Commit 73bfe38c authored by Georgi Kodinov's avatar Georgi Kodinov

Bug #46080: group_concat(... order by) crashes server when

  sort_buffer_size cannot allocate

The NULL return from tree_insert() (on low memory) was not
checked for in Item_func_group_concat::add(). As a result
on low memory conditions a crash happens.

Fixed by properly checking the return code.
parent e983aefb
#
# Bug #46080: group_concat(... order by) crashes server when
# sort_buffer_size cannot allocate
#
CREATE TABLE t1(a CHAR(255));
INSERT INTO t1 VALUES ('a');
SET @@SESSION.sort_buffer_size=5*16*1000000;
SET @@SESSION.max_heap_table_size=5*1000000;
# Must not crash.
SELECT GROUP_CONCAT(a ORDER BY a) FROM t1 GROUP BY a
DROP TABLE t1;
SET @@SESSION.sort_buffer_size=default;
SET @@SESSION.max_heap_table_size=default;
End of 5.0 tests
--skip-grant-tables --skip-name-resolve --safemalloc-mem-limit=4000000
--echo #
--echo # Bug #46080: group_concat(... order by) crashes server when
--echo # sort_buffer_size cannot allocate
--echo #
CREATE TABLE t1(a CHAR(255));
INSERT INTO t1 VALUES ('a');
SET @@SESSION.sort_buffer_size=5*16*1000000;
SET @@SESSION.max_heap_table_size=5*1000000;
echo # Must not crash.
SELECT GROUP_CONCAT(a ORDER BY a) FROM t1 GROUP BY a;
DROP TABLE t1;
SET @@SESSION.sort_buffer_size=default;
SET @@SESSION.max_heap_table_size=default;
--echo End of 5.0 tests
...@@ -3291,8 +3291,13 @@ bool Item_func_group_concat::add() ...@@ -3291,8 +3291,13 @@ bool Item_func_group_concat::add()
TREE_ELEMENT *el= 0; // Only for safety TREE_ELEMENT *el= 0; // Only for safety
if (row_eligible && tree) if (row_eligible && tree)
{
el= tree_insert(tree, table->record[0] + table->s->null_bytes, 0, el= tree_insert(tree, table->record[0] + table->s->null_bytes, 0,
tree->custom_arg); tree->custom_arg);
/* check if there was enough memory to insert the row */
if (!el)
return 1;
}
/* /*
If the row is not a duplicate (el->count == 1) If the row is not a duplicate (el->count == 1)
we can dump the row here in case of GROUP_CONCAT(DISTINCT...) we can dump the row here in case of GROUP_CONCAT(DISTINCT...)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment