Commit 57659df5 authored by Sergey Glukhov's avatar Sergey Glukhov

Bug#52336 Segfault / crash in 5.1 copy_fields (param=0x9872980) at sql_select.cc:15355

The problem is that we can not use make_cond_for_table().
This function relies on used_tables() condition
which is not set properly for subqueries.
As result subquery is not filtered out.
The fix is to use remove_eq_conds() function instead
of make_cond_for_table() func. 'remove_eq_conds()'
algorithm relies on const_item() value and it allows
to handle subqueries in right way.


mysql-test/r/having.result:
  test case
mysql-test/t/having.test:
  test case
sql/sql_select.cc:
  The fix is to use remove_eq_conds() function instead
  of make_cond_for_table() function.
parent af586ee9
...@@ -472,7 +472,7 @@ HAVING (table2.f2 = 8 AND table1.f1 >= 6); ...@@ -472,7 +472,7 @@ HAVING (table2.f2 = 8 AND table1.f1 >= 6);
id select_type table type possible_keys key key_len ref rows filtered Extra id select_type table type possible_keys key key_len ref rows filtered Extra
1 SIMPLE NULL NULL NULL NULL NULL NULL NULL NULL Impossible HAVING noticed after reading const tables 1 SIMPLE NULL NULL NULL NULL NULL NULL NULL NULL Impossible HAVING noticed after reading const tables
Warnings: Warnings:
Note 1003 select `test`.`table1`.`f1` AS `f1`,'7' AS `f2` from `test`.`t1` `table1` join `test`.`t1` `table2` where ((`test`.`table1`.`f3` = '9')) group by `test`.`table1`.`f1`,'7' having (('7' = 8) and (`test`.`table1`.`f1` >= 6)) Note 1003 select `test`.`table1`.`f1` AS `f1`,'7' AS `f2` from `test`.`t1` `table1` join `test`.`t1` `table2` where ((`test`.`table1`.`f3` = '9')) group by `test`.`table1`.`f1`,'7' having 0
EXPLAIN EXTENDED EXPLAIN EXTENDED
SELECT table1.f1, table2.f2 SELECT table1.f1, table2.f2
FROM t1 AS table1 FROM t1 AS table1
...@@ -483,6 +483,50 @@ HAVING (table2.f2 = 8); ...@@ -483,6 +483,50 @@ HAVING (table2.f2 = 8);
id select_type table type possible_keys key key_len ref rows filtered Extra id select_type table type possible_keys key key_len ref rows filtered Extra
1 SIMPLE NULL NULL NULL NULL NULL NULL NULL NULL Impossible HAVING noticed after reading const tables 1 SIMPLE NULL NULL NULL NULL NULL NULL NULL NULL Impossible HAVING noticed after reading const tables
Warnings: Warnings:
Note 1003 select `test`.`table1`.`f1` AS `f1`,'7' AS `f2` from `test`.`t1` `table1` join `test`.`t1` `table2` where ((`test`.`table1`.`f3` = '9')) group by `test`.`table1`.`f1`,'7' having ('7' = 8) Note 1003 select `test`.`table1`.`f1` AS `f1`,'7' AS `f2` from `test`.`t1` `table1` join `test`.`t1` `table2` where ((`test`.`table1`.`f3` = '9')) group by `test`.`table1`.`f1`,'7' having 0
DROP TABLE t1; DROP TABLE t1;
#
# Bug#52336 Segfault / crash in 5.1 copy_fields (param=0x9872980) at sql_select.cc:15355
#
CREATE TABLE t1(f1 INT, f2 INT);
INSERT INTO t1 VALUES (10,8);
CREATE TABLE t2 (f1 INT);
INSERT INTO t2 VALUES (5);
SELECT COUNT(f1) FROM t2
HAVING (7, 9) IN (SELECT f1, MIN(f2) FROM t1);
COUNT(f1)
DROP TABLE t1, t2;
CREATE TABLE t1 (f1 INT, f2 VARCHAR(1));
INSERT INTO t1 VALUES (16,'f');
INSERT INTO t1 VALUES (16,'f');
CREATE TABLE t2 (f1 INT, f2 VARCHAR(1));
