From 585cf08fe6a8d6e237732daa94a969f93e5c84ec Mon Sep 17 00:00:00 2001 From: Gleb Shchepa Date: Wed, 13 May 2009 12:51:39 +0500 Subject: [PATCH 1/3] Bug #44290: explain crashes for subquery with distinct in SQL_SELECT::test_quick_select The crash was caused by an incomplete cleanup of JOIN_TAB::select during the filesort of rows for GROUP BY clause inside a subquery. Queries where a quick index access is replaced with filesort was was affected. For example: SELECT 1 FROM (SELECT COUNT(DISTINCT c1) FROM t1 WHERE c2 IN (1, 1) AND c3 = 2 GROUP BY c2) x Quick index access related data in the SQL_SELECT::test_quick_select function was inconsistent after an incomplete cleanup. This function has been completed to prevent crashes in the SQL_SELECT::test_quick_select function. mysql-test/include/mix1.inc: Add test case for bug #44290. mysql-test/r/innodb_mysql.result: Add test case for bug #44290. sql/sql_select.cc: Bug #44290: explain crashes for subquery with distinct in SQL_SELECT::test_quick_select Quick index access related data in the SQL_SELECT::test_quick_select function was inconsistent after an incomplete cleanup. This function has been completed to prevent crashes in the SQL_SELECT::test_quick_select function. --- mysql-test/include/mix1.inc | 19 +++++++++++++++++++ mysql-test/r/innodb_mysql.result | 19 +++++++++++++++++++ sql/sql_select.cc | 1 + 3 files changed, 39 insertions(+) diff --git a/mysql-test/include/mix1.inc b/mysql-test/include/mix1.inc index c9cbf2d2839..7c87949830f 100644 --- a/mysql-test/include/mix1.inc +++ b/mysql-test/include/mix1.inc @@ -1516,4 +1516,23 @@ DROP TABLE t1; # DROP TABLE t1; # +--echo # +--echo # Bug #44290: explain crashes for subquery with distinct in +--echo # SQL_SELECT::test_quick_select +--echo # (reproduced only with InnoDB tables) +--echo # + +eval +CREATE TABLE t1 (c1 INT, c2 INT, c3 INT, KEY (c3), KEY (c2, c3)) + ENGINE=$engine_type; +INSERT INTO t1 VALUES (1,1,1), (1,1,1), (1,1,2), (1,1,1), (1,1,2); + +SELECT 1 FROM (SELECT COUNT(DISTINCT c1) + FROM t1 WHERE c2 IN (1, 1) AND c3 = 2 GROUP BY c2) x; +EXPLAIN +SELECT 1 FROM (SELECT COUNT(DISTINCT c1) + FROM t1 WHERE c2 IN (1, 1) AND c3 = 2 GROUP BY c2) x; + +DROP TABLE t1; + --echo End of 5.1 tests diff --git a/mysql-test/r/innodb_mysql.result b/mysql-test/r/innodb_mysql.result index 3f830378afa..191a8578d4c 100644 --- a/mysql-test/r/innodb_mysql.result +++ b/mysql-test/r/innodb_mysql.result @@ -1687,6 +1687,25 @@ vid tid idx name type 3 1 2 c1 NULL 3 1 1 pk NULL DROP TABLE t1; +# +# Bug #44290: explain crashes for subquery with distinct in +# SQL_SELECT::test_quick_select +# (reproduced only with InnoDB tables) +# +CREATE TABLE t1 (c1 INT, c2 INT, c3 INT, KEY (c3), KEY (c2, c3)) +ENGINE=InnoDB; +INSERT INTO t1 VALUES (1,1,1), (1,1,1), (1,1,2), (1,1,1), (1,1,2); +SELECT 1 FROM (SELECT COUNT(DISTINCT c1) +FROM t1 WHERE c2 IN (1, 1) AND c3 = 2 GROUP BY c2) x; +1 +1 +EXPLAIN +SELECT 1 FROM (SELECT COUNT(DISTINCT c1) +FROM t1 WHERE c2 IN (1, 1) AND c3 = 2 GROUP BY c2) x; +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY system NULL NULL NULL NULL 1 +2 DERIVED t1 index c3,c2 c2 10 NULL 5 +DROP TABLE t1; End of 5.1 tests drop table if exists t1, t2, t3; create table t1(a int); diff --git a/sql/sql_select.cc b/sql/sql_select.cc index 901e058d934..21d22e250ec 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -13471,6 +13471,7 @@ create_sort_index(THD *thd, JOIN *join, ORDER *order, { select->cleanup(); // filesort did select tab->select= 0; + table->quick_keys.clear_all(); // as far as we cleanup select->quick } tab->select_cond=0; tab->last_inner= 0; From 09cf42a24f2ec231a3903e1805613e5f173c7245 Mon Sep 17 00:00:00 2001 From: Jonathan Perkin Date: Thu, 14 May 2009 13:07:11 +0200 Subject: [PATCH 2/3] Raise version number after cloning 5.1.35 --- configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.in b/configure.in index 83cc012111d..d323ce9f726 100644 --- a/configure.in +++ b/configure.in @@ -10,7 +10,7 @@ AC_CANONICAL_SYSTEM # # When changing major version number please also check switch statement # in mysqlbinlog::check_master_version(). -AM_INIT_AUTOMAKE(mysql, 5.1.35) +AM_INIT_AUTOMAKE(mysql, 5.1.36) AM_CONFIG_HEADER([include/config.h:config.h.in]) PROTOCOL_VERSION=10 From 4469f0d34e58b83e8d335457e592fa4d47217711 Mon Sep 17 00:00:00 2001 From: Joerg Bruehe Date: Fri, 15 May 2009 09:53:50 +0200 Subject: [PATCH 3/3] Fix a bad merge: Remove a cast (which shouldn't have got here anyway) which might lose significant bits beyond 4 GB RAM. mysys/safemalloc.c: Vlad's comment to the cast: pointless cast from size_t to uint that loses significant bits, when safe_malloc allocates more than 4GB Ram. safemalloc is not used in release binaries, so it is not absolutely critical. It got into the sources by a wrong merge resolution. --- mysys/safemalloc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mysys/safemalloc.c b/mysys/safemalloc.c index 36d07b475e9..c484f1d4c54 100644 --- a/mysys/safemalloc.c +++ b/mysys/safemalloc.c @@ -174,7 +174,7 @@ void *_mymalloc(size_t size, const char *filename, uint lineno, myf MyFlags) data[size + 3]= MAGICEND3; irem->filename= (char *) filename; irem->linenum= lineno; - irem->datasize= (uint32) size; + irem->datasize= size; irem->prev= NULL; /* Add this remember structure to the linked list */