database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

MDEV-416: Server crashes in SQL_SELECT::cleanup on EXPLAIN with SUM ( DISTINCT )

Browse Source 
- When JOIN::cleanup(full==TRUE) is called, the select can be in two states:
  = Right after the create_sort_index() call, when join->join_tab[0] is used to 
    read data produced by filesort().
  = After create_sort_index(), and after JOIN::reinit() calls, when 
    join->join_tab[0] has been reset to read the original data. 
- We didn't handle the second case correctly, which resulted in an attempt to free 
  the same SQL_SELECT two times. The fix is to make sure we don't double-free.
This commit is contained in:
Sergey Petrunya
2012-08-02 17:06:05 +04:00
parent aaa188dad9
commit 59e64b6c9b
3 changed files with 40 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
mysql-test/r/show_explain.result
View File

@ -998,5 +998,18 @@ Note 1003 SELECT b AS field1, b AS field2 FROM t1, t2, t3 WHERE d = b ORDER BY f
field1 field2 field1 field2
set debug_dbug=''; set debug_dbug='';
DROP TABLE t1,t2,t3; DROP TABLE t1,t2,t3;
#
# MDEV-416: Server crashes in SQL_SELECT::cleanup on EXPLAIN with SUM ( DISTINCT ) in a non-correlated subquery (5.5-show-explain tree)
#
CREATE TABLE t1 (a INT);
INSERT INTO t1 VALUES (1),(2);
CREATE TABLE t2 (b INT);
INSERT INTO t2 VALUES (8),(9);
EXPLAIN SELECT * FROM t1
WHERE ( 8, 89 ) IN ( SELECT b, SUM( DISTINCT b ) FROM t2 GROUP BY b );
id select_type table type possible_keys key key_len ref rows Extra
1 PRIMARY NULL NULL NULL NULL NULL NULL NULL Impossible WHERE
2 SUBQUERY t2 ALL NULL NULL NULL NULL 2 Using filesort
DROP TABLE t1,t2;
# End # End
drop table t0; drop table t0;

14
mysql-test/t/show_explain.test
View File

@ -1026,5 +1026,19 @@ set debug_dbug='';
DROP TABLE t1,t2,t3; DROP TABLE t1,t2,t3;
--echo #
--echo # MDEV-416: Server crashes in SQL_SELECT::cleanup on EXPLAIN with SUM ( DISTINCT ) in a non-correlated subquery (5.5-show-explain tree)
--echo #
CREATE TABLE t1 (a INT);
INSERT INTO t1 VALUES (1),(2);
CREATE TABLE t2 (b INT);
INSERT INTO t2 VALUES (8),(9);
EXPLAIN SELECT * FROM t1
WHERE ( 8, 89 ) IN ( SELECT b, SUM( DISTINCT b ) FROM t2 GROUP BY b );
DROP TABLE t1,t2;
--echo # End --echo # End
drop table t0; drop table t0;

16
sql/sql_select.cc
View File

@ -10731,9 +10731,22 @@ void JOIN::cleanup(bool full)
if (full) if (full)
{ {
JOIN_TAB *sort_tab= first_linear_tab(this, WITHOUT_CONST_TABLES);
if (pre_sort_join_tab)
{
if (sort_tab && sort_tab->select == pre_sort_join_tab->select)
{
pre_sort_join_tab->select= NULL;
}
else
clean_pre_sort_join_tab();
}
for (tab= first_linear_tab(this, WITH_CONST_TABLES); tab; for (tab= first_linear_tab(this, WITH_CONST_TABLES); tab;
tab= next_linear_tab(this, tab, WITH_BUSH_ROOTS)) tab= next_linear_tab(this, tab, WITH_BUSH_ROOTS))
{
tab->cleanup(); tab->cleanup();
}
} }
else else
{ {
@ -10755,9 +10768,6 @@ void JOIN::cleanup(bool full)
*/ */
if (full) if (full)
{ {
if (pre_sort_join_tab)
clean_pre_sort_join_tab();
if (tmp_join) if (tmp_join)
tmp_table_param.copy_field= 0; tmp_table_param.copy_field= 0;
group_fields.delete_elements(); group_fields.delete_elements();