Fix for bug #31249: Assertion `!table || (!table->write_set ||

bitmap_is_set(table->write_set, fiel Problem: creating a temporary table we allocate the group buffer if needed followed by table bitmaps (see create_tmp_table()). Reserving less memory for the group buffer than actually needed (used) for values retrieval may lead to overlapping with followed bitmaps in the memory pool that in turn leads to unpredictable consequences. As we use Item->max_length sometimes to calculate group buffer size, it must be set to proper value. In this particular case Item_datetime_typecast::max_length is too small. Another problem is that we use max_length to calculate the group buffer key length for items represented as DATE/TIME fields which is superfluous. Fix: set Item_datetime_typecast::max_length properly, accurately calculate the group buffer key length for items represented as DATE/TIME fields in the buffer. mysql-test/r/type_datetime.result: Fix for bug #31249: Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, fiel - test result. mysql-test/t/type_datetime.test: Fix for bug #31249: Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, fiel - test case. sql/item_timefunc.h: Fix for bug #31249: Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, fiel - set Item_datetime_typecast::max_length properly. sql/sql_select.cc: Fix for bug #31249: Assertion `!table || (!table->write_set || bitmap_is_set(table->write_set, fiel - the group buffer key length for items represented as DATE/TIME fields in the buffer should be calculated using the maximum pack length of such fields (== 8), using max_length here is redundant.
2025-12-24 11:21:21 +03:00 · 2007-10-09 14:37:21 +05:00
parent 6dc4dfb363
commit 1a5f13a12c
4 changed files with 52 additions and 5 deletions
--- a/sql/sql_select.cc
+++ b/sql/sql_select.cc
@@ -13902,13 +13902,31 @@ calc_group_buffer(JOIN *join,ORDER *group)
                                                group_item->decimals);
        break;
      case STRING_RESULT:
+      {
+        enum enum_field_types type= group_item->field_type();
        /*
-          Group strings are taken as varstrings and require an length field.
-          A field is not yet created by create_tmp_field()
-          and the sizes should match up.
+          As items represented as DATE/TIME fields in the group buffer
+          have STRING_RESULT result type, we increase the length 
+          by 8 as maximum pack length of such fields.
        */
-        key_length+= group_item->max_length + HA_KEY_BLOB_LENGTH;
+        if (type == MYSQL_TYPE_TIME ||
+            type == MYSQL_TYPE_DATE ||
+            type == MYSQL_TYPE_DATETIME ||
+            type == MYSQL_TYPE_TIMESTAMP)
+        {
+          key_length+= 8;
+        }
+        else
+        {
+          /*
+            Group strings are taken as varstrings and require an length field.
+            A field is not yet created by create_tmp_field()
+            and the sizes should match up.
+          */
+          key_length+= group_item->max_length + HA_KEY_BLOB_LENGTH;
+        }
        break;
+      }
      default:
        /* This case should never be choosen */
        DBUG_ASSERT(0);