From dd56d63f4892c80178153483fda8172d9733de12 Mon Sep 17 00:00:00 2001 From: "bell@sanja.is.com.ua" <> Date: Tue, 11 Jan 2005 11:53:39 +0200 Subject: [PATCH 1/7] error of parsing can occur in any SELECT, so all SELECTs have to be checked --- sql/sql_lex.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index d2ac0df1472..f5a0fef6769 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -163,7 +163,8 @@ void lex_start(THD *thd, uchar *buf,uint length) void lex_end(LEX *lex) { - lex->select_lex.expr_list.delete_elements(); // If error when parsing sql-varargs + for(SELECT_LEX *sl= lex->all_selects_list; sl; sl= sl->next_select_in_list()) + sl->expr_list.delete_elements(); // If error when parsing sql-varargs x_free(lex->yacc_yyss); x_free(lex->yacc_yyvs); } From 2ca7c0062f826314af030662a48eb8c55b55a64e Mon Sep 17 00:00:00 2001 From: "bell@sanja.is.com.ua" <> Date: Sun, 16 Jan 2005 18:36:13 +0200 Subject: [PATCH 2/7] postreview changes --- sql/sql_lex.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sql/sql_lex.cc b/sql/sql_lex.cc index f5a0fef6769..e3137bf3766 100644 --- a/sql/sql_lex.cc +++ b/sql/sql_lex.cc @@ -163,7 +163,9 @@ void lex_start(THD *thd, uchar *buf,uint length) void lex_end(LEX *lex) { - for(SELECT_LEX *sl= lex->all_selects_list; sl; sl= sl->next_select_in_list()) + for (SELECT_LEX *sl= lex->all_selects_list; + sl; + sl= sl->next_select_in_list()) sl->expr_list.delete_elements(); // If error when parsing sql-varargs x_free(lex->yacc_yyss); x_free(lex->yacc_yyvs); From 3bd203d3f618659ca448a783bfa1b2f6d43b2bc0 Mon Sep 17 00:00:00 2001 From: "bell@sanja.is.com.ua" <> Date: Thu, 20 Jan 2005 13:56:22 +0200 Subject: [PATCH 3/7] fixed problem with distinct select with grouping and subqueries (BUG#7946) --- mysql-test/r/derived.result | 9 +++++++++ mysql-test/t/derived.test | 10 ++++++++++ sql/sql_select.cc | 2 +- 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/derived.result b/mysql-test/r/derived.result index 7e6b9b44566..61d745d0236 100644 --- a/mysql-test/r/derived.result +++ b/mysql-test/r/derived.result @@ -330,3 +330,12 @@ SELECT MIN(price) min, MAX(price) max, AVG(price) avg FROM (SELECT SUBSTRING( MA min max avg 10.00 10.00 10 DROP TABLE t1; +create table t1 (a integer, b integer); +insert into t1 values (1,4), (2,2),(2,2), (4,1),(4,1),(4,1),(4,1); +select distinct sum(b) from t1 group by a; +sum(b) +4 +select distinct sum(b) from (select a,b from t1) y group by a; +sum(b) +4 +drop table t1; diff --git a/mysql-test/t/derived.test b/mysql-test/t/derived.test index 64e3fe8929b..8b322746ed6 100644 --- a/mysql-test/t/derived.test +++ b/mysql-test/t/derived.test @@ -214,3 +214,13 @@ CREATE TABLE `t1` ( `itemid` int(11) NOT NULL default '0', `grpid` varchar(15) N insert into t1 values (128, 'rozn', 2, now(), 10),(128, 'rozn', 1, now(), 10); SELECT MIN(price) min, MAX(price) max, AVG(price) avg FROM (SELECT SUBSTRING( MAX(concat(date_,";",price)), 12) price FROM t1 WHERE itemid=128 AND grpid='rozn' GROUP BY itemid, grpid, vendor) lastprices; DROP TABLE t1; + +# +# DISTINCT over grouped select on subquery in the FROM clause +# +create table t1 (a integer, b integer); +insert into t1 values (1,4), (2,2),(2,2), (4,1),(4,1),(4,1),(4,1); +select distinct sum(b) from t1 group by a; +select distinct sum(b) from (select a,b from t1) y group by a; +drop table t1; + diff --git a/sql/sql_select.cc b/sql/sql_select.cc index aea7cb9ed6d..b2fb7ec0275 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -1304,7 +1304,7 @@ JOIN::exec() curr_join->select_distinct=0; /* Each row is unique */ curr_join->join_free(0); /* Free quick selects */ - if (select_distinct && ! group_list) + if (curr_join->select_distinct && ! curr_join->group_list) { thd->proc_info="Removing duplicates"; if (curr_join->tmp_having) From 76ae5caca0d9f99fd73c2807a37980bf3d3cf8dd Mon Sep 17 00:00:00 2001 From: "bell@sanja.is.com.ua" <> Date: Mon, 24 Jan 2005 14:25:44 +0200 Subject: [PATCH 4/7] fixed column number fetchinmg for subqueries. (BUG#8020) fixed cols() method call (it have to be called only after fix_fields()) --- mysql-test/r/subselect.result | 14 ++++++++++++++ mysql-test/t/subselect.test | 14 ++++++++++++++ sql/item_cmpfunc.h | 9 ++++++--- sql/item_func.cc | 18 ++++++++++++++++-- sql/item_func.h | 4 ++++ sql/item_subselect.cc | 6 ++++-- sql/sql_lex.h | 1 + 7 files changed, 59 insertions(+), 7 deletions(-) diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result index 02662f9900a..a7186c6953b 100644 --- a/mysql-test/r/subselect.result +++ b/mysql-test/r/subselect.result @@ -2160,3 +2160,17 @@ ERROR 42S22: Unknown column 'a2' in 'scalar IN/ALL/ANY subquery' select * from t1 where a1 > any(select b1 from t2); a1 drop table t1,t2; +create table t1 (a integer, b integer); +select (select * from t1) = (select 1,2); +(select * from t1) = (select 1,2) +NULL +select (select 1,2) = (select * from t1); +(select 1,2) = (select * from t1) +NULL +select row(1,2) = ANY (select * from t1); +row(1,2) = ANY (select * from t1) +0 +select row(1,2) != ALL (select * from t1); +row(1,2) != ALL (select * from t1) +1 +drop table t1; diff --git a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test index 3ee498ee380..c8b44252139 100644 --- a/mysql-test/t/subselect.test +++ b/mysql-test/t/subselect.test @@ -1414,8 +1414,11 @@ SELECT f1 FROM t1 WHERE f1 <> ALL ( SELECT SUM(f1) AS sf1 FROM t2 HAVING sf1 > 10000); drop table t1,t2; + +# # Test for BUG#7885: Server crash when 'any' subselect compared to # non-existant field. +# create table t1 (a1 int); create table t2 (b1 int); --error 1054 @@ -1423,3 +1426,14 @@ select * from t1 where a2 > any(select b1 from t2); select * from t1 where a1 > any(select b1 from t2); drop table t1,t2; + +# +# Comparison subquery with * and row +# +create table t1 (a integer, b integer); +select (select * from t1) = (select 1,2); +select (select 1,2) = (select * from t1); +# queries whih can be converted to IN +select row(1,2) = ANY (select * from t1); +select row(1,2) != ALL (select * from t1); +drop table t1; diff --git a/sql/item_cmpfunc.h b/sql/item_cmpfunc.h index 6834799688d..061ed468b78 100644 --- a/sql/item_cmpfunc.h +++ b/sql/item_cmpfunc.h @@ -213,7 +213,7 @@ class Item_bool_rowready_func2 :public Item_bool_func2 public: Item_bool_rowready_func2(Item *a, Item *b) :Item_bool_func2(a, b) { - allowed_arg_cols= a->cols(); + allowed_arg_cols= 0; // Fetch this value from first argument } Item *neg_transformer(THD *thd); virtual Item *negated_item(); @@ -390,7 +390,10 @@ class Item_func_interval :public Item_int_func double *intervals; public: Item_func_interval(Item_row *a) - :Item_int_func(a),row(a),intervals(0) { allowed_arg_cols= a->cols(); } + :Item_int_func(a),row(a),intervals(0) + { + allowed_arg_cols= 0; // Fetch this value from first argument + } longlong val_int(); void fix_length_and_dec(); const char *func_name() const { return "interval"; } @@ -743,7 +746,7 @@ class Item_func_in :public Item_int_func Item_func_in(List &list) :Item_int_func(list), array(0), in_item(0), have_null(0) { - allowed_arg_cols= args[0]->cols(); + allowed_arg_cols= 0; // Fetch this value from first argument } longlong val_int(); void fix_length_and_dec(); diff --git a/sql/item_func.cc b/sql/item_func.cc index 7125f4704b8..bff49541252 100644 --- a/sql/item_func.cc +++ b/sql/item_func.cc @@ -303,10 +303,24 @@ Item_func::fix_fields(THD *thd, TABLE_LIST *tables, Item **ref) We can't yet set item to *arg as fix_fields may change *arg We shouldn't call fix_fields() twice, so check 'fixed' field first */ - if ((!(*arg)->fixed && (*arg)->fix_fields(thd, tables, arg)) || - (*arg)->check_cols(allowed_arg_cols)) + if ((!(*arg)->fixed && (*arg)->fix_fields(thd, tables, arg))) return 1; /* purecov: inspected */ + item= *arg; + + if (allowed_arg_cols) + { + if (item->check_cols(allowed_arg_cols)) + return 1; + } + else + { + /* we have to fetch allowed_arg_cols from first argument */ + DBUG_ASSERT(arg == args); // it is first argument + allowed_arg_cols= item->cols(); + DBUG_ASSERT(allowed_arg_cols); // Can't be 0 any more + } + if (item->maybe_null) maybe_null=1; diff --git a/sql/item_func.h b/sql/item_func.h index ce2b34499d6..8a5347d675e 100644 --- a/sql/item_func.h +++ b/sql/item_func.h @@ -32,6 +32,10 @@ class Item_func :public Item_result_field { protected: Item **args, *tmp_arg[2]; + /* + Allowed numbers of columns in result (usually 1, which means scalar value) + 0 means get this number from first argument + */ uint allowed_arg_cols; public: uint arg_count; diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc index 8516ea76a7e..2597427253c 100644 --- a/sql/item_subselect.cc +++ b/sql/item_subselect.cc @@ -1421,13 +1421,15 @@ int subselect_indexsubquery_engine::exec() uint subselect_single_select_engine::cols() { - return select_lex->item_list.elements; + DBUG_ASSERT(select_lex->join); // should be called after fix_fields() + return select_lex->join->fields_list.elements; } uint subselect_union_engine::cols() { - return unit->first_select()->item_list.elements; + DBUG_ASSERT(unit->is_prepared()); // should be called after fix_fields() + return unit->types.elements; } diff --git a/sql/sql_lex.h b/sql/sql_lex.h index e2e0bc61c23..7cb71607edf 100644 --- a/sql/sql_lex.h +++ b/sql/sql_lex.h @@ -371,6 +371,7 @@ public: ulong init_prepare_fake_select_lex(THD *thd); int change_result(select_subselect *result, select_subselect *old_result); + inline bool is_prepared() { return prepared; } friend void lex_start(THD *thd, uchar *buf, uint length); friend int subselect_union_engine::exec(); From 2371c992de11618844235f9b50d7bcdb6d0e2102 Mon Sep 17 00:00:00 2001 From: "bell@sanja.is.com.ua" <> Date: Mon, 24 Jan 2005 15:56:57 +0200 Subject: [PATCH 5/7] check that row elements have the same dimention that SELECT list elements in comporison between rows and subqueries added (BUG#8022) --- mysql-test/r/subselect.result | 8 ++++++++ mysql-test/t/subselect.test | 12 ++++++++++++ sql/item_subselect.cc | 4 ++++ 3 files changed, 24 insertions(+) diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result index a7186c6953b..4a4cbcc38cd 100644 --- a/mysql-test/r/subselect.result +++ b/mysql-test/r/subselect.result @@ -2174,3 +2174,11 @@ select row(1,2) != ALL (select * from t1); row(1,2) != ALL (select * from t1) 1 drop table t1; +create table t1 (a integer, b integer); +select row(1,(2,2)) in (select * from t1 ); +ERROR 21000: Operand should contain 2 column(s) +select row(1,(2,2)) = (select * from t1 ); +ERROR 21000: Operand should contain 2 column(s) +select (select * from t1) = row(1,(2,2)); +ERROR 21000: Operand should contain 1 column(s) +drop table t1; diff --git a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test index c8b44252139..d8e58facaad 100644 --- a/mysql-test/t/subselect.test +++ b/mysql-test/t/subselect.test @@ -1437,3 +1437,15 @@ select (select 1,2) = (select * from t1); select row(1,2) = ANY (select * from t1); select row(1,2) != ALL (select * from t1); drop table t1; + +# +# Comparison subquery and row with nested rows +# +create table t1 (a integer, b integer); +-- error 1241 +select row(1,(2,2)) in (select * from t1 ); +-- error 1241 +select row(1,(2,2)) = (select * from t1 ); +-- error 1241 +select (select * from t1) = row(1,(2,2)); +drop table t1; diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc index 2597427253c..659d67eaf37 100644 --- a/sql/item_subselect.cc +++ b/sql/item_subselect.cc @@ -995,6 +995,10 @@ Item_in_subselect::row_value_transformer(JOIN *join) List_iterator_fast li(select_lex->item_list); for (uint i= 0; i < n; i++) { + DBUG_ASSERT(left_expr->fixed && select_lex->ref_pointer_array[i]->fixed); + if (select_lex->ref_pointer_array[i]-> + check_cols(left_expr->el(i)->cols())) + goto err; Item *func= new Item_ref_null_helper(this, select_lex->ref_pointer_array+i, (char *) "", From 6d71acf01ed93e486261734f17068f8f7495f6c9 Mon Sep 17 00:00:00 2001 From: "bell@sanja.is.com.ua" <> Date: Mon, 24 Jan 2005 17:17:19 +0200 Subject: [PATCH 6/7] fixed way of forward reference detection to support literal constant (BUG#8025) --- mysql-test/r/subselect.result | 14 ++++++++++++++ mysql-test/t/subselect.test | 16 ++++++++++++++++ sql/item.cc | 6 ++++-- sql/sql_base.cc | 14 ++++++++++++++ 4 files changed, 48 insertions(+), 2 deletions(-) diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result index 4a4cbcc38cd..03dcc23c919 100644 --- a/mysql-test/r/subselect.result +++ b/mysql-test/r/subselect.result @@ -2182,3 +2182,17 @@ ERROR 21000: Operand should contain 2 column(s) select (select * from t1) = row(1,(2,2)); ERROR 21000: Operand should contain 1 column(s) drop table t1; +create table t1 (a integer); +insert into t1 values (1); +select 1 = ALL (select 1 from t1 where 1 = xx ), 1 as xx ; +ERROR 42S22: Reference 'xx' not supported (forward reference in item list) +select 1 = ALL (select 1 from t1 where 1 = xx ), 1 as xx; +ERROR 42S22: Reference 'xx' not supported (forward reference in item list) +select 1 as xx, 1 = ALL ( select 1 from t1 where 1 = xx ); +xx 1 = ALL ( select 1 from t1 where 1 = xx ) +1 1 +select 1 = ALL (select 1 from t1 where 1 = xx ), 1 as xx; +ERROR 42S22: Reference 'xx' not supported (forward reference in item list) +select 1 = ALL (select 1 from t1 where 1 = xx ), 1 as xx from DUAL; +ERROR 42S22: Reference 'xx' not supported (forward reference in item list) +drop table t1; diff --git a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test index d8e58facaad..55400dae0be 100644 --- a/mysql-test/t/subselect.test +++ b/mysql-test/t/subselect.test @@ -1449,3 +1449,19 @@ select row(1,(2,2)) = (select * from t1 ); -- error 1241 select (select * from t1) = row(1,(2,2)); drop table t1; + +# +# Forward reference detection +# +create table t1 (a integer); +insert into t1 values (1); +-- error 1247 +select 1 = ALL (select 1 from t1 where 1 = xx ), 1 as xx ; +-- error 1247 +select 1 = ALL (select 1 from t1 where 1 = xx ), 1 as xx; +select 1 as xx, 1 = ALL ( select 1 from t1 where 1 = xx ); +-- error 1247 +select 1 = ALL (select 1 from t1 where 1 = xx ), 1 as xx; +-- error 1247 +select 1 = ALL (select 1 from t1 where 1 = xx ), 1 as xx from DUAL; +drop table t1; diff --git a/sql/item.cc b/sql/item.cc index 640cc17411f..412cf315d4a 100644 --- a/sql/item.cc +++ b/sql/item.cc @@ -1482,12 +1482,13 @@ bool Item_field::fix_fields(THD *thd, TABLE_LIST *tables, Item **ref) } else if (refer != (Item **)not_found_item) { - if (!(*refer)->fixed) + if (!last->ref_pointer_array[counter]) { my_error(ER_ILLEGAL_REFERENCE, MYF(0), name, "forward reference in item list"); return -1; } + DBUG_ASSERT((*refer)->fixed); /* Here, a subset of actions performed by Item_ref::set_properties is not enough. So we pass ptr to NULL into Item_[direct]_ref @@ -2173,12 +2174,13 @@ bool Item_ref::fix_fields(THD *thd,TABLE_LIST *tables, Item **reference) mark_as_dependent(thd, last, thd->lex->current_select, fld); return 0; } - if (!(*ref)->fixed) + if (!last->ref_pointer_array[counter]) { my_error(ER_ILLEGAL_REFERENCE, MYF(0), name, "forward reference in item list"); return -1; } + DBUG_ASSERT((*ref)->fixed); mark_as_dependent(thd, last, thd->lex->current_select, this); if (place == IN_HAVING) diff --git a/sql/sql_base.cc b/sql/sql_base.cc index 263c68a82b7..fc987ef09b2 100644 --- a/sql/sql_base.cc +++ b/sql/sql_base.cc @@ -2405,6 +2405,20 @@ int setup_fields(THD *thd, Item **ref_pointer_array, TABLE_LIST *tables, thd->allow_sum_func= allow_sum_func; thd->where="field list"; + /* + To prevent fail on forward lookup we fill it with zerows, + then if we got pointer on zero after find_item_in_list we will know + that it is forward lookup. + + There is other way to solve problem: fill array with pointers to list, + but it will be slower. + + TODO: remove it when (if) we made one list for allfields and + ref_pointer_array + */ + if (ref_pointer_array) + bzero(ref_pointer_array, sizeof(Item *) * fields.elements); + Item **ref= ref_pointer_array; while ((item= it++)) { From 0bf6e3aefc60adf8de12f5954812764a06495af1 Mon Sep 17 00:00:00 2001 From: "bell@sanja.is.com.ua" <> Date: Wed, 26 Jan 2005 15:27:45 +0200 Subject: [PATCH 7/7] fixed cleanup of result object of subqueries. (BUG#8125) --- mysql-test/r/subselect.result | 12 ++++++++++++ mysql-test/t/subselect.test | 14 ++++++++++++++ sql/item_subselect.cc | 6 ++++++ sql/sql_class.cc | 8 ++++++++ sql/sql_class.h | 1 + 5 files changed, 41 insertions(+) diff --git a/mysql-test/r/subselect.result b/mysql-test/r/subselect.result index 03dcc23c919..437fd624ae1 100644 --- a/mysql-test/r/subselect.result +++ b/mysql-test/r/subselect.result @@ -2196,3 +2196,15 @@ ERROR 42S22: Reference 'xx' not supported (forward reference in item list) select 1 = ALL (select 1 from t1 where 1 = xx ), 1 as xx from DUAL; ERROR 42S22: Reference 'xx' not supported (forward reference in item list) drop table t1; +CREATE TABLE `t1` ( `a` char(3) NOT NULL default '', `b` char(3) NOT NULL default '', `c` char(3) NOT NULL default '', PRIMARY KEY (`a`,`b`,`c`)) ENGINE=InnoDB; +CREATE TABLE t2 LIKE t1; +INSERT INTO t1 VALUES (1,1,1); +INSERT INTO t2 VALUES (1,1,1); +PREPARE my_stmt FROM "SELECT t1.b, count(*) FROM t1 group by t1.b having +count(*) > ALL (SELECT COUNT(*) FROM t2 WHERE t2.a=1 GROUP By t2.b)"; +EXECUTE my_stmt; +b count(*) +EXECUTE my_stmt; +b count(*) +deallocate prepare my_stmt; +drop table t1,t2; diff --git a/mysql-test/t/subselect.test b/mysql-test/t/subselect.test index 55400dae0be..cdec080611d 100644 --- a/mysql-test/t/subselect.test +++ b/mysql-test/t/subselect.test @@ -1465,3 +1465,17 @@ select 1 = ALL (select 1 from t1 where 1 = xx ), 1 as xx; -- error 1247 select 1 = ALL (select 1 from t1 where 1 = xx ), 1 as xx from DUAL; drop table t1; + +# +# cleaning up of results of subselects (BUG#8125) +# +CREATE TABLE `t1` ( `a` char(3) NOT NULL default '', `b` char(3) NOT NULL default '', `c` char(3) NOT NULL default '', PRIMARY KEY (`a`,`b`,`c`)) ENGINE=InnoDB; +CREATE TABLE t2 LIKE t1; +INSERT INTO t1 VALUES (1,1,1); +INSERT INTO t2 VALUES (1,1,1); +PREPARE my_stmt FROM "SELECT t1.b, count(*) FROM t1 group by t1.b having +count(*) > ALL (SELECT COUNT(*) FROM t2 WHERE t2.a=1 GROUP By t2.b)"; +EXECUTE my_stmt; +EXECUTE my_stmt; +deallocate prepare my_stmt; +drop table t1,t2; diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc index 659d67eaf37..16186b1a6d3 100644 --- a/sql/item_subselect.cc +++ b/sql/item_subselect.cc @@ -1127,6 +1127,7 @@ void subselect_single_select_engine::cleanup() DBUG_ENTER("subselect_single_select_engine::cleanup"); prepared= optimized= executed= 0; join= 0; + result->cleanup(); DBUG_VOID_RETURN; } @@ -1135,6 +1136,7 @@ void subselect_union_engine::cleanup() { DBUG_ENTER("subselect_union_engine::cleanup"); unit->reinit_exec_mechanism(); + result->cleanup(); DBUG_VOID_RETURN; } @@ -1142,6 +1144,10 @@ void subselect_union_engine::cleanup() void subselect_uniquesubquery_engine::cleanup() { DBUG_ENTER("subselect_uniquesubquery_engine::cleanup"); + /* + subselect_uniquesubquery_engine have not 'result' assigbed, so we do not + cleanup() it + */ DBUG_VOID_RETURN; } diff --git a/sql/sql_class.cc b/sql/sql_class.cc index 596097d9dc2..e11d8369f57 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -1240,6 +1240,14 @@ bool select_singlerow_subselect::send_data(List &items) } +void select_max_min_finder_subselect::cleanup() +{ + DBUG_ENTER("select_max_min_finder_subselect::cleanup"); + cache= 0; + DBUG_VOID_RETURN; +} + + bool select_max_min_finder_subselect::send_data(List &items) { DBUG_ENTER("select_max_min_finder_subselect::send_data"); diff --git a/sql/sql_class.h b/sql/sql_class.h index ce60ed06cfd..55099791ae0 100644 --- a/sql/sql_class.h +++ b/sql/sql_class.h @@ -1381,6 +1381,7 @@ public: select_max_min_finder_subselect(Item_subselect *item, bool mx) :select_subselect(item), cache(0), fmax(mx) {} + void cleanup(); bool send_data(List &items); bool cmp_real(); bool cmp_int();