INSERT INTO t2 VALUES (13,'f');
INSERT INTO t2 VALUES (20,'f');
CREATE TABLE t3 (f1 INT, f2 VARCHAR(1));
INSERT INTO t3 VALUES (7,'f');
SELECT t1.f2 FROM t1
STRAIGHT_JOIN (t2 JOIN t3 ON t3.f2 = t2.f2 ) ON t3 .f2 = t2 .f2
HAVING ('v', 'i') NOT IN (SELECT f2, MIN(f2) FROM t1)
ORDER BY f2;
f2
f
f
f
f
DROP TABLES t1,t2,t3;
#
# Bug#52340 Segfault: read_cached_record (tab=0x94a2634) at sql_select.cc:14411
#
CREATE TABLE t1 (f1 INT, f2 VARCHAR(1));
INSERT INTO t1 VALUES (16,'d');
CREATE TABLE t2 (f1 INT, f2 VARCHAR(1));
INSERT INTO t2 VALUES (13,'e');
INSERT INTO t2 VALUES (20,'d');
SELECT MAX(t2.f2) FROM t2 JOIN t1 ON t1.f2
HAVING ('e' , 'd') IN
(SELECT ts1.f2, ts2.f2 FROM t2 ts1 JOIN t2 ts2 ON ts1.f1)
ORDER BY t1.f2;
MAX(t2.f2)
NULL
DROP TABLE t1,t2;
End of 5.0 tests End of 5.0 tests
...@@ -498,4 +498,49 @@ HAVING (table2.f2 = 8); ...@@ -498,4 +498,49 @@ HAVING (table2.f2 = 8);
DROP TABLE t1; DROP TABLE t1;
--echo #
--echo # Bug#52336 Segfault / crash in 5.1 copy_fields (param=0x9872980) at sql_select.cc:15355
--echo #
CREATE TABLE t1(f1 INT, f2 INT);
INSERT INTO t1 VALUES (10,8);
CREATE TABLE t2 (f1 INT);
INSERT INTO t2 VALUES (5);
SELECT COUNT(f1) FROM t2
HAVING (7, 9) IN (SELECT f1, MIN(f2) FROM t1);
DROP TABLE t1, t2;
CREATE TABLE t1 (f1 INT, f2 VARCHAR(1));
INSERT INTO t1 VALUES (16,'f');
INSERT INTO t1 VALUES (16,'f');
CREATE TABLE t2 (f1 INT, f2 VARCHAR(1));
INSERT INTO t2 VALUES (13,'f');
INSERT INTO t2 VALUES (20,'f');
CREATE TABLE t3 (f1 INT, f2 VARCHAR(1));
INSERT INTO t3 VALUES (7,'f');
SELECT t1.f2 FROM t1
STRAIGHT_JOIN (t2 JOIN t3 ON t3.f2 = t2.f2 ) ON t3 .f2 = t2 .f2
HAVING ('v', 'i') NOT IN (SELECT f2, MIN(f2) FROM t1)
ORDER BY f2;
DROP TABLES t1,t2,t3;
--echo #
--echo # Bug#52340 Segfault: read_cached_record (tab=0x94a2634) at sql_select.cc:14411
--echo #
CREATE TABLE t1 (f1 INT, f2 VARCHAR(1));
INSERT INTO t1 VALUES (16,'d');
CREATE TABLE t2 (f1 INT, f2 VARCHAR(1));
INSERT INTO t2 VALUES (13,'e');
INSERT INTO t2 VALUES (20,'d');
SELECT MAX(t2.f2) FROM t2 JOIN t1 ON t1.f2
HAVING ('e' , 'd') IN
(SELECT ts1.f2, ts2.f2 FROM t2 ts1 JOIN t2 ts2 ON ts1.f1)
ORDER BY t1.f2;
DROP TABLE t1,t2;
--echo End of 5.0 tests --echo End of 5.0 tests
...@@ -1125,13 +1125,13 @@ JOIN::optimize() ...@@ -1125,13 +1125,13 @@ JOIN::optimize()
elements may be lost during further having elements may be lost during further having
condition transformation in JOIN::exec. condition transformation in JOIN::exec.
*/ */
if (having && !having->with_sum_func) if (having && const_table_map)
{ {
COND *const_cond= make_cond_for_table(having, const_table_map, 0); having->update_used_tables();
DBUG_EXECUTE("where", print_where(const_cond, "const_having_cond", having= remove_eq_conds(thd, having, &having_value);
QT_ORDINARY);); if (having_value == Item::COND_FALSE)
if (const_cond && !const_cond->val_int())
{ {
having= new Item_int((longlong) 0,1);
zero_result_cause= "Impossible HAVING noticed after reading const tables"; zero_result_cause= "Impossible HAVING noticed after reading const tables";
DBUG_RETURN(0); DBUG_RETURN(0);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment