more records that it declares
here server can just crash on filesort().
We cannot guarantee that's not going to happen with
the FEDERATED engine, as we have records==0 always if the
client is a VIEW, and for the table the number of
records can inpredictably change during execution.
So we return maximum possible value here.
*/
ha_rows ha_federated::estimate_rows_upper_bound()
{
return HA_POS_ERROR;
}
/* Initialized at each key walk (called multiple times unlike rnd_init()) */
int ha_federated::index_init(uint keynr)
......
......@@ -277,6 +277,7 @@ class ha_federated: public handler
int update_row(const byte *old_data, byte *new_data);
int delete_row(const byte *buf);
int index_init(uint keynr);
ha_rows estimate_rows_upper_bound();
int index_read(byte *buf, const byte *key,
uint key_len, enum ha_rkey_function find_flag);
int index_read_idx(byte *buf, uint idx, const byte *key,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment